2021-2022 Annual Report on the Administration of the Privacy Act

I - Introduction

The purpose of the Privacy Act, (“the Act”), is to strengthen Canada’s laws that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.

This Annual Report on the Canadian Air Transport Security Authority’s (CATSA) administration of the Act has been prepared in accordance with section 72(1) of the Act and is hereby submitted for tabling in Parliament under Section 72(2) of the Act.

This is the 19th Annual Report. Previous such reports are available under the “Reports and Summaries” heading of the “Privacy” page on the website.

II - The Canadian Air Transport Security Authority – Mandate

Established as an agent Crown Corporation on April 1, 2002, CATSA‘s mandate is to protect the public by securing critical elements of the air transportation system as assigned by the Government of Canada.

Fully funded by parliamentary appropriations, CATSA is accountable to Parliament through the Minister of Transport. CATSA is governed by a Board of Directors. Operations are directed by a senior management team. CATSA currently contracts security screening to third-party contractors.

CATSA delivers on its mandate of securing Canada’s air transportation system by conducting the following activities across 89 of Canada’s designated airports:

  1. Pre-Board Screening (PBS) - The screening of passengers and their belongings prior to their entry into the secure area of an air terminal building;
  2. Hold Baggage Screening (HBS) - The screening of passengers checked (or hold) baggage to prevent the boarding of prohibited items;
  3. Non-Passenger Screening (NPS) - The random screening of non-passengers accessing restricted areas; and
  4. Restricted Area Identity Card (RAIC) - The program that uses iris and fingerprint biometric identifiers to allow non-passenger access to the restricted areas of airports.

Under an agreement concluded with Transport Canada in 2010, CATSA has the authorization to conduct screening of cargo at smaller airports if there is capacity to do so. Each of these activities is carried out effectively, efficiently, consistently, and in the public interest, as required by the CATSA Act.

Implementation of the Privacy Act at CATSA

The Manager, Privacy and ATIP, who is also the organization’s Access to Information and Privacy (ATIP) Coordinator, is responsible for processing requests received under the Act, as well as privacy policy and compliance. A Senior ATIP Advisor supports the ATIP Coordinator in processing requests under the Act, and a Privacy Advisor supports the privacy policy and compliance function.  In addition, a Disclosure Advisor supports the disclosure Disclosure Advisor provided support for disclosures of personal information under Paragraph 8 of the Act.

The ATIP Coordinator reports directly to the Director, Corporate Services and Assistant General Counsel. The Vice-President, Corporate Services and Corporate Secretary serves as CATSA’s Chief Privacy Officer (CPO). The Vice-President reports directly to the President and Chief Executive Officer.

CATSA’s Privacy Office responsibilities regarding the Act are as follows:

  • receive and process all requests in accordance with the Act;
  • assist requesters in formulating their requests when required;
  • gather all pertinent records and ensure that the search for information is rigorous and complete; receive and process all disclosure requests in accordance with the Act;
  • conduct the initial record review and provide recommendations to the program areas;
  • conduct all internal and external consultations;
  • consolidate recommendations and apply all discretionary and mandatory exemptions under the Act;
  • assist the Office of the Privacy Commissioner (OPC) in all privacy-related matters including complaints against CATSA;
  • prepare annual reports on the administration of the Act;
  • coordinate the annual Info Source update;
  • work with representatives throughout the organization, complete Privacy Impact Assessments for any new or substantially modified activity, program or system that collects or uses personal information;
  • provide ongoing advice and guidance to senior management and staff on matters related to privacy;
  • promote privacy of personal information awareness and training sessions to ensure that all staff are aware of the obligations imposed by legislation;
  • respond to consultations received from external organizations;
  • develop and maintain privacy policies and guidelines;
  • stay current on, and promulgate within CATSA, any changes to administrative requirements for the Act from the Treasury Board of Canada Secretariat, or guidance prepared by the Office of the Privacy Commissioner; and
  • participate in ATIP community activities and ATIP community meetings.

During 2021-2022, CATSA regularly engaged the OPC to discuss initiatives potentially impacting privacy.

III - Delegation of Signing Authority

In accordance with section 73(1) of the Act, a delegation order, signed by CATSA’s President and Chief Executive Officer (CEO), designates the person holding the position of ATIP Coordinator to exercise and perform the privacy duties on behalf of the organization. The delegation order was issued on August 19, 2022.

The signed and dated delegation order is attached to this report as Annex A.

IV - Statistical Report Interpretation

Privacy Act Requests Received and Completed

In the current fiscal year of 2021-2022, CATSA received nine Privacy Act requests, which is the same amount of requests processed in the previous fiscal year.

One file was carried over from the previous fiscal year. Of the nine Privacy Act requests completed during 2021-2022, CATSA processed 530 pages, an average of 59 pages per request. The number of pages processed increased by 453 pages, a significant increase from the previous fiscal year. One file from the previous year was carried over to fiscal year 2022-2023.

Chart I: Annual Formal Requests Received

bar chart presenting the number of requests received
Chart Table 
Fiscal Year 2017-2018 2018-2019 2019-2020 2020-2021 2021-2022
Number of Requests Received 12 4 15 9 9

Chart II: Average Number of Pages Processed per Request

A bar chart presenting the number of pages processed
Chart Table
Fiscal Year 2017-2018 2018-2019 2019-2020 2020-2021 2021-2022
Number of Pages Processed 36 127 55 77 530

Multi-Year Trend

Over the past number of fiscal years, the number of Privacy Act requests submitted to CATSA has fluctuated. Some CATSA Privacy Act requests are from members of the travelling public who wish to know if CATSA has any of their personal information on file.

Completion Time

Of the nine Privacy Act requests completed during the 2021-2022 fiscal year, CATSA was successful in responding to 88% of them within the statutory time frame. This result demonstrates CATSA’s commitment to ensuring that all efforts are made to complete its requests in a timely manner and in compliance with the Privacy Act.

Disposition of Completed Requests

Of the nine completed requests:

  • Seven files (100%) were released without redaction; and
  • For two files, no records were provided. 
  • For the requests that contained a disclosure, three files were delivered electronically and four files in video format.

Exemptions Invoked

No exemptions where invoked.

Extensions

For the nine requests completed in 2021-2022, one extension of 30 days was taken due to the potential for serious interference with the operations of the Organization.

Consultations

During this reporting period, CATSA received one consultation of 83 pages from another government department. No consultations were pending at the end of the previous reporting period.

The full Statistical Report on the Administration of the Act is attached as Annex B.

V - Training and Awareness

The Privacy Advisor and ATIP Coordinator both hold the designation of Certified Information Privacy Professional - Canada (CIPP/C), and keep current through professional development opportunities such as attendance at conferences and peer communication in order to provide the most up to date privacy training.

CATSA continues to provide staff with privacy training, most recently in accordance with its Privacy Training and Awareness Plan adopted in June of 2020. The training plan outlines specific privacy training and awareness activities accessible to various groups, including specific and relevant guidance on how CATSA employees should incorporate privacy considerations into their day-today job functions, especially for those with elevated access to personal information. In 2021-2022, as per the training plan, all new CATSA employees are required to complete the privacy e-learning module as part of the mandatory training requirement within 90 days of start of employment and on a triennial basis thereafter.

CATSA also offers additional privacy training during in-person orientation sessions for new employees. In 2021-2022, 27 employees received this orientation training.

VI - Policies, Guidelines, Procedures and Initiatives

In October 2019, a final Internal Audit report on CATSA’s Privacy Management Accountability Framework (PMAF) was issued. The overall conclusion was that CATSA recognizes the importance of privacy within its operations and the PMAF supports its overall Privacy Program. It also found that key foundational components of CATSA’s overall Privacy Program are established, including well-defined and communicated accountabilities, roles, and responsibilities, the development and implementation of privacy-related policies and practices and the continuation of established privacy risk mitigation measures (i.e. Privacy Impact Assessments (PIAs) and breach reporting).

As a recommendation from this Internal Audit, a Privacy Risk Register was adopted in June 2021. The register is designed as a privacy management tool that permits the recording and tracking of current privacy risks across the organization.

A new Personal Information Inventory (PII) was also adopted in October 2021 as a result of the Internal Audit. The two-phased project first identified, reviewed and analyzed the types of personal information under CATSA’s control across the organization. The second part of the project consolidated that information into an inventory to assist in the Privacy Office’s oversight of personal information holdings. It further allows the alignment of the information found in the Personal Information Banks (PIBs) as outlined in InfoSource, and will be a valuable resource for future projects and programs undertaken by CATSA.

The Privacy Office will continue to assess and update the activities used in CATSA’s PMAF.

VII - Response to Key Issues Raised

During the reporting period, one new complaint has been received under the Act.

VIII - Monitoring Compliance

As a result of the aforementioned Internal Audit, a Privacy Monitoring Plan was developed to mitigate monitoring and reporting compliance risk, and to enhance the foundational components of the CATSA’s Privacy Program. This serves to strengthen compliance monitoring practices beyond the Privacy Impact Assessment (PIA) and breach management processes, and provides an effective way to evaluate the status and maturity of CATSA’s Privacy Program.

The Privacy Monitoring Plan was approved by senior management in September, 2021. Reports on the CATSA’s Privacy Program are submitted to senior management semi-annually.

IX - Material Privacy Breaches

No material privacy breaches occurred during the reporting period.

X - Privacy Impact Assessments

Privacy Impact Assessments (PIAs) provide a framework to ensure that the protection of personal information is considered throughout the design or re-design of a program or service. PIAs identify the extent to which proposals comply with all appropriate statutes and legislation. They assist managers and decision-makers to avoid or mitigate privacy risks and promote only fully informed policy, program and system design choices.

During this fiscal year, the Privacy Office completed a PIA for the FaceStation Access Control System.

Completed PIA summaries are made available on the “Reports and Summaries” section of the “Privacy” page on the CATSA Web site

XI - Public Interest Disclosures

No disclosures were made under paragraph 8(2)(m) of the Act during the reporting period.

COVID-19 Operational impact

In fiscal year 2021-2022, CATSA’s ability to respond to Privacy Act requests within the timelines mandated by the Access to Information Act continued to be affected by COVID-19. During this period, CATSA experienced limitations in processing Privacy Act requests, due to pandemic restrictions from attending at CATSA premises. This was due to the inability to access paper records, which were only retrievable in the physical form and required attendance at the CATSA offices.

Collaboration

CATSA is a strong advocate of collaboration, both internally within the organization as well as within the Privacy Community.

CATSA – The Privacy Office regularly engages with various internal groups to provide advice, ideas and best practices. One example of this collaboration is how Privacy engages representatives from across the organization upon receipt of particularly complex requests. This is implemented as needed to reduce the impact on CATSA’s daily operations.

Privacy Community – The Privacy Office also has regular consultations with other Crown Corporation privacy offices as well as with the Treasury Board Secretariat through quarterly ATIP community meetings. These discussions encourage the sharing of valuable knowledge and experience.

ANNEXES

Annex A: Delegation Order
Annex B: Statistical Report on the Administration of the Privacy Act

Annex A: Delegation Order – Privacy Act

Privacy Act
Delegation of Authority

I, Mike Saunders, President and CEO of CATSA, pursuant to subsection 73(1) of the Privacy Act, designate the persons holding the positions set out in the attached Schedule ‘A’, or persons acting in those positions, to exercise the powers and perform the duties and functions that have been given to me as head of a government institution under the sections of the Privacy Act, as set out in the Schedule.

Mike Saunders
President and Chief Executive Officer
Canadian Air Transport Security Authority

Signed in Ottawa, Ontario, Canada this 19 day of August 2022


Schedule A

Delegation Pursuant to Subsection 73(1) of the Act
Section Description ATIP
Coordinator
Vice-President, Operations Senior Director, Operations General Manager, Program Delivery  Manager, Security Operations Centre Director HR Senior ATIP Advisor
For requests related to passenger and non-passenger records For requests related to employee records
8(2)
(b)
For any purpose in accordance with any Act of Parliament or any regulation made thereunder that authorizes its disclosure Yes Yes Yes Yes Yes Yes No
8(2)
(c)
For the purpose of complying with a subpoena or warrant issued or order made by a court, person or body with jurisdiction to compel the production of information or for the purpose of complying with rules of court relating to the production of information Yes Yes Yes Yes Yes Yes No
8(2)
(d)
To the Attorney General of Canada for use in legal proceedings involving the Crown in right of Canada or the Government of Canada Yes No No No No Yes No
8(2)
(e)
To an investigative body specified in the regulations, on the written request of the body, for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation, if the request specifies the purpose and describes the information to be disclosed Yes Yes Yes Yes Yes Yes No
8(2)
(f)
Under an agreement or arrangement between the Government of Canada or an institution thereof and the government of a province, the council of the Westbank First Nation, the council of a participating First Nation — as defined in subsection 2(1) of the First Nations Jurisdiction over Education in British Columbia Act —, the government of a foreign state, an international organization of states or an international organization established by the governments of states, or any institution of any such government or organization, for the purpose of administering or enforcing any law or carrying out a lawful Investigation Yes Yes Yes Yes Yes Yes No
8(2)
(g)
To a member of Parliament for the purpose of assisting the individual to whom the information relates in resolving a problem Yes No No No No Yes No
8(2)
(h)
To officers or employees of the institution for internal audit purposes, or to the office of the Comptroller General or any other person or body specified in the regulations for audit purposes Yes No No No No No No
8(2)
(i)
To the Library and Archives of Canada for archival purposes Yes No No No No No No
8(2)
(j)
To any person or body for research or statistical purpose when satisfied that the purpose for which the information is disclosed meets the conditions referred to in that paragraph Yes No No No No No No
8(2)
(k)
To any aboriginal government, association of aboriginal people, Indian band, government institution or part thereof, or to any person acting on behalf of such government, association, band, institution or part thereof, for the purpose of researching or validating the claims, disputes or grievances of any of the aboriginal peoples of Canada Yes No No No No No No
8(2)
(l)
To any government institution for the purpose of locating an individual in order to collect a debt owing to Her Majesty in right of Canada by that individual or make a payment owing to that individual by Her Majesty in right of Canada Yes No No No No Yes No
8(2) (m)
(i)
For any purpose where, in the opinion of the head of the institution the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure Yes Yes Yes No No No No
8(2) (m)
(ii)
For any purpose where, in the opinion of the head of the institution, disclosure would clearly benefit the individual to whom the information relates Yes Yes Yes No No No No
8(4) To keep copies of requests made under 8(2)(e), keep records of information disclosed pursuant to such requests and to make those copies and records available to Privacy Commissioner Yes No No No Yes No No
8(5) To notify the Privacy Commissioner in writing of disclosure under paragraph 8(2)(m) Yes No No No No No No
9(1) To retain a record of use of personal information Yes No No No Yes No Yes
9(4) To notify the Privacy Commissioner of consistent use of personal information and update index accordingly Yes No No No No No No
10 To include personal information in personal information banks Yes No No No No No No
4( a)
(b)
To give notice to applicant that access will be given and to give access to requester Yes No No No No No Yes
15 To extend time limit and give notice Yes No No No No No Yes
18(2) To refuse to disclose any personal information requested under that subsection Yes No No No No No Yes
19 - 28 To refuse to disclose any personal information requested under that subsection Yes No No No No No Yes
33(2) To make representations to the Privacy Commissioner Yes No No No No No No
35(1) (b) To receive the report of findings of the investigation and give notice of action taken or proposed to be taken or reasons why no action has been or is proposed to be taken Yes No No No No No No
35(4) To provide access to personal information Yes No No No No No No
37(3) To receive the report of findings after investigation in respect of personal information Yes No No No No No No
69 To refuse to disclose a record referred to in that section Yes No No No No No Yes
70 To refuse to disclose a record referred to in that section Yes No No No No No Yes
72(1) To prepare annual report for submission to Parliament Yes No No No No No Yes
77 To carry out responsibilities conferred on the Head of the institution by regulations made under section 77 which are not included above Yes No No No No No No

The ATIP Coordinator, the Vice-President, Corporate Services, General Counsel, Corporate Secretary (CPO), the Senior Vice-President, Operations, the Senior Director, Program Delivery, the General Manager, Program Delivery, the General Manager, Corporate Security and the Director, HR are authorized to designate in writing a member of their staff to act on their behalf in case of absence or unavailability.

Annex B: Statistical Report on the Administration of the Privacy Act

Name of institution: Canadian Air Transport Security Authorithy

Reporting period: 4/1/2021 to 3/31/2022

Section 1: Requests Under the Privacy Act

1.1 Number of requests received

Description Number of Requests
Received during reporting period 9
Outstanding from previous reporting periods 1
  • Outstanding from previous reporting period
1  
  • Outstanding from more than one reporting period
0  
Total 10
Closed during reporting period 9
Carried over to next reporting period 1
  • Carried over within legislated timeline
0  
  • Carried over beyond legislated timeline
1  

1.2 Channels of requests

Source Number of Requests
Online 0
E-mail 8
Mail 1
In person 0
Phone 0
Fax 0
Total 9

Section 2: Informal requests

2.1 Number of informal requests

Description Number of Requests
Received during reporting period 0
Outstanding from previous reporting periods 0
  • Outstanding from previous reporting period
0  
  • Outstanding from more than one reporting period
0  
Total 0
Closed during reporting period 0
Carried over to next reporting period 0
  • Carried over within legislated timeline
0  
  • Carried over beyond legislated timeline
0  

2.2 Channels of informal requests

Source Number of Requests
Online 0
E-mail 0
Mail 0
In person 0
Phone 0
Fax 0
Total 0

2.3 Completion time of informal requests

Completion Time
1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180
Days
181 to 365
Days
More Than
365 Days
Total
0 0 0 0 0 0 0 0

2.4 Pages released informally

Less Than
100 Pages Released
100-500
Pages 
Released
501-1000
Pages R
eleased
1001-5000 
Pages
Released
More Than
5000 Pages Released
Number of Requests Pages Released Number of Requests Pages Released Number of Requests Pages Released Number of Requests Pages Released Number of Requests Pages Released
0 0 0 0 0 0 0 0 0 0

Section 3: Requests Closed During the Reporting Period

3.1 Disposition and completion time

Completion Time
Disposition of
Requests
1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to
180
Days
181 to 365
Days
More
Than 365
Days
Total
All disclosed 0 6 1 0 0 0 0 7
Disclosed in part 0 0 0 0 0 1 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
No records exist 2 0 0 0 0 0 0 2
Request abandoned 0 0 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0
Total 2 6 1 0 0 0 0 9

3.2 Exemptions

Section Number of
Requests
Section Number of
Requests
Section Number of
Requests
18(2) 0 22(1)(a)(i) 0 23(a) 0
19(1)(a) 0 22(1)(a)(ii) 0 23(b) 0
19(1)(b) 0 22(1)(a)(iii) 0 24(a) 0
19(1)(c) 0 22(1)(b) 0 24(b) 0
19(1)(d) 0 22(1)(c) 0 25 0
19(1)(e) 0 22(2) 0 26 0
19(1)(f) 0 22.1 0 27 0
20 0 22.2 0 27.1 0
21 0 22.3 0 28 0
  22.4 0  

3.3 Exclusions

Section Number of
Requests
Section Number of
Requests
Section Number of
Requests
69(1)(a) 0 70(1) 0 70(1)(d) 0
69(1)(b) 0 70(1)(a) 0 70(1)(e) 0
69.1 0 70(1)(b) 0 70(1)(f) 0
  70(1)(c) 0 70.1 0

3.4 Format of information released

Paper Electronic Other
E-record Data set Video Audio
0 3 0 4 0 0

3.5 Complexity

3.5.1 Relevant pages processed and disclosed for paper and e-record formats
Number of Pages Processed Number of Pages Disclosed Number of Requests
530 530 3
 3.5.2 Relevant pages processed by request disposition for paper and e-record formats by size of requests
Pages Less Than
100 Pages
Processed
100-500
Pages
Processed
500-1000
Pages
Processed
1001-5000
Pages
Processed
More Than 5000
Pages Processed
Disposition Number of
Requests
Pages Processed Number of
Requests
Pages Processed Number of
Requests
Pages Processed Number of
Requests
Pages Processed Number of
Requests
Pages Processed
All disclosed 1 9 2 521 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0 0 0
Total 1 9 2 521 0 0 0 0 0 0
3.5.3 Relevant minutes processed and disclosed for audio formats
Number of Minutes Processed Number of Minutes Disclosed Number of Requests
0 0 0
3.5.4 Relevant minutes processed per request disposition for audio formats by size of requests
Disposition Less than 60 Minutes processed 60-120 Minutes processed More than 120 Minutes processed
  Number of requests Minutes Processed Number of requests Minutes Processed Number of requests Minutes Processed
All disclosed 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0
All exempted 0 0 0 0 0 0
All excluded 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0
Total 0 0 0 0 0 0
3.5.5 Relevant minutes processed and disclosed for video formats
Number of Minutes Processed Number of Minutes Disclosed Number of Requests
4 4 4
3.5.6 Relevant minutes processed per request disposition for video formats by size of requests
Disposition Less than 60 Minutes processed 60-120 Minutes processed More than 120 Minutes processed
  Number of requests Minutes Processed Number of requests Minutes Processed Number of requests Minutes Processed
All disclosed 4 4 0 0 0 0
Disclosed in part 0 0 0 0 0 0
All exempted 0 0 0 0 0 0
All excluded 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0
Total 4 4 0 0 0 0
3.5.7 Other complexities
Disposition Consultation Required Legal Advice Sought Interwoven Information Other Total
All disclosed 0 0 0 0 0
Disclosed in part 0 0 0 0 0
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0
Total 0 0 0 0 0

3.6 Closed requests

3.6.1 Number of requests closed within legislated timelines
Description Number of Requests
Number of requests closed within legislated timelines 8
Percentage of requests closed within legislated timelines (%) 88.88888889

3.7 Deemed refusals

3.7.1 Reasons for not meeting legislated timelines
Principal Reason
Number of requests closed past the legislated timelines Interference with operations / Workload External Consultation Internal Consultation Other
1 1 0 0 0
3.7.2 Request closed beyond legislated timelines (including any extension taken)
Number of days past legislated timelines Number of requests past legislated timeline where no extension was taken Number of requests past legislated timeline where an extension was taken Total
1 to 15 days 0 0 0
16 to 30 days 0 0 0
31 to 60 days 0 0 0
61 to 120 days 0 1 1
121 to 180 days 0 0 0
181 to 365 days 0 0 0
More than 365 days 0 0 0
Total 0 1 1

3.8 Requests for translation

Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 4: Disclosures Under Subsections 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
152 0 0 152

Section 5: Requests for Correction of Personal Information and Notations

Disposition for Correction Requests Received Number
Notations attached 0
Requests for correction accepted 0
Total 0

Section 6: Extensions

6.1 Reasons for extensions

Section 15(a)(i) Interference with operations 15 (a)(ii) Consultation

15(b)

Translation purposes or conversion

Number
of
extensions
taken
Further
review
required to
determine
exemptions
Large
volume
of pages
Large
volume of
requests
Documents
are difficult
to obtain
Cabinet
Confidence
Section
(Section 70)
External Internal  
1 0 1 0 0 0 0 0 0

6.2 Length of extensions

Section 15(a)(i) Interference with operations 15 (a)(ii) Consultation 15(b) Translation purposes or conversion
Length of Extensions Further
review
required to
determine
exemptions
Large
volume
of pages
Large
volume of
requests
Documents
are difficult
to obtain
Cabinet
Confidence
Section
(Section 70)
External Internal
1 to 15 days 0 0 0 0 0 0 0 0
16 to 30 days 0 1 0 0 0 0 0 0
31 days or greater - - - - - - - -
Total 0 1 0 0 0 0 0 0

Section 7: Consultations Received From Other Institutions and Organizations

7.1 Consultations received from other Government of Canada institutions and other organizations

Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during the reporting period 1 83 0 0
Outstanding from the previous reporting period 0 0 0 0
Total 1 83 0 0
Closed during the reporting period 1 83 0 0
Carried over within negotiated timelines 0 0 0 0
Carried over beyond negotiated timelines 0 0 0 0

7.2 Recommendations and completion time for consultations received from other Government of Canada institutions

Number of Days Required to Complete Consultation Requests
Recommendation 1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180 Days 181 to 365
Days
More Than 365 Days Total
Disclose entirely 1 0 0 0 0 0 0 1
Disclose in part 0 0 0 0 0 0 0 0
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 1 0 0 0 0 0 0 1

7.3 Recommendations and completion time for consultations received from other organizations outside the Government of Canada

Number of days required to complete consultation requests
Recommendation 1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180 Days 181 to 365
Days
More Than 365 Days Total
Disclose entirely 0 0 0 0 0 0 0 0
Disclose in part 0 0 0 0 0 0 0 0
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Section 8: Completion Time of Consultations on Cabinet Confidences

8.1 Requests with Legal Services

Pages Less Than 100
Pages Processed
100-500
Pages Processed
500-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number of Days Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

8.2 Requests with Privy Council Office

Pages Less Than 100
Pages Processed
100-500
Pages Processed
500-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number
of Days
Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Section 9: Complaints and Investigations Notices Received

Section 31 Section 33 Section 35 Court action Total
1 0 0 0 1

Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBs)

10.1 Privacy Impact Assessments

Description Number
Number of PIAs completed 2
Number of PIAs modified 0

10.2 Institution-specific and Central Personal Information Banks

Personal Information Banks Active Created Terminated Modified
Institution-specific 0 0 0 0
Central 0 0 0 0
Total 0 0 0 0

Section 11: Privacy Breaches

11.1 Material Privacy Breaches reported

Description Number
Number of material privacy breaches reported to TBS 0
Number of material privacy breaches reported to OPC 0

11.2 Non-Material Privacy Breaches

Description Number
Number of non-material privacy breaches 3

Section 12: Resources Related to the Privacy Act

12.1 Allocated Costs

Expenditures Amount
Salaries $260,000
Overtime $0
Goods and Services $4,000
  • Professional services contracts
$4,000  
  • Other
$0
Total $264,000

12.2 Human Resources

Resources Person Years Dedicated to Privacy Activities
Full-time employees 2.700
Part-time and casual employees 0.000
Regional staff 0.000
Consultants and agency personnel 0.300
Students 0.000
Total 3.000

Note: Enter values to three decimal places.

Annex C: Supplemental Statistical Report on Access to Information Act and the Privacy Act

Name of institution: Canadian Air Transport Security Authority

Reporting period: 2021-04-01 to 2022-03-31

Section 1: Capacity to Receive Requests under the Access to Information Act and the Privacy Act

Enter the number of weeks your institution was able to receive ATIP requests through the different channels.

Description Number of Weeks
Able to receive requests by mail 52
Able to receive requests by email 52
Able to receive requests through the digital request service 0

Section 2: Capacity to Process Records under the Access to Information Act and the Privacy Act

2.1 Enter the number of weeks your institution was able to process paper records in different classification levels

Description No Capacity Partial Capacity Full Capacity Total
Unclassified Paper Records 0 0 52 52
Protected B Paper Records 0 52 0 52
Secret and Top Secret Paper Records 0 52 0 52

2.2 Enter the number of weeks your institution was able to process electronic records in different classification levels.

Description No Capacity Partial Capacity Full Capacity Total
Unclassified Paper Records 0 0 52 52
Protected B Paper Records 0 0 52 52
Secret and Top Secret Paper Records 0 52 0 52

Section 3: Open Requests and Complaints Under the Access to Information Act

3.1 Enter the number of open requests that are outstanding from previous reporting periods.

Fiscal Year Open Requests Were Received Open Requests that are Within Legislated Timelines as of March 31, 2022 Open Requests that are Beyond Legislated Timelines as of March 31, 2022 Total
Received in 2021-2022 0 2 2
Received in 2020-2021 0 0 0
Received in 2019-2020 0 0 0
Received in 2018-2019 0 0 0
Received in 2017-2018 0 0 0
Received in 2016-2017 0 0 0
Received in 2015-2016 or earlier 0 0 0
Total 0 2 2

3.2 Enter the number of open complaints with the Information Commissioner of Canada that are outstanding from previous reporting periods.

Fiscal Year Open Complaints Were Received by Institution Number of Open Complaints
Received in 2021-2022 0
Received in 2020-2021 3
Received in 2019-2020 0
Received in 2018-2019 0
Received in 2017-2018 0
Received in 2016-2017 0
Received in 2015-2016 or earlier 0
Total 3

Section 4: Open Requests and Complaints Under the Privacy Act

4.1 Enter the number of open requests that are outstanding from previous reporting periods.

Fiscal Year Open Requests Were Received Open Requests that are Within Legislated Timelines as of March 31, 2023 Open Requests that are Beyond Legislated Timelines as of March 31, 2023 Total
Received in 2021-2022 0 1 1
Received in 2020-2021 0 0 0
Received in 2019-2020 0 0 0
Received in 2018-2019 0 0 0
Received in 2017-2018 0 0 0
Received in 2016-2017 0 0 0
Received in 2015-2016 or earlier 0 0 0
Total 0 1 1

Row 8, Col. 3 of Section 4.1 must equal Row 7, Col. 1 of Section 1.1 of the 2021-2022 Statistical Report on the Privacy Act

4.2 Enter the number of open complaints with the Privacy Commissioner of Canada that are outstanding from previous reporting periods.

Fiscal Year Open Complaints Were Received by Institution Number of Open Complaints
Received in 2021-2022 1
Received in 2020-2021 1
Received in 2019-2020 0
Received in 2018-2019 0
Received in 2017-2018 0
Received in 2016-2017 0
Received in 2015-2016 0
Received in 2014-2015 0
Received in 2013-2014 or earlier 0
Total 2

Section 5: Social Insurance Number

Question Answer
Has your institution begun a new collection or a new consistent use of the SIN in 2021-2022? No