2011-2012 Annual Report to Parliament on the Administration of the Privacy Act

Source URL

http://www.cra-arc.gc.ca/gncy/tp/rprts/2011-2012/rc4415-1-12-eng.html

Disclaimer

We do not guarantee the accuracy of this copy of the CRA website.

Scraped Page Content

2011-2012 Annual Report to Parliament on the Administration of the Privacy Act

Foreword

Each fiscal year, the head of every government institution has to prepare and submit to Parliament a report on the administration of the Privacy Act (PA).

This annual report is tabled in Parliament in accordance with section 72 of the PA under the direction of the Minister of National Revenue and the Commissioner of the Canada Revenue Agency (CRA). It describes how the CRA administered and fulfilled its obligations under the PA during the period April 1, 2011 to March 31, 2012. It also discusses issues of interest related to program delivery, emerging trends, and areas of focus for the year ahead.

The Privacy Act

The PA came into force on July 1, 1983. It protects the privacy of individuals by outlining strong requirements for collecting, retaining, using, disclosing, and disposing of personal information held by government institutions. It also provides individuals (or their authorized representatives) with a right of access to their own personal information, with limited and specific exceptions and with certain rights of correction, annotation, or both. Individuals who are dissatisfied with any matter related to a formal request made under the PA are entitled to complain to the Privacy Commissioner of Canada.

The PA’s formal processes do not replace other means of getting government information. The CRA encourages individuals and their representatives to consider obtaining information through the following informal methods:

  • topical indexes on the CRA Web site: http://www.cra-arc.gc.ca/azindex/menu-eng.html
  • individual income tax enquiries line: 1-800-959-8281
  • universal child care benefit, Canada child tax benefit and related provincial and territorial programs, child disability benefit, and children's special allowances enquiries: 1‑800‑387‑1193
  • forms and publications: 1-800-959-2221
  • TTY (Teletypewriter for persons who are deaf or hard of hearing or who have a speech impairment): 1-800-665-0354

Table of contents

Overview of the Canada Revenue Agency

The Canada Revenue Agency (CRA) administers tax laws for the Government of Canada and for most provinces and territories. It also administers various social and economic benefit and incentive programs delivered through the tax system. In addition, the CRA has the authority to enter into new partnerships with the provinces, territories, and other government bodies—at their request and on a cost-recovery basis—to administer non-harmonized taxes and other services. Overall, the CRA promotes compliance with Canada's tax legislation and regulations and plays an important role in the economic and social well-being of Canadians.

The Minister of National Revenue is accountable to Parliament for all of the CRA's activities, including administering and enforcing the Income Tax Act and the Excise Tax Act.

The Canada Revenue Agency Act provides for the establishment of a Board of Management consisting of 15 directors appointed by the Governor in Council. They include the Chair, the Commissioner and Chief Executive Officer, a director nominated by each province, one director nominated by the territories, and two directors nominated by the federal government. Under the provisions of the Canada Revenue Agency Act, the Board of Management oversees the organization and administration of the CRA, including the management of its resources, services, property, personnel, and contracts. In fulfilling this role, the Board of Management brings a forward-looking strategic perspective to the CRA’s operations, fosters sound management practices, and is committed to efficient and effective service delivery.

As the CRA's chief executive officer, the Commissioner is responsible for the day-to-day administration and enforcement of the program legislation that falls under the Minister's delegated authority. The Commissioner is accountable to the Board of Management for managing the CRA, supervising employees, and implementing policies and budgets. Moreover, the Commissioner must assist and advise the Minister with respect to legislated authorities, duties, functions, and Cabinet responsibilities.

The CRA is made up of 13 branches and 5 regional offices across the country.

Branches

  • Appeals
  • Assessment and Benefit Services
  • Compliance Programs
  • Corporate Audit and Evaluation
  • Enterprise Risk Management
  • Finance and Administration
  • Human Resources
  • Information Technology
  • Legal Services
  • Legislative Policy and Regulatory Affairs
  • Public Affairs
  • Strategy and Integration
  • Taxpayer Services and Debt Management

Regions

  • Atlantic
  • Ontario
  • Pacific
  • Prairie
  • Quebec

The Access to Information and Privacy Directorate

The Access to Information and Privacy (ATIP) Directorate supports the CRA in meeting its requirements under the Access to Information Act (ATIA) and the Privacy Act (PA). To fulfill this mandate, the ATIP Directorate:

  • responds to requests and enquiries under the ATIA and the PA;
  • provides advice and guidance to CRA employees on requirements related to requests for, and the proper management of, personal information under the CRA’s control;
  • coordinates privacy impact assessment processes within the CRA, including providing expert advice to CRA employees on privacy implications, risks, and options for avoiding or reducing risks;
  • provides training and awareness sessions on the ATIA, the PA, and the practices and requirements for managing personal information;
  • communicates with the Treasury Board Secretariat and the offices of the information and privacy commissioners of Canada about complaints, audits, and policy or legislative requirements; and
  • fulfills corporate planning and reporting obligations such as the CRA’s annual reports to Parliament on the administration of the ATIA and the PA.

Marie-Claude Juneau is the Director of the ATIP Directorate. She reports to the Assistant Commissioner of the Public Affairs Branch.

In 2011-2012, 130 full-time employees were responsible for administering the ATIA and the PA. The ATIP Directorate is made up of two main components: production, and program support and training (internal and CRA-wide). In addition to its headquarters office in Ottawa, the ATIP Directorate has one office in Vancouver and one in Montreal.

View larger image

The Access to Information and Privacy Oversight Review Committee

The Access to Information and Privacy Oversight Review Committee is an executive-level committee with representatives from branches across the CRA. The committee facilitates senior horizontal review of emerging access to information and privacy issues that could have an impact on the CRA. The committee reviews privacy impact assessments and examines federal government policies and initiatives that pertain to access to information and privacy at the CRA. In 2011-2012, committee membership was extended to the Enterprise Risk Management Branch and the Legal Services Branch in a further effort to address potential legal and high-risk issues.

Delegation of responsibilities under the Privacy Act

As head of the CRA, the Minister of National Revenue is responsible for how the CRA administers the PA and complies with Treasury Board Secretariat policy instruments. Section 73 of the PA gives the Minister of National Revenue the authority to designate one or more officers or employees of the CRA to exercise or perform all, or part, of the Minister’s powers, duties, and functions under the Act.

The CRA’s current Designation Order for the PA was signed by Gail Shea, Minister of National Revenue, on June 8, 2011. It identifies specific provisions of the PA and its regulations that the Minister has delegated to various positions within the CRA.

The ATIP Director, assistant directors, and managers of the production units approve responses to ATIA and PA requests. Delegations are extended to assistant commissioners, although they are exercised only in exceptional cases, if ever. In 2011-2012, there were no cases where delegation was exercised by assistant commissioners.

View larger image

Schedule – Privacy Act

Officers authorized to perform the powers, duties, and functions given to the Minister of National Revenue as head of a government institution under the provisions of the Privacy Act and its regulations.

Paragraphs 8(2)(j) and (m); subsections 8(5) and 9(1); sections 14 to 16; paragraphs 17(2)(b) and 17(3)(b); subsections 19(1) and 19(2); sections 20 to 22 and 23 to 28; and subsections 33(2), 35(1), and 35(4) of the Privacy Act; as well as section 9; subsections 11(2), 11(4), 13(1); and section 14 of the Privacy Regulations

  • Commissioner
  • Deputy Commissioner
  • Assistant commissioners
  • Chief Audit Executive and Director General Program Evaluation, Corporate Audit and Evaluation Branch
  • Director, Access to Information and Privacy (ATIP) Directorate, Public Affairs Branch
  • Assistant directors, ATIP Directorate, Public Affairs Branch
  • Managers, ATIP Directorate, Public Affairs Branch

Section 22.3 of the Privacy Act

  • Commissioner
  • Deputy Commissioner
  • Chief Audit Executive and Director General Program Evaluation, Corporate Audit and Evaluation Branch
  • Assistant Commissioner, Public Affairs Branch
  • Director, ATIP Directorate, Public Affairs Branch
  • Assistant directors, ATIP Directorate, Public Affairs Branch

Subsections 8(4) and 9(4); section 10; paragraph 51(2)(b); and subsection 51(3) of the Privacy Act

  • Commissioner
  • Deputy Commissioner
  • Assistant commissioners
  • Chief Audit Executive and Director General Program Evaluation, Corporate Audit and Evaluation Branch
  • Director, ATIP Directorate, Public Affairs Branch
  • Assistant directors, ATIP Directorate, Public Affairs Branch

Section 31 and subsections 37(3) and 72(1) of the Privacy Act

  • Commissioner
  • Deputy Commissioner
  • Assistant Commissioner, Public Affairs Branch
  • Director, ATIP Directorate, Public Affairs Branch
  • Assistant directors, ATIP Directorate, Public Affairs Branch

Statistical report – interpretation and explanation

Appendix A provides a statistical report on the PA for the 2011‑2012 reporting period. The following explains and interprets the statistical information.

Requests under the Privacy Act

During the period April 1, 2011 to March 31, 2012, the CRA received 1,362 new privacy requests. This represents a significant decrease of 1,238 requests (47%) compared to the previous year. Since 318 requests were carried forward from 2010-2011, there was a total of 1,680 active requests.

The following table shows the number of requests the CRA received and completed in the past five fiscal years.

Fiscal year

Requests received

Requests completed

Pages processed

2007-2008

1,406

1,355

340,217

2008-2009

1,553

1,447

392,173

2009-2010

2,083

1,973

371,766

2010-2011

2,600

2,767

725,741

2011-2012

1,362

1,497

510,503

In addition, the ATIP Directorate’s Program Support and Training Division responded to 800 emails and 876 telephone enquiries from both inside and outside the CRA. Responses to enquiries included giving advice and guidance on processes and procedures relating to the PA or the ATIA and providing alternative contact information.

Disposition of requests

During the reporting period, the ATIP Directorate completed 1,497 privacy requests, which included reviewing 510,503 pages of records. The following table shows the disposition of the requests.

Disposition

Number of requests

Percentage

All disclosed

322

21.50%

Disclosed in part

929

62.06%

All exempted

6

0.40%

All excluded

0

0%

No records exist

72

4.81%

Request abandoned

168

11.23%

For more details, including completion times, see Appendix A.

Exemptions

The following table shows the number of requests in which the listed sections under the PA were invoked.

Section

Description

Number of requests

Percentage

19

Obtained in confidence from other governments

65

4.34%

21

Injurious to the conduct of international affairs, the defence of Canada or an allied state, or pertains to subversive activities

2

0.13%

22

Law enforcement and investigation information or security of institutions

488

32.60%

25

Safety of individuals

1

0.07%

26

Personal information

768

51.30%

27

Solicitor-client privilege

118

7.88%

28

Physical or mental health of an individual

1

0.07%

Exclusions

One exclusion was cited under section 69 and none was cited under section 70.

Format of information released

In 2011-2012, the Montreal ATIP Directorate office launched a pilot project that gave requestors the choice of receiving their response package on CD or DVD. Providing electronic documents reduced manual processes and paper consumption.

Of the 1,251 PA requests for which information was disclosed in full or in part, 83% were released in paper format and 16% were released electronically. A further 1% was released in other formats (such as viewing the material in a reading room).

Complexity of requests

Based on the Treasury Board Secretariat’s complexity criteria, many requests that the CRA processed are considered complex because of their number of pages. Of the PA requests closed during 2011-2012, 49% involved processing 100 pages or more. In fact, 5 of these requests involved processing an average of 7,623 pages. In total, the CRA processed 510,503 pages during 2011-2012. It is important to mention that many requests involving fewer than 100 pages were also considered complex due to the subject matter and sensitivity of the file. For more details, see Appendix A.

Deemed refusals

Of the 1,497 requests that were closed during 2011-2012, 319 (or 21%) were closed past the statutory deadline for reasons including workload capacity, and external and internal consultations. This figure is higher than normal because the CRA focused on eliminating aged inventory in 2011-2012.

The number of requests that took an extended period of time to process was also significantly higher in 2011-2012 compared to previous years. Again, this is largely because of the CRA’s decision to focus primarily on eliminating aged inventory this fiscal year.

Requests for translation

No translations were needed to respond to requests for personal information during the fiscal year.

Completion time and extensions

The following table outlines the completion time frames for the 1,497 requests processed in 2011-2012.

Completion time

Number of requests

Percentage

30 days or under

703

46.96%

31 to 60 days

449

29.99%

61 to 120 days

163

10.89%

121 days or more

182

12.16%

The ATIP Directorate completed 1,178 (78.6%) requests within the time frame required by law. This means that responses were provided within 30 calendar days or, where an extension was claimed, within the extended deadline.

The ATIP Directorate claimed time extensions on 553 requests in 2011-2012. The extensions were applied because meeting the original 30-day time limit would have interfered unreasonably with operations or because the CRA needed to consult with third parties or other government institutions.

Corrections and notation

The CRA received one request to correct personal information that it held. This request was still open at the end of 2011-2012.

Consultations

During 2011-2012, the ATIP Directorate closed 19 consultation requests from other government institutions and organizations. A total of 420 pages were reviewed to respond to these requests.

For more details on consultations received from other government institutions and organizations, including disposition and completion times, see Appendix A.

Completion time of consultations on Cabinet confidences

There were no consultations on Cabinet confidences in 2011-2012.

Costs

During 2011-2012, the ATIP Directorate’s estimated total cost to administer the PA was $3,271,239.00 excluding coordination support from the branches. For more details, see Appendix A.

Operational environment

The CRA collects extensive volumes of personal information under the Income Tax Act and the Excise Tax Act, as well as under various federal and provincial economic and social benefit programs. In addition, the CRA collects and manages the personal employment information for its more than 44,000 employees. Given the volume of personal information the CRA manages, it is critical that the CRA has a framework in place to ensure the information is properly collected, used, disclosed, retained, and disposed.

Over the past several years, the ATIP Directorate has focused much effort on strengthening privacy governance in accordance with recommendations[1] from the Office of the Privacy Commissioner and requirements of the Treasury Board Secretariat’s Directive on Privacy Practices. In 2011-2012, many projects were initiated toward this end:

  • CRA privacy policy instruments were finalized to strengthen privacy governance, and received final senior management approval just after the end of the fiscal year.
  • Enhanced training was provided to key stakeholders on privacy impact assessments.
  • The information-sharing protocol developed between the ATIP Directorate and the Security and Internal Affairs Directorate was updated to maximize the efficiency and effectiveness of processes and to improve the ATIP Directorate’s management of privacy breaches.

These projects formed part of a lager multi-year improvement plan developed within the directorate to enhance its performance. This plan focuses on four key areas: communications, training, staffing, and efficiency measures.

As the following illustration highlights, the CRA has made significant progress in implementing this action plan.

View larger image

Communications

In 2011-2012, the ATIP Directorate undertook a wide range of communications activities to support and promote effective privacy management across the CRA, and to inform Canadians about means to access personal information from the CRA. Below is a summary of some of the key activities completed in 2011-2012.

Data Privacy Day

In January 2012, the CRA promoted Data Privacy Day throughout the CRA. A key goal of this day is to raise awareness about the importance of properly managing and protecting personal information. Some of the tools and resources added to the CRA intranet site to promote the importance of safeguarding personal information included the following:

  • The Data Management Reference Centre: a central repository of best practices, standards, guidelines, and procedures.
  • Guidelines on the use and disclosure of personal information.
  • A brochure on protecting and handling information: this document describes how to handle confidential, secret, and top-secret records, as well as those that are Protected A, B, and C.
  • A portal that provides information to employees to prevent unlawful attempts to obtain tax information and to ensure that taxpayers’ rights are protected.

CRA intranet

Ensuring that all CRA employees have the necessary tools to fulfill their privacy-related responsibilities is an ongoing priority for the ATIP Directorate. In 2011-2012, the ATIP Directorate revamped its intranet site to provide online tools for all CRA stakeholders involved in responding to ATIP requests. The information included guidance on how to respond to an ATIP request, how to make recommendations, and an enhanced frequently-asked-questions section. Updates also included tools and guidance to ensure that employees are aware of their responsibilities for properly protecting and managing personal information.

CRA Internet

To inform Canadians about how the CRA protects personal information, and how they can access it, the ATIP Directorate revised and added new content to the CRA Web site. This content outlines the CRA’s practices for collecting, using, and disclosing personal information; provides the information required to make a request for personal information; and, highlights how Canadians can request information informally.

Internal engagement

During 2011-2012, the ATIP Directorate worked with the ATIP Oversight Review Committee to support the review and approval of the CRA’s privacy policy instruments and the roll-out of communications initiatives across the CRA. This committee was also instrumental in soliciting input from branches across the CRA to support collaboration on initiatives of shared interest. For example, committee members were key in supporting the roll-out of Data Privacy Day throughout the CRA.

The ATIP Directorate also worked with the Finance and Administration Branch and the Strategy and Integration Branch to ensure that sufficient privacy protection clauses are included within Memoranda of Understanding and other information-sharing arrangements, and contracts involving personal information.

Other consultations with Finance and Administration included updating a protocol with the Security and Internal Affairs Directorate for processing privacy breach files.

The ATIP Directorate also collaborated with the Legal Services Branch and program areas to discuss updating privacy notices for forms and Web sites that collect personal information, to ensure compliance with Treasury Board Secretariat requirements.

Training

The ATIP Directorate substantially expanded training to key audiences within the CRA during 2011-2012. Training and awareness material was amended to emphasize the importance and necessity of undertaking privacy impact assessments in the early planning stages of new and substantially revised initiatives that involve personal information. For example, to promote Data Privacy Day, 93 employees attended sessions on privacy impact assessments.

Training on access to information and privacy was delivered to 3,538 employees in 169 sessions across Canada. This represents a 218% increase in employees trained compared to fiscal year 2010-2011.

Further training was also offered to management through the CRA’s MG Learning Program: 22 sessions were delivered to 440 managers. Also, the Legal Services Branch delivered 6 training sessions to 94 employees on applying ATIA and PA legislation and jurisprudence.

The ATIP Directorate also gave extensive training to employees working within the directorate. Specifically, training was provided on the in-house tracking and electronic redaction system (an in-house scanning and severing application), and all new analysts were given comprehensive training on the ATIA and PA and how they apply within the CRA.

Staffing

In 2011-2012, the ATIP Directorate received significant resources and continued to implement its multi-year improvement plan. As a result, the ATIP Directorate:

  • hired 32 term employees to process files more quickly;
  • expanded the team established in 2010-2011 to focus on eliminating aged inventory; and
  • hired more staff to strengthen privacy governance, expand communications and training, and implement efficiency measures.

These staffing measures enabled the ATIP Directorate to exceed its production targets. Indeed, at the end of 2011-2012, the ATIP Directorate had eliminated 100% of its pre-April 2010 inventory and 92.4 % of its carry-forward inventory from the previous fiscal year. The latter was well over the 75% target established within the workload elimination plan.

As a result of these measures, the number of files carried forward (183) to 2012-2013 was the lowest it has been since 2001-2002.

Efficiency measures

Making operations sustainable over the longer term remains a critical goal for the ATIP Directorate. Toward this end, the ATIP Directorate implemented a number of efficiency measures in 2011-2012. The most significant were the following:

  • Reorganized its divisions according to the subject matter of requests. Reorganizing divisions along these lines is intended to maximize productivity, to support CRA employees, and to better meet taxpayers’ needs.
  • Consulted with branches regarding the review of privacy requirements in regard to notices, Memorandum of Understanding clauses, privacy breaches, and other matters of mutual concern.
  • Launched a pilot project in Montreal that gave requestors the option of receiving their response package on CD or DVD. Providing the documents electronically drastically reduced manual processes and paper consumption in the directorate.
  • Added information toolkits to its intranet site to help employees fulfill their ATIP-related duties.
  • Processed all new requests using the electronic redaction system which resulted in the reduction of manual processes.

Policies, guidelines, and procedures

CRA privacy policy suite

In 2010-2011, in accordance with recommendations from the Office of the Privacy Commissioner and the Treasury Board Secretariat’s Directive on Privacy Practices, a privacy policy suite was developed in consultation with key stakeholders: CRA branches, Treasury Board Secretariat, and the Office of the Privacy Commissioner. The privacy policy suite comprises the following:

  • CRA Privacy Policy
  • CRA Privacy Practices Directive
  • CRA Procedures for Privacy Assessment

In response to senior management feedback, the privacy policy suite was reviewed and revised in 2011-2012. Consultations with all branches and regions took place and the revised policy suite was tabled for senior management approval. The CRA privacy policy suite was formally approved by the Agency Management Committee at the beginning of fiscal year 2012-2013.

Complaints and investigations

During 2011-2012, the CRA received 570 complaints, 27 of which were carried over to fiscal year 2012-2013.

The following table details the 568 complaints closed during the fiscal year. Of these, 97.36% were not well-founded. Some of these complaints were received in previous fiscal years.

Disposition

Number of complaints

Percentage

Discontinued

8

1.40%

Well-founded

5

0.88%

Not well-founded

553

97.36%

Well-founded/resolved

1

0.18%

Settled during the course of the investigation

1

0.18%

The ATIP Directorate also received 41 complaints concerning alleged improper access, collection, use, or disclosure of personal information by the CRA. Details regarding these types of complaints are outlined in the following table.

Outstanding from previous fiscal year

Received during fiscal year

Completed

Closing inventory

12

41

26

27

Privacy impact assessments

During 2011-2012, the ATIP Directorate developed a Privacy Assessment Determination Questionnaire, a straightforward tool to assess the need for a privacy impact assessment (PIA) or privacy protocol. This tool makes it easier for CRA stakeholders to assess the privacy implications of new or substantially revised initiatives in consultation with the ATIP Directorate. In 2011-2012, the ATIP Directorate received 37 questionnaires; some of them will result in the need for completing a PIA.

In addition, the CRA created a privacy protocol assessment, a tool designed to assess new or substantially modified programs and activities where the objectives are limited to non-administrative purposes.

During the fiscal year, the ATIP Director submitted the following privacy impact assessment to the Office of the Privacy Commissioner:

Professional Networking Space (CRA Wiki)
This is a professional networking wiki space developed for CRA-internal engagement and consultation purposes. The wiki allows CRA employees to network and consult with each other on policies and initiatives of common interest.

Summaries of all the privacy impact assessments completed by the CRA since the Treasury Board Secretariat’s Privacy Impact Assessment Policy was implemented in May 2002, can be found at this link: www.cra.gc.ca/gncy/prvcy/pia-efvp/menu-eng.html

Disclosure under subsection 8(2) of the Privacy Act

During the reporting period, there were no disclosures made under paragraph 8(2)(e) of the Privacy Act.

Two disclosures were made under paragraph 8(2)(m). Both disclosures were made under subparagraph 8(2)(m)(i) because the public interest in disclosing the information clearly outweighed any invasion of privacy that could result. The Office of the Privacy Commissioner was informed of both disclosures, one before the disclosure and one following the disclosure.

Collaboration with oversight bodies

The CRA continues to work closely with both the Office of the Privacy Commissioner and the Treasury Board Secretariat on matters related to privacy that concern both of our organizations. In consultation with the Office of the Privacy Commissioner, the CRA took the following actions:

  • revised its existing information-sharing protocol between the ATIP and Security and Internal Affairs directorates;
  • reviewed and revised its privacy breach notification process and procedures, and established a standard template to notify the Office of the Privacy Commissioner of privacy breaches; and
  • revised ongoing privacy impact assessments and provided consistent advice and direction to program areas on issues of mutual concern.

The Office of the Privacy Commissioner also provided support to the CRA during its promotion of Data Privacy Day by providing material to promote the event.

The CRA also consulted and collaborated with the Treasury Board Secretariat’s Information and Privacy Policy Division to fulfill its obligations and to strengthen its existing operations, specifically during the creation of the CRA privacy policy suite. The CRA was also an active participant on a Tiger Team established by the Treasury Board Secretariat to define functional requirements for a future pan‑governmental ATIP system.

Public reporting

In 2011-2012, the CRA revised its Info Source chapter to ensure the information it contains is accurate. Through this process, classes of records and personal information banks were updated.

The ATIP Directorate also reported on its performance by responding to the lines of evidence 12.5 and 12.6 in the 2011-2012 Management Accountability Framework. The Framework is a key performance management tool that the federal government uses to support the accountability of deputy heads and to improve management practices across departments and agencies.

The following table outlines the CRA’s Management Accountability Framework results since 2008-2009.

Fiscal year

Results of line of evidence 12.5 (Privacy)

Results of line of evidence 12.6 (Governance and capacity)

2008-2009

Opportunity for improvement

Not evaluated

2009-2010

Acceptable

Not evaluated

2010-2011

Acceptable

Strong

2011-2012

Strong

Strong

Conclusion

The CRA is committed to its obligations under the PA and to carrying out its duties to make sure that personal information held within the organization is fully protected. Having greatly reduced its aged inventory, the CRA is well positioned to continue strengthening its operations and privacy governance over the next year by taking the following actions:

  • rolling out targeted communication and training products to key audiences to ensure all personal information the CRA holds is safeguarded in accordance with legislation, Treasury Board secretariat policy instruments, and related CRA privacy policy instruments;
  • expanding informal disclosure mechanisms wherever possible within the CRA;
  • launching upgraded technology, including a new version of the ATIP tracking system and electronic redaction system; and
  • implementing additional efficiency measures.

Appendix A - Statistical Report on the Privacy Act

[1] Outlined in the Audit Report of the Privacy Commissioner of Canada – Privacy Management Frameworks of Selected Federal Institutions.

Date modified:
2012-06-29