Annual Report on the Privacy Act for the period ending March 31, 2019

2. Administration of the Privacy Act

2.1. Education and training

Privacy training at Elections Canada typically involves educating staff on the principles of the Act; how to securely manage privacy requests and protect personal information. In the 2018–2019 fiscal year, Elections Canada delivered 8 formal ATIP training and awareness sessions for 27 employees of various levels. All of the sessions provided an overview of the ATIP process, legislation, roles and responsibilities. A presentation was also delivered to the Executive Committee to reinforce members' knowledge and understanding of the legislation, including their roles and responsibilities. The ATIP Office also raised awareness of privacy issues throughout the agency when providing advice on the collection, retention, use and disclosure of personal information.

2.2. Institutional privacy policies and procedures

Elections Canada developed and implemented a privacy protocol during the 2018–2019 fiscal year, regarding requests from employees who want to use licences for an online survey tool to conduct surveys. The purpose of the protocol is to ensure that the online survey tool is not used to collect, use or disclose personal information.

Elections Canada is continuing to review its other ATIP tools and procedures and update them as required.

2.3. Institutional monitoring of privacy requests

The ATIP Office uses its case management software to monitor the status of each request being processed, including the number of days remaining before the statutory deadline. A weekly progress report of all open and recently closed files is regularly provided to senior officials, including the Chief Electoral Officer and the Executive Committee.

2.4. Material privacy breaches

A material privacy breach is any unauthorized collection, use, disclosure, retention or disposal of sensitive personal information that could reasonably be expected to cause injury or harm to the individual.

No material privacy breaches occurred at Elections Canada during the reporting period.

2.5. Privacy impact assessments

Elections Canada (EC) consistently conducts privacy impact assessments (PIAs) to address privacy risks in new or existing departmental programs, initiatives or projects that manage personal information. Four PIAs were completed by EC during the 2018–2019 fiscal year, 2 of which were institution-specific and 2 involved Immigration, Refugees and Citizenship Canada (IRCC). EC led the PIAs involving IRCC. The following are brief descriptions of the completed PIAs:

1. Electronic Financial Returns: This PIA looked at the risks to privacy associated with the delivery of a new, online method for political entities to submit their statements and returns directly to EC in a manner that is complete and correct and have had an initial validation against pertinent requirements of the Canada Elections Act.
2. Data Quality Confirmation Study (DQCS): This PIA assessed the risks to privacy associated with the National Register of Electors (NROE) DQCS. The purpose of the DQCS is to evaluate the quality, accuracy and currency of selected fields of personal information contained within the NROE database. EC used the services of Statistics Canada to perform this evaluation.
3. EC's NROE IRCC Data Transfers (New Citizen and Loss of Citizenship data): This PIA looked at the privacy risks associated with the transfers of new citizen and loss of citizenship data from IRCC to EC for the purpose of maintaining the NROE.
4. EC's NROE IRCC Data Transfers (Permanent Residents and Foreign Nationals data): This PIA assessed the privacy risks associated with the transfers of permanent resident and foreign nationals' data to EC for the purpose of updating the NROE.

The PIA summaries can be found on the EC website at elections.ca > Resource Centre > Reports > Proactive Disclosure > Privacy Impact Assessments, where available.

• Previous
• Table of Contents
• Next