CDIC Privacy Act 2016-2017 Annual Report

Prepared as at March 31, 2017

Introduction

The Privacy Act (the “Act”) provides Canadian citizens and permanent residents with the right to access personal information held by government institutions and protection of that information against unauthorized use and disclosure. This annual report, covering the period from April 1, 2016 to the end of the financial year, March 31, 2017, is prepared and submitted by the Canada Deposit Insurance Corporation (“CDIC”) for tabling in Parliament in accordance with section 72 of the Privacy Act.

Mandate and Governance

CDIC was established in 1967 by the Canada Deposit Insurance Corporation Act. The objects of the Corporation are:

a) to provide insurance against the loss of part or all of deposits;
b) to promote and otherwise contribute to the stability of the financial system in Canada; and
c) to pursue the objects set out in paragraphs (a) and (b) for the benefit of persons having deposits with member institutions and in such manner as will minimize the exposure of the Corporation to loss.

CDIC is administered by a board of directors headed by the Chairperson, who is appointed by the Governor in Council. There are five ex officio directors (the Governor of the Bank of Canada, the Deputy Minister of Finance, the Superintendent of Financial Institutions, a Deputy Superintendent of Financial Institutions or an officer of the Office of the Superintendent of Financial Institutions appointed by the Minister, and the Commissioner of the Financial Consumer Agency of Canada), as well as five private sector directors appointed by the Governor in Council.

Applicable Legislation

  • Canada Deposit Insurance Corporation Act
  • Access to Information Act
  • Privacy Act

Main Publications

  • Annual Report
  • “Protecting Your Deposits” Brochure
  • Summary of the Corporate Plan

Administration of the Act

CDIC is a relatively small Crown corporation, which typically receives very few requests for personal information in any given year. As a result, CDIC does not have a formalized Access to Information and Privacy (“ATIP”) office with staff dedicated to ATIP matters on a full-time basis. Rather, the Vice-President, Corporate Affairs, and General Counsel assumes the role of ATIP Coordinator and is supported in this capacity by the Director, Legal Services as primary contact and by the Legal Services Department as required. The Law Clerk & ATIP Officer in the Legal Services Department assists with ATIP matters on a part-time basis. In order to ensure timely and accurate responses to ATIP requests, CDIC has standby agreements with several external ATIP consultants who are available to assist as needed.

Designation Order

A copy of the Designation Order dated February 3, 1999, designating the President & CEO to exercise the powers and perform the duties and functions of the Chairperson under the Act is attached to and forms part of this annual report (Tab B).

The Designation Order is currently under review.

Privacy Act

Statistical Report and Interpretation

CDIC's statistical report for 2016-2017 is attached to and forms part of this annual report (Tab C). During the period covered by this report, CDIC received two request under the provisions of the Act. Both requests were abandoned. No requests were carried forward from the previous reporting period.

Multi-Year Trends

 

2010-2011

2011-2012

2012-2013

2013-2014

2014-2015

2015-2016

2016-2017

No. of Requests Received

0

0

0

0

0

2

2

No. of Requests Closed

0

0

0

0

0

2

2

Disposition

The requestors abandoned their requests before they were completed and their identification could be verified.

Method of Access

No requests were processed.

Net Fees Collected

No fees were collected.

Education and Training Activities

The Legal Services Department (7 CDIC employees) received training from external legal counsel onAccess to Information and Privacy law in November, 2016. Also in 2016-2017, all CDIC employees completed annual declarations of compliance with CDIC policies, including CDIC’s Access to Information and Privacy Policies.

A comprehensive powerpoint presentation concerning ATIP is available on CDIC’s intranet portal to all employees. New employees receive ethics and security training which includes information regarding their ATIP responsibilities.

New/revised Policies, Guidelines and Procedures

In 2016-2017, CDIC did not implement any new or revised internal policies, guidelines or procedures relating to privacy.

Complaints, Investigations and Appeals

As at March 31, 2017, no complaint, investigation, or appeal was brought to the attention of CDIC in relation to the processing and outcome of privacy requests.

Monitoring Processing Time of Privacy Requests

CDIC has established procedures to monitor the time to process privacy requests by completing an internal tracking log spreadsheet, which is updated to reflect key dates and activities for all requests, including deadlines, and automated reminders are set. The ATIP Coordinator oversees the ATIP program at CDIC, and receives regular reports from the Director, Legal Services on the status of any requests, as applicable, concerning progress by the ATIP Officer (or lawyers, as necessary) in responding to any requests.

CDIC recently purchased ATIP case management software which will assist in the monitoring, processing, and reporting on privacy requests.

Material Privacy Breaches

During the period covered by this report, no material privacy breaches occurred at CDIC.

Privacy Impact Assessments (PIA)

During the period covered by this report, CDIC did not complete any PIAs.

Disclosures under Paragraph 8(2)(m) of the Act

During the period covered by this report, CDIC did not disclose personal information pursuant to paragraph 8(2)(m) of the Act.