CDIC Privacy Act 2017-2018 Annual Report

Introduction

The Privacy Act (the “Act”) provides Canadian citizens and permanent residents with the right to access personal information held by government institutions and protection of that information against unauthorized use and disclosure. This annual report, covering the period from April 1, 2017 to the end of the financial year, March 31, 2018, is prepared and submitted by the Canada Deposit Insurance Corporation (“CDIC”) for tabling in Parliament in accordance with section 72 of the Privacy Act.

Mandate and Governance

CDIC was established in 1967 by the Canada Deposit Insurance Corporation Act. The objects of the Corporation are:

  1. to provide insurance against the loss of part or all of deposits;
  2. to promote and otherwise contribute to the stability of the financial system in Canada;
  3. to pursue the objects set out in paragraphs (a) and (b) for the benefit of persons having deposits with member institutions and in such manner as will minimize the exposure of the Corporation to loss; and
  4. to act as the resolution authority for its members.

CDIC is administered by a board of directors headed by the Chairperson, who is appointed by the Governor in Council. There are five ex officio directors (the Governor of the Bank of Canada, the Deputy Minister of Finance, the Superintendent of Financial Institutions, a Deputy Superintendent of Financial Institutions or an officer of the Office of the Superintendent of Financial Institutions appointed by the Minister, and the Commissioner of the Financial Consumer Agency of Canada), as well as five private sector directors appointed by the Governor in Council.

Applicable Legislation

  • Canada Deposit Insurance Corporation Act
  • Access to Information Act
  • Privacy Act 

Main Publications

  • Annual Report
  • “Protecting Your Deposits” Brochure
  • Summary of the Corporate Plan

Administration of the Act

CDIC is a relatively small Crown corporation, which typically receives very few requests for personal information in any given year. As a result, CDIC does not have a formalized Access to Information and Privacy (“ATIP”) office with staff dedicated to ATIP matters on a full-time basis. Rather, the Vice-President, Corporate Affairs, General Counsel and Corporate Secretary assumes the role of ATIP Coordinator and is supported in this capacity by the Director, Legal Services as primary contact and by the Legal Services Department as required. The Law Clerk & ATIP Officer in the Legal Services Department assists with ATIP matters on a part-time basis.   In order to ensure timely and accurate responses to ATIP requests, CDIC has standby agreements with several external ATIP consultants who are available to assist as needed.

Delegation by Head of Corporation

Designation Order – February 3, 1999

The Designation Order dated February 3, 1999 (the “1999 Designation Order”) which was applicable throughout 2017-2018, is attached hereto and forms part of this annual report (Tab B). 

Delegation Order – April 25, 2018

Updated Delegation Order dated April 25, 2018 (the “2018 Delegation Order”) replaces the 1999 Designation Order and is attached hereto and forms part of this annual report (Tab C). 

Privacy Act

Statistical Report and Interpretation

CDIC's statistical report for 2017-2018 is attached to and forms part of this annual report (Tab D). During the period covered by this report, CDIC did not receive any requests under the provisions of the Act. No requests were carried forward from the previous reporting period.   

Five-Year Trend

 

2013-2014

2014-2015

2015-2016

2016-2017

2017-2018

No. of Requests Received

0

0

2

2

0

No. of Requests Closed

0

0

2

          2

0

No. of Consultations
Received

0

0

0

0

0

No. of
Consultations
Closed

0

0

0

0

0

Percentage of Requests Responded to within relevant period

100%

100%

100%

100%

N/A

Disposition

As noted above, CDIC did not receive any requests under the Act during the reporting period.

Method of Access

No requests were processed.

Net Fees Collected

No fees were collected. 

Education and Training Activities 

In 2017-2018, all CDIC employees completed annual declarations of compliance with CDIC policies, including CDIC’s Privacy Policy.

A comprehensive powerpoint presentation concerning ATIP is available on CDIC’s intranet portal to all employees.  CDIC does not track access by employees to this portal. During 2017-2018, all employees (127) received ethics and security training which included information regarding their ATIP responsibilities.

New/revised Policies, Guidelines and Procedures

In 2017-2018, CDIC did not implement any new or revised internal policies, guidelines or procedures relating to privacy.

Complaints, Investigations and Appeals

As at March 31, 2018, no complaint, investigation, or appeal was brought to the attention of CDIC in relation to the processing and outcome of privacy requests.

Monitoring Processing Time of Privacy Requests  

CDIC has established procedures to monitor the time to process privacy requests by completing an internal tracking log spreadsheet, which is updated to reflect key dates and activities for all requests, including deadlines, and automated reminders are set. The ATIP Coordinator oversees the ATIP program at CDIC, and receives reports from the Director, Legal Services as the status of any requests change.

During 2017-2018, CDIC purchased ATIP case management software which assists in the monitoring, processing, and reporting on privacy requests.

Material Privacy Breaches 

During the period covered by this report, no material privacy breaches occurred at CDIC.

Privacy Impact Assessments (PIA)

During the period covered by this report, CDIC did not complete any PIAs.

Disclosures under Paragraph 8(2)(m) of the Act

During the period covered by this report, CDIC did not disclose personal information pursuant to paragraph 8(2)(m) of the Act.