Table of contents
- CDIC Narrative Report for 2019-2020 Tab A
- CDIC Privacy Act Delegation Order (April 25, 2018) Tab B
(replaced by the 2020 Delegation Order in Tab C below) - CDIC Privacy Act Delegation Order (January 14, 2020) Tab C
(replaces the 2018 Delegation Order in Tab B above) - CDIC Privacy Act Statistical Report for 2019-2020 Tab D(also attached – Appendix A (2019-2020 Supplemental Statistical Report – Requests affected by COVID-19 measures) to the Statistical Report on Privacy Act)
Tab A
Introduction
The Privacy Act (the “Act”) provides Canadian citizens and permanent residents with the right to access personal information held by government institutions and protection of that information against unauthorized use and disclosure. This annual report, covering the period from April 1, 2019 to the end of the financial year, March 31, 2020, is prepared and submitted by Canada Deposit Insurance Corporation (“CDIC”) for tabling in Parliament in accordance with section 72 of the Privacy Act.
Mandate and Governance
CDIC was established in 1967 by the Canada Deposit Insurance Corporation Act. The objects of the Corporation are:
- to provide insurance against the loss of part or all of deposits;
- to promote and otherwise contribute to the stability of the financial system in Canada;
- to pursue the objects set out in paragraphs (a) and (b) for the benefit of persons having deposits with member institutions and in such manner as will minimize the exposure of the Corporation to loss; and
- to act as the resolution authority for its members.
CDIC is administered by a board of directors headed by the Chairperson, who is appointed by the Governor in Council. There are five ex officio directors (the Governor of the Bank of Canada, the Deputy Minister of Finance, the Superintendent of Financial Institutions, a Deputy Superintendent of Financial Institutions or an officer of the Office of the Superintendent of Financial Institutions appointed by the Minister, and the Commissioner of the Financial Consumer Agency of Canada), as well as five private sector directors appointed by the Governor in Council. For more information about CDIC, please refer to www.cdic.ca.
Organizational Structure/Administration of the Act
CDIC is a relatively small Crown corporation, which typically receives very few requests for personal information in any given year. As a result, CDIC does not have a formalized Access to Information and Privacy (“ATIP”) office with staff dedicated to ATIP matters on a full-time basis. Rather, the General Counsel, Corporate Secretary & Chief Legal Officer assumes the role of ATIP Coordinator and is supported in this capacity by the Director, Legal Services as primary contact and by the Legal Services Department as required. The Law Clerk & ATIP Officer in the Legal Services Department assists with ATIP matters on a part-time basis. In order to ensure timely and accurate responses to ATIP requests, CDIC has standby agreements with external ATIP consultants who are available to assist as needed. CDIC did not enter into any service agreements under section 73.1 of the Act during the reporting period.
Delegation by Head of Corporation
Delegation Order – April 25, 2018
The Delegation Order dated April 25, 2018 (the “2018 Delegation Order”) which was applicable throughout a portion of 2019-2020 is attached hereto and forms part of this annual report (Tab B).
Delegation Order – January 14, 2020
The updated Delegation Order dated January 14, 2020 (the “2020 Delegation Order”) designating the President & CEO, General Counsel, Corporate Secretary & Chief Legal Officer/Access to Information and Privacy Coordinator and Director, Legal Services to exercise certain powers and perform certain duties and functions of the Chairperson under the Act replaces the 2018 Delegation Order and is attached hereto and forms part of this annual report (Tab C).
Privacy Act
Performance 2019-2020: Statistical Report and Interpretation
CDIC’s statistical report for 2019-2020 is attached and forms part of this annual report (Tab D). During the period covered by this report, CDIC received one formal request under the provisions of the Act. One 30-day extension was agreed upon and this information was provided electronically within that time frame without the use of any exemptions (i.e. 100% of the formal requests were responded to within the legislated timeframe).
CDIC received ten additional requests for personal information that were not formal requests as they were missing adequate identification.
No requests were carried forward from the previous reporting period. No consultations were received.
Five-Year Trend
Requests | 2015-2016 | 2016-2017 | 2017-2018 | 2018-2019 | 2019-2020 |
---|---|---|---|---|---|
No. of Formal Requests Received | 2 | 2 | 0 | 0 | 1 |
No. of Formal Requests Closed | 2 | 2 | 0 | 0 | 1 |
CDIC received no more than 2 formal personal information requests each fiscal year for the last 5 years and these requests have been responded to within the legislated timeframes.
COVID-19-related measures
CDIC’s offices closed on March 12, 2020 and all employees continued to work from home for the remainder of the fiscal year. CDIC’s ATIP officer worked from home and did not receive any formal requests for personal information. One personal information request was received that was missing adequate identification between March 12-31, 2020. During this time, CDIC’s ability to respond to personal information requests would have been limited to conducting electronic searches.
Training and Awareness
In 2019-2020, all 135 CDIC employees completed annual declarations of compliance with CDIC policies, including CDIC’s Privacy Policy. During 2019-2020, all CDIC employees received ethics and security training, and all new employees received security training, both of which included information regarding their responsibilities under the Act. This training is provided on an annual basis and when new employees join. In addition to the above, a comprehensive powerpoint presentation concerning ATIP is available on CDIC’s intranet portal to all employees. CDIC does not track access by employees to this portal.
New/revised Policies, Guidelines and Procedures
In 2019-2020, CDIC commenced the process of revising internal policies, guidelines and procedures relating to privacy in light of changes in Bill C-58. These documents were not finalized in 2019-2020.
Complaints, Investigations and Appeals
As at March 31, 2020, no complaint, investigation, or appeal was brought to the attention of CDIC in relation to the processing and outcome of privacy requests.
Monitoring Processing Time of Privacy Requests
CDIC has established procedures to monitor the time to process privacy requests by completing an internal tracking log spreadsheet, which is updated to reflect key dates and activities for all requests, including deadlines, and automated reminders are set. The ATIP Coordinator oversees the ATIP program at CDIC, and receives reports from the Director, Legal Services as the status of any requests change.
Material Privacy Breaches
During the period covered by this report, no material privacy breaches occurred at CDIC.
Privacy Impact Assessments (PIA)
During the period covered by this report, CDIC did not complete any PIAs.
Disclosures under Paragraph 8(2)(m) of the Act
During the period covered by this report, CDIC did not disclose personal information pursuant to paragraph 8(2)(m) of the Act.
Tab B
Privacy Act Delegation Order
The Chairperson of Canada Deposit Insurance Corporation, pursuant to section 73 of the Privacy Act, hereby delegates to the persons holding the positions set out below, or the persons occupying those positions on an acting basis, the exercise of the powers and functions of the Chairperson, as the head of a government institution under the Privacy Act, as follows:
Position | Delegation of Authority under Privacy Act and Regulations |
---|---|
President & Chief Executive Officer | Full authority |
Vice-President, Corporate Affairs, General Counsel and Corporate Secretary/Access to Information and Privacy Coordinator | Full authority |
Director, Legal Services | Full authority |
This designation replaces and repeals all previous Privacy Act delegation orders.
Original signed by
Robert Sanderson, Chair
April 25, 2018
Tab C
Access to Information Act and Privacy Act Delegation Order
The Chairperson of Canada Deposit Insurance Corporation, pursuant to section 95(1) of the Access to Information Act and section 73(1) of the Privacy Act, hereby delegates to the persons holding the positions set out below, or the persons occupying on an acting basis those positions, the exercise of the powers, duties and functions of the Chairperson of Canada Deposit Insurance Corporation as the head of Canada Deposit Insurance Corporation, under the provisions of the Access to Information Act and Privacy Act and their related regulations. This delegation replaces all previous Access to Information Act and Privacy Act delegation orders.
Position | Access to Information Act and Regulations | Privacy Act and Regulations |
---|---|---|
President & Chief Executive Officer | Full authority | Full authority |
General Counsel, Corporate Secretary & Chief Legal Officer/Access to Information and Privacy Coordinator | Full authority | Full authority |
Director, Legal Services | Full authority | Full authority |
Dated, at the City of Ottawa, this 14th day of January 2020.
Original signed by
Robert Sanderson, Chairperson of Canada Deposit Insurance Corporation
Tab D
Statistical Report on the Privacy Act
Section 1: Requests under the Privacy Act
1.1 Number of requests
Number of requests | |
---|---|
Received during reporting period | 1 |
Outstanding from previous reporting period | 0 |
Total | 1 |
Closed during reporting period | 1 |
Carried over to next reporting period | 0 |
Section 2: Requests Closed During the Reporting Period
2.1 Disposition and completion time
Disposition of requests | Completion time | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
All disclosed | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 1 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
No records exist | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 1 |
2.2 Exemptions
Section | Number of requests |
---|---|
18(2) | 0 |
19(1)(a) | 0 |
19(1)(b) | 0 |
19(1)(c) | 0 |
19(1)(d) | 0 |
19(1)(e) | 0 |
19(1)(f) | 0 |
20 | 0 |
21 | 0 |
22(1)(a)(i) | 0 |
22(1)(a)(ii) | 0 |
22(1)(a)(iii) | 0 |
22(1)(b) | 0 |
22(1)(c) | 0 |
22(2) | 0 |
22.1 | 0 |
22.2 | 0 |
22.3 | 0 |
22.4 | 0 |
23(a) | 0 |
23(b) | 0 |
24(a) | 0 |
24(b) | 0 |
25 | 0 |
26 | 0 |
27 | 0 |
27.1 | 0 |
28 | 0 |
2.3 Exclusions
Section | Number of requests |
---|---|
69(1)(a) | 0 |
69(1)(b) | 0 |
69.1 | 0 |
70(1) | 0 |
70(1)(a) | 0 |
70(1)(b) | 0 |
70(1)(c) | 0 |
70(1)(d) | 0 |
70(1)(e) | 0 |
70(1)(f) | 0 |
70.1 | 0 |
2.4 Format of information released
Paper | Electronic | Other formats |
---|---|---|
0 | 1 | 0 |
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
Number of pages processed | Number of pages disclosed | Number of requests |
---|---|---|
3 | 3 | 1 |
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition | Less than 100 pages processed | 101 to 500 pages processed | 501 to 1,000 pages processed | 1,001 to 5,000 pages processed | More than 5,000 pages processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
All disclosed | 1 | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 1 | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
2.5.3 Other complexities
Disposition | Consultation required | Legal advice sought | Interwoven Information | Other | Total |
---|---|---|---|---|---|
All disclosed | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 |
2.6 Closed requests
2.6.1 Number of requests closed within legislated timelines
Requests closed within legislated timelines | |
---|---|
Number of requests closed within legislated timelines | 1 |
Percentage of requests closed within legislated timelines (%) | 100 |
2.7 Deemed refusals
2.7.1 Reasons for not meeting legislated timelines
Number of requests closed past the legislated timelines | Principal reason | |||
---|---|---|---|---|
Interference with operations/Workload | External consultation | Internal consultation | Other | |
0 | 0 | 0 | 0 | 0 |
2.7.2 Requests closed beyond legislated timelines (including any extension taken)
Number of days past legislated timelines | Number of requests past legislated timelines where no extension was taken | Number of requests past legislated timelines where an extension was taken | Total |
---|---|---|---|
1 to 15 days | 0 | 0 | 0 |
16 to 30 days | 0 | 0 | 0 |
31 to 60 days | 0 | 0 | 0 |
61 to 120 days | 0 | 0 | 0 |
121 to 180 days | 0 | 0 | 0 |
181 to 365 days | 0 | 0 | 0 |
More than 365 days | 0 | 0 | 0 |
Total | 0 | 0 | 0 |
2.8 Requests for translation
Translation Requests | Accepted | Refused | Total |
---|---|---|---|
English to French | 0 | 0 | 0 |
French to English | 0 | 0 | 0 |
Total | 0 | 0 | 0 |
Section 3: Disclosures Under Subsections 8(2) and 8(5)
Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
---|---|---|---|
0 | 0 | 0 | 0 |
Section 4: Requests for Correction of Personal Information and Notations
Disposition for correction requests received | Number |
---|---|
Notations attached | 0 |
Requests for correction accepted | 0 |
Total | 0 |
Section 5: Extensions
5.1 Reasons for extensions and disposition of requests
Number of requests where an extension was taken | 15(a)(i) Interference with operations | 15 (a)(ii) Consultation | 15(b) Translation purposes or conversion | |||||
---|---|---|---|---|---|---|---|---|
Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
1 | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
5.2 Length of extensions
Length of Extensions | 15(a)(i) Interference with operations | 15 (a)(ii) Consultation | 15(b) Translation purposes or conversion | |||||
---|---|---|---|---|---|---|---|---|
Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
1 to 15 days | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
16 to 30 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 days or greater | ||||||||
Total | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
Section 6: Consultations Received From Other Institutions and Organizations
6.1 Consultations received from other Government of Canada institutions and other organizations
Consultations | Other Government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
---|---|---|---|---|
Received during the reporting period | 0 | 0 | 0 | 0 |
Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 |
Closed during the reporting period | 0 | 0 | 0 | 0 |
Carried over to the next reporting period | 0 | 0 | 0 | 0 |
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation | Number of days required to complete consultation requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation | Number of days required to complete consultation requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 7: Completion Time of Consultations on Cabinet Confidences
7.1 Requests with Legal Services
Number of days | Fewer than 100 pages Processed | 101‒500 pages Processed | 501-1,000 pages Processed | 1,001-5,000 pages Processed | More than 5,000 pages Processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
7.2 Requests with Privy Council Office
Number of days | Fewer than 100 pages processed | 101‒500 pages processed | 501-1,000 pages processed | 1,001-5,000 pages processed | More Than 5,000 pages processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Complaints and Investigations Notices Received
Section 31 | Section 33 | Section 35 | Court action | Total |
---|---|---|---|---|
0 | 0 | 0 | 0 | 0 |
Section 9: Privacy Impact Assessments (PIA) and Personal Information Banks (PIB)
9.1 Privacy Impact Assessments
Number of PIA(s) completed | 0 |
---|
9.2 Personal Information Banks
Personal Information Banks | Active | Created | Terminated | Modified |
---|---|---|---|---|
6 | 0 | 0 | 0 |
Section 10: Material Privacy Breaches
Number of material privacy breaches reported to TBS | 0 |
---|---|
Number of material privacy breaches reported to OPC | 0 |
Section 11: Resources Related to the Privacy Act
11.1 Costs
Expenditures | Amount | |
---|---|---|
Salaries | $7,376 | |
Overtime | $0 | |
Goods and Services | $128,957 | |
|
$128,710 | |
|
$247 | |
Total | $136,333 |
11.2 Human Resources
Resources | Person years dedicated to privacy activities |
---|---|
Full-time employees | 0.12 |
Part-time and casual employees | 0.00 |
Regional staff | 0.00 |
Consultants and agency personnel | 2.15 |
Students | 0.00 |
Total | 2.27 |
Note: Enter values to two decimal places.
Appendix A – 2019-2020 Supplemental Statistical Report – Requests affected by COVID-19 measures
In addition to completing the forms for the Statistical Reports on the ATIA and Privacy Act for 2019-20, institutions are asked to complete this Supplemental Report to help identify the impact of COVID-19 measures on institutional performance for 2019-20 and going forward. The data requirements are set out in the tables below.
Supplemental Statistical Report on the Privacy Act
The following table reports the total number of formal requests received during two periods; 2019-04-01 to 2020-03-13 and 2020-03-14 to 2020-03-31.
Table 4 – Requests Received
Number of requests | |
---|---|
Received from 2019-04-01 to 2020-03-13 | 1 |
Received from 2020-03-14 to 2020-03-31 | 0 |
Total1 | 1 |
1 – Total for Row 3 should equal the total in the Privacy Statistical Report section 1.1 Row 1
The following table reports the total number of requests closed within the legislated timelines and the number of closed requests that were deemed refusals during two periods; 2019-04-01 to 2020-03-13 and 2020-03-14 to 2020-03-31.
Table 5 – Requests Closed
Number of requests closed within the legislated timelines | Number of requests closed past the legislated timelines | |
---|---|---|
Received from 2019-04-01 to 2020-03-13 and outstanding from previous reporting periods | 1 | 0 |
Received from 2020-03-14 to 2020-03-31 | 0 | 0 |
Total2 | 1 | 0 |
2 – Total for Row 3 Col. 1 should equal the total in the Privacy Statistical Report Section 2.6.1 Row 1 — Total for Row 3 Col. 2 should equal the total in the Privacy Statistical Report section 2.7.1 Col. 1 Row 1
The following table reports the total number of requests carried over during two periods; 2019-04-01 to 2020-03-13 and 2020-03-14 to 2020-03-31.
Table 6 – Requests Carried Over
Number of requests | |
---|---|
Requests from 2019-04-01 to 2020-03-13 and outstanding from previous reporting period that were carried over to the 2020-2021 reporting period | 0 |
Requests from 2020-03-14 to 2020-03-31 that were carried over to the 2020-2021 reporting period | 0 |
Total3 | 0 |
3 – Total for Row 3 should equal the total in the Privacy Statistical Report section 1.1 Row 5