ARCHIVED - Office of the Privacy Commissioner of Canada

Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

2007-08
Departmental Performance Report

Office of the Privacy Commissioner of Canada

The original version was signed by
The Honourable Robert D. Nicholson, P.C., Q.C., M.P.
Minister of Justice and Attorney General of Canada

Section I: Overview

1.1 Message from the Privacy Commissioner of Canada

It is with great pleasure that I table before Parliament today the Departmental Performance Report of the Office of the Privacy Commissioner of Canada (OPC) for the fiscal year ending March 31, 2008.

The fiscal year 2007-2008 was marked by important milestones.

It was the year in which my Office was proud to host the privacy world with the 29^th International Data Protection and Privacy Commissioners Conference, in September, in the beautiful city of Montreal. The conference program underscored the wide range of issues that will have an impact on privacy in the coming years, as well as the increasingly global nature of privacy issues. We welcomed more than 650 commissioners, academics, privacy professionals, advocates, government officials, IT specialists and others from around the globe – making it the largest-ever conference of its kind.

It was the year in which we continued to participate in discussions surrounding the parliamentary review of the Personal Information Protection and Electronic Documents Act (PIPEDA), and to actively support plans to amend the law to make breach notification mandatory. In the meantime, however, we worked with industry to develop voluntary breach notification guidelines, and we are beginning to see signs that companies, especially large businesses, are following our recommendations.

The Office also continued to promote Privacy Act reform with the research and development of an Addendum to a comprehensive document originally presented in 2006 to the Standing Committee on Access to Information, Privacy and Ethics. The Office worked on a series of proposed “quick fixes” to the Privacy Act in the event that the government does not intend to engage in a fundamental reform of the Act. As a result of this work in 2007-2008, I made two separate appearances before the Standing Committee in April 2008 and presented these documents, and the Committee also heard from a number of witnesses on our recommendations. I hope this is a signal that Canadians may, in the not-so-distant future, have a law which better protects their privacy rights in the federal public sector.

The Office continued to provide sound legal and policy analyses and expertise to support Parliamentarians in their review of the privacy implications of bills. Over the course of the year, we reviewed and commented on 19 bills with potential privacy implications, in addition to sharing 20 submissions and policy positions on a variety of government initiatives. We also enhanced our communications with Parliamentarians and, specifically, with the Standing Committee on Access to Information, Privacy and Ethics, to which we report regularly.

With the coming into force of the Federal Accountability Act, we finally became subject to the Access to Information and Privacy Acts. Accordingly, we established an ATIP unit and began training staff to ensure we effectively meet all our obligations on this front.

In addition, we continued our efforts to improve and expand service delivery, in addition to building our overall organizational capacity, priorities that go hand-in-hand. An ever-increasing complaints backlog and difficulty recruiting experienced investigators – a trend across the public service – added to our challenges in this domain. However, through new approaches to our recruitment, training and development, as well as streamlining and building innovation into our investigations processes, we are tackling these challenges. I am very pleased with the progress that we are making in solidifying our team and further improving the way we work.

In the Office, the year 2007-2008 was a year of change. Heather Black, who was the OPC’s Assistant Commissioner for PIPEDA for several years and a true pioneer in the privacy field, retired in 2007. We welcomed a dynamic new member of the executive team: Elizabeth Denham from the Office of the Information and Privacy Commissioner of Alberta. Ms. Denham is now the Assistant Commissioner for PIPEDA.

As we take stock in the Departmental Performance Report of this past fiscal year’s activities, we recognize the myriad of issues that pose significant and emerging threats to Canadians’ privacy, as well as the ongoing challenges we face from an organizational perspective. A year from now, we look forward to reporting on how we continued to help minimize many of these threats and overcome these challenges, to better promote and protect privacy rights.

(Original signed by)

Jennifer Stoddart
Privacy Commissioner of Canada

1.2 Management Representation Statement

I submit for tabling in Parliament, the 2007–2008 Departmental Performance Report for the Office of the Privacy Commissioner of Canada.

This document has been prepared based on the reporting principles contained in the Guide for the Preparation of Part III of the 2007–2008 Estimates: Reports on Plans and Priorities and Departmental Performance Reports:

It adheres to the specific reporting requirements outlined in the Treasury Board Secretariat guidance;
It is based on the department’s Strategic Outcome and Program Activity Architecture that were approved by the Treasury Board;
It presents consistent, comprehensive, balanced and reliable information;
It provides a basis of accountability for the results achieved with the resources and authorities entrusted to it; and
It reports finances based on approved numbers from the Estimates and the Public Accounts of Canada.

(Original signed by)

Jennifer Stoddart
Privacy Commissioner of Canada

1.3 OPC Strategic Outcome and Program Activity Architecture (PAA)

The OPC has a single Strategic Outcome supported by a Program Activity Architecture (PAA) composed of three operational program activities, aimed at protecting the privacy rights of individuals, and internal services that enable the delivery of the operational activities.

Strategic Outcome	The privacy rights of individuals are protected.
Program Activities	1. Compliance activities	2. Research and policy development	3. Public outreach
Program Activities	Internal services

Given that the OPC is independent from government, we do not link, or report, information from this Office to the Government of Canada outcomes.

1.4 Raison d’�tre

The mandate of the OPC is to protect and promote the privacy rights of individuals.

The OPC is responsible for overseeing compliance with both the Privacy Act, which covers the personal information-handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private sector privacy law.

The Privacy Commissioner of Canada, Jennifer Stoddart, is an Officer of Parliament who reports directly to the House of Commons and the Senate.

The Commissioner is an advocate for the privacy rights of Canadians and her powers include:

Investigating complaints, conducting audits and pursuing court action under two federal laws;
Publicly reporting on the personal information-handling practices of public and private sector organizations;
Supporting, undertaking and publishing research and policy development in respect of privacy issues; and
Promoting public awareness and understanding of privacy issues.

The Commissioner works independently from any other part of the government to investigate complaints with respect to the federal public sector and the private sector. We focus on resolving complaints through negotiation and persuasion, using mediation and conciliation if appropriate. However, if voluntary co-operation is not forthcoming, the Commissioner has the power to summon witnesses, administer oaths and compel the production of evidence. In cases that remain unresolved, particularly under PIPEDA, the Commissioner may take the matter to Federal Court and seek a court order to rectify the situation.

1.5 Financial and Human Resources

The following two tables present the total financial and human resources that the OPC has managed in 2007-2008.

Financial Resources
Planned Spending (includes Funds earmarked for FedAA implementation)	Federal Accountability Act (FedAA) Funds	Adjusted Planned Spending	Total Authorities		Actual Spending
$19,711,000	($1,365,000)	$18,346,000	$ 18,955,578		$17,130,181

Human Resources
Planned	Actual	Difference
* Full-Time Equivalent
143 FTEs*¹	110 FTEs	33 FTEs

1.6 Factors Affecting OPC Performance in 2007-2008

External Factors

Privacy is a challenging right to defend. For some, security and safety take precedence over less tangible social values. As a result, questions of privacy, self-determination and other democratic rights are often overshadowed. Within government, issues of privacy and information access are sometimes viewed as operational hurdles, rather than fundamental to Canadians’ freedoms. However, many citizens seem to take another view. Research indicates that Canadians have deep-felt privacy concerns and very serious reservations about the economic, political and technological factors which threaten their freedom.

Events over the course of the year – from anti-terror trials in Toronto, to the Air India and Iacobucci inquiries in Ottawa – kept national security issues in the public eye. In that time, numerous inquiries and organizations also called for expanded oversight of the federal government’s growing national security portfolio. Similarly, given this environment, our Office has voiced concern with the slow but steady erosion of privacy rights in Canada.

At its core, our right to know what personal information our government collects or discloses about us is based on fundamental values of autonomy and liberty in a modern democratic state. In practice, however, this right often collides with the security imperatives of government. National security initiatives are often beyond review, and so beyond reproach. Meanwhile, efforts to prevent terrorism and organized crime have made it acceptable for governments to collect more personal data and greatly expand public surveillance. Government measures such as the Anti-terrorism Act, Public Safety Act and Passenger Protect Program may undermine those privacy rights that Canadians dearly cherish.

Technology is another factor affecting privacy – often in new ways every day. Canadians are great early adopters of new technologies and devices. These technologies and devices help us communicate across a vast country, keep us informed, and let us work in new ways. However, new online tools also pose serious privacy threats: social networking sites, the compilation of personal profiles from searches and communications, risks of identity theft and online fraud are very real problems. These are challenging, technical issues which blur traditional lines between information security, data protection and personal privacy.

Finally, over the past year, a spate of recent data breaches in the US, UK and Canada highlighted a growing problem: data loss. There is now an increasing need for businesses and governments to take privacy protection seriously. In the past year, our Office has been involved in a number of privacy breach initiatives, from developing guidelines for businesses to including new provisions for notification of individuals as both PIPEDA and the Privacy Act are reviewed by Parliament.

With all these issues as backdrop, last September in Montreal, the Office of the Privacy Commissioner hosted the 29th Annual Conference of Data Protection and Privacy Commissioners. The conference was an opportunity for the world’s data commissioners to discuss successes and failures in their efforts to promote privacy around the world. Over 650 participants, representing 53 countries, took part. The conference provided a forum to a wide variety of experts, researchers and policy makers, from across the spectrum of privacy and security fields. The conference provided a unique opportunity for data protection commissioners and global privacy experts to share ideas, knowledge and experience.

Over the past year, amid all these issues, trends and discussions, one clear reality has emerged: privacy protection has become a truly global issue. Like climate change, it is a problem that defies narrow solutions, narrow jurisdictions or legal boundaries. As a result, our Office is working with data protection officials around the world to strengthen privacy protections wherever possible. At the same time, the OPC will also continue to call for more privacy-protective legislation and the enforcement of data protection obligations of private and public sector organizations.

Internal Factors

Fiscal year 2007-2008 was Year 2 of the implementation plan for the OPC’s three-year business case presented in 2005-2006 to the House of Commons Advisory Panel on the Funding and Oversight of Officers of Parliament. Performance of the Office against the objectives of this second year is presented in Section 2.1 – OPC Performance in 2007-2008 under “Other Activities: Internal Services”.

To respond to new mandatory requirements from the Federal Accountability Act, the Proceeds of Crime and Terrorist Financing Act, the Treasury Board Internal Audit Policy, coupled with exponential changes in the privacy world and staffing challenges experienced by the OPC, the Office prepared a second business case to obtain additional resources. Much of the analysis to support the drafting of the business case was completed in 2007-2008. The business case will be discussed with Treasury Board Secretariat and then subsequently presented to the House of Commons Advisory Panel on the Funding and Oversight of Officers of Parliament.

Another important internal factor relates to the challenges of recruiting and retaining qualified staff. This is discussed at length in Section 1.7 below and Section 2.1 – OPC Performance in 2007-2008 under “Other Activities: Internal Services”.

And since a major event of 2007-2008 was the 29th Annual Conference of Data Protection and Privacy Commissioners, a considerable effort from all staff was invested in this activity as well as operating resources. Section 2.1 – OPC Performance in 2007-2008 under “Other Activities: Internal Services” takes stock of the conference from a resources perspective.

1.7 Performance Status of OPC Priorities

The OPC had five corporate priorities for 2007-2008. The following table presents the priorities, high-level information on our actual performance and a self-assessment of performance status².

More detailed information on actual performance is provided in Section II – Analysis by Program Activity.

Strategic Outcome: The privacy rights of individuals are protected.
OPC Priorities for 2007-2008	Type	Actual Performance	Performance Status
1. Improve and expand service delivery	Ongoing	In 2007-2008, the OPC launched a comprehensive re-engineering project to design and implement a new, innovative inquiries and complaints resolution process aimed at fast-tracking response time. This project will be well-advanced or completed by the end of the next fiscal year. Focused efforts this year went to addressing the backlog of complaints. The backlog of complaints under PIPEDA was reduced by 47% in 2007-2008, and while the backlog of complaints under the Privacy Act was not reduced, the investigation team managed to achieve a stable output despite the loss of a number of experienced staff during the year. A Request for Proposals to engage contracted resources was issued to assist with backlog reduction. Service standards were developed and others refined for responding to complaints and inquiries under both Acts in 2007-2008.	Partially met
1. Improve and expand service delivery	Ongoing	The number of privacy impact assessments (PIA) pending review was reduced by 64% in 2007-2008 (from 50 to 18 files). A performance standard was set for processing PIAs within 90 days of receiving them. During the year, 17 of the 78 PIA reviews (22%) were processed within standard time but now that the backlog is under control, we anticipate improvements in the timeliness of PIA reviews. The OPC initiated six audit projects in 2007-2008 compared to eight projects originally planned; two audits were deferred to a later start in 2008-2009 due to a shortage of staff. Although four new resources joined the audit and review team in 2007-2008, the capacity remained the same with four departures. In addition to its traditional audit projects, the OPC conducted five other interventions³ in 2007-2008. Four audits were completed during the period, only one within original planned timelines. It has taken longer than planned to complete the audits due to a shortage of staff, the need to mature the audit process, and additional time required to secure management response to audits and address auditee concerns. A new system was introduced to track the timeliness of our audit work.	Partially met
2. Engage with Parliament on privacy issues	Ongoing	The OPC continued its support of Parliamentarians in 2007-2008 through the provision of 20 submissions and policy positions relating to potential privacy implications of proposed legislation and/or government initiatives.The OPC responded to 25 direct inquiries from Parliamentarians and their staff.The OPC provided sound legal and policy analyses and expertise to support Parliamentarians in their review via six separate appearances to Parliamentary Committees.	Successfully met
3. Continue to promote Privacy Act reform and PIPEDA review	Previous	The OPC continues to promote Privacy Act reform by engaging Parliament through a succession of submissions, discussion papers and appearances. In 2007-2008, the OPC conducted research and developed an Addendum to a comprehensive document originally presented in 2006 to the Standing Committee on Access to Information, Privacy and Ethics. The Addendum, actually issued in April 2008, discusses how events of the past two years illustrate the ongoing need for reform of the Act. (Refer to the web site for these documents and for a list of 10 Quick Fix changes that would be of significant benefit to Canadians: http://www.privcom.gc.ca/legislation/pa/pa_reform_e.asp) The OPC continues to take an active role in the PIPEDA review process by meeting with private sector stakeholders and Industry Canada as the government considers possible amendments to the Act.	Successfully met
4. Organize, host and evaluate the 29^th International Conference of Data Protection and Privacy Commissioners	Previous	The conference under the theme Privacy Horizons: Terra Incognita was held in Montreal from September 25 to 28, 2007 (http://www.privacyconference2007.gc.ca/Terra_Incognita_home_E.html). Attendance and engagement by stakeholders exceeded expectations, with 650 participants from governments, private sector enterprise, provincial, national and international privacy organizations, representing 53 countries. Speakers included Michael Chertoff, the U.S. Secretary of Homeland Security; Peter Fleisher, Google Global Privacy Counsel; Michael Geist, law professor and Canadian Internet law expert; and Barry Steinhardt, Director of Technology for the American Civil Liberties Union. Participants indicated a high level of satisfaction with the topics and research presented at the Conference, and particularly praised the work of OPC employees.	Exceeded expectations
5. Build organizational capacity	Previous	A review of the organizational structure that started in 2006-2007 was completed in 2007-2008. All positions allocated through the 2005-2008 business case that the OPC intended to staff (this represents 42 of the 47 positions⁴) were classified and 37 positions were staffed by end of 2007-2008, with the remaining six positions well underway to being filled as well. The OPC, like many government departments and agencies, is experiencing challenges in recruiting qualified staff, which explains why it has not reached its full complement of staff allocated as part of the business case.	Partially met
5. Build organizational capacity	Previous	To assist with the integration of new employees during 2007-2008, we developed an Employee Checklist, intended to assist employees in their orientation to the OPC, and a draft Employee Tool Kit (to be finalized in 2008-2009). Original plans to open two regional offices in 2007-2008 have been revised to permit a more flexible approach to extending the Office’s regional presence across more regions of Canada. (Refer to Priority 4 described in the 2008-2009 Report on Plans and Priorities: http://www.tbs-sct.gc.ca/rpp/2008-2009/inst/ipc/ipc03-eng.asp). With the passage of the Federal Accountability Act, the OPC along with numerous other institutions became subject to the Access to Information Act (ATIA) and the Privacy Act starting in 2007-2008. To respond to this new requirement, the Office created a unit with two dedicated staff. During their first year, the new unit processed 30 ATIA requests and 22 Privacy Act requests, all within prescribed timelines. The OPC infrastructure was improved in a number of ways: one third of all workstations were replaced in line with the OPC Evergreen Program, information management policies and procedures were promulgated (i.e., blackberry use, biometric memory stick use, laptop, personnel security), and adjustments to floor plans were made to optimise existing space and accommodate new and existing staff, and work is continuing to complete a long-term accommodation plan.	Successfully met

The OPC is satisfied that all but two of the commitments made to advance its five corporate priorities in 2007-2008 were successfully met or expectations were exceeded. The two exceptions where commitments were partially met related to elements of: Priority 1 – improve and expand service delivery and Priority 5 – build organizational capacity. The two partial performance gaps are interrelated with both being in good part attributable to a shortage of qualified skills available in the investigative area.

To address the partial gap relating to service delivery, and in view of the realization that the skills shortage does not have a short-term solution to it, the OPC launched in 2007-2008 a comprehensive re-engineering project to design and implement a new, innovative inquiries and complaints resolution process aimed at fast-tracking response time. This work, which is treated as a corporate priority in 2008-2009, is expected to be well-advanced or completed by end of the new fiscal year.

As for the partial gap related to the recruitment of qualified staff, it is one element of the fifth priority relating to capacity building, the other elements having been satisfactorily achieved. Like many organizations, the OPC experienced challenges in the recruitment of personnel. However, despite these challenges, by March 31, 2008 the OPC staffed 37 of the 42 new positions obtained from the November 2005 Business Case. In comparing this success to the increase on FTEs, the OPC increased its FTEs by 71% from 78.5 FTEs in 2005-2006 to 110 FTEs by the end of 2007-2008. In terms of staff population, as previously reported to Parliament the OPC ended fiscal year 2007-2008 with a staff compliment of 122. This upward trend continues into the new fiscal year.

Section II: Analysis by Program Activity

2.1 OPC Performance in 2007-2008

This section reports the OPC performance for each program activity of its Program Activity Architecture (PAA) in relation to their expected results and performance indicators, and also indicates how the performance contributed to the five corporate priorities for 2007-2008. Performance reporting includes a self-assessment of performance status using the same scale as what was employed to report on progress to priorities in Section 1.7.

In 2006-2007, the OPC designed its Performance Measurement Framework (PMF) and started implementation in 2007-2008, using an incremental approach continuing over two more years. The performance indicators identified in this section are those against which the OPC has started measuring its performance in 2007-2008. More indicators from the OPC PMF are being introduced in reports on plans and priorities as they become operational.

In addition to ‘performance’ indicators that generate information about the extent of achievement of ‘results’, the OPC uses ‘volume’ indicators or statistics to collect relevant information about its ‘activities’. This section reports on OPC ‘results or outcomes’, primarily using performance information, with selected information about activities to make the performance story more complete (note: the OPC Annual Reports report more comprehensively on OPC ‘activities’, ensuring that both reports are complementary and not duplicative reading for Parliamentarians and Canadians).

Office of the Privacy Commissioner of Canada
Expected Result	Performance Indicator
Ultimate Outcome for Canadians
The OPC plays a lead role in influencing federal government institutions and private sector organizations to respect the privacy rights of individuals and protect their personal information.	Extent and direction of change in the privacy practices of federal government institutions and private sector organizations

Financial Resources
Planned Spending	Total Authorities	Actual Spending
$19,711,000	$18,955,578	$17,130,181

Human Resources
Planned	Actual	Difference
143 FTEs	110 FTEs	33 FTEs

The above-mentioned expected result and performance indicator at the “ultimate outcome level” reflect the overarching goal and measure of success for the OPC. Measuring performance at this high level will be based on the gathering of relevant performance information relating to the “intermediate” and “immediate” level outcomes. Since the OPC is implementing its comprehensive Performance Measurement Framework incrementally over a three-year period from 2007 to 2010, more performance indicators are being added each year to measure with more depth the “intermediate” and “immediate” level outcomes, hence solidifying at the same time the foundation to measure the “ultimate” level outcome.

Having started implementing its PMF in 2007-2008, the OPC presents in this Departmental Performance Report the beginning of its performance story in the next pages, which at the same time, starts to reveal the Office’s performance vis-�-vis the “ultimate outcome”.

Program Activity 1: Compliance Activities

Activity Description

Through this program, the OPC conducts audits to assess whether federal and private sector organizations are complying with requirements set out in the two federal privacy laws, carries out reviews of privacy impact assessments and makes recommendations pursuant to the Treasury Board Secretariat policy, and investigates complaints and responds to inquiries received from individuals and organizations that contact the OPC for advice and assistance on a wide range of privacy-related issues. This program is supported by a legal team that provides legal advice and litigation services and a research team that offers technical and risk assessment support.

Expected Results	Performance Indicators	Actual Performance	Performance Status
Intermediate Outcomes
Individuals receive effective responses to their inquiries and complaints.	Timeliness of OPC responses to inquiries and complaints	Turnaround times for inquiries received from the public or from organizations will be measured with more accuracy once the upgraded information management system is in place in the next fiscal year. The Office responded to 14,215 inquiries in 2007-2008. The calculation of turnaround times for complaints is based on the average number of months between the date of reception of the complaints and the date when findings are made or another type of disposition occurs. Timeliness is calculated by the proportion of complaints completed within service standards⁵: Complaints under PIPEDA: 16.5 months, with 36% of all 370 complaints completed in 2007-2008 being within service standards. Complaints under the Privacy Act: 14.4 months, with 40% of all 880 complaints completed in 2007-2008 being within service standards.	Not met
Federal government institutions and private sector organizations meet their obligations under federal privacy legislation and implement modern principles of personal information protection.	Extent to which audit and investigation recommendations are accepted and implemented over time⁶	Of the four audits that were completed during 2007-2008, 21 recommendations were made and 20 were accepted by auditees at the time of reporting (95%). Follow-up will be made two years after reporting to determine the rate of implementation of the recommendations. The OPC initiated its first follow-up audit in January 2008 to assess progress made by the Canada Border Services Agency on implementing the 19 recommendations from the June 2006 audit report; results of the follow-up are not yet complete but will be published in the next departmental performance report. Under PIPEDA, the Commissioner’s investigation recommendations were accepted and implemented in 87% of the files. This meant that out of the 38 cases that included specific recommendations, there were 34 cases where organizations accepted our recommendations and actually implemented them, and only four cases where organizations did not. Under the Privacy Act, no preliminary reports of finding are issued and recommendations are not normally made. In cases where recommendations are made, they are responded to prior to concluding the complaint investigation. In the two cases where the Commissioner did make recommendations, they were both accepted and implemented, representing 100% acceptance and implementation. As well in 2007-2008, the OPC was involved in 12 litigation cases in order to promote compliance with federal privacy legislation. Some of these cases are ongoing before the courts. Four cases were settled to the satisfaction of the Commissioner and the parties. In three cases, the courts rendered judgments which helped further compliance with privacy legislation and helped to clarify legal obligations.	Successfully met
Immediate Outcomes
The process to respond to inquiries and investigate complaints is effective and efficient.	Timeliness of OPC responses to inquiries and complaints	Refer to performance information for the same indicator two rows above in this table.	Not met
The process to conduct audits and reviews is effective and efficient, including effective review of privacy impact assessments (PIAs) for new and existing government initiatives.	Extent to which audit and PIA recommendations are accepted⁷	Refer to the performance information for the same indicator above as it relates to audits. For PIAs, we received written responses to 32 PIA review letters previously issued (either completed in the fiscal year or prior fiscal year) and of 181 recommendations included in these, departments indicated agreement with 82 (45%). We point out that federal departments may not always indicate agreement in their responses and are under no obligation to respond to our PIA reviews. While they may not always respond when asked, they may nonetheless act on the OPC recommendations. Furthermore, departments are under no obligation to act on our recommendations as they are entirely responsible and accountable for managing their privacy risks. Nevertheless, we continue working to obtain improved responses to PIA reviews to monitor how much government initiatives contain modern privacy principles of personal information protection (as per our recommendations) and also to more objectively measure the impact of our work.	Successfully met
	Proportion of PIA reviews and audits completed within planned timelines⁸	Twenty-two (22%) of the 78 PIA reviews completed in 2007-2008 were processed within the 90-day standard time but now that the backlog of PIAs is under control, the OPC anticipates improvements in the timeliness of PIA reviews in the next year. In addition, one of the four audits (25%) that were completed during the period was within planned timelines.	Not met

In addition to closing investigation files as discussed in the table above, the OPC closely monitored 100 incidents⁹ (43 under PIPEDA and 57 under the Privacy Act), which are incidents of mismanagement of personal information that are brought to our attention from various sources including the media and institutions and organizations themselves.

The Office is seeing more complaints that raise systemic issues which may potentially affect thousands, if not millions, of individuals, more complaints involving ever-changing technology, Internet issues, social networking, wireless networks, and more complaints of an international nature and involving transborder flows of data. This leads to an increased need for co-operation with provincial and international counterparts and joint investigations. To this end, the OPC is concluding a Memorandum of Understanding with its counterparts across Canada in order to facilitate joint investigations and achieve greater efficiency in meeting our obligations under our respective Acts.

In addition to PIA reviews, which are formal requests for advice on new or existing government initiatives, the OPC held 53 consultation meetings with departments and agencies during the year and responded to more ad hoc requests for guidance. We do not measure the quantum of advice rendered however informal feedback received indicates that our advice is well received and helped departments deal with privacy risks and the preparation of PIAs. Our practice is to give helpful suggestions when we can and direct those who inquire to appropriate sources of written materials, namely from the Treasury Board Secretariat that is responsible for PIA guidance.

All of our compliance activities including investigations, audits and PIA reviews illustrate a need for improvement in the privacy management capabilities of federal departments and agencies and private sector organizations. The Office’s role is to influence compliance with privacy legislation and policies through its compliance activities and litigation work in order to have the privacy rights of individuals respected and their personal information protected. While the Office did influence compliance, as evidenced by the positive rates of implementation of our recommendations, its operations were hampered again in 2007-2008 by the persistent backlog of complaints that inevitably lengthen our turnaround times and also a high turnover of staff, which is no different than other federal entities in the National Capital Region (Refer to Internal Services in this Section of the Report for further detail).

It is in this whole context that the OPC launched its comprehensive re-engineering project in 2007-2008 that includes a thorough review of its business processes with a view to streamline the current inquiry and complaint resolution process through the application of innovative, alternative approaches to noticeably improve the overall efficiency and effectiveness of the process. The re-engineering project, which is continuing into the next fiscal year, includes the design and implementation of a new case management system. The new system will provide the basis for OPC management to derive analytical and strategic information such as trends in complaint issues to facilitate a shift of resources to areas where the Office may have the most effective impact.

Financial Resources
Planned Spending	Total Authorities	Actual Spending
$11,139,000	$10,565,939	$9,770,601

Human Resources
Planned	Actual	Difference
100 FTEs	70 FTEs	30 FTEs

Priorities for this Program Activity

The operations under this activity contributed to the achievement of the following priority described in Section I.

Priority	Type
Improve and expand service delivery	Ongoing

The compliance activities, being the core business of the OPC, are those that the Office targeted to improve and expand its service delivery, further supported by its research, policy development and outreach activities. Accomplishments this year to reduce parts of the backlog of complaints and PIAs, the establishment of service standards and the start of the major re-engineering of our business processes have contributed to this priority and makes the Office well-positioned to make significant advances in service delivery in the coming year.

Program Activity 2: Research and Policy Development

Activity Description

Through this program, the Office of the Privacy Commissioner (OPC) provides Parliamentarians and other stakeholders with advice and information on potential privacy implications of proposed legislation, government programs and private sector initiatives. As such, the OPC serves as a centre of expertise on emerging privacy issues in Canada and abroad by researching trends and technological developments, monitoring legislative and regulatory initiatives, providing legal, policy and technical analyses on key issues, developing policy positions that advance the protection of privacy rights, and sharing information with stakeholders to advance files of common interest. All of this work leads to more privacy resilient laws, regulations, policies, initiatives and to improved privacy management practices.

Expected Results	Performance Indicators	Actual Performance	Performance Status
Intermediate Outcome
Parliamentarians and others have access to clear, relevant information, and timely and objective advice about the privacy implications of evolving legislation, regulations and policies.	Proportion of privacy-relevant cases in which OPC was consulted for advice.Proportion of cases in which the final outcome was more privacy protective than the original version¹⁰.	In 2007-2008, of the bills introduced, 19 were assessed to have potential privacy impact. Four were of high privacy relevance, 14 of medium relevance and one of low relevance. In the same period, the OPC was consulted on two bills: Bill C-27, An Act to amend the Criminal Code (identity theft and related misconduct) and Bill C-31, An Act to amend the Canada Elections Act and the Public Service Employment Act. Bill C-31 was amended in accordance with the Commissioner's recommendation to minimize potential privacy risks for voters. Bill C-27 has not yet become law, and therefore it is too early for the OPC to report whether the final outcome was more privacy protective than the original version.	Successfully met
Immediate Outcomes
The work of Parliamentarians is supported by an effective capacity to identify and research privacy issues, and to develop policy positions for the federal public and private sectors, which are respectful of privacy.	Key privacy issues identified and positions articulated to influence the evolution of bills through the drafting stage at the departmental level and the legislative process through Parliament	The OPC provided 20 submissions and policy positions relating to potential privacy implications of proposed legislation and/or government initiatives. In this capacity, OPC officials offered extensive comment on various subjects, including aviation security programs, financial monitoring, access of law enforcement to customer name and address data, and reform of Canada's copyright enforcement regime.	Successfully met
Knowledge about systemic privacy issues in Canada is enhanced through research, with a view to raising awareness and improving privacy management practices.	Key privacy issues identified, analysed, and potential impacts assessed.	Research capacity and production continued to expand, fuelled in part by the wide range of subjects addressed at the 29^th International Conference. As a follow-up to the conference, the OPC commissioned the writing of a summary paper to capture and convey the intellectual contribution of the event. (http://www.privacyconference2007.gc.ca/workbooks/Terra_Incognita_summary_E.html) Research and positions taken on national issues like the no-fly list, data breaches, national security and Privacy Act reform resulted in increased interest in privacy issues across Canada. In 2007-2008, 16 research papers were issued by the OPC on a variety of privacy topics and 13 research projects were either completed or well-underway to study impacts of privacy issues affecting Canadians. In addition, the OPC Contributions Program approved 10 projects for a total of $363,500 in 2007-2008 to conduct research into emerging privacy issues (Refer to web site for a list of the recipient organizations and their approved research projects: http://www.privcom.gc.ca/media/nr-c/2007/nr-c_070627_e.asp).	Successfully met

The 29^th International Conference provided an ideal opportunity to raise awareness of significant privacy themes, such as: Public Safety, Globalization, Law Meets Technology, Ubiquitous Computing, the Next Generation and the Body as Data. Independent research commissioned under the auspices of the Office’s research program was featured before a national and international audience, and received attention from privacy advocates and the media.

Our examination of national programs with significant privacy implications, like the No-Fly list, Electronic Health Records and Enhanced Drivers’ Licences, has raised Canadians’ awareness of the threats posed to their personal privacy and encouraged more considered evaluations of the privacy implications of these programs.

Nevertheless, the challenges facing personal privacy rights continue to grow. The Office continues to expand its research capability through additional hiring, specialized training and partnerships with academics not-for-profit organizations and international data protection authorities.

Financial Resources
Planned Spending	Total Authorities	Actual Spending
$4,534,000	$4,442,772	$3,667,508

Human Resources
Planned	Actual	Difference
22 FTEs	19 FTEs	3 FTEs

Priorities for this Program Activity

The operations under this activity contributed to the achievement of the following priorities described in Section I.

Priorities	Type
Engage with Parliament on privacy issues	Ongoing
Continue to promote Privacy Act reform and PIPEDA review	Previous
Organize, host and evaluate the 29^th International Conference of Data Protection and Privacy Commissioners	Previous

Engaging Parliament on privacy issues and promoting legislative reform are two on-going, fundamental concerns of the Office. Without careful monitoring of legislative developments, precise analysis of draft legislation and close contact with MPs and committee staff, the recommendations of the OPC on privacy matters would be less focussed and effective.

In addition, the 29^th International Conference provided a platform for the Office to raise the international profile of the research completed by Office staff and by academics and non-governmental organizations supported by the Office’s Contributions Program.

Program Activity 3: Public Outreach

Activity Description

Through this program, the Office of the Privacy Commissioner (OPC) delivers a number of public education and communications activities, including speaking engagements and special events, media relations, and the production and dissemination of promotional and educational material. Through public outreach activities, individuals have access to information about privacy and personal data protection to enable them to protect themselves and exercise their rights. The activities also allow organizations to understand their obligations under federal privacy legislations.

Expected Results	Performance Indicators	Actual Performance	Performance Status
Intermediate Outcomes
Individuals have relevant information about privacy rights and are enabled to guard against threats to their personal information.	Reach of target audience with OPC public education materials	OPC officials were cited in the media hundreds of times on dozens of hot privacy issues, including the no-fly list, the TJX/Winners investigation, Google StreetView, identity theft and the Passport Canada breach. Each year, the number of visitors to the web site grows. There was an average of approximately 130,000 hits per month to the OPC web site, for a total of more than 1.5 million in the fiscal year. There was an average of seven speeches delivered per month by OPC officials (a total of 86 speeches throughout the year), audience sizes averaged approximately 140, for a total reach through the speeches of approximately 12,000 individuals at events, and thousands through the web site, where many speeches are posted. More than one thousand publications were sent out to individuals, including copies of the Acts, guides, annual reports, etc. There were close to 50 press releases disseminated in 2007-2008 and the OPC initiated a targeted media campaign to students, with opinion pieces on the importance of protecting privacy issued to university and college newspapers across the country.	Successfully met
Federal government institutions and private sector organizations understand their obligations under federal privacy legislation.	Degree of organizational awareness and understanding of privacy responsibilities¹¹	Based on results published in May 2007 (http://www.privcom.gc.ca/information/survey/2007/ekos_2007_01_e.asp) from a survey of Canadian businesses on a number of issues relating to privacy and the implementation of PIPEDA, most businesses (86%) recognize taking privacy seriously today is just good business, and the majority of the businesses (67%) that collect personal information have done so in line with the provisions of the Act. However, only one in two businesses reports having a high awareness of its responsibilities under Canada’s privacy laws, the findings suggesting there is still work to be done to raise awareness of responsibilities under Canada’s privacy laws, as similar numbers report either low or moderate awareness. Treasury Board’s Privacy Impact Assessment Policy aims at promoting awareness and understanding of the privacy implications associated with program and service delivery. In October 2007, the OPC released its Audit Report – Assessing the Privacy Impacts of Programs, Plans and Policies – which looked at the federal government’s compliance with the policy. The results of the audit confirmed that government departments are not doing enough to protect Canadians’ personal information as they plan new programs or redesign existing programs. PIAs are not always conducted when they should be (http://www.privcom.gc.ca/ information/pub/ar-vr/pia_200710_e.asp).	Successfully met
Immediate Outcomes
Individuals receive and have easy access to relevant information about privacy and personal data protection, enabling them to better protect themselves and exercise their rights.	Reach of target audience with OPC public education materials	Refer to performance information for the same indicator two rows above in this table.	Successfully met
Federal government institutions and private sector organizations receive useful guidance on privacy rights and obligations, contributing to better understanding and enhanced compliance.	Reach of organizations with OPC policy positions, promotional activities and promulgation of best practices	Fifteen (15) fact sheets or information backgrounders were prepared by the OPC in 2007-2008 to inform public sector organizations, private enterprises and the public on various privacy issues (http://www.privcom.gc.ca/fs-fi/index_e.asp). The OPC launched tools to assist businesses in safeguarding customer personal information. This included an e-learning module for retailers, to help them comply with PIPEDA, and voluntary breach notification guidelines for businesses. We also continued to make available the PIPEDA guide for businesses, as well as the guide for individuals (http://www.privcom.gc.ca/bus/index_e.asp). As well, the OPC issued an exposure draft of a PIPEDA privacy self-assessment tool for comment by private sector entities. The OPC updated its publication first issued in 2005 drawing key lessons from Quebec after more than a decade of experience interpreting and applying its private sector legislation. The OPC also drafted a key publication summarizing leading cases after the first seven years of PIPEDA in action. (The official launch was in May 2008 and will be reported on in the next fiscal year.) The OPC published a number of important papers on privacy, including a research paper on identity management and another on radio frequency identification devices (RFIDs). In addition, the OPC produced a study of all of the research conducted under its Contributions Program. Several research papers were also commissioned to enhance the discussions and outcomes of workshops held at the 29^th International Conference. The OPC communicated and consulted with and/or provided guidance to a number of federal departments and agencies with respect to issues such as: PIPEDA review, enhanced drivers license, lawful access, personal health information, spam and spyware, the no-fly list. The OPC also communicated and consulted with and/or provided guidance to a variety of business groups with respect to issues such breach notification, privacy policies, outsourcing, security, etc. The OPC articulated its position in a number of venues (appearances, media statements, resolutions) with respect to important privacy matters, for example, at the Air India Inquiry on Canada’s Financial Monitoring Regime and Privacy Implications of Aviation Security Measures, as well as on the Copyright Act, automated teller machine fees and electronic payments, identity theft, digital rights management, Google StreetView, the no-fly list, the enhanced drivers licence, etc. In addition, the OPC launched a blog in which Canadians and organizations may share their views and concerns (http://blog.privcom.gc.ca/).	Successfully met

This year, the OPC's goals with respect to communications and outreach were well met. In addition to the activities outlined above, the OPC expanded the tools it uses to communicate, launching a pilot project to build a more responsive and interactive dialogue with Canadians through an official Office of the Privacy Commissioner of Canada blog as well as on-line videos. There has been a positive response from the general public as well as privacy advocates in Canada and internationally.

In addition to this, in response to reports that compliance in the retail sector could be improved, the OPC developed and published an online e-learning module to help this sector better comply with PIPEDA. Federal/regional relations were further enhanced through Federal/Provincial/Territorial meetings, as well as joint resolutions on privacy issues such as enhanced driver's licenses and the no-fly list. Media relations efforts on the TJX/Winners investigation resulted in significant media coverage, including an appearance by the Commissioner on the prominent news program 60 Minutes, raising awareness nationally and internationally. This level of national and international recognition for the importance of privacy rights was also paramount in media coverage surrounding the 29^th International Conference of Data Protection and Privacy Commissioners, hosted by the OPC in September 2007. The OPC has recognized a need for additional outreach activities and an expanded regional presence, and is reorganizing and resourcing accordingly.

Financial Resources
Planned Spending	Total Authorities	Actual Spending
$4,038,000	$3,946,867	$3,692,072

Human Resources
Planned	Actual	Difference
21 FTEs	21 FTEs	0 FTEs

Priorities for this Program Activity

The operations under this activity contributed to the achievement of the following priorities described in Section I.

Priorities	Type
Engage with Parliament on privacy issues	Ongoing
Continue to promote Privacy Act reform and PIPEDA review	Previous
Organize, host and evaluate the 29^th International Conference of Data Protection and Privacy Commissioners	Previous

Engaging in a dialogue with different groups, providing individuals and organizations, both in the public and private sectors, with information and guidance, helping them better understand their rights and obligations under federal privacy laws, has helped the OPC with its delivery on the three priorities below. Hosting the 29th International Conference of Data Protection and Privacy Commissioners was an important and rewarding outreach effort for the OPC this past year. Actively communicating with our stakeholders on an ongoing basis, and enhancing our work with these groups, enables the OPC to more effectively and thoughtfully engage Parliament on privacy matters, and to continue to promote Privacy Act reform and PIPEDA review.

Other Activities: Internal Services

Activity Description

The OPC continues to enhance and improve its management practices in order to meet the highest standards of performance and accountability. The resources associated with the corporate services, including human resources management services, have been apportioned to the three first Program Activities, which they support. All managers are expected to take responsibility for the expected results, and to integrate the necessary activities in their operational plans.

Expected Results	Performance Indicators	Actual Performance	Performance Status
Intermediate Outcome
The OPC achieves a standard of organizational excellence, and managers and staff apply sound business management practices.	Ratings against Management Accountability Framework - MAF (as being the expectations for high organizational performance in modern public service management)	As an Officer of Parliament, the OPC is not subject to a MAF assessment by Treasury Board Secretariat. The Office nevertheless embraces the expectations for high organizational performance in modern public service management that the MAF promotes. In May 2007, the OPC completed its first self-assessment against the MAF and intends to conduct a similar comprehensive exercise biennially (other small agencies are subjected to an assessment by TBS once every three years). As well, the OPC prepares a semi-annual status report of the improvement plan that was developed with the May 2007 MAF Self-Assessment Report and uses the status report to inform its fall strategic planning session with areas requiring management attention. The May 2007 MAF Self-Assessment Report indicated good management practices in the following areas: utility of corporate performance framework, quality of program and policy analysis, managing organizational change, fair workplace, IT management, asset management, procurement, and accountability. Of the areas requiring improvement, progress was made in 2007-2008 as follows: a corporate risk profile was developed and served as an important element of priority-setting, service standards were developed in core functions, values and ethics were promoted namely through communicating to staff the Public Service Disclosure Protection Act proactively, information management was improved through the utilization throughout the Office of a record and document management information system (RDMIS) and the creation of a web based library catalogue. More work is continuing to improve other management areas namely internal audit and evaluation, completion and testing of the business continuity plan, development of a values and ethics code of conduct, preparation of more robust and user-friendly monthly financial reports, conducting a major review of financial authority delegations and further integration of human resources and business planning.	Successfully met
Immediate Outcomes
Key elements of the OPC Management Accountability Framework (MAF) are integrated into management practices and influence decision-making at all levels.	Ratings against Management Accountability Framework - MAF (as being the expectations for high organizational performance in modern public service management)	Refer to performance information for the same indicator in the row above.	Successfully met
The OPC has a productive, principled, sustainable and adaptable workforce that achieves results in a fair, healthy and enabling workplace.	Employee satisfaction; number of grievances received; quality of labour relations; retention of staff	Employee satisfaction The next Public Service Employee Survey is planned for 2008, however, comparing results from the two last surveys (2002 and 2005), the OPC made significant progress, notably in the following areas: respondents indicated being strongly committed to their work and to the organization, knowing where to go for help if faced with an ethical dilemma and believing in the fairness of the selection process for positions. Number of grievances received During 2007-2008, the OPC dealt with seven formal and informal staff relations issues and did not have any formal complaints related to the staffing process. Quality of labour relations The Office continues to strengthen its communication mechanisms through ongoing dialogue with employees and bargaining agents at labour management and health and safety committees and through all-staff meetings both at the organizational and branch levels. As well, much emphasis was placed on learning within the OPC with all managers having been offered a series of modules in labour relations. Workshops on ‘respect in the workplace’ were mandatory for all staff. Training sessions were offered through the Canada School of Public Service, the Small Agency Transition Support Team and other Officers of Parliament (namely Elections Canada) in the areas of: integrated business and HR planning, classification, conflict management, supervisory training for new supervisors, orientation to the Public Service and the Public Service Employment Act, etc. Retention of staff The 2006-2007 Annual Report of the Public Service Commission identified the level of movement within the federal public service as a challenge with an increase from 30% in 2004-2005 and 35% in 2005-2006 to a high of 40% of employee movement in 2006-2007. Within the OPC, the movement is similar to the rest of the Public Service and progress is well underway to address the retention challenges. A revised Integrated Business and Human Resources Plan is being developed, which includes a resourcing strategy and identifies priorities and plans for the next three years to address these challenges. In addition, we developed an Exit Questionnaire to learn from departing employees on how to improve our HR management policies and practices. We are exploring flexible working arrangements and considering the development of a Workplace Fitness Program and an Awards and Recognition Program – all within the context of Treasury Board policies and guidelines. As well, we continue to strengthen our communication mechanisms through ongoing dialogue with employees.	Successfully met
HR management practices reflect new accountabilities stemming from Public Service Modernization Act and Public Service Employment Act.	Full, unconditional staffing delegation from PSC; HR planning integrated into business planning at the OPC	Full, unconditional staffing delegation from PSC HR prepared detailed, comprehensive reports in response to the Annual Reports required in the areas of Official Languages, Staffing and Classification as well as other yearly reports in Multiculturalism, and Values and Ethics (e.g. Harassment, Employment Equity). Those reports are submitted to central agencies who evaluate the Deputy Head’s accountability in these programs. Feedback on reports submitted by the OPC in 2007-2008 was very positive. As for the staffing function specifically, the Commissioner signed once again the Appointment Delegation and Accountability Instrument with the Public Service Commission, and as such the OPC maintains its full, unconditional staffing delegation from PSC. HR planning integrated into business planning at the OPC The OPC has taken a corporate approach to integrating human resources, financial and business planning. Branch level business plans incorporate all three aspects. In addition, HR and Finance specialists meet jointly with branch managers periodically to discuss their current and future resource requirements.	Successfully met
Managers and staff demonstrate exemplary professional and ethical conduct in all of their work, and are responsive to the highly visible and complex nature of the environment in which they operate.	Feedback from employees on fairness, respect and engagement	The OPC continued to reaffirm its commitment to the Public Service Values and Ethics through promoting the values and ethics, namely through the creation of a dedicated section on the opening page of its Intranet site to values and ethics. Senior management decided not to have its own internal disclosure mechanism but rather to have any disclosures made directly to the Public Sector Integrity Commissioner. This decision was communicated to all staff and posted on the Intranet. The OPC also took the opportunity to remind staff of other key personnel that they could turn to as required. Only one harassment-related incident was reported in 2007-2008 for a staff complement of 110 FTEs (0.9%).	Successfully met
The performance of the OPC is defined, measured and reported upon regularly in a meaningful and transparent manner.	OPC reports, particularly RPP and DPR, are well received by Central Agencies and stakeholders	Based on informal comments from Parliamentarians, Parliamentary Committee members and Treasury Board Secretariat officials, the OPC received positive or very positive feedback on its annual reports, Report on Plans and Priorities and Departmental Performance Report in 2007-2008.	Successfully met

In addition to performance reporting in the above table, the OPC had committed to undertake the following management activities in 2007-2008 as identified in its 2007-2008 Report on Plans and Priorities:

Implementation of Year 2 of the Business Case

Fiscal year 2007-2008 was Year 2 of the implementation plan for the OPC’s three-year business case presented in 2005-2006 to the House of Commons Advisory Panel on the Funding and Oversight of Officers of Parliament. The review of organizational structures stemming from the business case was finalized with the exception of the regional positions due to a management decision to revisit this approach. In response to some of the challenges posed by the Public Service Commission’s implementation of a national area of selection policy for external recruitment and in an effort to accelerate the assessment process and reduce travel costs, the Office developed a web-based tool to administer exams on-line through the use of a portal on the OPC web-site. The preparation time and overall administrative costs were minimal and allowed us to very easily accommodate candidates regardless of their location – Canadians as far as India and Malaysia were successfully able to write the exams. We also noted that candidates with disabilities much prefer this approach as their personal computers (or work environment) are already properly equipped to address their special needs.

Implementation of the Performance Measurement Framework (PMF)

Fiscal year 2007-2008 was the first of three years of incremental implementation of the PMF approved by senior management in December 2006. The first year covered about half of the total number of performance indicators. This Departmental Performance Report is the evidence that implementation did take place, including the development of measurement instruments such as tracking tools, revised scorecard reporting, development of service standards in core functions. Work has started to implement the second year of implementation in 2008-2009, with the inclusion of performance targets that were set as part of the work to support the Management, Resources and Results Structure (MRRS) Policy.

Integrated Risk Management through:

Completion of the Business Continuity Plan (BCP) – Work was realized to advance the development of the BCP but given some internal changes in responsibility, it was not completed as planned in 2007-2008. Completion of the BCP will be realized in 2008-2009 at the same time as new requirements under the Government Security Policy will be integrated and renewal of the enterprise threat and risk assessments to test the BCP will be carried out in the next fiscal year.

Establishment of the Internal Audit Function – Work on this initiative has not advanced due to an unsuccessful competition to engage an AS-07 to help set up a new internal audit function. An intense effort is being invested in 2008-2009 through collaboration with other Officers of Parliament and the engagement of a contracted resource (until the new competition for an AS-07 that is underway concludes) to meet the requirements of the Internal Audit Policy by March 31, 2009. These requirements include: appointing a Chief Audit Executive that reports to the Commissioner, establishing an independent audit committee comprised of members from outside the Office and the Federal Public Service, and developing a risk-based audit plan designed to support an annual opinion from the Chief Audit Executive on the OPC’s risk management, control, and governance processes.

Development of a Corporate Risk Profile and management of risks – In early 2007-2008, the OPC developed its first formal corporate risk profile through the involvement of a senior manager from each area of the Office. The exercise generated very useful discussions and the resulting product served as a critical input to the senior management exercise to set the 2008-2009 corporate priorities that subsequently became the basis for the Report on Plans and Priorities. In addition to integrating risk management to strategic planning, the operational plans from each branch of the Office also integrated to the risk mitigating strategies such that those truly are commitments that managers are engaged to deliver to manage risks proactively.

Strengthening of the Information Management Capacity

Two new positions in information management were created and staffed in 2007-2008, basic training on the use of the new record and document information management system (RDIMS) was provided to all OPC staff, and a new web-based library catalogue called In Magic was launched on the OPC Intranet site allowing personnel to search library holdings and make loans on-line via their desktops.

Overseeing the financial and management aspects of the 29^th Annual Conference

The 29th Annual Conference of Data Protection and Privacy Commissioners, which was highly successful, was governed effectively through a steering committee chaired by the Commissioner and supported by three key management components: program, logistics and financial aspects. The conference was delivered within the net forecasted budget of $400,000 for the event; financial details are disclosed on the OPC website (http://www.privcom.gc.ca/pd-dp/other-autre/2007-08/070925_e.asp).

Implementation of the Human Resources Strategy

Progress is well underway within the OPC to address the challenges we face with respect to recruiting and retaining our staff. A draft Human Resources Strategy was presented to senior management in October 2007, and based on discussions at the senior management committee, and in view of the need for OPC to present a second business case for additional resources, there was a decision to revisit our approach to the HR Strategy. A revised Integrated Business and Human Resources Plan is currently under development, which incorporates a resourcing strategy as well as methods to retain our talent across the organization, and identifies our plans and priorities for the next three years to address the challenges pertaining to recruitment and retention. This integrated plan will be completed in 2008-2009.

Continued implementation of Public Service Employment Act (PSEA) and the Public Service Modernization Act (PSMA)

This has become an ongoing task which is integrated in our management practices. In 2007-2008, information sessions were offered to all managers on the implementation of the PSMA and PSEA. We continue to explore the flexibilities provided under the new PSEA. . Additionally, a number of policies and guidelines were developed and/or reviewed in line with the PSMA and PSEA.

Integration of human resources planning to strategic planning, enhancement of human resources monitoring and reporting capacity, and development of human resources policies and guidelines

The OPC strategic plan (or Report on Plans and Priorities) addresses both business and human resources planning. As well, the operational or branch plans also integrate both aspects of planning. The Directors of Human Resources and Finance work together to better inform OPC managers of their resource situation in an integrated manner. As well, the OPC continues to refine its capacity to produce demographic data on its human resources for use by managers in doing the planning and management of their resources. Work on an improved quarterly presentation of integrated resources data intended to senior management has progressed in 2007-2008 and will be completed in the next year. A fully Integrated Business and Human Resources Plan is currently in draft format and will be presented to the senior management committee in 2008-2009.

Priorities for this Program Activity

The operations under this activity contributed to the achievement of the following priority described in Section I.

Priorities	Type
Build organizational capacity	Previous

This program activity is about organizational excellence and ensuring that sound business management practices are applied by OPC managers and staff in delivering the Office’s mandate. Efforts to develop and continually assess and improve the institutional infrastructure of the Office contribute directly to building and maintaining our capacity, both in terms of human capital and management processes and practices.

Section III: Supplementary Information

This section presents two resource tables, the audited financial statements and sources of additional information.

3.1 Resource Tables

Table 1 – Comparison of Planned to Actual Spending (including FTEs)
	2005-2006 Actual	2006-2007 Actual	Main Estimates	Planned Spending	Total Authorities	Actual
	2005-2006 Actual	2006-2007 Actual	2007-2008 ($000)
Compliance Activities	7,909	9,373	11,139	11,139	10,566	9,771
Research & Policy Development	2,094	2.976	4,534	4,534	4,443	3,667
Public Outreach	1,628	3,367	4,038	4,038	3,947	3,692
Total	11,631	15,716	19,711	19,711	18,956	17,130
Less: Non-respendable revenue	-	-	N/A	-	N/A	-
Plus: Cost of services received without charge	1,375	1,586	1,888	1,888	1,774	1,774
Total Spending	13,006	17,302	21,599	21,599	20,730¹²	18,904
Full Time Equivalents	78.5	100¹³	N/A	143	N/A	110

Table 2 – Voted and Statutory Items
Vote or Statutory Item	Truncated Vote or Statutory Wording	Main Estimates	Planned Spending	Total Authorities	Actual
		2007-2008 ($000)
45	Program expenditures	16,262	17,482	17,503	15,677
(S)	Contributions to employee benefit plans	2,084	2,229	1,453	1,453
	Total Department or Agency	18,346	19,711	18,956	17,130

3.2 Audited Financial Statements

Statement of Management Responsibility

Responsibility for the integrity and objectivity of the accompanying financial statements for the year ended March 31, 2008 and all information contained in these statements rests with the management of the Office of the Privacy Commissioner of Canada. These financial statements have been prepared by management in accordance with Treasury Board accounting policies which are consistent with Canadian generally accepted accounting principles for the public sector, and year-end instructions issued by the Office of the Comptroller General.

Management is responsible for the integrity and objectivity of the information in these financial statements. Some of the information in the financial statements is based on management's best estimates and judgment and gives due consideration to materiality. To fulfill its accounting and reporting responsibilities, management maintains a set of accounts that provides a centralized record of the Office’s financial transactions. Financial information submitted to the Public Accounts of Canada and included in the Office’s Departmental Performance Report is consistent with these financial statements.

Management maintains a system of financial management and internal control designed to provide reasonable assurance that financial information is reliable, that the Office’s assets are safeguarded and that transactions are in accordance with the Financial Administration Act, are executed in accordance with prescribed regulations, within Parliamentary authorities, and are properly recorded to maintain accountability of Government funds. Management also seeks to ensure the objectivity and integrity of data in its financial statements by careful selection, training and development of qualified staff, by organizational arrangements that provide appropriate divisions of responsibility, and by communication programs aimed at ensuring that regulations, policies, standards and managerial authorities are understood throughout the Office.

The financial statements of the Office of the Privacy Commissioner of Canada have been audited by the Auditor General of Canada, the independent auditor for the Government of Canada.

(Original signed by)

Jennifer Stoddart
Privacy Commissioner of Canada

(Original signed by)

Tom Pulcine, CMA
Director General, Corporate Services and Chief Financial Officer

Ottawa, Canada
July 18, 2008

AUDITOR’S REPORT

To the Speaker of the House of Commons and the Speaker of the Senate

I have audited the statement of financial position of the Office of the Privacy Commissioner of Canada as at March 31, 2008 and the statements of operations, equity of Canada and cash flow for the year then ended. These financial statements are the responsibility of the Office’s management. My responsibility is to express an opinion on these financial statements based on my audit.

I conducted my audit in accordance with Canadian generally accepted auditing standards. Those standards require that I plan and perform an audit to obtain reasonable assurance whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation.

In my opinion, these financial statements present fairly, in all material respects, the financial position of the Office as at March 31, 2008 and the results of its operations and its cash flows for the year then ended in accordance with Canadian generally accepted accounting principles.

Further, in my opinion, the transactions of the Office that have come to my notice during my audit of the financial statements have, in all significant respects, been in accordance with the Financial Administration Act and regulations and the Privacy Act.

(Original signed by)

John Wiersema, FCA
Deputy Auditor General
For the Auditor General of Canada

Ottawa, Canada
July 18, 2008

Statement of Financial Position

As at March 31 (in thousands of dollars)
	2008	2007
Assets
Financial assets
Due from the Consolidated Revenue Fund	1,364	1,303
Accounts receivable and advances (Note 4)	701	692
Total financial assets	2,065	1,995
Non-financial assets
Prepaid expenses	57	17
Tangible capital assets (note 5)	1,449	1,187
Total financial assets	1,506	1,204
TOTAL	3,571	3,199
Liabilities and Equity of Canada
Liabilities
Accounts payable and accrued liabilities	1,700	1,796
Accrued employee salaries	363	286
Vacation pay and compensatory leave	464	382
Employee severance benefits (Note 6)	1,517	1,464
Total liabilities	4,044	3,928
Equity of Canada (Note 10)	(473)	(729)
TOTAL	3,571	3,199

Contingent liabilities (Note 7)
Contractual obligations (Note 8)

The accompanying notes are an integral part of the financial statements

(Original signed by)

Jennifer Stoddart
Privacy Commissioner of Canada

(Original signed by)

Tom Pulcine, CMA
Director General, Corporate Services and Chief Financial Officer

Ottawa, Canada
July 18, 2008

Statement of Operations

As at March 31 (in thousands of dollars)
	Assess and Investigate	Privacy Education	Research and policy	Total	Total
	2008				2007
Operating Expenses
Salaries and Employee benefits	6,704	2,164	2,094	10,962	9,987
Professional and special services	2,465	659	707	3,831	3,729
Accommodation	582	189	217	988	875
Transportation and communications	360	303	246	909	619
Amortization	274	90	103	467	404
Information	115	246	51	412	405
Repairs and maintenance	161	53	60	274	170
Utilities, materials and supplies	74	26	26	126	130
Rentals	33	19	12	64	50
Equipment	31	11	11	53	222
Other	2	1	1	4	9
Total Operating expenses	10,801	3,761	3,528	18,090	16,600
Transfer Payments	-	-	451	451	387
Net Cost of Operations	10,801	3,761	3,979	18,541	16,987

The accompanying notes form an integral part of these financial statements.

Statement of Equity of Canada

For the year ended March 31 (in thousands of dollars)
	2008	2007
Equity of Canada, beginning of the year	(729)	(809)
Net cost of operations	(18,541)	(16,987)
Net cash provided by Government (Note 3(c))	17,029	15,775
Change in Due from Consolidated Revenue Fund	61	(294)
Services received without charge from other government departments (Note 9)	1,707	1,586
Equity of Canada, end of year	(473)	(729)

The accompanying notes are an integral part of the financial statements.

Statement of Cash Flow

For the year ended March 31 (in thousands of dollars)
	2008	2007
Operating Activities
Net cost of operations	18,541	16,987
Non-cash items:
Amortization of tangible assets	(467)	(404)
Services received without charge (Note 9)	(1,707)	(1,586)
Loss on disposal of tangible capital assets	-	(9)
Variations in Statement of Financial Position:
Increase (decrease) in accounts receivable and advances	9	644
Increase (decrease) in prepaid expenses	40	(30)
Decrease (increase) in liabilities	(116)	(617)
Cash used by operating activities	16,300	14,985
Capital investment activities
Acquisition of tangible capital assets	729	790
Net cash provided by Government of Canada	17,029	15,775

The accompanying notes are an integral part of the financial statements

Notes to the Financial Statements

1. Authority and objectives

The Office of the Privacy Commissioner of Canada (the Office), was created under the Privacy Act, which came into force on July 1, 1983. The Privacy Commissioner is an independent officer of Parliament appointed by the Governor-in-Council following approval of her nomination by resolution of the Senate and the House of Commons. The Office is designated, by Order-in-Council, as a department for purposes of the Financial Administration Act. As such, it is established under the authority of Schedule I.1 of the Act and is funded through annual appropriations. The Commissioner is accountable for, and reports directly to Parliament on the results achieved.

The objectives of the Office of the Privacy Commissioner of Canada are:

investigating complaints and conducting audits;
publishing information about personal information-handling practices in the public and private sector;
conducting research into privacy issues; and
promoting awareness and understanding of privacy issues by the Canadian public.

2. Summary of significant accounting policies

These financial statements have been prepared in accordance with Treasury Board accounting policies which are consistent with Canadian generally accepted accounting principles for the public sector, and year-end instructions issued by the Office of the Comptroller General.

Significant accounting policies are as follows:

(a) Due from the Consolidated Revenue Fund

Due from the Consolidated Revenue Fund (CRF) represents the amount of cash that the Office is entitled to draw from the Consolidated Revenue Fund without further appropriations, in order to discharge its liabilities.

(b) Parliamentary appropriations

The Office of the Privacy Commissioner of Canada is financed by the Government of Canada through Parliamentary appropriations. Appropriations provided to the Office do not parallel financial reporting according to generally accepted accounting principles since appropriations are primarily based on cash flow requirements. Consequently, items recognized in the statement of operations and the statement of financial position are not necessarily the same as those provided through appropriations from Parliament. Note 3 provides a high-level reconciliation between the bases of reporting.

(c) Net cash provided by Government

The Office operates within the Consolidated Revenue Fund, which is administered by the Receiver General for Canada. All cash received by the Office is deposited to the CRF and all cash disbursements made by the Office are paid from the CRF. The net cash provided by Government is the difference between all cash receipts and all cash disbursements including transactions between departments of the federal government.

(d) Expenses

Expenses are recorded on the accrual basis:

Contributions are recognized in the year in which the recipient has met the eligibility criteria or fulfilled the terms of a contractual transfer agreement.
Vacation pay and compensatory leave are expensed as the benefits accrue to employees under their respective terms of employment.
Services received without charge from other government departments are recorded as operating expenses at their estimated cost.

(e) Employee future benefits

Pension benefits: Eligible employees participate in the Public Service Pension Plan, a multi-employer pension plan administered by the Government of Canada. The Office’s contributions to the Plan are charged to expenses in the year incurred and represent the total obligation of the Office to the Plan. Current legislation does not require the Office to make contributions for any actuarial deficiencies of the Plan.
Severance benefits: Employees are entitled to severance benefits under labour contracts or conditions of employment. These benefits are accrued as employees render the services necessary to earn them. The obligation relating to the benefits earned by employees is calculated using information derived from the results of the actuarially determined liability for employee severance benefits for the Government as a whole.

(f) Accounts receivable

Accounts receivable are stated at amounts expected to be ultimately realized. A provision is made for receivables where recovery is considered uncertain.

(g) Contingent liabilities

Contingent liabilities are potential liabilities which may become actual liabilities when one or more future events occur or fail to occur. To the extent that the future event is likely to occur or fail to occur, and a reasonable estimate of the loss can be made, an estimated liability is accrued and an expense recorded. If the likelihood is not determinable or an amount cannot be reasonably estimated, the contingency is disclosed in the notes to the financial statements.

(h) Tangible capital assets

All tangible capital assets and leasehold improvements having an initial cost of $2,500 or more are recorded at their acquisition cost.

The amortization of tangible capital assets is done on a straight-line basis over the estimated useful life of the asset as follows:

Asset Class	Amortization Period
Machinery and equipment	3 years
Informatics hardware	3 years
Computer software	3 years
Other equipment	10 years
Leasehold improvements	Term of the lease

(i) Measurement uncertainty

The preparation of these financial statements in accordance with Treasury Board accounting policies, which are consistent with Canadian generally accepted accounting principles for the public sector, and year-end instructions issued by the Office of the Comptroller General, requires management to make estimates and assumptions that affect the reported amounts of assets, liabilities, and expenses reported in the financial statements. At the time of preparation of these statements, management believes the estimates and assumptions to be reasonable. The most significant items where estimates are used are contingent liabilities, the liability for employee severance benefits and the useful life of tangible capital assets. Actual results could significantly differ from those estimated. Management’s estimates are reviewed periodically and, as adjustments become necessary, they are recorded in the financial statements in the year they become known.

3. Parliamentary appropriations

The Office receives most of its funding through annual Parliamentary appropriations. Items recognized in the statement of operations and the statement of financial position in one year may be funded through Parliamentary appropriations in prior, current or future years. Accordingly, the Office has different net results of operations for the year on a government funding basis than on an accrual accounting basis. The differences are reconciled in the following tables:

a) Reconciliation of net cost of operations to current year appropriations used:

(in thousands of dollars)
	2008	2007
Net cost of operations	18,541	16,987
Adjustments for items affecting net cost of operations but not affecting appropriations:
Add (Less):
Services received without charge	(1,707)	(1,586)
Amortization of tangible capital assets	(467)	(404)
Reversal of previous years accounts payable	78	89
Vacation pay and compensatory leave	(82)	(12)
Employee severance benefits	(53)	(182)
	16,310	14,892
Adjustments for items not affecting net cost of operations but affecting appropriations:
Add (Less):
Acquisition of tangible capital assets	729	790
Change in prepaid expenses	40	(30)
Other adjustments	51	64
	820	824
Current year appropriations used	17,130	15,716

(b) Appropriations provided and used:

(in thousands of dollars)
	2008	2007
Vote 45 - Program expenditures	17,503	14,754
Statutory contributions to employee benefit plans	1,453	1,270
	18,956	16,024
Lapsed Appropriations: Operating	(1,826)	(308)
Current year appropriations used	17,130	15,716

(c) Reconciliation of net cash provided by Government to current year appropriations used:

(in thousands of dollars)
	2008	2007
Net cash provided by Government	17,029	15,775
Reversal of previous years accounts payable	78	89
Variation in accounts receivable and advances	(9)	(644)
Variation in accounts payable and accrued liabilities	(96)	383
Variation in accrued employee salaries	77	40
Other adjustments	51	73
Current year appropriations used	17,130	15,716

4. Accounts receivable and advances

The following table presents details of accounts receivable and advances:

(in thousands of dollars)
	2008	2007
Receivables from other Federal Government departments and agencies	693	691
Receivables from external parties	7	-
Employee advances	1	1
Total	701	692

5. Tangible capital assets

Cost (in thousands of dollars)
	Opening Balance	Acquisitions	Disposals	Closing Balance
Machinery and equipment	-	6	-	6
Informatics hardware	1,604	462	-	2,066
Computer software	427	4	-	431
Other equipment	745	118	-	863
Leasehold improvements	123	139	-	262
	2,899	729	-	3,628

Accumulated amortization (in thousands of dollars)
	Opening Balance	Amortization	Disposals	Closing Balance
Machinery and equipment	-	2	-	2
Informatics hardware	989	317	-	1,306
Computer software	332	50	-	382
Other equipment	332	72	-	404
Leasehold improvements	59	26	-	85
	1,712	467	-	2,179

Net book value (in thousands of dollars)
	Opening Balance	Closing Balance
Machinery and equipment	-	4
Informatics hardware	615	760
Computer software	95	49
Other equipment	413	459
Leasehold improvements	64	177
	1,187	1,449

Amortization expense for the year ended March 31, 2008 was $467,000 (2007 was $404,000).

6. Employee Benefits

(a) Pension benefits

The Office’s employees participate in the Public Service Pension Plan, which is sponsored and administered by the Government of Canada. Pension benefits accrue up to a maximum period of 35 years at a rate of 2 percent per year of pensionable service, times the average of the best five consecutive years of earnings. The benefits are integrated with Canada/Qu�bec Pension Plans benefits and they are indexed to inflation.

Both the employees and the Office contribute to the cost of the Plan. The 2007-2008 expense amounts to $1,059,315 ($935,432 in 2006-2007), which represents approximately 2.1 times (2.2 in 2006-07) the contributions by employees.

The Office’s responsibility with regard to the Plan is limited to its contributions. Actuarial surpluses or deficiencies are recognized in the financial statements of the Government of Canada, as the Plan’s sponsor.

(b) Severance benefits

The Office provides severance benefits to its employees based on eligibility, years of service and final salary. These severance benefits are not pre-funded. Benefits will be paid from future appropriations. Information about the severance benefits, measured as at March 31, is as follows:

(in thousands of dollars)
	2008	2007
Accrued benefit obligation, beginning of year	1,464	1,282
Expense for the year	282	236
Benefits paid during the year	(229)	(54)
Accrued benefit obligation, end of year	1,517	1,464

7. Contingent liabilities

Claims and litigation - Claims have been made against the Office in the normal course of operations. Legal proceedings for claims totalling approximately $50,000 were still pending at March 31, 2008 ($50,000 in 2007). Some of these potential liabilities may become actual liabilities when one or more future events occur or fail to occur. To the extent that the future event is likely to occur or fail to occur, and a reasonable estimate of the loss can be made, an estimated liability is accrued and an expense recorded in the financial statements. As of March 31, 2008, no amount has been accounted for in the financial statements.

8. Contractual obligations

The nature of the Office’s activities can result in some large multi-year contracts and obligations whereby the department will be obligated to make future payments when the services/goods are received. Included within the 2008-2009 amount is $842,857 for goods and services contracts signed in 2007-2008 which extend into 2008-2009. The remaining balance of $36,050 in 2008-2009 is for operating leases. The amounts for 2009-2010 through 2012-2013 are all for operating leases.

(in thousands of dollars)
2008-09	2009-10	2010-11	2011-12	2012-13
879	35	15	5	-

9. Related party transactions

The Office is related as a result of common ownership to all Government of Canada departments, agencies, and Crown corporations. The Office enters into transactions with these entities in the normal course of business and on normal trade terms. During the year, the Office expensed $4,996,533 ($4,450,384 in 2007) from transactions with other government departments, agencies and Crown corporations. These expenses include services received without charge in the amount of $1,706,775 ($1,585,560 in 2007), as presented in part (a).

(a) Services received without charge:

During the year, the Office received without charge from other departments, accommodation, the employer’s contribution to the health and dental insurance plans, payroll services, and audit services. These services without charge have been recognized in the Office’s Statement of Operations as follows:

(in thousands of dollars)
	2008	2007
Accommodation provided by Public Works and Government Services Canada	980	863
Contribution covering employer’s share of employees’ insurance premiums and expenditures paid by Treasury Board Secretariat	611	629
Payroll services provided by Public Works and Government Services Canada	4	4
Audit services provided by the Office of the Auditor General of Canada	112	90
Total	1,707	1,586

(b) Payables and receivables outstanding at year-end with related parties:

(in thousands of dollars)
	2008	2007
Accounts receivable with other government departments and agencies	693	691
Accounts payable to other government departments and agencies	429	259

10. Equity of Canada

The Equity of Canada, which is currently in a deficit position, represents liabilities incurred by the Office, net of capital tangible assets, which have not yet been funded through appropriations. Significant components of this amount are employee severance benefits and vacation pay liabilities. These amounts are expected to be funded by appropriations in future years as they are paid.

3.3 Sources of Additional Information

Legislation Administered by the Privacy Commissioner

Privacy Act 85, ch. P21, amended 1997, c. 20, s. 55	R.S., 1985, ch. P-21, amended 1997, c.20, s. 55
Personal Information Protection and Electronic Documents Act	2000, c.5

Statutory Annual Reports, other Publications and Information

Statutory reports, publications and other information are available from the Office of the Privacy Commissioner of Canada, Ottawa, Canada K1A 1H3; tel.: (613) 995-8210 and on the OPC's Web site at www.privcom.gc.ca

Privacy Commissioner's Annual Reports
Reports on Plans and Priorities for 2008-2009
Performance Report to Parliament for the period ending March 31, 2007.
Your Privacy Rights: A Guide for Individuals to the Personal Information Protection and Electronic Documents Act
Your Privacy Responsibilities: A Guide for Businesses and Organizations to the Personal Information Protection and Electronic Documents Act

Contact for Further Information on the Departmental Performance Report:

Mr. Tom Pulcine
Director General, Corporate Services/Chief Financial Officer
Office of the Privacy Commissioner of Canada
Place de Ville, Tower B
112, Kent St., Suite 300
Ottawa, Ontario K1A 1H3
Telephone: (613) 996-5336
Facsimile: (613) 947-6850

¹ Our Report on Plans and Priorities 2007-2008 reported 154 Planned FTEs which included 11 FTEs and funds earmarked for the implementation of Federal Accountability Act (FedAA). No additional funds or FTEs were requested during fiscal year 2007-2008 for implementation of the FedAA.Therefore our adjusted planned FTEs for 2007-2008 are 143.
² The OPC added a rating “partially met” to the Treasury Board Secretariat’s scale that was restricted to the following ratings: successfully met, not met, or exceeded expectations. A commitment that is partially met indicates that some elements were achieved as planned and other elements were either not achieved or delayed.
³ Other interventions are actions taken by the OPC to engage with a federal or private sector organization to address and resolve a particular privacy matter that has come to the attention of the Office, without making use of formal instruments such as audits.
⁴ The business case authorized the creation of 47 positions, including five positions to set up regional offices. The decision to create regional offices was revisited and work to extend the OPC’s regional presence is being resourced through a mix of staff and operating resources, hence the total of 42 positions intended to be staffed by the OPC.
⁵ The service standards depend on complaint types: complaints under PIPEDA for denial of access complaints (access and time limits) should take 10.5 months, and other types (collection, consent, correction/notation, retention, safeguards, use/disclose, etc.): 11.5 months; complaints under the Privacy Act for time limit complaints (time limits, extensions, correction time limits) should take 6 months, denial of access complaints: 10 months, and Section 4 to 8 complaints (collection, correction/notation, use/disclose, retention/disposal): 12 months.
⁶ In the 2007-2008 Report on Plans and Priorities, this indicator included a ‘PIA review’ component and read as follows: “Extent to which audit, investigation and PIA review recommendations are accepted and implemented over time”. The ‘PIA review’ component is now measured through a separate indicator that reads as follows: “Extent to which audit and PIA recommendations are accepted” and is presented two rows down in this table.
⁷ This is a new indicator.
⁸ This indicator combines the two following indicators presented in the 2007-2008 Report on Plans and Priorities: “Audits completed as scheduled and within allotted resources” and “% of PIA reviews completed within allotted time”.
⁹ Incidents are monitored with a view to determining whether or not there exist reasonable grounds to initiate an investigation.
¹⁰ These two new indicators have replaced the following indicator published in the 2007-2008 Report on Plans and Priorities: Number of potential privacy-relevant legislative initiatives and bills on which the OPC: (i) was consulted before the introduction and/or during the legislative review process and (ii) appeared before Parliamentary committees
¹¹ This particular performance indicator will be implemented in stages, beginning in 2007-2008, with select audiences/groups polled each year.
¹² Total Authorities does not include Spending of proceeds from disposal of surplus Crown assets of $8.
¹³ The 2006-2007 DPR reported 108 actual FTEs, but while preparing the 2007-2008 DPR we found that the actual amount of FTEs should have been 100.

ARCHIVED - Office of the Privacy Commissioner of Canada

Archived Content

2007-08 Departmental Performance Report

Office of the Privacy Commissioner of Canada

Table of Contents

Section I: Overview

1.1 Message from the Privacy Commissioner of Canada

1.2 Management Representation Statement

1.3 OPC Strategic Outcome and Program Activity Architecture (PAA)

1.4 Raison d’�tre

1.5 Financial and Human Resources

1.6 Factors Affecting OPC Performance in 2007-2008

External Factors

Internal Factors

1.7 Performance Status of OPC Priorities

Section II: Analysis by Program Activity

2.1 OPC Performance in 2007-2008

Program Activity 1: Compliance Activities

Activity Description

Priorities for this Program Activity

Program Activity 2: Research and Policy Development

Activity Description

Priorities for this Program Activity

Program Activity 3: Public Outreach

Activity Description

Priorities for this Program Activity

Other Activities: Internal Services

Activity Description

Implementation of Year 2 of the Business Case

Implementation of the Performance Measurement Framework (PMF)

Integrated Risk Management through:

Strengthening of the Information Management Capacity

Overseeing the financial and management aspects of the 29th Annual Conference

Implementation of the Human Resources Strategy

Continued implementation of Public Service Employment Act (PSEA) and the Public Service Modernization Act (PSMA)

Integration of human resources planning to strategic planning, enhancement of human resources monitoring and reporting capacity, and development of human resources policies and guidelines

Priorities for this Program Activity

Section III: Supplementary Information

3.1 Resource Tables

3.2 Audited Financial Statements

Statement of Management Responsibility

AUDITOR’S REPORT

Statement of Financial Position

Statement of Operations

Statement of Equity of Canada

Statement of Cash Flow

Notes to the Financial Statements

1. Authority and objectives

2. Summary of significant accounting policies

(a) Due from the Consolidated Revenue Fund

(b) Parliamentary appropriations

(c) Net cash provided by Government

(d) Expenses

(e) Employee future benefits

(f) Accounts receivable

(g) Contingent liabilities

(h) Tangible capital assets

(i) Measurement uncertainty

3. Parliamentary appropriations

a) Reconciliation of net cost of operations to current year appropriations used:

(b) Appropriations provided and used:

(c) Reconciliation of net cash provided by Government to current year appropriations used:

4. Accounts receivable and advances

5. Tangible capital assets

6. Employee Benefits

(a) Pension benefits

(b) Severance benefits

7. Contingent liabilities

8. Contractual obligations

9. Related party transactions

(a) Services received without charge:

(b) Payables and receivables outstanding at year-end with related parties:

10. Equity of Canada

3.3 Sources of Additional Information

Legislation Administered by the Privacy Commissioner

Statutory Annual Reports, other Publications and Information

Contact for Further Information on the Departmental Performance Report:

2007-08
Departmental Performance Report

Overseeing the financial and management aspects of the 29^th Annual Conference