This page has been archived.
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
The original version was signed by
The Honourable Robert D. Nicholson, P.C., Q.C., M.P.
Minister of Justice and Attorney General of Canada
Since Parliament recently expressed confidence in the direction that the Office of the Privacy Commissioner of Canada (OPC) has taken in recent years, I will have the privilege of steering the organization through another three years of challenge and opportunity. With that in mind, I am pleased to present the 2011-2012 Report on Plans and Priorities, which sets out strategic directions, priorities, expected results and spending estimates for the coming fiscal year.
As 2011-2012 gets underway, it will be imperative to leverage and build on past successes. Under the authorities vested in us by the Privacy Act and the Personal Information Protection and Electronic Documents Act, we are proud to have advanced privacy rights through significant investigations, privacy audits, public outreach, legislative reviews and other work in the public and private sectors. Indeed, the OPC has blossomed into an internationally respected force for privacy rights. And yet there can be no room for complacency, as the privacy landscape evolves and new challenges emerge.
In 2011-2012, therefore, we expect to field thousands of inquiries from individuals about privacy issues that concern them. We will investigate hundreds of complaints and turn the spotlight on dozens of privacy policies and practices through our audit function and our Privacy Impact Assessment process. To deliver the top-quality service that Canadians expect, we will implement a new online complaint form and strengthen other internal and external processes.
In the year ahead, we will continue to focus on the four priority areas we feel pose the greatest risks to privacy: information technology, public safety, identity integrity and protection, and genetic information. Toward that end we augmented our in-house expertise in information technologies, and fostered valuable links with outside experts. A tangible outcome for Canadians last year was a comprehensive reference document on the privacy issues raised by national security initiatives. Going forward, we will continue to share our learning on topics such as biometrics and the next generation of networked devices. The privacy implications of public safety and law enforcement initiatives will be another ongoing priority for us. We recognize that privacy protections must sometimes give way to a greater good, but only if the promised outcome is achievable and no less privacy-invasive option has been overlooked.
We will also persist in our forays into the online world, where so much of the real world now unfolds. Our Office is already a committed user of social media, so we can speak of them with the confidence born of experience. And we will continue to profit from the insights gained through our successful public consultations on the privacy implications of cloud computing and the online tracking, profiling and targeting of consumers by marketers and other businesses.
This kind of facility with information technology strengthens our Office's capacity to pursue another key goal: to support organizations and individuals in making informed privacy decisions. Indeed, we are persuaded that digital literacy equips people with the knowledge and skills necessary to protect their personal information, and the personal information entrusted to them by others.
Bolstering our service to Canadians demands a vibrant organizational capacity. We embarked on this course last year. With the departure of Assistant Commissioner Elizabeth Denham to take on the position of Information and Privacy Commissioner of British Columbia, we merged responsibilities for both acts under the able leadership of a single assistant commissioner, Chantal Bernier. We intend to leverage this streamlined and strengthened structure in the year ahead. For instance, we will reinforce our contact with stakeholders through the decentralizing presence of our new office in Toronto. We will capitalize on technology and promote employee productivity and excellence across the organization. And we will continue to work with Parliament to ensure that the legislative authorities and powers of the Office are suited for the challenges and the opportunities to come.
The original version was signed by
Jennifer Stoddart
Privacy Commissioner of Canada
The mandate of the Office of the Privacy Commissioner of Canada is to oversee compliance with both the Privacy Act, which covers the personal information-handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's private-sector privacy law. The mission of the Office is to protect and promote the privacy rights of individuals1.
The Privacy Commissioner of Canada, Jennifer Stoddart, is an Officer of Parliament who reports directly to the House of Commons and the Senate. The Commissioner's powers to further the privacy rights of Canadians include:
The Commissioner works independently from other parts of the government to investigate complaints from individuals with respect to the federal public sector and the private sector. The focus is on resolving complaints through negotiation and persuasion, and using mediation and conciliation as appropriate. If voluntary co-operation is not forthcoming, the Commissioner has the power to summon witnesses, administer oaths, and compel the production of evidence. In cases that remain unresolved, particularly under PIPEDA, the Commissioner may seek an order from the Federal Court to rectify the situation.
In line with its mandate, the OPC pursues as its Strategic Outcome the protection of the privacy rights of individuals. Toward that end, the Office's architecture of program activities is composed of three operational activities and one management activity. The PAA diagram below presents information at the program activity level:
Strategic Outcome | The privacy rights of individuals are protected. | ||
---|---|---|---|
Planned Spending | 1. Compliance Activities | 2. Research and Policy Development | 3. Public Outreach |
4. Internal Services |
Federal departments are required to report on how their PAA aligns with Government of Canada Outcomes. The Privacy Commissioner, however, being independent from government and reporting directly to Parliament, does not make such alignment. The Strategic Outcome and the expected results from the work of the Office of the Privacy Commissioner of Canada are detailed in Section II of this Report on Plans and Priorities.
The following two tables summarize the total planned financial and human resources allotted to the OPC for the next three fiscal years.
2011-2012 | 2012-2013 | 2013-2014 | |
---|---|---|---|
Planned Spending | 24,659 | 24,659 | 24,659 |
2011-2012 | 2012-2013 | 2013-2014 | |
---|---|---|---|
Planned FTEs | 176 | 176 | 176 |
* FTE: Full-Time Equivalent
The OPC has a single Strategic Outcome (SO 1), which is that the privacy rights of individuals be protected. Toward that end, the OPC identified four corporate priorities: the first three are operational in nature, and the fourth relates to the management of the organization.
The table below describes how each corporate priority contributes to the Strategic Outcome, and what the OPC plans to do in 2011-2012 to make progress in each one. More detail about those planned activities is provided under Planning Highlights in Section II.
Corporate Priority | Type2 | Link to Strategic Outcome | Description |
---|---|---|---|
1. Identify, adopt, and deliver on new service delivery models to maximize results for Canadians | Previously committed to | SO 1 |
The OPC will maximize the return on past investments made to enhance service delivery and will implement expanded responsibilities pursuant to impending legislative amendments. In 2011-2012, the OPC will:
|
2. Provide leadership to advance the four priority privacy issues (information technology, public safety, identity integrity and protection, and genetic information) | Ongoing | SO 1 |
First identified in 2008, the four priority privacy issues have provided strategic focus to the work of the OPC and guided the rational allocation of its resources. Because these areas still represent the greatest risk to the privacy of
Canadians, they will continue to be treated as priority issues. In 2011-2012, the OPC will:
|
3. Support Canadians, organizations and institutions to make informed privacy decisions, both nationally and internationally | Ongoing | SO 1 |
Past efforts have been invested in raising general privacy awareness among Canadians and enhancing global capacity to protect personal information. Pressing ahead, the OPC will also work with partners to reach out to selected groups through the most effective channels. In 2011-2012, the OPC will:
|
4. Enhance and sustain organizational capacity | Ongoing | SO 1 |
To be successful and relevant, the OPC relies on the specialized knowledge, skills and expertise of its staff. They, in turn, require a work environment, organizational structure, processes and tools that contribute to performance and wellness. In 2011-2012, the OPC will:
|
Key risks influence the OPC's choice of corporate priorities, affect plans and performance, and drive decision-making. The OPC continually scans its environment to remain responsive to change. This section describes the strategic context and operating environment of the OPC, outlines key risks faced by the Office, and identifies mitigating strategies to manage the risks.
As part of its work, the OPC continues to identify instances where personal information is collected inappropriately, sometimes leading to disastrous results for Canadians. Unfortunately, these are not isolated events. And yet, while individual cases of identity theft, corporate data loss, inappropriate collection and even outright deception continue to prompt concern, it is becoming evident that systemic challenges to the privacy rights of Canadians are also on the rise.
Criminal enterprises at a national or international level will always find ways to misuse personal information for identity thefts and other frauds. In today's information society, however, the over-collection of data is by no means exclusively a criminal matter. Nor is it necessarily evidence of poor corporate processes, or even human error.
Instead, personal information is increasingly targeted as a valuable component of large-scale, and generally legitimate, data-collection efforts. These efforts are led by governments, namely to implement public safety initiatives, and by corporations under the guise of improving the consumer experience or more accurately targeting advertising.
There are several factors that encourage the systematic over-collection of information: the increasing sophistication of data-analysis tools, the deployment of surveillance tools in private and public spaces, the miniaturization and personalization of technology, and individuals' willingness to share information about their preferences, behaviours and social connections.
Such factors are not unique to Canada. In fact, privacy advocates around the world have recognized that these challenges are shared and increasingly require a co-ordinated response. Several data-protection authorities are struggling to identify an appropriate response to increasingly sophisticated online advertising tools. Others are collaborating on standards to moderate the privacy impacts of smart utility grids, an important piece of national infrastructure.
Perhaps the biggest emerging challenge to privacy rights is the growth in surveillance and data collection under the auspices of expanded public safety programs. Often tying such programs to international anti-terrorist initiatives, public safety program administrators have pressed forcefully for the subordination of privacy to the imperative of security. The OPC has questioned, and sometimes countered, this trade-off, calling instead for strong oversight mechanisms for public safety initiatives that give individuals appropriate and credible avenues for redress.
The Office's mandate is to safeguard the privacy rights of Canadians in such a way as to encourage the private and public sectors to provide the policies, tools and oversight mechanisms that strengthen individuals' control over the collection, use, disclosure and disposal of their personal information. The OPC's approach must be nuanced, reflecting broad societal change and technological evolution - but always reliant upon the right to dignity and privacy.
While risks are monitored throughout the year, the OPC updates its corporate risk profile annually. Risk analysis informs corporate priority-setting at an annual strategic planning session. Key risks are assessed for their degree of probability, as well as their potential impact on the successful delivery of the Office's activities. During 2011-2012, the Office will focus on managing the following five corporate risks:
1. Government of Canada Cap on Travel, Hospitality and Conference Fees - Risk that the cap will hamper the Office's efforts to remain abreast of privacy threats.
Since most privacy trends are global in nature, the OPC invests considerable efforts in developing and sustaining partnerships with data-protection authorities around the world, as well as international associations and regulators. OPC officials deliver numerous speeches to transfer knowledge about privacy to audiences in Canada and abroad. Those interactions also furnish invaluable insights and information to inform policy development.
Audit and investigation work also tends to involve travel because it often necessitates site visits to review materials and discuss issues with respondents. The cap on travel limits such visits, as well as conference attendance and other professional development activities that are critical for staff to remain current with rapid evolutions in the privacy field. (Many learning events are not available locally).
To mitigate this risk, the Office is developing a plan to closely manage cap-related expenditures. It is also reviewing an oversight system for expenditure management; developing an annual travel plan and linking it to strategic outreach and learning plans; allocating resources more strategically (for example, by considering videoconferencing instead of travelling); and reporting quarterly to senior management on expenditure use against the cap.
2. Information Management (IM) - Risk that information gaps will jeopardize decision-making.
As an organization, the OPC grew considerably over the past 10 years. At the same time, privacy issues have become increasingly complex, requiring integrated solutions with multiple perspectives. This demands that the Office's burgeoning quantities of business intelligence be managed, stored for easy access, and shared effectively among OPC decision-makers. The OPC already has tools to support information management, including a new case-management system offering more integrated, easier-to-access information; SharePoint, used as a collaboration tool; a commonly used electronic document-management system; improved research databases; and better dissemination of information among branches of the OPC. As well, some cross-training of employees and work in horizontal teams foster the sharing of information.
However, the interconnected privacy issues point to the need to better manage and share the information on which decisions are made. To mitigate this risk, the Office will: update its IM/IT strategy to address the most pressing information-management issues; explore more effective horizontal tools to better inform branches about work elsewhere in the Office; better align information to the Office's performance-measurement framework; and address IM recommendations as identified in two internal audits currently underway (one is examining the utilization of information for decision-making; the other is studying the Office's responses to public inquiries.
3. Meeting Service Standards - Risk that the OPC's capacity to respond to complaints and inquiries will not meet enhanced service standards for timeliness, quality and relevance.
Now that the long-standing backlog of incomplete complaint files has been eliminated, the OPC is redefining standards to meet the demand for responses to often-pressing privacy concerns with service that is timely, relevant and of high quality. The OPC allocates its resources as strategically as possible in a context of multiplying demands, but remains at risk of not being able to deliver quality products in the timeframe necessary to be relevant to Canadians and international stakeholders. If the risk were to become reality, the public may not receive the calibre of services to which they are entitled. If, for example, an error or omission were to affect some investigative findings, the public and other stakeholders could lose confidence in the organization.
To mitigate this risk, the Office will track and report performance against new service standards, to be set by the end of 2010-2011.
4. Organizational Structure - Risk that the organization will not be sufficiently adaptable to change.
Rapid evolutions in the privacy world have led the OPC to implement more efficient, timely, innovative and responsive operations. In one such enhancement to its delivery methods, the OPC opted to consider more dynamic and creative responses to complaints and inquiries ("early resolution"), rather than the traditional approach of responding to every complaint with a comprehensive investigation.
The OPC has and will continue to invest in proactive measures such as public education and outreach and special (unplanned) investigations and audits on emerging issues. The Office is also committed to informing and influencing public policy through more engagements with the public, the media and parliamentary committees. These changes to the operations require an organizational structure that is fluid, including perhaps requiring a different set of skills to continue to meet the Office's mandate.
To mitigate this risk in 2011-2012, the Office will implement a recently-approved change-management strategy and a talent-management program to help staff adjust positively to change. The Office will also update its Integrated Business and Human Resources Plan, with an eye to organizational designs that increase effectiveness.
5. Organizational Impact of new Anti-Spam Legislation - Risk relating to the implementation of new responsibilities under Canada's new anti-spam legislation.
The intent of the new legislation is to curb the amount of damaging and deceptive electronic communications (spam) that circulate in Canada. The new law, passed in December 2010, broadens the OPC's mandate through enforcement responsibilities that are shared with the Canadian Radio-television and Telecommunications Commission and the Competition Bureau. The implementation of the law must be managed well, in light of the impact that the expanded responsibilities will have on the organization internally, as well as the external demands of working with other enforcement bodies.
To mitigate the risk associated with these changes, the OPC will collaborate with its partner institutions to develop a communications strategy that will inform the public about the implications of the new legislation for their lives and, more specifically, to manage expectations about what it can achieve. Internally, the Office will designate an executive representative with authority to co-ordinate efforts with partners and enforcement bodies and to ensure an effective and coherent implementation process within the OPC.
In 2011-2012, the OPC plans to spend $24.659 million to advance its four corporate priorities, meet the expected results of its Program Activities, and contribute to its Strategic Outcome.
The figure below illustrates the OPC's spending trend over a seven-year period.
The graph shows a steady increase in reference-level resources for the period 2007-2008 through 2011-2012, followed by a levelling off. The period of increase reflects resources sought by the OPC through two business cases, as submitted to the Parliamentary Panel on the Funding and Oversight of Officers of Parliament, as well as new funding for the anti-spam legislation.
In 2008, the Office received increased funding to:
The 2008 funding increase of $4.7M was phased in over three fiscal years, 2008-2009, 2009-2010 and 2010-2011. Since 2010-2011, the OPC budget was further increased by additional resources received for the anti-spam legislation. This amounted to $0.77M in 2010-2011 and a further $1.3M for 2011-2012. This combined increase of $2.0M remains stable for 2012-2013 and beyond.
The figure below displays the allocation of OPC funding by Program Activity for 2011-2012. More than 40 percent of OPC funding is allocated to Program Activity 1 - Compliance Activities, which encompasses the Office's main program delivery mechanisms: complaint investigations, responses to inquiries, audits, and Privacy Impact Assessment reviews.
All OPC efforts and activities are directed towards achieving the organization's Strategic Outcome, the protection of individuals' privacy rights. The Office plays a leadership role in encouraging organizations that handle Canadians' personal information to respect the privacy rights of individuals. Others who contribute to this mission include provincial and territorial privacy commissioners, data-protection authorities and other international organizations, privacy advocacy groups, chief privacy officers, professional associations, consumer representatives, academics, Parliamentary committees, and government departments and agencies.
Expected Result | Performance Indicator | Target |
---|---|---|
Ultimate Outcome for Canadians | ||
The OPC plays a lead role in influencing federal government institutions and private-sector organizations to respect the privacy rights of individuals and protect their personal information. | Extent and direction of change in the privacy practices of federal government institutions and private-sector organizations | Three (3) on a scale of one to five, which means that "some preparatory steps to progress toward change" from the baseline of 2010-2011 may be observed by March 31, 2012 |
Performance Measurement Strategy |
---|
This umbrella indicator is based on performance information generated from the following indicators used to measure the OPC Program Activities:
|
The OPC's four Program Activities are described in Section II with an overview of the activity (as set out in the Main Estimates, Part II); a table with the expected results for Canadians, the performance indicators (including measurement strategy) and targets to be achieved by March 31, 2012; the allocated financial and human resources; planning highlights for 2011-2012, and benefits for Canadians.
The OPC is responsible for investigating privacy-related complaints and responding to inquiries from individuals and organizations. Through audits and reviews, the OPC also assesses how well organizations are complying with requirements set out in the two federal privacy laws, and provides recommendations on Privacy Impact Assessments (PIAs), pursuant to Treasury Board policy. This activity is supported by a legal team that provides specialized advice and litigation support, and a research team with senior technical and risk-assessment support.
Expected Results | Performance Indicators (Performance Measurement Strategy) | Targets |
---|---|---|
Intermediate Outcomes | ||
Federal government institutions and private-sector organizations meet their obligations under federal privacy legislation and implement modern practices of personal information protection. | Extent to which investigation and audit recommendations are accepted and implemented over time (Tracking and analysis of responses to investigation and audit reports) |
90 percent of ‘well-founded', ‘resolved' and ‘well-founded and resolved' investigation recommendations are accepted and implemented within one year of reporting 90 percent of audit recommendations are accepted fully by entities Upon follow-up two years after the initial audit report, action to implement has begun on 90 percent of recommendations |
Extent to which obligations are met through litigation (Review and analysis of litigation files and statistics on settlements) |
Legal obligations are met in 80 percent of cases, either through settlements to the satisfaction of the Commissioner or through court-enforced judgments | |
Intermediate Outcomes | ||
Individuals receive timely and effective responses to their inquiries and complaints. | Timeliness of OPC responses to complaints (Analysis of Office statistics on the time required to close files) |
95% of complaints are closed within 12 months of receipt (Note: in 2011-2012, the OPC will further review its service standards to define distinct response times by type of complaint resolution). |
The privacy practices of federal government institutions (including Privacy Impact Assessments for new and existing government initiatives) and private-sector organizations are audited and/or reviewed to determine their compliance with federal privacy legislation and policies. | Proportion of audits and PIA reviews completed within planned times (Review and analysis of statistics on audit and PIA project completion) |
90 percent of audits are completed within planned times and 70 percent of PIA reviews are completed within 120 days of receipt |
Feedback and action from federal government departments in response to OPC advice relating to PIAs (Tracking and analysis of responses to PIAs ) |
75 percent of institutions that submitted a PIA during the year were responsive to the OPC advice |
Forecast Spending 2010-2011 | Planned Spending | |||
---|---|---|---|---|
2011-2012 | 2012-2013 | 2013-2014 | ||
Financial Resources ($000) | 9,631 | 10,391 | 10,391 | 10,391 |
Planned Human Resources (FTEs) | 87 | 87 | 87 |
The OPC will continue to work toward the Compliance Activities outcomes (as identified in the outcomes table on the previous page), while also supporting the achievement of the first corporate priority - "Identify, adopt, and deliver on new service-delivery models to maximize results for Canadians". In addition to its usual ongoing activities, the OPC will conduct the following initiatives in 2011-2012:
The investigation services delivered by the OPC help to safeguard the privacy rights of Canadians. Audits and PIA reviews also seek to improve management and accountability for privacy within organizations, thus enhancing the privacy rights of individuals for today and future generations. Collaboration with provincial, territorial and international counterparts contributes to more effective enforcement of privacy legislation.
The OPC serves as a centre of expertise on emerging privacy issues in Canada and abroad by researching trends and technological developments, monitoring legislative and regulatory initiatives, providing legal, policy and technical analyses on key issues, and developing policy positions that advance the protection of privacy rights. An important part of the work involves supporting the Commissioner and senior officials in providing advice to Parliament on potential privacy implications of proposed legislation, government programs, and private-sector initiatives.
Expected Results | Performance Indicators (Performance Measurement Strategy) | Targets |
---|---|---|
Intermediate Outcomes | ||
Parliamentarians and key stakeholders have access to clear, relevant information and timely and objective advice about the privacy implications of evolving legislation, regulations and policies. | OPC information and advice on selected policies and initiatives add value for stakeholders (Tracking of stakeholders' reaction to the OPC information and advice) |
The OPC views have added value for parliamentarians and key stakeholders |
Intermediate Outcomes | ||
The work of parliamentarians is supported by an effective capacity to identify privacy issues, and to develop privacy-respectful policy positions for the federal public and private sectors. | OPC views on the privacy implications of relevant laws and regulations add value for parliamentarians (Tracking impact from OPC work at parliamentary committee appearances, submissions, and other support to parliamentarians) |
The OPC views have added value for parliamentarians and key stakeholders |
Knowledge about systemic privacy issues in Canada and abroad is enhanced through information exchange and research, with a view to advancing privacy files of common interest with stakeholders, raise awareness, and improve privacy-management practices. | Stakeholders have had access to, and have considered, OPC research products and outreach materials in their decision-making (Review of progress reports against the operational plans for the four priority privacy issues to extract evidence that OPC research products and outreach materials have had an impact on stakeholders) |
Initiatives under all four OPC priority privacy issues (100 percent) have involved relevant stakeholders and there is documented evidence demonstrating that stakeholders were influenced by OPC research products and outreach materials |
Forecast Spending 2010-2011 | Planned Spending | |||
---|---|---|---|---|
2011-2012 | 2012-2013 | 2013-2014 | ||
Financial Resources ($000) | 5,442 | 5,206 | 5,206 | 5,206 |
Planned Human Resources (FTEs) | 19 | 19 | 19 |
The OPC will continue to work toward the Research and Policy Development outcomes (as identified in the outcomes table on the previous page), while also supporting the achievement of the second corporate priority - to "provide leadership to advance the four priority privacy issues relating to: information technology, public safety, identity integrity and protection, and genetic information". In addition to its usual ongoing activities, the OPC will conduct the following initiatives in 2011-2012:
Knowledge about emerging and systemic privacy issues is the foundation for OPC advice and guidance, which help to inform organizations about the privacy implications of their actions. For legislators, the implications relate to laws and regulations, and for organizations and Canadians, the implications relate to everyday decisions in the marketplace. An enhanced understanding of national and global privacy issues and a strengthened capacity to address them more effectively are critical for Canada to be recognized as a leader in privacy protection and to positively influence the development of international privacy laws and co-operative agreements.
With the help of effective and well-communicated research activities, policy positions and legal advice from the OPC, decision-makers can better evaluate their actions and measure the privacy risks they assume. Organizations, moreover, are better able to comply with their privacy obligations.
The OPC delivers public education and communications activities, including speaking engagements and special events, media relations, and the production and dissemination of promotional and educational material. Through public outreach activities, individuals have access to information about privacy and personal data protection that enable them to protect themselves and exercise their privacy rights. The activities also allow organizations to understand their obligations under federal privacy legislation.
Expected Results | Performance Indicators (Performance Measurement Strategy) |
Targets |
---|---|---|
Intermediate Outcome | ||
Federal government institutions and private-sector organizations understand their obligations under federal privacy legislation and individuals understand how to guard against threats to their personal information. | Privacy outcome for government initiatives or programs stemming from consultations or recommendations associated with the PIA process (Tracking of privacy outcomes from PIA consultations/ recommendations) |
In 70 percent of the government initiatives or programs for which a high-priority PIA was reviewed and a recommendation was issued, the consultations with or recommendations from the OPC resulted in stronger privacy protections |
Extent to which private-sector organizations understand their obligations under PIPEDA (Biennial polling of a sector of private industry) |
More than 50 percent of private-sector organizations report having at least moderate awareness of their obligations under PIPEDA | |
Intermediate Outcome | ||
Individuals have relevant information about their privacy rights and are enabled to guard against threats to their personal information. | Reach of target audience with OPC public education and communications activities (Analysis of reach is based on media monitoring, visits to the OPC website and blogs, audience size for speeches and events, distribution of materials, etc.) |
100 citations of OPC officials in the media on selected communications initiatives per year At least 100,000 visits per month on the OPC website and 20,000 visits per month to the OPC blog At least one news release per month on a subject of particular interest to individuals At least 350 subscribers to the e-newsletter At least 1,000 communication tools distributed per year Two public education initiatives per year, designed for new individual target groups Two public events addressing needs of individual target groups |
Extent to which individuals know about the existence/role of the OPC, understand their privacy rights, and feel they have enough information about threats to privacy (Biennial public opinion polls and other research activities) |
At least 20 percent of Canadians have awareness of the OPC At least 20 percent of Canadians have an "average" level of understanding of their privacy rights At least 35 percent of Canadians have some awareness of the privacy threats posed by new technologies |
|
Federal government institutions and private-sector organizations receive useful advice and guidance on privacy rights and obligations, contributing to better understanding and enhanced compliance. | Responsiveness of, or feedback from, federal government departments and private-sector organizations to OPC advice and guidance relating to privacy rights and obligations (Tracking and analysis of feedback and responses received) |
75 percent of institutions and organizations are responsive to the OPC advice |
Reach of organizations with OPC policy positions, promotional activities and promulgation of best practices (Analysis of reach is based on reviews of Office statistics; analysis of top-10 pages of the website and writing of anecdotes on best practices; and an analysis of the targeting and distribution of public education initiatives) |
At least 1,000 communication tools distributed per year At least one news release per month on a subject of particular interest to organizations Exhibiting at least four times throughout the year At least 350 subscribers to the e-newsletter Two public education initiatives annually designed for new organizational target groups Two public events/speaking engagements addressing needs of organizational target groups |
Forecast Spending 2010-2011 | Planned Spending | |||
---|---|---|---|---|
2011-2012 | 2012-2013 | 2013-2014 | ||
Financial Resources ($000) | 3,788 | 3,976 | 3,976 | 3,976 |
Planned Human Resources (FTEs) | 24 | 24 | 24 |
The OPC will continue to work toward the Public Outreach outcomes (as identified in the outcomes table starting two pages earlier), while also supporting the achievement of the third corporate priority - to "support Canadians, organizations and institutions to make informed privacy decisions nationally and internationally". In addition to its usual ongoing activities, the OPC will conduct the following initiatives in 2011-2012:
The Privacy Commissioner of Canada has a mandate to raise awareness of rights and obligations under privacy laws. By having a more in-depth understanding of Canadians' views and concerns with respect to their personal information, the OPC can better educate individuals about their rights and help them make informed choices with respect to their personal information protection. By helping organizations understand their responsibilities under federal privacy laws, and by encouraging them to better protect the personal information in their care, Canadians ultimately benefit from enhanced privacy protection.
Internal Services are groups of related activities and resources that support the needs of programs and other corporate obligations of an organization. As a small entity, the OPC's internal services include two sub-activities: governance and management support, and resource management services (which also incorporate asset management services). Communications services are not included in Internal Services but rather form part of Program Activity 3 - Public Outreach. Similarly, legal services are excluded from Internal Services at OPC, given the legislated requirement to pursue court action under the two federal privacy laws. Legal services form part of Program Activity 1 - Compliance Activities, and Program Activity 2 - Research and Policy Development.
Expected Result | Performance Indicator (Performance Measurement Strategy) |
Target |
---|---|---|
The OPC achieves a standard of organizational excellence, and managers and staff apply sound business management practices. | Ratings against the Management Accountability Framework (MAF) (Review of results from the biennial MAF self-assessment exercise and annual progress reports) |
Strong or acceptable rating on 70 percent of the MAF areas of management |
Forecast Spending 2010-2011 | Planned Spending | |||
---|---|---|---|---|
2011-2012 | 2012-2013 | 2013-2014 | ||
Financial Resources ($000) | 5,358 | 5,086 | 5,086 | 5,086 |
Planned Human Resources (FTEs) | 46 | 46 | 46 |
The OPC will continue to work toward achieving and maintaining a standard of organizational excellence and will have managers and staff apply sound business management practices. Over the next three years, and more particularly in 2011-2012, the OPC will enhance and sustain its organizational capacity (the fourth corporate priority) by pursuing the following Internal Services activities, in addition to its usual ongoing activities:
The future-oriented financial highlights presented in this Report on Plans and Priorities are intended to serve as a general overview of the Office's financial position and operations. These financial highlights are prepared on an accrual basis to strengthen accountability and improve transparency and financial management.
Future-oriented financial statements can be found at http://priv.gc.ca/information/fofs/index_e.cfm
The anticipated audits as per the OPC Risk-Based Internal Audit Plan for 2010-2011 to 2012-2013 are presented in the table at: http://www.priv.gc.ca/information/pub/ia_index_e.cfm#contenttop.
Program Activity ($000) |
Forecast Spending 2010-2011 |
Planned Spending 2011-2012 |
Planned Spending 2012-2013 |
Planned Spending 2013-2014 |
---|---|---|---|---|
Internal Services | 550 | 350 | 350 | 550 |
Total | 550 | 350 | 350 | 550 |
In 2008-09, the Office changed its accounting for capital assets. The Office has adopted a policy of capitalizing individual acquisitions having a cost of $2,500 or more. This represents a change. As in prior years, the Office capitalized collections of individual items with a combined invoice value of $2,500 or more. Management believes that this new policy provides more useful information. As a result, certain items previously recorded as capital assets no longer meet policy requirements.
The increase of $200,000 in 2010-2011 was due to the replacement of main server infrastructure equipment every three years.
Privacy Act | R.S.C. 1985, ch. P21, amended 1997, c.20, s. 55 |
Personal Information Protection and Electronic Documents Act | 2000, c.5 |
For further information about the OPC and available resources, please visit the OPC website at http://www.priv.gc.ca/index_e.cfm or contact the Office toll-free at: 1-800-282-1376.
1 Reference is made to "individuals" in accordance with the legislation.
2 "Type" is defined as previously committed to (committed to in the first or second fiscal year prior to this RPP); ongoing (committed to at least three fiscal years prior to this RPP), or new (committed to in this RPP). Some priorities defined as previously committed to or ongoing may include refinements from their original wording.