ARCHIVED - Office of the Privacy Commissioner of Canada

• Previous Page
• Table of Contents
• Next Page

This page has been archived.

Section II: Analysis by Program Activity

2.1 OPC Performance in 2007-2008

This section reports the OPC performance for each program activity of its Program Activity Architecture (PAA) in relation to their expected results and performance indicators, and also indicates how the performance contributed to the five corporate priorities for 2007-2008. Performance reporting includes a self-assessment of performance status using the same scale as what was employed to report on progress to priorities in Section 1.7.

In 2006-2007, the OPC designed its Performance Measurement Framework (PMF) and started implementation in 2007-2008, using an incremental approach continuing over two more years. The performance indicators identified in this section are those against which the OPC has started measuring its performance in 2007-2008. More indicators from the OPC PMF are being introduced in reports on plans and priorities as they become operational.

In addition to ‘performance’ indicators that generate information about the extent of achievement of ‘results’, the OPC uses ‘volume’ indicators or statistics to collect relevant information about its ‘activities’. This section reports on OPC ‘results or outcomes’, primarily using performance information, with selected information about activities to make the performance story more complete (note: the OPC Annual Reports report more comprehensively on OPC ‘activities’, ensuring that both reports are complementary and not duplicative reading for Parliamentarians and Canadians).

Office of the Privacy Commissioner of Canada

Expected Result	Performance Indicator
Ultimate Outcome for Canadians
The OPC plays a lead role in influencing federal government institutions and private sector organizations to respect the privacy rights of individuals and protect their personal information.	Extent and direction of change in the privacy practices of federal government institutions and private sector organizations

Financial Resources

Planned Spending	Total Authorities	Actual Spending
$19,711,000	$18,955,578	$17,130,181

Human Resources

Planned	Actual	Difference
143 FTEs	110 FTEs	33 FTEs

The above-mentioned expected result and performance indicator at the “ultimate outcome level” reflect the overarching goal and measure of success for the OPC. Measuring performance at this high level will be based on the gathering of relevant performance information relating to the “intermediate” and “immediate” level outcomes. Since the OPC is implementing its comprehensive Performance Measurement Framework incrementally over a three-year period from 2007 to 2010, more performance indicators are being added each year to measure with more depth the “intermediate” and “immediate” level outcomes, hence solidifying at the same time the foundation to measure the “ultimate” level outcome.

Having started implementing its PMF in 2007-2008, the OPC presents in this Departmental Performance Report the beginning of its performance story in the next pages, which at the same time, starts to reveal the Office’s performance vis-à-vis the “ultimate outcome”.

Program Activity 1: Compliance Activities

Activity Description

Through this program, the OPC conducts audits to assess whether federal and private sector organizations are complying with requirements set out in the two federal privacy laws, carries out reviews of privacy impact assessments and makes recommendations pursuant to the Treasury Board Secretariat policy, and investigates complaints and responds to inquiries received from individuals and organizations that contact the OPC for advice and assistance on a wide range of privacy-related issues. This program is supported by a legal team that provides legal advice and litigation services and a research team that offers technical and risk assessment support.

Expected Results	Performance Indicators	Actual Performance	Performance Status
Intermediate Outcomes
Individuals receive effective responses to their inquiries and complaints.	Timeliness of OPC responses to inquiries and complaints	Turnaround times for inquiries received from the public or from organizations will be measured with more accuracy once the upgraded information management system is in place in the next fiscal year. The Office responded to 14,215 inquiries in 2007-2008. The calculation of turnaround times for complaints is based on the average number of months between the date of reception of the complaints and the date when findings are made or another type of disposition occurs. Timeliness is calculated by the proportion of complaints completed within service standards5: Complaints under PIPEDA: 16.5 months, with 36% of all 370 complaints completed in 2007-2008 being within service standards. Complaints under the Privacy Act: 14.4 months, with 40% of all 880 complaints completed in 2007-2008 being within service standards.	Not met
Federal government institutions and private sector organizations meet their obligations under federal privacy legislation and implement modern principles of personal information protection.	Extent to which audit and investigation recommendations are accepted and implemented over time6	Of the four audits that were completed during 2007-2008, 21 recommendations were made and 20 were accepted by auditees at the time of reporting (95%). Follow-up will be made two years after reporting to determine the rate of implementation of the recommendations. The OPC initiated its first follow-up audit in January 2008 to assess progress made by the Canada Border Services Agency on implementing the 19 recommendations from the June 2006 audit report; results of the follow-up are not yet complete but will be published in the next departmental performance report. Under PIPEDA, the Commissioner’s investigation recommendations were accepted and implemented in 87% of the files. This meant that out of the 38 cases that included specific recommendations, there were 34 cases where organizations accepted our recommendations and actually implemented them, and only four cases where organizations did not. Under the Privacy Act, no preliminary reports of finding are issued and recommendations are not normally made. In cases where recommendations are made, they are responded to prior to concluding the complaint investigation. In the two cases where the Commissioner did make recommendations, they were both accepted and implemented, representing 100% acceptance and implementation. As well in 2007-2008, the OPC was involved in 12 litigation cases in order to promote compliance with federal privacy legislation. Some of these cases are ongoing before the courts. Four cases were settled to the satisfaction of the Commissioner and the parties. In three cases, the courts rendered judgments which helped further compliance with privacy legislation and helped to clarify legal obligations.	Successfully met
Immediate Outcomes
The process to respond to inquiries and investigate complaints is effective and efficient.	Timeliness of OPC responses to inquiries and complaints	Refer to performance information for the same indicator two rows above in this table.	Not met
The process to conduct audits and reviews is effective and efficient, including effective review of privacy impact assessments (PIAs) for new and existing government initiatives.	Extent to which audit and PIA recommendations are accepted7	Refer to the performance information for the same indicator above as it relates to audits. For PIAs, we received written responses to 32 PIA review letters previously issued (either completed in the fiscal year or prior fiscal year) and of 181 recommendations included in these, departments indicated agreement with 82 (45%). We point out that federal departments may not always indicate agreement in their responses and are under no obligation to respond to our PIA reviews. While they may not always respond when asked, they may nonetheless act on the OPC recommendations. Furthermore, departments are under no obligation to act on our recommendations as they are entirely responsible and accountable for managing their privacy risks. Nevertheless, we continue working to obtain improved responses to PIA reviews to monitor how much government initiatives contain modern privacy principles of personal information protection (as per our recommendations) and also to more objectively measure the impact of our work.	Successfully met
	Proportion of PIA reviews and audits completed within planned timelines8	Twenty-two (22%) of the 78 PIA reviews completed in 2007-2008 were processed within the 90-day standard time but now that the backlog of PIAs is under control, the OPC anticipates improvements in the timeliness of PIA reviews in the next year. In addition, one of the four audits (25%) that were completed during the period was within planned timelines.	Not met

In addition to closing investigation files as discussed in the table above, the OPC closely monitored 100 incidents⁹ (43 under PIPEDA and 57 under the Privacy Act), which are incidents of mismanagement of personal information that are brought to our attention from various sources including the media and institutions and organizations themselves.

The Office is seeing more complaints that raise systemic issues which may potentially affect thousands, if not millions, of individuals, more complaints involving ever-changing technology, Internet issues, social networking, wireless networks, and more complaints of an international nature and involving transborder flows of data. This leads to an increased need for co-operation with provincial and international counterparts and joint investigations. To this end, the OPC is concluding a Memorandum of Understanding with its counterparts across Canada in order to facilitate joint investigations and achieve greater efficiency in meeting our obligations under our respective Acts.

In addition to PIA reviews, which are formal requests for advice on new or existing government initiatives, the OPC held 53 consultation meetings with departments and agencies during the year and responded to more ad hoc requests for guidance. We do not measure the quantum of advice rendered however informal feedback received indicates that our advice is well received and helped departments deal with privacy risks and the preparation of PIAs. Our practice is to give helpful suggestions when we can and direct those who inquire to appropriate sources of written materials, namely from the Treasury Board Secretariat that is responsible for PIA guidance.

All of our compliance activities including investigations, audits and PIA reviews illustrate a need for improvement in the privacy management capabilities of federal departments and agencies and private sector organizations. The Office’s role is to influence compliance with privacy legislation and policies through its compliance activities and litigation work in order to have the privacy rights of individuals respected and their personal information protected. While the Office did influence compliance, as evidenced by the positive rates of implementation of our recommendations, its operations were hampered again in 2007-2008 by the persistent backlog of complaints that inevitably lengthen our turnaround times and also a high turnover of staff, which is no different than other federal entities in the National Capital Region (Refer to Internal Services in this Section of the Report for further detail).

It is in this whole context that the OPC launched its comprehensive re-engineering project in 2007-2008 that includes a thorough review of its business processes with a view to streamline the current inquiry and complaint resolution process through the application of innovative, alternative approaches to noticeably improve the overall efficiency and effectiveness of the process. The re-engineering project, which is continuing into the next fiscal year, includes the design and implementation of a new case management system. The new system will provide the basis for OPC management to derive analytical and strategic information such as trends in complaint issues to facilitate a shift of resources to areas where the Office may have the most effective impact.

Financial Resources

Planned Spending	Total Authorities	Actual Spending
$11,139,000	$10,565,939	$9,770,601

Human Resources

Planned	Actual	Difference
100 FTEs	70 FTEs	30 FTEs

Priorities for this Program Activity

The operations under this activity contributed to the achievement of the following priority described in Section I.

Priority	Type
Improve and expand service delivery	Ongoing

The compliance activities, being the core business of the OPC, are those that the Office targeted to improve and expand its service delivery, further supported by its research, policy development and outreach activities. Accomplishments this year to reduce parts of the backlog of complaints and PIAs, the establishment of service standards and the start of the major re-engineering of our business processes have contributed to this priority and makes the Office well-positioned to make significant advances in service delivery in the coming year.

Program Activity 2: Research and Policy Development

Activity Description

Through this program, the Office of the Privacy Commissioner (OPC) provides Parliamentarians and other stakeholders with advice and information on potential privacy implications of proposed legislation, government programs and private sector initiatives. As such, the OPC serves as a centre of expertise on emerging privacy issues in Canada and abroad by researching trends and technological developments, monitoring legislative and regulatory initiatives, providing legal, policy and technical analyses on key issues, developing policy positions that advance the protection of privacy rights, and sharing information with stakeholders to advance files of common interest. All of this work leads to more privacy resilient laws, regulations, policies, initiatives and to improved privacy management practices.

Expected Results	Performance Indicators	Actual Performance	Performance Status
Intermediate Outcome
Parliamentarians and others have access to clear, relevant information, and timely and objective advice about the privacy implications of evolving legislation, regulations and policies.	Proportion of privacy-relevant cases in which OPC was consulted for advice.Proportion of cases in which the final outcome was more privacy protective than the original version10.	In 2007-2008, of the bills introduced, 19 were assessed to have potential privacy impact. Four were of high privacy relevance, 14 of medium relevance and one of low relevance. In the same period, the OPC was consulted on two bills: Bill C-27, An Act to amend the Criminal Code (identity theft and related misconduct) and Bill C-31, An Act to amend the Canada Elections Act and the Public Service Employment Act. Bill C-31 was amended in accordance with the Commissioner's recommendation to minimize potential privacy risks for voters. Bill C-27 has not yet become law, and therefore it is too early for the OPC to report whether the final outcome was more privacy protective than the original version.	Successfully met
Immediate Outcomes
The work of Parliamentarians is supported by an effective capacity to identify and research privacy issues, and to develop policy positions for the federal public and private sectors, which are respectful of privacy.	Key privacy issues identified and positions articulated to influence the evolution of bills through the drafting stage at the departmental level and the legislative process through Parliament	The OPC provided 20 submissions and policy positions relating to potential privacy implications of proposed legislation and/or government initiatives. In this capacity, OPC officials offered extensive comment on various subjects, including aviation security programs, financial monitoring, access of law enforcement to customer name and address data, and reform of Canada's copyright enforcement regime.	Successfully met
Knowledge about systemic privacy issues in Canada is enhanced through research, with a view to raising awareness and improving privacy management practices.	Key privacy issues identified, analysed, and potential impacts assessed.	Research capacity and production continued to expand, fuelled in part by the wide range of subjects addressed at the 29th International Conference. As a follow-up to the conference, the OPC commissioned the writing of a summary paper to capture and convey the intellectual contribution of the event. (http://www.privacyconference2007.gc.ca/workbooks/Terra_Incognita_summary_E.html) Research and positions taken on national issues like the no-fly list, data breaches, national security and Privacy Act reform resulted in increased interest in privacy issues across Canada. In 2007-2008, 16 research papers were issued by the OPC on a variety of privacy topics and 13 research projects were either completed or well-underway to study impacts of privacy issues affecting Canadians. In addition, the OPC Contributions Program approved 10 projects for a total of $363,500 in 2007-2008 to conduct research into emerging privacy issues (Refer to web site for a list of the recipient organizations and their approved research projects: http://www.privcom.gc.ca/media/nr-c/2007/nr-c_070627_e.asp).	Successfully met

The 29^th International Conference provided an ideal opportunity to raise awareness of significant privacy themes, such as: Public Safety, Globalization, Law Meets Technology, Ubiquitous Computing, the Next Generation and the Body as Data. Independent research commissioned under the auspices of the Office’s research program was featured before a national and international audience, and received attention from privacy advocates and the media.

Our examination of national programs with significant privacy implications, like the No-Fly list, Electronic Health Records and Enhanced Drivers’ Licences, has raised Canadians’ awareness of the threats posed to their personal privacy and encouraged more considered evaluations of the privacy implications of these programs.

Nevertheless, the challenges facing personal privacy rights continue to grow. The Office continues to expand its research capability through additional hiring, specialized training and partnerships with academics not-for-profit organizations and international data protection authorities.

Financial Resources

Planned Spending	Total Authorities	Actual Spending
$4,534,000	$4,442,772	$3,667,508

Human Resources

Planned	Actual	Difference
22 FTEs	19 FTEs	3 FTEs

Priorities for this Program Activity

The operations under this activity contributed to the achievement of the following priorities described in Section I.

Priorities	Type
Engage with Parliament on privacy issues	Ongoing
Continue to promote Privacy Act reform and PIPEDA review	Previous
Organize, host and evaluate the 29th International Conference of Data Protection and Privacy Commissioners	Previous

Engaging Parliament on privacy issues and promoting legislative reform are two on-going, fundamental concerns of the Office. Without careful monitoring of legislative developments, precise analysis of draft legislation and close contact with MPs and committee staff, the recommendations of the OPC on privacy matters would be less focussed and effective.

In addition, the 29^th International Conference provided a platform for the Office to raise the international profile of the research completed by Office staff and by academics and non-governmental organizations supported by the Office’s Contributions Program.

Program Activity 3: Public Outreach

Activity Description

Through this program, the Office of the Privacy Commissioner (OPC) delivers a number of public education and communications activities, including speaking engagements and special events, media relations, and the production and dissemination of promotional and educational material. Through public outreach activities, individuals have access to information about privacy and personal data protection to enable them to protect themselves and exercise their rights. The activities also allow organizations to understand their obligations under federal privacy legislations.

Expected Results	Performance Indicators	Actual Performance	Performance Status
Intermediate Outcomes
Individuals have relevant information about privacy rights and are enabled to guard against threats to their personal information.	Reach of target audience with OPC public education materials	OPC officials were cited in the media hundreds of times on dozens of hot privacy issues, including the no-fly list, the TJX/Winners investigation, Google StreetView, identity theft and the Passport Canada breach. Each year, the number of visitors to the web site grows. There was an average of approximately 130,000 hits per month to the OPC web site, for a total of more than 1.5 million in the fiscal year. There was an average of seven speeches delivered per month by OPC officials (a total of 86 speeches throughout the year), audience sizes averaged approximately 140, for a total reach through the speeches of approximately 12,000 individuals at events, and thousands through the web site, where many speeches are posted. More than one thousand publications were sent out to individuals, including copies of the Acts, guides, annual reports, etc. There were close to 50 press releases disseminated in 2007-2008 and the OPC initiated a targeted media campaign to students, with opinion pieces on the importance of protecting privacy issued to university and college newspapers across the country.	Successfully met
Federal government institutions and private sector organizations understand their obligations under federal privacy legislation.	Degree of organizational awareness and understanding of privacy responsibilities11	Based on results published in May 2007 (http://www.privcom.gc.ca/information/survey/2007/ekos_2007_01_e.asp) from a survey of Canadian businesses on a number of issues relating to privacy and the implementation of PIPEDA, most businesses (86%) recognize taking privacy seriously today is just good business, and the majority of the businesses (67%) that collect personal information have done so in line with the provisions of the Act. However, only one in two businesses reports having a high awareness of its responsibilities under Canada’s privacy laws, the findings suggesting there is still work to be done to raise awareness of responsibilities under Canada’s privacy laws, as similar numbers report either low or moderate awareness. Treasury Board’s Privacy Impact Assessment Policy aims at promoting awareness and understanding of the privacy implications associated with program and service delivery. In October 2007, the OPC released its Audit Report – Assessing the Privacy Impacts of Programs, Plans and Policies – which looked at the federal government’s compliance with the policy. The results of the audit confirmed that government departments are not doing enough to protect Canadians’ personal information as they plan new programs or redesign existing programs. PIAs are not always conducted when they should be (http://www.privcom.gc.ca/ information/pub/ar-vr/pia_200710_e.asp).	Successfully met
Immediate Outcomes
Individuals receive and have easy access to relevant information about privacy and personal data protection, enabling them to better protect themselves and exercise their rights.	Reach of target audience with OPC public education materials	Refer to performance information for the same indicator two rows above in this table.	Successfully met
Federal government institutions and private sector organizations receive useful guidance on privacy rights and obligations, contributing to better understanding and enhanced compliance.	Reach of organizations with OPC policy positions, promotional activities and promulgation of best practices	Fifteen (15) fact sheets or information backgrounders were prepared by the OPC in 2007-2008 to inform public sector organizations, private enterprises and the public on various privacy issues (http://www.privcom.gc.ca/fs-fi/index_e.asp). The OPC launched tools to assist businesses in safeguarding customer personal information. This included an e-learning module for retailers, to help them comply with PIPEDA, and voluntary breach notification guidelines for businesses. We also continued to make available the PIPEDA guide for businesses, as well as the guide for individuals (http://www.privcom.gc.ca/bus/index_e.asp). As well, the OPC issued an exposure draft of a PIPEDA privacy self-assessment tool for comment by private sector entities. The OPC updated its publication first issued in 2005 drawing key lessons from Quebec after more than a decade of experience interpreting and applying its private sector legislation. The OPC also drafted a key publication summarizing leading cases after the first seven years of PIPEDA in action. (The official launch was in May 2008 and will be reported on in the next fiscal year.) The OPC published a number of important papers on privacy, including a research paper on identity management and another on radio frequency identification devices (RFIDs). In addition, the OPC produced a study of all of the research conducted under its Contributions Program. Several research papers were also commissioned to enhance the discussions and outcomes of workshops held at the 29th International Conference. The OPC communicated and consulted with and/or provided guidance to a number of federal departments and agencies with respect to issues such as: PIPEDA review, enhanced drivers license, lawful access, personal health information, spam and spyware, the no-fly list. The OPC also communicated and consulted with and/or provided guidance to a variety of business groups with respect to issues such breach notification, privacy policies, outsourcing, security, etc. The OPC articulated its position in a number of venues (appearances, media statements, resolutions) with respect to important privacy matters, for example, at the Air India Inquiry on Canada’s Financial Monitoring Regime and Privacy Implications of Aviation Security Measures, as well as on the Copyright Act, automated teller machine fees and electronic payments, identity theft, digital rights management, Google StreetView, the no-fly list, the enhanced drivers licence, etc. In addition, the OPC launched a blog in which Canadians and organizations may share their views and concerns (http://blog.privcom.gc.ca/).	Successfully met

This year, the OPC's goals with respect to communications and outreach were well met. In addition to the activities outlined above, the OPC expanded the tools it uses to communicate, launching a pilot project to build a more responsive and interactive dialogue with Canadians through an official Office of the Privacy Commissioner of Canada blog as well as on-line videos. There has been a positive response from the general public as well as privacy advocates in Canada and internationally.

In addition to this, in response to reports that compliance in the retail sector could be improved, the OPC developed and published an online e-learning module to help this sector better comply with PIPEDA. Federal/regional relations were further enhanced through Federal/Provincial/Territorial meetings, as well as joint resolutions on privacy issues such as enhanced driver's licenses and the no-fly list. Media relations efforts on the TJX/Winners investigation resulted in significant media coverage, including an appearance by the Commissioner on the prominent news program 60 Minutes, raising awareness nationally and internationally. This level of national and international recognition for the importance of privacy rights was also paramount in media coverage surrounding the 29^th International Conference of Data Protection and Privacy Commissioners, hosted by the OPC in September 2007. The OPC has recognized a need for additional outreach activities and an expanded regional presence, and is reorganizing and resourcing accordingly.

Financial Resources

Planned Spending	Total Authorities	Actual Spending
$4,038,000	$3,946,867	$3,692,072

Human Resources

Planned	Actual	Difference
21 FTEs	21 FTEs	0 FTEs

Priorities for this Program Activity

The operations under this activity contributed to the achievement of the following priorities described in Section I.

Priorities	Type
Engage with Parliament on privacy issues	Ongoing
Continue to promote Privacy Act reform and PIPEDA review	Previous
Organize, host and evaluate the 29th International Conference of Data Protection and Privacy Commissioners	Previous

Engaging in a dialogue with different groups, providing individuals and organizations, both in the public and private sectors, with information and guidance, helping them better understand their rights and obligations under federal privacy laws, has helped the OPC with its delivery on the three priorities below. Hosting the 29th International Conference of Data Protection and Privacy Commissioners was an important and rewarding outreach effort for the OPC this past year. Actively communicating with our stakeholders on an ongoing basis, and enhancing our work with these groups, enables the OPC to more effectively and thoughtfully engage Parliament on privacy matters, and to continue to promote Privacy Act reform and PIPEDA review.

Other Activities: Internal Services

Activity Description

The OPC continues to enhance and improve its management practices in order to meet the highest standards of performance and accountability. The resources associated with the corporate services, including human resources management services, have been apportioned to the three first Program Activities, which they support. All managers are expected to take responsibility for the expected results, and to integrate the necessary activities in their operational plans.

Expected Results	Performance Indicators	Actual Performance	Performance Status
Intermediate Outcome
The OPC achieves a standard of organizational excellence, and managers and staff apply sound business management practices.	Ratings against Management Accountability Framework - MAF (as being the expectations for high organizational performance in modern public service management)	As an Officer of Parliament, the OPC is not subject to a MAF assessment by Treasury Board Secretariat. The Office nevertheless embraces the expectations for high organizational performance in modern public service management that the MAF promotes. In May 2007, the OPC completed its first self-assessment against the MAF and intends to conduct a similar comprehensive exercise biennially (other small agencies are subjected to an assessment by TBS once every three years). As well, the OPC prepares a semi-annual status report of the improvement plan that was developed with the May 2007 MAF Self-Assessment Report and uses the status report to inform its fall strategic planning session with areas requiring management attention. The May 2007 MAF Self-Assessment Report indicated good management practices in the following areas: utility of corporate performance framework, quality of program and policy analysis, managing organizational change, fair workplace, IT management, asset management, procurement, and accountability. Of the areas requiring improvement, progress was made in 2007-2008 as follows: a corporate risk profile was developed and served as an important element of priority-setting, service standards were developed in core functions, values and ethics were promoted namely through communicating to staff the Public Service Disclosure Protection Act proactively, information management was improved through the utilization throughout the Office of a record and document management information system (RDMIS) and the creation of a web based library catalogue. More work is continuing to improve other management areas namely internal audit and evaluation, completion and testing of the business continuity plan, development of a values and ethics code of conduct, preparation of more robust and user-friendly monthly financial reports, conducting a major review of financial authority delegations and further integration of human resources and business planning.	Successfully met
Immediate Outcomes
Key elements of the OPC Management Accountability Framework (MAF) are integrated into management practices and influence decision-making at all levels.	Ratings against Management Accountability Framework - MAF (as being the expectations for high organizational performance in modern public service management)	Refer to performance information for the same indicator in the row above.	Successfully met
The OPC has a productive, principled, sustainable and adaptable workforce that achieves results in a fair, healthy and enabling workplace.	Employee satisfaction; number of grievances received; quality of labour relations; retention of staff	Employee satisfaction The next Public Service Employee Survey is planned for 2008, however, comparing results from the two last surveys (2002 and 2005), the OPC made significant progress, notably in the following areas: respondents indicated being strongly committed to their work and to the organization, knowing where to go for help if faced with an ethical dilemma and believing in the fairness of the selection process for positions. Number of grievances received During 2007-2008, the OPC dealt with seven formal and informal staff relations issues and did not have any formal complaints related to the staffing process. Quality of labour relations The Office continues to strengthen its communication mechanisms through ongoing dialogue with employees and bargaining agents at labour management and health and safety committees and through all-staff meetings both at the organizational and branch levels. As well, much emphasis was placed on learning within the OPC with all managers having been offered a series of modules in labour relations. Workshops on ‘respect in the workplace’ were mandatory for all staff. Training sessions were offered through the Canada School of Public Service, the Small Agency Transition Support Team and other Officers of Parliament (namely Elections Canada) in the areas of: integrated business and HR planning, classification, conflict management, supervisory training for new supervisors, orientation to the Public Service and the Public Service Employment Act, etc. Retention of staff The 2006-2007 Annual Report of the Public Service Commission identified the level of movement within the federal public service as a challenge with an increase from 30% in 2004-2005 and 35% in 2005-2006 to a high of 40% of employee movement in 2006-2007. Within the OPC, the movement is similar to the rest of the Public Service and progress is well underway to address the retention challenges. A revised Integrated Business and Human Resources Plan is being developed, which includes a resourcing strategy and identifies priorities and plans for the next three years to address these challenges. In addition, we developed an Exit Questionnaire to learn from departing employees on how to improve our HR management policies and practices. We are exploring flexible working arrangements and considering the development of a Workplace Fitness Program and an Awards and Recognition Program – all within the context of Treasury Board policies and guidelines. As well, we continue to strengthen our communication mechanisms through ongoing dialogue with employees.	Successfully met
HR management practices reflect new accountabilities stemming from Public Service Modernization Act and Public Service Employment Act.	Full, unconditional staffing delegation from PSC; HR planning integrated into business planning at the OPC	Full, unconditional staffing delegation from PSC HR prepared detailed, comprehensive reports in response to the Annual Reports required in the areas of Official Languages, Staffing and Classification as well as other yearly reports in Multiculturalism, and Values and Ethics (e.g. Harassment, Employment Equity). Those reports are submitted to central agencies who evaluate the Deputy Head’s accountability in these programs. Feedback on reports submitted by the OPC in 2007-2008 was very positive. As for the staffing function specifically, the Commissioner signed once again the Appointment Delegation and Accountability Instrument with the Public Service Commission, and as such the OPC maintains its full, unconditional staffing delegation from PSC. HR planning integrated into business planning at the OPC The OPC has taken a corporate approach to integrating human resources, financial and business planning. Branch level business plans incorporate all three aspects. In addition, HR and Finance specialists meet jointly with branch managers periodically to discuss their current and future resource requirements.	Successfully met
Managers and staff demonstrate exemplary professional and ethical conduct in all of their work, and are responsive to the highly visible and complex nature of the environment in which they operate.	Feedback from employees on fairness, respect and engagement	The OPC continued to reaffirm its commitment to the Public Service Values and Ethics through promoting the values and ethics, namely through the creation of a dedicated section on the opening page of its Intranet site to values and ethics. Senior management decided not to have its own internal disclosure mechanism but rather to have any disclosures made directly to the Public Sector Integrity Commissioner. This decision was communicated to all staff and posted on the Intranet. The OPC also took the opportunity to remind staff of other key personnel that they could turn to as required. Only one harassment-related incident was reported in 2007-2008 for a staff complement of 110 FTEs (0.9%).	Successfully met
The performance of the OPC is defined, measured and reported upon regularly in a meaningful and transparent manner.	OPC reports, particularly RPP and DPR, are well received by Central Agencies and stakeholders	Based on informal comments from Parliamentarians, Parliamentary Committee members and Treasury Board Secretariat officials, the OPC received positive or very positive feedback on its annual reports, Report on Plans and Priorities and Departmental Performance Report in 2007-2008.	Successfully met

In addition to performance reporting in the above table, the OPC had committed to undertake the following management activities in 2007-2008 as identified in its 2007-2008 Report on Plans and Priorities:

Implementation of Year 2 of the Business Case

Fiscal year 2007-2008 was Year 2 of the implementation plan for the OPC’s three-year business case presented in 2005-2006 to the House of Commons Advisory Panel on the Funding and Oversight of Officers of Parliament. The review of organizational structures stemming from the business case was finalized with the exception of the regional positions due to a management decision to revisit this approach. In response to some of the challenges posed by the Public Service Commission’s implementation of a national area of selection policy for external recruitment and in an effort to accelerate the assessment process and reduce travel costs, the Office developed a web-based tool to administer exams on-line through the use of a portal on the OPC web-site. The preparation time and overall administrative costs were minimal and allowed us to very easily accommodate candidates regardless of their location – Canadians as far as India and Malaysia were successfully able to write the exams. We also noted that candidates with disabilities much prefer this approach as their personal computers (or work environment) are already properly equipped to address their special needs.

Implementation of the Performance Measurement Framework (PMF)

Fiscal year 2007-2008 was the first of three years of incremental implementation of the PMF approved by senior management in December 2006. The first year covered about half of the total number of performance indicators. This Departmental Performance Report is the evidence that implementation did take place, including the development of measurement instruments such as tracking tools, revised scorecard reporting, development of service standards in core functions. Work has started to implement the second year of implementation in 2008-2009, with the inclusion of performance targets that were set as part of the work to support the Management, Resources and Results Structure (MRRS) Policy.

Integrated Risk Management through:

Completion of the Business Continuity Plan (BCP) – Work was realized to advance the development of the BCP but given some internal changes in responsibility, it was not completed as planned in 2007-2008. Completion of the BCP will be realized in 2008-2009 at the same time as new requirements under the Government Security Policy will be integrated and renewal of the enterprise threat and risk assessments to test the BCP will be carried out in the next fiscal year.

Establishment of the Internal Audit Function – Work on this initiative has not advanced due to an unsuccessful competition to engage an AS-07 to help set up a new internal audit function. An intense effort is being invested in 2008-2009 through collaboration with other Officers of Parliament and the engagement of a contracted resource (until the new competition for an AS-07 that is underway concludes) to meet the requirements of the Internal Audit Policy by March 31, 2009. These requirements include: appointing a Chief Audit Executive that reports to the Commissioner, establishing an independent audit committee comprised of members from outside the Office and the Federal Public Service, and developing a risk-based audit plan designed to support an annual opinion from the Chief Audit Executive on the OPC’s risk management, control, and governance processes.

Development of a Corporate Risk Profile and management of risks – In early 2007-2008, the OPC developed its first formal corporate risk profile through the involvement of a senior manager from each area of the Office. The exercise generated very useful discussions and the resulting product served as a critical input to the senior management exercise to set the 2008-2009 corporate priorities that subsequently became the basis for the Report on Plans and Priorities. In addition to integrating risk management to strategic planning, the operational plans from each branch of the Office also integrated to the risk mitigating strategies such that those truly are commitments that managers are engaged to deliver to manage risks proactively.

Strengthening of the Information Management Capacity

Two new positions in information management were created and staffed in 2007-2008, basic training on the use of the new record and document information management system (RDIMS) was provided to all OPC staff, and a new web-based library catalogue called In Magic was launched on the OPC Intranet site allowing personnel to search library holdings and make loans on-line via their desktops.

Overseeing the financial and management aspects of the 29^th Annual Conference

The 29th Annual Conference of Data Protection and Privacy Commissioners, which was highly successful, was governed effectively through a steering committee chaired by the Commissioner and supported by three key management components: program, logistics and financial aspects. The conference was delivered within the net forecasted budget of $400,000 for the event; financial details are disclosed on the OPC website (http://www.privcom.gc.ca/pd-dp/other-autre/2007-08/070925_e.asp).

Implementation of the Human Resources Strategy

Progress is well underway within the OPC to address the challenges we face with respect to recruiting and retaining our staff. A draft Human Resources Strategy was presented to senior management in October 2007, and based on discussions at the senior management committee, and in view of the need for OPC to present a second business case for additional resources, there was a decision to revisit our approach to the HR Strategy. A revised Integrated Business and Human Resources Plan is currently under development, which incorporates a resourcing strategy as well as methods to retain our talent across the organization, and identifies our plans and priorities for the next three years to address the challenges pertaining to recruitment and retention. This integrated plan will be completed in 2008-2009.

Continued implementation of Public Service Employment Act (PSEA) and the Public Service Modernization Act (PSMA)

This has become an ongoing task which is integrated in our management practices. In 2007-2008, information sessions were offered to all managers on the implementation of the PSMA and PSEA. We continue to explore the flexibilities provided under the new PSEA. . Additionally, a number of policies and guidelines were developed and/or reviewed in line with the PSMA and PSEA.

Integration of human resources planning to strategic planning, enhancement of human resources monitoring and reporting capacity, and development of human resources policies and guidelines

The OPC strategic plan (or Report on Plans and Priorities) addresses both business and human resources planning. As well, the operational or branch plans also integrate both aspects of planning. The Directors of Human Resources and Finance work together to better inform OPC managers of their resource situation in an integrated manner. As well, the OPC continues to refine its capacity to produce demographic data on its human resources for use by managers in doing the planning and management of their resources. Work on an improved quarterly presentation of integrated resources data intended to senior management has progressed in 2007-2008 and will be completed in the next year. A fully Integrated Business and Human Resources Plan is currently in draft format and will be presented to the senior management committee in 2008-2009.

Priorities for this Program Activity

The operations under this activity contributed to the achievement of the following priority described in Section I.

Priorities	Type
Build organizational capacity	Previous

This program activity is about organizational excellence and ensuring that sound business management practices are applied by OPC managers and staff in delivering the Office’s mandate. Efforts to develop and continually assess and improve the institutional infrastructure of the Office contribute directly to building and maintaining our capacity, both in terms of human capital and management processes and practices.

• Previous Page
• Table of Contents
• Next Page