Annual Report - Privacy Act
April 1, 2018 – March 31, 2019
Introduction
This report is prepared in accordance with section 72 of the Privacy Act and is tabled in Parliament by the Minister of Health in accordance with the aforementioned section. It describes how the Canadian Institutes of Health Research fulfilled its responsibilities under the Act during the fiscal year beginning April 1, 2018 and ending March 31, 2019.
The Privacy Act provides citizens with the legislated right to access personal information held by the government, subject to certain limitations and specific exemptions, and protection of that information against unauthorized use and disclosure
The Canadian Institutes of Health Research (CIHR) was created in 2000 under the authority of the CIHR Act. The Canadian Institutes of Health Research (CIHR) is the Government of Canada’s health research investment agency. The mandate of CIHR as stated in the Act is:
To excel, according to internationally accepted standards of scientific excellence, in the creation of new knowledge and its translation into improved health for Canadians, more effective health services and products and a strengthened Canadian health care system.
CIHR is the largest funder of health research in Canada with a mission to create new scientific knowledge and to enable its translation into improved health, more effective health services and products, and a strengthened Canadian health care system. Composed of 13 “virtual” Institutes and three business portfolios, CIHR provides leadership and support to over 13,000 world-class researchers from all pillars of health research and from all regions of Canada.
Organizational Structure
CIHR is led by its President. Overall strategic directions are set by its Governing Council, which has a mandate to oversee the direction and management of the property, business and affairs of CIHR.
The Science Council (SC) is a management committee that develops, implements and reports on CIHR's research and knowledge translation strategy, in accordance with the CIHR Act and the overarching strategic directions set out by Governing Council. This includes recommending for approval by the President funding for all research and knowledge translation initiatives.
Day-to-day management of CIHR is led by the Senior Leadership Committee.
The Access to Information and Privacy (ATIP) Office, part of Governance and Government Affairs, administers the provisions of the Access to Information Act and the Privacy Act for the CIHR and is accountable to the President of CIHR. The ATIP Office, which is comprised of 1 ATIP Coordinator, is responsible for the following activities:
- managing all response to both formal and information requests made under both Acts;
- developing policies, guidelines and procedures with respect to fulfilling the Agency’s legislative requirements of both acts;
- promoting awareness of both acts, delivering training, and providing advice and guidance to ensure that employees and management understand their roles and responsibilities;
- monitoring compliance with both acts;
- completing Privacy Impact Assessments (PIAs);
- coordinating reporting on privacy breaches;
- preparing annual reports for tabling; and,
- updating the CIHR Info Source chapter annually.
Delegation of Authority
The President of CIHR, as designated Head of CIHR under the Privacy Act, exercises powers entrusted to the position by the Act, such as exemptions and exclusions.
In accordance with his authority under Section 73, the President has designated the Executive Vice-President, the Director General, Governance and Government Affairs, the Access to Information and Privacy (ATIP) Coordinator and a Junior ATIP Officer to exercise any of his powers, duties or functions under the Act (See Appendix A - Delegation Order).
Highlights of the Statistical Report 2018-2019
-
Formal Requests
During the April 1, 2018 to March 31, 2019 reporting period, CIHR received six requests during this reporting period. One request was disclosed in full, three requests were disclosed in part and two requests resulted in no records. A total of 1,705 pages were processed and 862 pages were disclosed. (See Appendix B - Statistical Report). Since 2014-2015, CIHR has received thirteen formal requests. This year marks a significant increase in the number of requests received compared to zero requests in 2017-2018 and two requests in 2016-2017. All requests received in 2018-2019 were from one identified requestor.
While CIHR receives only a small number of formal requests under the Act, it is worth noting that privacy issues permeate its programs and operations. This is not surprising given that CIHR collects and manages a great deal of personal information to adjudicate thousands of research grant and scholarship proposals, making merit-based awards based on peer review.
-
Informal Requests
In 2018-2019, it is estimated that CIHR responded to twenty fve informal requests. This is consistent with the volume of informal requests since 2014-2015, with an average of twenty two informal requests per year. All of the requests received during this reporting year came from employees related to the review of documents and interpretation of the Privacy Act. The ATIP Office is routinely asked to review corporate and project specific documents related to privacy issues prior to their release. These requests are not reflected in the statistical report in Appendix B.
-
Requests for Correction of Personal Information
During the 2018-2019 reporting period, CIHR received four requests for correction of personal information. All four of the requests received resulted in notations attached to the records and no corrections made.
-
Consultations
During the 2018-19 reporting period, the CIHR Access to Information and Privacy Office did not receive any consultation requests from external sources.
CIHR managers and staff sought and obtained advice from the ATIP Coordinator on a regular basis of matters where there were privacy considerations in their programs or activities.
-
Costs
During 2018–19, the Access to Information and Privacy Office incurred $22,000 in salary costs to administer the Privacy Act. Owing to the difficulty of tracking all of the operational costs related to the administration of the Act, the costs and person year usage statistics are conservative estimates. Almost all costs are attributable to salary, and include fractions of the salaries of the directors, managers and employees who participated in work related to the Act.
Training Activities
No formal training activities were undertaken during this reporting period. The ATIP Office offers general and on demand training to all staff.
The ATIP Coordinator attended the ATIP Coordinator and Practitioner Community meetings hosted by the Treasury Board Secretariat throughout the fiscal year. As well, the Coordinator also participated in online professional communities on GC Connex. These communities provide valuable information on trends and best practices within the ATIP community, updates on recent complaints and court cases, and tools to help improve service standards within the field.
The ATIP Office plans to develop educational tools and deliver training sessions to CIHR staff.
Policies, Guidelines and Procedures
The CIHR did not implement any new access to information policies, guidelines and/or procedures during the reporting period and there were no significant revisions to current access to information policies, guidelines or procedures.
Complaints and Investigations
CIHR was not subject to any complaints or investigations during the reporting period.
Monitoring Compliance
The ATIP Office monitors the time to process requests and administer the Privacy Act through as-needed verbal status reports. Any issues of significant interest are discussed with the President on an as needed basis.
Material Privacy Breaches
No material privacy breaches occurred during the reporting period.
Privacy Impact Assessments
CIHR did not undertake any new Privacy Impact Assessments during the reporting period.
Public Interest Disclosures
CIHR did not make any public interest disclosures under paragraph 8(2)(m) of the Privacy Act during the reporting period.
- Date modified: