2012-13 Annual Report on the Administration of the Privacy Act

April 1, 2012 – March 31, 2013

Introduction

The Canadian Institutes of Health Research (CIHR) is pleased to submit to Parliament its annual report on the administration of the Privacy Act for the fiscal year commencing April 1, 2012 and ending March 31, 2013. This report is submitted in accordance with section 72 of the Act.

The Privacy Act gives individuals the right of access to personal information about them held by the government, subject to limited and specific exceptions. The Act also protects privacy by preventing unauthorized access to personal information and by giving the individuals substantial control over the collection, use and disclosure of their personal information.

CIHR is the major federal agency responsible for funding health research in Canada. The CIHR concept is unique - a multi-disciplinary approach organized through a framework of 13 "virtual" institutes each dedicated to a specific research area, linking and supporting researchers pursuing common goals. Institutes bring together researchers who approach health challenges from different disciplinary perspectives, drawing on the combined strengths of these approaches.

According to the Canadian Institutes of Health Research Act, the mandate of the CIHR is to excel, according to internationally accepted standards of scientific excellence, in the creation of new knowledge and its translation into improved health for Canadians, more effective health services and products and a strengthened Canadian health care system. CIHR reports to Parliament through the Minister of Health.

CIHR is led by a President and a Governing Council comprised of up to 18 members appointed by Order-in-Council. The Governing Council sets the overall strategic direction, goals and policies. It establishes, maintains, and terminates Health Research Institutes and determines the mandate of each. As outlined in the legislation, the Governing Council is responsible for the management of CIHR, including: developing its strategic direction, goals and policies; evaluating its performance, approving its budget; establishing a peer review process for research proposals submitted to CIHR; approving funding for research; approving other expenditures to carry out its objective; establishing policies that encourage consultation and collaboration with persons and organizations that have an interest in health research; and dealing with any other matter that the Governing Council considers related to the affairs of CIHR.

CIHR’s administration of its Access to Information and Privacy (ATIP) activities is in accordance with the government’s stated principles that government information should be available to the public with only specific and limited exceptions. Furthermore, CIHR treats personal information in compliance with the code of fair information practice express in the Privacy Act.

Organization and Delegation of Authority

The President of CIHR is the designated head of the institution for the purposes of the Privacy Act. In accordance with his authority under Section 73, the President has designated the Vice President, Public, Government and Institute Affairs to exercise all of his powers, duties or functions under the Act, except for the discretion in 8(2)(m)(i) to disclose personal information in the public interest. He has also designated the Director of Strategic Policy and External Relations and the Access to Information and Privacy (ATIP) Coordinator to exercise these duties and functions.

A copy of the order is attached as Appendix A.

CIHR’s delegation is designed to ensure that authority and responsibility for decisions related to Privacy Act exemptions with a national or public interest dimension are reserved for the most senior level of management. At the same time, the order ensures that the staff administering the Act on a day-to-day basis is not encumbered with onerous approval processes.

The ATIP Coordinator is the only CIHR employee with full-time responsibilities related to the administration of the Privacy Act. She is responsible for managing CIHR’s responses to formal Privacy Act requests, for providing advice and training, for drafting reports, and for developing and updating CIHR’s chapters in the public repertories of institutional information holdings (Info Source) maintained by the Treasury Board Secretariat. She is also responsible for developing and implementing policies, guidelines, and procedures to ensure that CIHR meets its responsibilities under the Act. She is tasked with all of the same duties and responsibilities with respect to the administration of the Access to Information Act.

Requests for Personal Information

CIHR received seven requests under the Privacy Act in 2012-2013 and all were processed within the reporting period. A statistical summary showing the disposition of the requests is attached as Appendix B.

The requests resulted in full disclosure of the requested information.

CIHR remains vigilant in meeting requirements under the Act to protect personal information under its control. This is achieved by ensuring that employees are cognizant of their responsibility to protect the personal information they handle in the course of their duties and by respecting the code of fair information practice enshrined in the legislation.

Costs

Owing to the difficulty of tracking all of the operational costs related to the administration of the Act, the costs and person year usage statistics are conservative estimates. Almost all costs are attributable to salary, including fractions of the salaries of the managers and employees who were drawn into work related to the Act.

Training and Education

CIHR delivered four information sessions on the Privacy Act to staff in 2012-2013.

The ATIP Coordinator attended the annual Canadian Access and Privacy Association workshop as well as various workshops organized by the Treasury Board Secretariat throughout the fiscal year. These workshops provide valuable information on trends and best practices within the ATIP community, updates on recent complaints and court cases, and tools to help improve service standards within the field.

Policies, Guidelines and Procedures

CIHR did not introduce any new or revised institution-specific privacy policies guidelines or procedures during the reporting period.

While CIHR received only a small number of formal requests under the Act, it is worth noting that privacy issues pervade its programs and operations. This is not surprising given that CIHR collects and manages a great deal of personal information to adjudicate thousands of research grant and scholarship proposals, making merit-based awards based on peer review.

CIHR managers and staff sought and obtained advice from the ATIP Coordinator on a regular basis of matters where there were privacy considerations in their programs or activities. A total of forty-two informal requests were received by the Access to Information and Privacy office.

Complaints

There were no complaints under the Privacy Act or investigations related to CIHR during the reporting period.

Privacy Impact Assessments

CIHR did not complete any Privacy Impact Assessments (PIA) during the reporting period, nor did it forward any to the Privacy Commissioner for review.

Disclosures under 8(2)(m)

CIHR made no disclosures under paragraph 8(2)(m) of the Privacy Act during the reporting period.

Date modified: