Annual Report on the Privacy Act for the period ending March 31, 2017
2. Administration of the Privacy Act
2.1 Education and training
Privacy training at Elections Canada typically involves educating staff on the principles of the Act; how to securely manage privacy requests and protect personal information. In the 2016–2017 fiscal year, Elections Canada delivered 3 formal and 2 informal ATIP training and awareness sessions for 47 employees of various levels. All of the sessions provided an overview of the ATIP process, legislation, roles and responsibilities. The ATIP Office also raised awareness of privacy issues throughout the agency when providing advice on the collection, retention, use and disclosure of personal information.
2.2. Institutional privacy policies and procedures
No new institution-specific policies or procedures related to privacy were implemented in this fiscal year. Elections Canada is continuing to review its ATIP tools and procedures, and update them as required.
2.3. Institutional monitoring of privacy requests
The ATIP Office uses its case management software to monitor the status of each request being processed, including the number of days remaining before the statutory deadline. A weekly progress report of all open and recently closed files is regularly provided to senior officials, including the Chief Electoral Officer and the Executive Committee.
2.4. Material privacy breaches
A material privacy breach is any unauthorized collection, use, disclosure, retention or disposal of sensitive personal information that could reasonably be expected to cause injury or harm to the individual.
No material privacy breaches occurred at Elections Canada during the reporting period.
2.5. Privacy impact assessments
Elections Canada consistently conducts privacy impact assessments (PIAs) to address privacy risks in new or existing departmental programs, initiatives or projects that manage personal information.
Elections Canada did not complete any PIAs in this fiscal year.