Canada Border Services Agency over-discloses personal information to the Information Commissioner in relation to an ATIA request
The Office of the Privacy Commissioner investigated a complaint where the Canada Border Services Agency (CBSA) disclosed a workplace review report containing an individual's personal information to the Information Commissioner. The OPC found that while disclosing information related to the complainant's access to information requests was a consistent use, disclosing the workplace review report was not. The CBSA contravened the Privacy Act by disclosing this report without consent and for a purpose inconsistent with its original collection.
- Whether disclosing a workplace review report to the Information Commissioner constituted a 'consistent use' under paragraph 8(2)(a) of the Privacy Act.
- The distinction between information collected for managing workplace conflict versus information collected for responding to access to information requests.
- Whether the CBSA reasonably expected the disclosure of the workplace review report.
Complaint well-founded — corrective measures recommended
The OPC determined that the disclosure of the workplace review report was not a consistent use of the information, as its original purpose was to address workplace conflict, which is distinct from the purpose of responding to an access to information request.
AI-generated summary for reference only. Always verify against the official decision ↗
The OPC recommended that the CBSA develop guidance to assess the merits of consistent use disclosures of personal information to other government institutions.
- paragraph 8(2)(a) of the Privacy Act
- subsection 6.1(1) of the ATIA
This summary is for informational purposes only and does not constitute legal advice.