Canadian Privacy Decisions

This investigation examined the Treasury Board of Canada Secretariat's (TBS) handling of employee personal information related to the administration of the Direction on Prescribed Presence in the Workplace, which mandates minimum on-site workdays. The Office of the Privacy Commissioner of Canada (OPC) found that TBS's practices for both organizational compliance reporting (using aggregated data like turnstile and HR data) and individual compliance monitoring (relying on manager observation and self-reporting) were compliant with the Privacy Act. The OPC concluded that the complaint was not well-founded, noting TBS's effective balance between operational needs and employee privacy.

• Collection of employee personal information for hybrid work model compliance
• Retention and disposal of personal information
• Use and disclosure of personal information
• Transparency and adequacy of Personal Information Banks (PIBs)

The Office of the Privacy Commissioner of Canada (OPC) investigated the Canada Border Services Agency's (CBSA) contracting practices related to the ArriveCAN application following a complaint and a request from a parliamentary committee. The investigation examined whether contractors had inappropriate access to travellers' personal information. While the OPC found no contravention of the Privacy Act, it identified shortcomings in the CBSA's contracting processes, such as issues with the timeliness and accuracy of security assessments and broad task descriptions in contracts. The OPC made recommendations to improve the CBSA's practices, which the agency accepted.

• Whether CBSA authorized contractors to access personal information without required security clearances.
• Accuracy and timeliness of security requirement assessments for contracts.
• Clarity and specificity of task descriptions in contracts and task authorizations.
• CBSA's compliance with security requirements for personnel and organizations involved in ArriveCAN contracts.

The complainant alleged that Library and Archives Canada (LAC) failed to respond to an access request within the 30-day timeframe. The request sought extensive information on Métis Nation land titles, treaties, and communications with Indigenous organizations. LAC determined the request was too broad and lacked specificity for their employees to identify records with reasonable effort, and thus did not meet the requirements of section 6 of the Access to Information Act. The Information Commissioner agreed that the request was too vague and did not require LAC to respond.

• Whether the access request provided sufficient detail to identify records with reasonable effort, as required by section 6 of the ATIA.
• Whether LAC made reasonable efforts to seek clarification from the complainant.
• Whether LAC was required to undertake extensive historical and legal research to identify responsive records.