Review of the Canadian Security Intelligence Service’s (CSIS) Internal Security Branch: CSIS Responses
Review of the Canadian Security Intelligence Service’s (CSIS) Internal Security Branch
Responses
CSIS Internal Security (SIRC 2018-15)
NSIRA Recommendation: CSIS develop an internal policy, in consultation with Treasury Board Secretariat (TBS), outlining parameters on reporting information obtained during the course of IS screening, inquiries, and investigations to law enforcement in a timely manner.
CSIS Response: CSIS has established an internal set of procedures for disclosing information obtained during the course of Internal Security screening to law enforcement, as required. CSIS will continue to review these procedures and will continue to seek legal advice from the Department of Justice regarding these disclosures, as required. CSIS and the Department of Justice have a collaborative relationship that fosters discussion and allows for robust engagement in these matters.
NSIRA Recommendation: CSIS strengthen internal governance over polygraph activities, including modifying the methodology for conducting polygraph assessments, as appropriate.
CSIS Response: CSIS considers the findings and observations in this review as an opportunity to enhance its internal processes. As such, CSIS is working to address this recommendation by strengthening internal governance. New policy and procedures will provide clarity, accountability and transparency to its polygraph program by outlining roles and the ethical and procedural responsibilities of polygraph examiners.
NSIRA Recommendation: CSIS update applicable policy and procedures on the use of the polygraph to address security and procedural fairness implications stemming from failed polygraph results.
CSIS Response: CSIS values the important work done by the National Security and Intelligence Review Agency (NSIRA). To address gaps identified by NSIRA, CSIS is currently updating the polygraph policy and procedures to ensure an enhanced degree of transparency and procedural fairness.
NSIRA Recommendation: IS further align its overarching policy suite with the assessment criteria for adverse information outlined in the Standard on Security Screening, as well as update the its Questionnaire Guidebook with clear definitions and risk indicators.
CSIS Response: CSIS continually engages in the process of updating its guides, procedures and policies. CSIS will ensure that procedures are well aligned with the Treasury Board Secretariat’s Standard on Security Screening. Providing consistency in assessments between cases remains a priority.
I am pleased to present the 2025–26 Departmental Plan for the National Security and Intelligence Review Agency Secretariat. This plan outlines the key priorities and objectives we will pursue in the coming year to support NSIRA’s critical work in ensuring accountability and public confidence in national security and intelligence activities.
The Secretariat’s role is to provide the expertise, resources, and support necessary for NSIRA to fulfill its mandate effectively. As we move forward, our focus remains on fostering a culture of professionalism, transparency, and continuous improvement. This commitment underpins all aspects of our work, from supporting independent reviews to facilitating timely and fair investigations.
The year ahead presents opportunities to strengthen our processes and refine how we deliver on our responsibilities. By building on the knowledge gained through past work, enhancing internal capabilities, and fostering collaboration with our partners, the Secretariat aims to ensure that NSIRA continues to deliver meaningful and high-quality results.
While challenges remain, including the complexity of accessing necessary information and managing procedural unpredictability, the Secretariat is committed to addressing these issues with diligence and care. Through clear communication, proactive engagement, and a steadfast focus on service standards, we will work to mitigate risks and achieve our planned results.
Our success is made possible by the dedication and professionalism of the Secretariat team. I am grateful for their continued efforts to support NSIRA’s mandate and to contribute to an accountable and transparent national security framework. I encourage you to review this Departmental Plan for more details on the priorities we have set and the results we aim to achieve in the year ahead.
Charles Fugère Executive Director National Security and Intelligence Review Agency Secretariat
Plans to deliver on core responsibilities and internal services
Core responsibilities and internal services:
Core responsibility 1: National security and intelligence reviews and complaints investigations
Internal services
Core responsibility 1: National security and intelligence reviews and complaints investigations
Description
NSIRA reviews Government of Canada national security and intelligence activities to assess whether they are lawful, reasonable, and necessary. NSIRA also investigates complaints from members of the public on the activities of the Canadian Security Intelligence Service (CSIS), the Communications Security Establishment (CSE), the Royal Canadian Mounted Police (RCMP), as well as certain other national security-related complaints, independently and in a timely manner.
The NSIRA Secretariat supports the Agency in the delivery of its mandate. Independent scrutiny contributes to strengthening the accountability framework for national security and intelligence activities and to enhancing public confidence. Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable, and necessary.
Quality of life impacts
The NSIRA Secretariat’s core responsibility relates most closely to the indicator ‘confidence in institutions‘, within the ‘democracy and institutions’ subdomain and under the overarching domain of ‘good governance’.
Indicators, results and targets
This section presents details on the department’s indicators, the actual results from the three most recently reported fiscal years, the targets and target dates approved in 2020-21 for National security and intelligence reviews and complaint investigations. Details are presented by departmental result.
Table 1: Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable, and necessary.
Table 1 provides a summary of the target and actual results for each indicator associated with the results under National security and intelligence reviews and complaints investigations.
Indicator
Actual Results
Target
Date to achieve
All mandatory reviews are completed on an annual basis
2021–22: 100%
2022–23: 100%
2023–24: 100%
100% completion of mandatory reviews
December 2022
Reviews of national security or intelligence activities of at least five departments or agencies are conducted each year
2021–22: 100%
2022–23: 100%
2023–24: 100%
At least one national security or intelligence activity is reviewed in at least five departments or agencies annually
December 2022
All Member-approved high priority national security or intelligence activities are reviewed over a three-year period
2021–22: 33%
2022–23: 33%
2023–24: 33%
100% completion over three years; at least 33% completed each year
December 2022
Table 2: National security-related complaints are independently investigated in a timely manner
Indicator
Actual Results
Target
Date to achieve
Percentage of investigations completed within the NSIRA Secretariat service standards
The following section describes the planned results for National security and intelligence reviews and complaints investigations in 2025-26.
Ministers and Canadians are informed whether national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary.
Results we plan to achieve
Review work will be informed and guided by the knowledge and experience acquired through previous reviews, and this increased understanding of departments and agencies’ organizational structures, networks, policies, and activities will be leveraged and applied to both the selection and execution of our reviews.
All current and ongoing reviews, and new reviews beginning in 2025-26, will be conducted with the highest degree of rigour and professionalism. This will include all mandatory and discretionary reviews, including annual reviews of CSIS and CSE activities.
Review reports, which capture the detailed results and outcomes of our reviews, will be produced and provided to applicable Ministers and departments, including all findings, and recommendations produced during the review.
All review reports will be prepared for public release as a result of Access to Information requests and also published on the NSIRA website, allowing Canadians to see the outcomes and conclusions of NSIRA’s work, which assesses whether the national security and intelligence activities undertaken by Government of Canada institutions are lawful, reasonable and necessary.
To further support its review efforts, the Secretariat will continue to leverage and foster its bilateral and multilateral international and domestic partnerships in the review and oversight community. Such participation and engagement expand the knowledge and experience base of the Secretariat through the sharing of best practices. It also allows the Secretariat to grow NSIRA’s visibility globally and sets up Canada amongst the industry leaders in review and oversight.
National security-related complaints are independently investigated in a timely manner
Results we plan to achieve
The Secretariat will revise and amend NSIRA’s Rules of Procedure and Standard Operating Procedures for complaint investigations. These revisions will allow for consistency with developed best practices and ensure the continued modernization of its processes.
The Secretariat will develop a simplified procedure to support NSIRA in addressing large volumes of particular types of complaint allegations, or individual complaints requiring a narrower evidentiary scope to in turn promote timeliness, efficiency, and procedural fairness.
The Secretariat will continue the development and integration of a multi-disciplined work environment composed of necessary expertise to enhance the professionalization of NSIRA’s investigations and investigative processes.
The Secretariat will leverage its strong relationships with partners to commence work on developing procedures for all phases of the investigation of complaints against the RCMP and CBSA related to national security in preparation for the eventual coming into force of the PCRC Act, and this will include the completion of a Memorandum of Understanding (MOU) with the Civilian Review and Complainants Commission (CRCC) / the PCRC.
The Secretariat will also leverage those relationships as it prepares to support the new PCRC with its statutory obligation under the PCRC Act to report race-based and other demographic data related to complaints against the RCMP and the CBSA, namely by ensuring that NSIRA consistently reports, as necessary, on such data for complaints referred to it by the PCRC.
Key risks
The NSIRA Secretariat has made progress on accessing the information required to conduct reviews; however, there continues to be risk associated with reviewees’ ability to respond to and prioritize information requests, or to provide necessary access to required information during reviews, thereby hindering NSIRA’s ability to deliver its reviews on a faster turnaround. The NSIRA Secretariat will continue to mitigate these risks by providing clear communication related to information requests, tracking their timely completion within communicated timelines and escalating issues when appropriate.
With respect to the Secretariat’s service standards, one risk to the achievement of the planned results for complaint investigations is the procedural unpredictability of NSIRA’s investigations due to the quasi-judicial nature of the investigation process and the institutional independence of individual NSIRA members in the conduct of their investigations.
Additionally, procedural unpredictability may result in some investigations becoming more protracted than others depending on the complexity of the complaint that NSIRA must address.
Finally, there is a risk to the timeliness of complaint investigations due to the responses from the respondent agencies and organizations whose activities are the subject of complaints. The timely provision of documents and the availability of individuals for interviews, by both the complainant and respondent agency, is necessary for NSIRA to conduct investigations in a timely manner and for the Secretariat to meet its service standards. Similar to NSIRA’s reviews, there continues to be a risk that government party respondents will not provide NSIRA with the documentary evidence it requires within the deadlines set by NSIRA. The is illustrated in ongoing litigation efforts against NSIRA’s access rights. The Secretariat will continue to support NSIRA in communicating expectations and deadlines clearly and consistently to parties and to coordinate NSIRA representation before the federal court in associated litigation matters.
Planned resources to achieve results
Table 3: Planned resources to achieve results for National security and intelligence reviews and complaints investigations
Table 3 provides a summary of the planned spending and full-time equivalents required to achieve results.
United Nations 2030 Agenda for Sustainable Development and the UN Sustainable Development Goals
The NSIRA Secretariat’s contributes to implementing the 2030 Agenda and advancing the Sustainable Development Goals (SDG). Through its Departmental Sustainable Development Strategy for 2023-2027, the NSIRA Secretariat supports SDGs 10 (Reduced Inequalities), 12 (Responsible Consumption and Production), and 13 (Climate Action) by ensuring that its operations and activities align with principles of sustainability, social equity, and environmental responsibility. The Secretariat’s initiatives aim to foster a balanced approach to sustainable development while contributing to Canada’s progress in achieving the global SDG targets.
More information on the NSIRA Secretariat’s contributions to Canada’s Federal Implementation Plan on the 2030 Agenda and the Federal Sustainable Development Strategy can be found in our Departmental Sustainable Development Strategy.
Program inventory
National security and intelligence reviews and complaints investigations are supported by the following program in the program inventory:
National security and intelligence activity reviews and complaints investigations.
Supporting information on planned expenditures, human resources, and results related to the NSIRA Secretariat’s program inventory is available on GC Infobase.
Internal services
Description
Internal services are the services that are provided within a department so that it can meet its corporate obligations and deliver its programs. There are 9 categories of internal services:
management and oversight services
communications services
human resources management services
financial management services
information management services
information technology services
real property management services
materiel management services
acquisition management services
Plans to achieve results
This section presents details on how the department plans to achieve results and meet targets for internal services.
Efficient Resource Deployment and Operational Support
In 2025–26, the NSIRA Secretariat will continue to take steps to ensure resources are deployed in the most effective and efficient manner possible, and its operations and administrative structures, tools, and processes continue to focus on supporting the delivery of its priorities. The NSIRA Secretariat will work to formalize and document some key policies, directives and guidelines for the finance and procurement operations.
Strategic Human Resources Focus
HR services play a pivotal role in achieving organizational goals by fostering a high performing, engaged, and adaptable workforce. The HR strategic focus emphasizes enhancing processes through innovative talent acquisition, employee development, and retention strategies aligned with the organization’s mission and values. Revamped developmental programs, tailored training opportunities, mentorship initiatives, and clear pathways for professional growth ensure employees are well-equipped to meet evolving needs. Furthermore, the NSIRA Secretariat has made notable progress in employee retention, driven by a commitment to a positive workplace culture These efforts, along with wellness initiatives, and a collaborative culture, enhance job satisfaction and long-term retention, enabling the organization to thrive.
Enhancing Collaboration and Accessibility
There are plans to revamp our internal systems to improve collaboration and enhance information accessibility across teams. Additionally, we will optimize the NSIRA’s external website to ensure better accessibility and alignment with organizational objectives. These efforts are designed to streamline information-sharing practices, increase operational efficiency, and foster a more connected and collaborative work environment. Through these plans, the NSIRA Secretariat will enhance both internal and external communications, ensuring that technology supports the department’s broader goals.
Modernizing Information Management and Archival Practices
The NSIRA Secretariat plans to establish comprehensive archival management and compliance standards for the physical archive to meet both regulatory and organizational requirements. A key focus will be the modernization of information management policy instruments, ensuring that data handling and storage practices align with contemporary best practices in the field. During 2025-2026, the NSIRA Secretariat will implement its new Disposition Authority, which will guide the retention and disposal of records in accordance with established guidelines. Additionally, a targeted approach will be taken to strengthen the use of GCdocs, enhancing its capabilities for effective information management across the NSIRA Secretariat. These efforts will ensure robust operations and provide the necessary structure to support efficient information governance.
Strengthening Risk Management Frameworks
To strengthen the department’s risk management capabilities, the plan includes the ongoing implementation and updating of security controls and risk-based procedures to ensure their continued relevance and resilience in the face of emerging threats. This will be supported by the strengthening of the internal risk program framework, including the development of more effective tools to assess, manage, and mitigate risks across the organization. By enhancing these risk management strategies, the NSIRA Secretariat will be better equipped to safeguard its operations and assets, while fostering a culture of proactive risk management that supports the achievement of organizational objectives.
Planned resources to achieve results
Table 4: Planned resources to achieve results for internal services this year
Table 4 provides a summary of the planned spending and full-time equivalents required to achieve results.
Planning for contracts awarded to Indigenous businesses
Government of Canada departments are to meet a target of awarding at least 5% of the total value of contracts to Indigenous businesses each year. This commitment is to be fully implemented by the end of 2024-25.
As part of the government-wide phased approach, the NSIRA Secretariat is progressing toward this goal. Efforts are already well underway in support of the Government of Canada’s commitment, which requires that at least 5% of the total value of contracts be awarded to Indigenous businesses annually.
In 2023–24, the NSIRA Secretariat was well on its way to achieving the 5% goal by 2024–25, having reached 3%, as shown in Table 5. Measures to meet the mandatory target include increasing the number of contracts set aside for Indigenous businesses under the Procurement Strategy for Indigenous Business over the next three fiscal years.
Table 5: Percentage of contracts planned and awarded to Indigenous businesses
Table 5 presents the current, actual results with forecasted and planned results for the total percentage of contracts the department awarded to Indigenous businesses.
5% Reporting Field
2023–24 Actual Result
2024–25 Forecasted Result
2025–26 Planned Result
Total percentage of contracts with Indigenous businesses
3%
5%
5%
Planned spending and human resources
This section provides an overview of National Security and Intelligence Review Agency Secretariat’s planned spending and human resources for the next three fiscal years and compares planned spending for 2025-26 with actual spending from previous years.
Spending
This section presents an overview of the department’s planned expenditures from 2022-23 to 2027-28.
Graph 1 Planned spending by core responsibility in 2025-26
Graph 1 presents how much the department plans to spend in 2025-26 to carry out core responsibilities and internal services.
Graph 1 is a bar graph that demonstrates how much the department plans to spend on core responsibilities and internal services by year from 2022-23 through 2027-28.
Core Responsibilities and Internal Services
2025–26 Planned Spending
National security and intelligence reviews and complaints investigations
$11,280,435
Internal services
$8,164,617
Analysis of planned spending by core responsibility
Yearly spending to carry out core responsibilities and internal services has remained steady in total as well as with respect to the ratio of statutory to voted expenditures. This is expected to remain relatively stable as the organization reaches its steady state.
Budgetary performance summary
Table 6 Three-year spending summary for core responsibilities and internal services (dollars)
Table 6presents how much money the NSIRA Secretariat spent over the past three years to carry out its core responsibilities and for internal services. Amounts for the current fiscal year are forecasted based on spending to date.
Core Responsibilities and Internal Services
2022–23 Actual Expenditures
2023–24 Actual Expenditures
2024–25 Forecast Spending
National security and intelligence reviews and complaints investigations
$7,756,271
$9,110,398
$11,303,742
Subtotal
$7,756,271
$9,110,398
$11,303,742
Internal services
$10,532,876
$10,535,328
$8,181,486
Total
$18,289,147
$19,645,726
$19,485,229
Analysis of the past three years of spending
While planned spending appears to have remained constant over the last 3 years and is expected to stay the same, the composition of expenditures has changed from fiscal year 2022-23 to 2024-25. A large capital infrastructure project was underway in 2022-23 and was completed in 2023-24, inflating expenditures in internal services. Since 2022-23, we have seen a gradual increase in both ongoing O&M expenditures and salaries, due to the growth of the organization and the approach towards a steady state.
Table 7 Planned three-year spending on core responsibilities and internal services (dollars)
Table 7 presents how much money the NSIRA Secretariat plans to spend over the next three years to carry out its core responsibilities and for internal services.
Core Responsibilities and Internal Services
2025–26 Planned Spending
2026–27 Planned Spending
2027–28 Planned Spending
National security and intelligence reviews and complaints investigations
$11,280,435
$11,296,175
$11,296,175
Subtotal
$11,280,435
$11,296,175
$11,296,175
Internal services
$8,164,617
$8,176,009
$8,176,009
Total
$19,445,052
$19,472,184
$19,472,184
Analysis of the next three years of spending
With the maturing of the organization, overall planned spending is expected to remain constant for the foreseeable future. The organization’s funding has been regularized, so there are no significant variances to report.
This section provides an overview of the department’s voted and statutory funding for its core responsibilities and for internal services. For further information on funding authorities, consult the Government of Canada budgets and expenditures.
Graph 2: Approved funding (statutory and voted) over a six-year period
Graph 2 summarizes the department’s approved voted and statutory funding from 2022-23 to 2027-28.
Graph 2 is a bar graph that summarizes the department’s approved voted and statutory funding from 2022-23 to 2027-28
Fiscal Year
Total
Voted
Statutory
2022–23
$29,791,019
$28,063,351
$1,727,668
2023–24
$24,388,394
$22,633,165
$1,755,229
2024–25
$19,458,632
$17,857,264
$1,601,368
2025–26
$19,445,052
$17,697,005
$1,748,047
2026–27
$19,472,184
$17,720,195
$1,751,989
2027–28
$19,472,184
$17,720,195
$1,751,989
Analysis of statutory and voted funding over a six-year period
With NSIRA being created in 2019, additional space was required to accommodate the intended steady state of FTEs within the organization. To address this need, a large capital infrastructure project was funded until March 2024, even though the project was completed in August 2024. This timing explains the decrease in funding in 2023–24 and again in 2024–25. From 2024–25 onward, the organization has nearly reached its anticipated steady state, which is reflected in a consistent yearly budget.
For further information on the NSIRA Secretariat’s departmental appropriations, consult the 2025-26 Main Estimates.
Future-oriented condensed statement of operations
The future-oriented condensed statement of operations provides an overview of the NSIRA Secretariat’s operations for 2024-25 to 2025-26.
Table 8 Future-oriented condensed statement of operations for the year ended March 31, 2026 (dollars)
Table 8 summarizes the expenses and revenues which net to the cost of operations before government funding and transfers for 2024-25 to 2025-26. The forecast and planned amounts in this statement of operations were prepared on an accrual basis. The forecast and planned amounts presented in other sections of the Departmental Plan were prepared on an expenditure basis. Amounts may therefore differ.
Financial Information
2024–25 Forecast Results
2025–26 Planned Results
Difference (Planned Results minus Forecasted)
Total expenses
$21,201,414
$21,394,362
$192,948
Total revenues
$0
$0
$0
Net cost of operations before government funding and transfers
$21,201,414
$21,394,362
$192,948
Analysis of forecasted and planned results
While there are no significant variances between planned 2025-26 and forecasted 2024-25 results, small increases in both the amortization of tangible capital assets and services provided without charge are anticipated due to the completion of a large infrastructure project which was converted from an asset under construction to an asset mid-year 2024-25.
A more detailed Future-Oriented Statement of Operations and associated Notes for 2025-26, including a reconciliation of the net cost of operations with the requested authorities, is available on the NSIRA Secretariat’s website.
Human resources
This section presents an overview of the department’s actual and planned human resources from 2022-23 to 2027-28.
Table 9: Actual human resources for core responsibilities and internal services
Table 9 shows a summary of human resources, in full-time equivalents, for the NSIRA Secretariat’s core responsibilities and for its internal services for the previous three fiscal years. Human resources for the current fiscal year are forecasted based on year to date.
Core Responsibilities and Internal Services
2022–23 Actual Full-time Equivalents
2023–24 Actual Full-time Equivalents
2024–25 Forecasted Full-time Equivalents
National security and intelligence reviews and complaints investigations
53
51
69
Subtotal
53
51
69
Internal services
25
24
31
Total
78
75
100
Analysis of human resources over the last three years
Our full-time employee count has shown significant progress over the past year, reflecting our continued growth and commitment to expanding our organisation. The turnover rate was significantly lower this year, largely attributed to the organization’s strong commitment to fostering a healthy workplace culture for its employees. The NSIRA Secretariat has empowered its staff and managers to organize their professional responsibilities effectively. This is complemented by efforts to implement clear organizational priorities and break down organizational silos. Additionally, the organization provides resources that promote mental and physical health, creating a supportive environment where employees feel valued. These initiatives are combined with professional growth opportunities and a collaborative culture..
Table 10: Human resources planning summary for core responsibilities and internal services
Table 10 shows information on human resources, in full-time equivalents, for each of the NSIRA Secretariat’s core responsibilities and for its internal services planned for the next three years.
Core Responsibilities and Internal Services
2025–26 Planned Full-time Equivalents
2026–27 Planned Full-time Equivalents
2027–28 Planned Full-time Equivalents
National security and intelligence reviews and complaints investigations
69
69
69
Subtotal
69
69
69
Internal services
31
31
31
Total
31
31
31
Analysis of human resources for the next three years
The NSIRA Secretariat expects to be fully staffed as of 2025-26. Attrition is predicted to be low in the coming years, therefore, the NSIRA Secretariat projects a steady level of staffing year to year.
Corporate information
Departmental profile
Appropriate minister(s): The Right Honourable Mark Carney, Prime Minister of Canada
Institutional head: Charles Fugère, Executive Director
Ministerial portfolio: Privy Council Office
Enabling instrument(s): National Security and Intelligence Review Agency Act
Year of incorporation / commencement: 2019
Departmental contact information
Mailing address:
National Security and Intelligence Review Agency Secretariat P.O. Box 2430, Station B
Ottawa, Ontario K1P 5W5
Email: info@nsira-ossnr.gc.ca
Website(s): nsira-ossnr.gc.ca
Federal tax expenditures
The NSIRA Secretariat’s Departmental Plan does not include information on tax expenditures.
The tax system can be used to achieve public policy objectives through the application of special measures such as low tax rates, exemptions, deductions, deferrals and credits. The Department of Finance Canada publishes cost estimates and projections for these measures each year in the Report on Federal Tax Expenditures.
This report also provides detailed background information on tax expenditures, including descriptions, objectives, historical information and references to related federal spending programs as well as evaluations and GBA Plus of tax expenditures.
Appendix: definitions
appropriation(crédit)
Any authority of Parliament to pay money out of the Consolidated Revenue Fund.
budgetary expenditures(dépenses budgétaires)
Operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.
core responsibility(responsabilité essentielle)
An enduring function or role performed by a department. The intentions of the department with respect to a core responsibility are reflected in one or more related departmental results that the department seeks to contribute to or influence.
Departmental Plan(plan ministériel)
A report on the plans and expected performance of an appropriated department over a 3year period. Departmental Plans are usually tabled in Parliament each spring.
departmental result(résultat ministériel)
A consequence or outcome that a department seeks to achieve. A departmental result is often outside departments’ immediate control, but it should be influenced by program-level outcomes.
departmental result indicator (indicateur de résultat ministériel)
A quantitative measure of progress on a departmental result.
departmental results framework(cadre ministériel des résultats)
A framework that connects the department’s core responsibilities to its departmental results and departmental result indicators.
Departmental Results Report(rapport sur les résultats ministériels)
A report on a department’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Departmental Plan.
full‑time equivalent(équivalent temps plein)
A measure of the extent to which an employee represents a full person‑year charge against a departmental budget. For a particular position, the full‑time equivalent figure is the ratio of number of hours the person actually works divided by the standard number of hours set out in the person’s collective agreement.
gender-based analysis plus (GBA Plus)(analyse comparative entre les sexes plus [ACS Plus])
Is an analytical tool used to support the development of responsive and inclusive policies, programs, and other initiatives. GBA Plus is a process for understanding who is impacted by the issue or opportunity being addressed by the initiative; identifying how the initiative could be tailored to meet diverse needs of the people most impacted; and anticipating and mitigating any barriers to accessing or benefitting from the initiative. GBA Plus is an intersectional analysis that goes beyond biological (sex) and socio-cultural (gender) differences to consider other factors, such as age, disability, education, ethnicity, economic status, geography (including rurality), language, race, religion, and sexual orientation.
Using GBA Plus involves taking a gender- and diversity-sensitive approach to our work. Considering all intersecting identity factors as part of GBA Plus, not only sex and gender, is a Government of Canada commitment.
government priorities(priorités gouvernementales)
For the purpose of the 2025-26 Departmental Plan, government priorities are the high-level themes outlining the government’s agenda in the most recent Speech from the Throne.
horizontal initiative(initiative horizontale)
An initiative where two or more federal departments are given funding to pursue a shared outcome, often linked to a government priority.
Indigenous business (entreprise autochtones)
For the purpose of the Directive on the Management of Procurement Appendix E: Mandatory Procedures for Contracts Awarded to Indigenous Businesses and the Government of Canada’s commitment that a mandatory minimum target of 5% of the total value of contracts is awarded to Indigenous businesses, a department that meets the definition and requirements as defined by the Indigenous Business Directory.
non‑budgetary expenditures(dépenses non budgétaires)
Non-budgetary authorities that comprise assets and liabilities transactions for loans, investments and advances, or specified purpose accounts, that have been established under specific statutes or under non-statutory authorities in the Estimates and elsewhere. Non-budgetary transactions are those expenditures and receipts related to the government’s financial claims on, and obligations to, outside parties. These consist of transactions in loans, investments and advances; in cash and accounts receivable; in public money received or collected for specified purposes; and in all other assets and liabilities. Other assets and liabilities, not specifically defined in G to P authority codes are to be recorded to an R authority code, which is the residual authority code for all other assets and liabilities.
performance (rendement)
What a department did with its resources to achieve its results, how well those results compare to what the department intended to achieve, and how well lessons learned have been identified.
performance indicator(indicateur de rendement)
A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.
plan(plan)
The articulation of strategic choices, which provides information on how a department intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and tend to focus on actions that lead to the expected result.
planned spending(dépenses prévues)
For Departmental Plans and Departmental Results Reports, planned spending refers to those amounts presented in Main Estimates.
A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Departmental Plans and Departmental Results Reports.
program(programme)
Individual or groups of services, activities or combinations thereof that are managed together within the department and focus on a specific set of outputs, outcomes or service levels.
program inventory(répertoire des programmes)
Identifies all the department’s programs and describes how resources are organized to contribute to the department’s core responsibilities and results.
result(résultat)
A consequence attributed, in part, to a department, policy, program or initiative. Results are not within the control of a single department, policy, program or initiative; instead they are within the area of the department’s influence.
statutory expenditures(dépenses législatives)
Expenditures that Parliament has approved through legislation other than appropriation acts. The legislation sets out the purpose of the expenditures and the terms and conditions under which they may be made.
target (cible)
A measurable performance or success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.
voted expenditures(dépenses votées)
Expenditures that Parliament approves annually through an appropriation act. The vote wording becomes the governing conditions under which these expenditures may be made.
Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2023: Backgrounder
Review of Federal Institutions’ Disclosures of Information under the Security of Canada Information Disclosure Act in 2023
Backgrounder
Backgrounder
The Security of Canada Information Disclosure Act (SCIDA) is intended to facilitate information sharing across government for national security purposes. Disclosures under SCIDA tend to include considerable personal information, such as passport information, citizenship status, and information gathered by diplomatic missions.
NSIRA is responsible for annually reviewing disclosures made during the previous calendar year and submits a report with its findings and recommendations to the Minister of Public Safety.
Annual reviews of disclosures by NSIRA are key to ensuring that Government of Canada (GC) institutions use SCIDA in a manner that respects the Canadian Charter of Rights and Freedoms and the privacy rights of the individuals whose information is being disclosed.
This report describes the results of a review by NSIRA of SCIDA disclosures made in 2023. It was tabled in Parliament by the Minister of Public Safety, as required under subsection 39(2) of the NSIRA Act, on June 13 2025.
Since NSIRA began reviewing GC institutions’ compliance with the Act five years ago, it has made recommendations to promote higher levels of compliance among GC institutions. This has resulted in those institutions adjusting their practices and increasingly demonstrating an improved understanding of their obligations.
This year, for the first time in SCIDA’s history, NSIRA has found full compliance with the Act. As such, the report contains seven recommendations aimed at improving the practices of GC institutions to ensure that this high level of compliance is maintained.
Department of National Defence/Canadian Armed Forces
FINTRAC
Financial Transactions and Reports Analysis Centre of Canada
GAC
Global Affairs Canada
GC
Government of Canada
IRCC
Immigration, Refugees and Citizenship Canada
NSIRA
National Security and Intelligence Review Agency
PHAC
Public Health Agency of Canada
PS
Public Safety Canada
RCMP
Royal Canadian Mounted Police
SCIDA
Security of Canada Information Disclosure Act
TC
Transport Canada
Glossary of Terms
Contribution test
The first part of the two-part threshold that must be met before an institution can make a disclosure under the SCIDA: it must be satisfied that the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (paragraph 5(1)(a)).
Proportionality test
The second part of the two-part threshold that must be met before an institution can make a disclosure under the SCIDA: it must be satisfied that the information will not affect any person’s privacy interest more than reasonably necessary in the circumstances (paragraph 5(1)(b)).
Executive Summary
The objective of this review was to determine whether Government of Canada (GC) institutions complied with the Security of Canada Information Disclosure Act (SCIDA)’s requirements for disclosure and record keeping in 2023. The review assessed GC institutions’ use of information-sharing arrangements, consistent with SCIDA’s guiding principles. The review also documented the volume of SCIDA disclosures and highlighted patterns in the SCIDA’s use across GC institutions and over time.
This is the fifth year that GC institutions have used the SCIDA and that NSIRA has reviewed their compliance with the act. Each year, NSIRA has made recommendations aimed at promoting compliance with the Act. Over the last five years, GC institutions have adjusted their practices and are increasingly demonstrating an improved understanding of their obligations. As a result, for the first time in SCIDA’s history, NSIRA found full compliance with the SCIDA. This allowed NSIRA to focus its review on in-depth analysis of the SCIDA’s contribution and proportionality tests.
For instance, some Immigration, Refugees and Citizenship Canada (IRCC) disclosures, albeit compliant with the SCIDA, presented a heightened risk of non-compliance with these two tests. One disclosure involving protest activity raised concerns regarding how IRCC arrived at the conclusion that the disclosure was related to activity that undermined the security of Canada, and thus complied with paragraph 5(1)(a) of the SCIDA. Three disclosures also raised concerns with regard to the amount of personal information that IRCC disclosed following its proportionality assessment, pursuant to paragraph 5(1)(b).
CSIS request letters, on which IRCC often relies to assess compliance with subsection 5(1), were at times unclear. This hindered IRCC’s effort to satisfy itself that the disclosure was authorised under the SCIDA.
IRCC provided templated statements on accuracy and reliability that were not always relevant or specific to the circumstances of the disclosure. In one case, the Canada Border Services Agency (CBSA) made a verbal disclosure that did not include an explicit statement about accuracy and reliability at time of disclosure. In addition, CBSA’s record of disclosure form contradicts the SCIDA by suggesting that the provision of information on accuracy and reliability is optional.
As encouraged by the SCIDA’s guiding principles, and as recommended by NSIRA previously, IRCC and the Communication Security Establishment signed an informationsharing agreement.
NSIRA made seven recommendations to mitigate risks of non-compliance and enshrine best practices in future years.
1. Introduction
Authority
This review was conducted pursuant to subsections 8(1)(b) and 39(1) of the National Security and Intelligence Review Agency Act (NSIRA Act).
The review satisfies the NSIRA Act’s section 39 requirement for NSIRA to submit a report to the Minister of Public Safety on disclosures made under the Security of Canada Information Disclosure Act (SCIDA, Act) during the previous calendar year.
Scope of the Review
The objective of this review was to determine whether Government of Canada (GC) institutions complied with the SCIDA’s requirements for disclosure and record keeping. The review assessed GC institutions’ use of information-sharing arrangements, consistent with SCIDA’s guiding principles. The review also documented the volume of SCIDA disclosures and highlighted patterns in the SCIDA’s use across GC institutions and over time.
The review included all GC institutions that disclosed or received information under the SCIDA in 2023: the Canada Border Services Agency (CBSA), Communications Security Establishment (CSE), Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), Immigration, Refugees and Citizenship Canada (IRCC), and Royal Canadian Mounted Police (RCMP). The review also included Public Safety Canada (PS), which provides SCIDA-related policy guidance and training across the GC.
Methodology
NSIRA assessed administrative compliance with the SCIDA’s record keeping obligations in respect of all disclosures made in 2023.
NSIRA assessed substantive compliance with the SCIDA’s disclosure requirements for a targeted sample of 27 disclosures, selected according to the parameters described in Annex A.
Review Statements
The NSIRA Act grants NSIRA rights of timely access to any information in the possession or under the control of a department (except for cabinet confidences) and to receive from the department any documents and explanations NSIRA deems necessary. NSIRA monitors cooperation with access requests, including the completeness and accuracy of disclosures, which inform its overall assessment of a department’s responsiveness in each review.
All reviewees met NSIRA’s expectations for responsiveness during this review.
2. Background
The SCIDA provides an explicit, stand-alone authority to disclose information between GC institutions in order to protect Canada against activities that undermine its security. Its stated purpose is to encourage and facilitate such disclosures.
Section 9 of the SCIDA prescribes record-keeping obligations for all institutions who disclose or receive information under the Act. Subsection 9(3) requires that these records be provided to NSIRA within 30 days after the end of each calendar year.
Subsection 5(1) of the SCIDA authorizes GC institutions to disclose information –subject to any prohibitions or restrictions in other legislation or regulations – to designated recipient institutions if the disclosing institution is satisfied that (a) the information will contribute to the exercise of the recipient institution’s jurisdiction or responsibilities in respect of activities that undermine the security of Canada (the “contribution test”); and (b) the information will not affect any person’s privacy interest more than is reasonably necessary in the circumstances (the “proportionality test”).
Subsection 5(2) requires disclosing institutions to, at the time of the disclosure,also provide information regarding the disclosure’s accuracy and the reliability ofthe manner in which it was obtained.
When a GC institution receives information under the Act, subsection 5.1(1)requires that the institution destroy or return any unnecessary personal informationas soon as feasible after receiving it.
The SCIDA’s guiding principles reinforce the notion that effective and responsible disclosure of information protects Canada and Canadians. Of note, subsection 4(c)suggests that GC institutions enter into an information-sharing arrangement when they regularly disclose information to the same recipient.
3. Findings, Analysis, and recommendations
Volume and Nature of Disclosures
In 2023, GC institutions made a total of 269 disclosures under the SCIDA (see Table 1).
Table 1: Number of SCIDA disclosures made in 2023, by disclosing and recipient institution [all disclosures (proactive disclosures)]
Designated Recipient Institutions
Disclosing Institution
CBSA
CFIA
CNSC
CRA
CSE
CSIS
DND/CAF
Finance
FINTRAC
GAC
Health
IRCC
PHAC
PSC
RCMP
TC
TOTAL (proactive)
CBSA
–
–
–
–
–
–
–
–
–
–
–
–
–
–
2
(2)
–
2
(2)
GAC
–
–
–
–
1
(1)
10
(0)
–
–
–
–
–
–
4
(0)
–
15
(1)
–
53
(32)
IRCC
–
–
–
–
58
(0)
194
(7)
–
–
–
–
–
–
–
–
–
–
252
(7)
TOTAL (proactive)
–
–
–
–
59
(1)
204
(7)
–
–
–
–
–
1
(0)
–
–
6
(2)
–
263
(10)
The number of disclosures increased 55% since 2022, reversing the slight downward trend in the number of disclosures observed across prior years. This shift is largely due to a 246% increase in disclosures from IRCC to CSIS. CSIS attributes this increase to a policy shift that led them to use the SCIDA to request information that IRCC previously provided under the Privacy Act.
As in previous years, disclosing institutions made the vast majority of disclosures following a request. Only 4% of disclosures were sent proactively by the disclosing institution.
Record Keeping Requirements – Section 9
Finding 1. NSIRA found that every institution that disclosed or received information pursuant to SCIDA in 2023 complied with their record keeping obligations under section 9, but some records were inaccurate or imprecise.
Section 9 of the SCIDA prescribes record-keeping obligations for all disclosing institutions, as well as institutions who receive information pursuant to a disclosure. These requirements include, among others, that records of the disclosure describe the information as well as indicate whether the information was destroyed or retained by the recipient. NSIRA’s cross-reference of records provided by disclosing and recipient institutions revealed some inaccuracies that were clarified through discussion with the institutions following receipt of their records:
Under paragraph 9(2)(a), CSE mislabelled the number of subjects that the disclosure pertained to in four (of 59) instances;
Under paragraph 9(2)(e), CSIS records included contradictory information as to whether the information received has been destroyed or retained; and
Under paragraph 9(1)(a), IRCC records included contradictory descriptions of the information disclosed.
NSIRA was unable to reconcile the information provided in relation to one case where the CBSA made a verbal disclosure to the RCMP. Based on the initial records provided by the RCMP and CBSA, NSIRA could not determine with certainty what personal information was shared, and when. In response to a recommendation from NSIRA’s SCIDA review for 2022, the CBSA developed a record of disclosure form to serve as a record overview. In this instance, the form was incomplete and contradicted the copy of the disclosure that was also provided to NSIRA.
As it did last year, NSIRA underscores the importance of administrative precision in preparing records, and notes that a record overview – when correctly prepared –supports compliance with SCIDA record keeping requirements.
NSIRA identified several instances in which the disclosing institution did not provide an explicit statement, under paragraph 9(1)(e), regarding the information that was relied on to satisfy the disclosing institution of the proportionality test. Three of these disclosures were included in NSIRA’s targeted sample for assessing the contribution and proportionality tests.
Contribution and Proportionality Tests – Subsection 5(1)
Finding 2. NSIRA found, within the sample of disclosures reviewed, that disclosing institutions demonstrated they had satisfied themselves under the contribution and proportionality tests in compliance with subsection 5(1) of the SCIDA.
To assess compliance with subsection 5(1), NSIRA first considered the explicit statements prepared by disclosing institutions under paragraph 9(1)(e), describing the information that was relied on to satisfy themselves that the disclosure was authorized under the Act. When an explicit statement was provided, NSIRA analysed and corroborated these statements by reviewing all other documents provided by GC institutions related to a given disclosure. Additional documents provided did not raise any concern with paragraphs 5(1)(a) and 5(1)(b) compliance.
For all 27 disclosures included in the sample, the disclosing institution provided anexplicit statement that demonstrated that they had satisfied themselves that thedisclosure would contribute to the recipient’s jurisdiction or its responsibilities.24.
For 24 of the 27 disclosures, the disclosing institution provided an explicit statement that demonstrated they had satisfied themselves that no one’s privacy would be affected more than reasonably necessary in the circumstances. In the remaining three disclosures, despite having no explicit statement, other documents provided by the disclosing institutions nevertheless demonstrated that they had satisfied themselves of the proportionality test.25.
While NSIRA found that institutions were generally compliant with paragraphs5(1)(a) and 5(1)(b), IRCC’s contribution and proportionality assessments demonstrated some deficiencies. These deficiencies form the basis of findings 3and 4.
Recommendation 1. NSIRA recommends that disclosing institutions explicitly address the requirements of both paragraphs 5(1)(a) and 5(1)(b) in the records that they prepare under paragraph 9(1)(e) of the SCIDA.
SCIDA’s Exception for Advocacy, Protest, or Dissent
Finding 3. NSIRA found that IRCC did not, in one instance, independently consider whether its disclosure related to activities that fell under the SCIDA exception for advocacy, protest, or dissent. Instead, IRCC satisfied itself of the SCIDA’s contribution test based on assumptions about how CSIS assessed activities that undermine the security of Canada.
The contribution test under paragraph 5(1)(a) requires the disclosing institution to assess whether the disclosure relates to activities that undermine the security of Canada. These activities are defined by the Act and include, for example, espionage, covert foreign-influenced activities, terrorism, and significant or widespread interference with critical infrastructure. In its definition of activities that undermine the security of Canada, subsection 2(2) of the SCIDA includes an exception for advocacy, protest, dissent, or artistic expression. These, in and of themselves, do not constitute activities that undermine the security of Canada. The legislated exception helps to distinguish between legitimate forms of political dissent and national security threats.
In one instance, CSIS requested detailed information from IRCC related to an individual. The request sought current and past passport applications and these contain a great deal of personal information3.CSIS justified its request with anexcerpt from a news article which cited a quote uttered publicly by the individualduring a protest.
IRCC did not request any additional rationale from CSIS. It disclosed the individual’s passport application, including some associate’s information, along with the individual’s passport number, place of issue, and dates of issue and expiry.
In response to a query from NSIRA regarding on what basis it satisfied itself of the contribution test, IRCC explained that it “relies on the partner to accurately describe that the individual is tied to an activity that may undermine the security of Canada.” The IRCC official who authorized the disclosure further explained that IRCC assumed that CSIS had not relied solely on the individual’s statements quoted in the news article given the limits of CSIS’s authority to investigate lawful advocacy, protest or dissent under the CSIS Act.
The CSIS Act includes an exemption preventing CSIS from investigating lawful advocacy, protest or dissent, without the presence of threat related activities itemised in the CSIS Act. However, the SCIDA’s use of “activity that undermines the security of Canada” is a purposeful departure from the CSIS Act’s “threat to the security of Canada”. The distinction reflects legislative intent that the disclosing institution perform its own, fit-for-purpose assessment.
Subsection 5(1) of the SCIDA explicitly places the onus on the disclosing entity to assure itself that the disclosure is authorized. The process by which an institution satisfies itself should be grounded in an independent and factual assessment. In that context, a mere acquiesce of a request would not be sufficient, nor would a de facto reliance on the recipient respecting their enabling legislation. The threshold of satisfaction imports an objective standard that must be based on facts.
PS guidance notes that although the threshold imposed by subsection 5(1) does not hold institutions to perfection, they must make all reasonable efforts to satisfy themselves that the information will contribute to the recipient’s national security mandate. When encountering activities occurring in the context of political dissent or a protest, NSIRA expects institutions with a national security mandate to exercise caution when requesting information relating to an activity protected under the Canadian Charter of Rights and Freedoms (Charter) to further an investigation. At the same time, in this case, IRCC should have obtained more information prior to disclosure, to substantiate what activities were undermining the security of Canada to ensure the exception did not apply.
Recommendation 2. NSIRA recommends that IRCC amend their SCIDA policy to underscore that IRCC must independently assess whether the disclosure is authorized. This assessment should consider whether the activity amounts to one of the exceptions to the SCIDA’s definition of activities that undermine the security of Canada.
IRCC’s New Approach to Proportionality Assessments
Finding 4. NSIRA found that, throughout the course of 2023, IRCC improved the rigour of its proportionality assessments regarding disclosure of passport information. However, NSIRA identified three instances where IRCC disclosed visa information without applying the same rigorous approach, which risked disclosing more personal information than reasonably necessary in the circumstances.
In summer 2023, IRCC adopted a “higher” standard to satisfy itself that no person’s privacy interest would be affected more than reasonably necessary when disclosing passport information to CSIS. According to IRCC, this shift was prompted by a previous NSIRA recommendation that IRCC be explicit in their records that the proportionality test was met. Not only did IRCC adjust their record keeping practices, but they also turned their attention to the substantive issue at hand. Indeed, IRCC closely examined the privacy impact their disclosures may have when responding to CSIS requests.
As a result, when dealing with the absence of additional rationale from CSIS, IRCC became more conservative in the disclosure of information. For example, IRCC began redacting associate’s information in passport applications, limiting the provision of historical applications, and refraining from disclosing applications of minors. They adopted an iterative approach to disclosing passport information, which cultivated a more appropriate weighting of individuals’ privacy interests vis-à-vis the recipient’s investigative needs.
IRCC’s new approach to assessing the proportionality of passport information disclosures was not well-received by CSIS, who characterize their receipt of redacted passport applications as a “massive” hindrance to section 12 investigations. In internal correspondence, a CSIS analyst noted that they would prefer that “IRCC not filter down the info and let them [CSIS] make the assessment based on the knowledge of [national security] threats”.
Still, the discretionary nature of SCIDA disclosures make it such that IRCC may choose what information to disclose, if any. IRCC’s SCIDA Standard Operating Procedure states that requests for disclosure must provide sufficient information to justify the release of associate’s information. Under the SCIDA, it is entirely within IRCC’s purview to seek and obtain such justification prior to disclosing information.
IRCC’s increased attention to privacy interests in the context of passport application disclosures was not imparted to disclosures of information collected from visa applications. It is important to note that this distinction is not a factor that should be considered when assessing proportionality. Under the SCIDA, the privacy interests of citizens and non-citizens must be similarly assessed, and only treated differently in a visa application if no reasonable expectation of privacy is assessed.
Annex B presents the details of three disclosures in relation to which IRCC disclosed visa information to CSIS, concerning over 20 individuals, without having first established facts relevant to the conduct of an informed proportionality assessment. In these cases, either the identities of the subject of the request were unknown or the link between the subject of the disclosure and the threat had yet to be established. NSIRA would have expected IRCC to follow a more iterative approach to disclosing this information, consistent with its approach to passport disclosures in the later part of 2023. Such an iterative approach would have entailed disclosing only basic information until a greater connection to the activity that undermined the security of Canada could be established or the identity of the individual could be confirmed.
Additionally, the cases presented in Annex B are not fully consistent with IRCC policy, which underscores that “disclosing […] more personal information than is necessary could constitute a breach of a person’s reasonable expectation of privacy, a right protected by the Canadian Charter of Rights and Freedoms”. This is an important consideration since the proportionality of a given disclosure may be a factor in determining its Charter reasonableness.
Under the SCIDA regime, and as explained in PS guidance, the proportionality testis conducted to help determine the scope of what can be disclosed, and not necessarily whether the disclosure should occur. Thus, it would have been warranted for IRCC to assess how the sharing of each piece of information would impact the privacy of the individuals in question.
Recommendation 3. NSIRA recommends that IRCC apply an iterative approach to its proportionality assessments, with a view to disclosing only the minimum information reasonably necessary in the circumstances to enable the recipient institution to further their investigation.
CSIS Request Letters
Finding 5. NSIRA found that CSIS requests to IRCC used inconsistent terminology and were often unclear about the relationship between the subject of the request and its investigation. At times, this lack of clear communication hindered IRCC’s efforts to satisfy itself that the disclosure was authorised under the SCIDA.
96% of IRCC disclosures to CSIS were in response to a request. IRCC used the information in CSIS’s request letters to assure itself that a disclosure met both the contribution and the proportionality tests. While IRCC is always at liberty to request more information from CSIS to satisfy itself that the disclosure is authorized, in the majority of disclosures requested by CSIS, IRCC based its assessments solely on the information provided by CSIS in the request letter.
NSIRA reviewed all request letters sent by CSIS to IRCC. CSIS used a wide variety of terms to describe the nature of its interest in the subject of a request, such as:
The subject came to the attention of the Service
The subject is of interest for possible involvement in
The subject is of interest in connection with
The subject is believed to be an associate of a target
The subject is related to the threat
The individual is the subject of a Service investigation
The subject is part of a Service investigation
The subject is very closely associated to a CSIS subject of investigation
In most cases, CSIS did not define these terms or provide any more information on why the subject was of interest.
Furthermore, CSIS used the same (or similar) words when referring to different levels of interest. For example, “associated with” and “part of a Service Investigation” were used in requests for individuals with no known involvement in threat related activities and for individuals who CSIS has reason to suspect are involved in threat activities. In another instance, CSIS’s request letter stated that the subjects were related to the threat, but the connection between the threat and the individuals had not been established.
As a result of these inconsistencies and lack of clarity, IRCC could not understand key nuances relevant to its proportionality assessments. This issue is compounded by the fact the CSIS tended to request “any and all information” associated with the subject(s) of a request.
The relationship between the information requested and an investigation is an important factor considered by IRCC when assessing proportionality. Indeed, IRCC’s new approach to assessing proportionality takes into consideration the fact that information on associates contained in passport applications may not be material to the investigation. As a result, IRCC has often opted to redact some associate’s information, unless CSIS provided some indication that they are, or could be, implicated in the threat activity. In one of the several instances where CSIS stated that the subject of the request was “very closely associated to a CSIS subject of investigation”, IRCC requested an explanation to clearly link the subject of the request to the investigation. When CSIS did not provide it, IRCC opted to cancel the disclosure as it was not satisfied that the disclosure would meet the proportionality test.
It is essential that CSIS convey information in a clear and consistent manner given that IRCC takes this information into account in conducting its proportionality assessments. This is especially true when IRCC is disclosing associate’s information. When requesting information under the SCIDA, recipient institutions should, as a matter of course, facilitate disclosing institutions’ compliance with SCIDA thresholds by using clear and consistent terminology.
In late 2023, CSIS began centralizing its process for requesting IRCC SCIDA disclosures and developed a standard request form, which should help with consistency. As no requests were made in 2023 using these standard forms, NSIRA could not assess the effect of these changes in practice.
Recommendation 4. NSIRA recommends that CSIS use consistent terminology, and be clear about the nature of the link that has been established between the subject of a request and its investigation, to assist IRCC in satisfying itself of the proportionality test.
Reliability and Accuracy Statement – Subsection 5(2)
Finding 6. NSIRA found that disclosing institutions provided information regarding the accuracy of the information and reliability of the manner in which it was obtained in relation to all disclosures. However, CBSA made one verbal disclosure that did not include an explicit statement on accuracy and reliability.
Under the SCIDA, departments are required to provide information on the accuracy and the reliability of the manner in which the information being disclosed was obtained. They must do so at the time of the disclosure.
All written disclosures made in 2023 contained a statement on accuracy and reliability. However, CBSA made one proactive verbal disclosure of a tip to the RCMP, previously described in paragraph 19, in which it did not provide an explicit statement regarding accuracy and reliability at the time of disclosure.
Although the same information was shared again in writing two weeks later, an explicit, written statement on accuracy and reliability was only shared with the RCMP nearly two months later, when the CBSA disclosed additional information about the subject.
Subsection 5(2) states that “information” regarding accuracy and reliability “must” be provided at time of disclosure. NSIRA assesses in this case that, by its very nature, relaying that the information disclosed was derived from a tip conveyed information regarding accuracy and reliability to the RCMP. That said, an explicit, written statement is considered best practice. While verbal disclosures are not prohibited by the SCIDA, PS guidance notes that “[i]nformal communication cannot be used in lieu of the formal disclosure process or to replace the formal recordkeeping obligations.”
Recommendation 5. NSIRA recommends that institutions avoid making verbal disclosures whenever possible. When they must occur, verbal disclosures should explicitly convey the requisite information on accuracy and reliability.
Finding 7. NSIRA found that CBSA’s record of disclosure form contradicts the SCIDA by allowing officials to opt out of providing information regarding accuracy and reliability.
Although CBSA policy correctly reflects the mandatory nature of providinginformation on accuracy and reliability, its new record of disclosure form does not.The form includes a yes/no checkbox to indicate whether a statement confirmingthe accuracy and reliability was provided to the recipient institution. If the CBSAofficial selects “no”, they are prompted to explain why they elected to not provide astatement. This implies that it is discretionary and leaves the opportunity for CBSAto opt out of the requirement.
Further, the form does not specify that the statement must be provided at the timeof disclosure, as the SCIDA specifically demands.
Recommendation 6. NSIRA recommends that CBSA harmonize its record of disclosure form with the SCIDA to convey the mandatory nature of providing information on accuracy and reliability at the time of the disclosure.
Finding 8. NSIRA found that IRCC used templated language to describe the disclosure’s accuracy and reliability that was not always relevant or specific to the circumstances of the disclosure.
All IRCC disclosures made in 2023 included the same accuracy and reliability statement:
The information in this disclosure was provided by the Subject as part of their various applications to IRCC. The Subject declared that the information they provided as part of their applications was truthful, complete and correct. The information in this disclosure is accurate and reliable in so far as the Subject was truthful in their submissions to our Department. IRCC holds no information that would call into question the accuracy and reliability of the information provided by the Subject.
There are several cases where this statement provided by IRCC did not reflect the specific circumstances of the disclosure. For example, the statement above was included in a disclosure where no immigration or passport records were found and the only information disclosed was the lack of records. The same statement was used in disclosures of child general passport applications, which are actually completed by parents or legal guardians rather than by the subject themselves. When solely disclosing citizenship status to CSE, IRCC still included the same statement, despite the information disclosed not being provided by the subject as part of their application. In one case, the IRCC used the same statement in the disclosure but nevertheless contradicted itself by also stating that there was some reason to believe the information might not be accurate.
All of these cases point to a tendency of copying the accuracy and reliability information without giving sufficient attention to the relevance of the statement.
When instructing on the accuracy and reliability statement, the PS SCIDA guide suggests that “formulaic (templated) language should be avoided, unless the nature and source of information disclosed is derived from a routine process.” IRCC produces a large number of disclosures every year. While some language can be recycled, it is necessary that the statement remain an accurate representation of each disclosure. NSIRA has previously recommended that statements be clear and specific to the circumstances of the disclosure.
Recommendation 7. NSIRA recommends that IRCC tailor its statements on accuracy and reliability as to ensure that each disclosure’s statement is specific to the circumstances of the case.
Information Sharing Agreement – Subsection 4(c)
Finding 9. NSIRA found that disclosures between IRCC and CSE that occurred following the enactment of their new information sharing agreement were compliant with both the SCIDA and their information sharing agreement.
In past SCIDA reviews, NSIRA noted that some departments regularly use the SCIDA in a manner that warrants information sharing arrangements (ISA), as encouraged by subsection 4(c) of SCIDA. In 2022, NSIRA recommended that IRCC and CSE develop an ISA to govern their SCIDA disclosures.
In August 2023, IRCC and CSE signed an ISA. As a whole, the new ISA between IRCC and CSE supports compliance with SCIDA, with all key legislated requirements from SCIDA being included in the ISA. The agreement also adheres to the guidance on preparing ISAs recently developed by PS.
Of the 24 disclosures made after the ISA implementation, all were deemed compliant with the new agreement. NSIRA looked at each disclosure made under the ISA and assessed them against a majority of the requirements outlined in the agreement.
4. Conclusion
This is the fifth year that GC institutions have used the SCIDA and that NSIRA has reviewed their compliance with the act. Each year, NSIRA has made recommendations aimed at promoting compliance with the Act. Over the last five years, GC institutions have adjusted their practices and are increasingly demonstrating an improved understanding of their obligations. As a result, for the first time in SCIDA’s history, NSIRA found full compliance with the SCIDA.
This review assessed GC institutions’ compliance with requirements for recordkeeping in respect of all 269 disclosures that were made and received in 2023. It assessed their compliance with requirements for disclosure in relation to a targeted sample of 27 disclosures. All were compliant with SCIDA requirements, but NSIRA found that IRCC’s contribution and proportionality assessments demonstrated some deficiencies. An increased understanding of the activities that undermine the security of Canada would support a more thorough proportionality assessment and greater utility of the disclosed information.
NSIRA made recommendations aimed at promoting compliance with SCIDA, particularly with regard to how departments determine whether the contribution and proportionality tests have been met.
Annex A. Sample of Disclosures
Disclosures were selected for the sample based on the content of records provided to NSIRA under subsection 9(3), according to the following parameters:
At least two disclosures per discloser-recipient pair, if available;
At least one proactive disclosure per discloser, if available;
At least one requested disclosure per recipient, if available;
All disclosures identified by recipient institutions as including personal information that was destroyed or returned under the SCIDA, subsection5.1(1);
All disclosures for which there is a high-level discrepancy in the discloser and recipient records;
All disclosures made by an institution that is not listed in Schedule 3 of the SCIDA;
All disclosures received by institutions added to Schedule 3 in the preceding year; and
All disclosures that, based on the review team’s preliminary assessment, present a heightened risk of non-compliance under section 5.
Annex B. Cases Relating to IRCC’s Disclosure of Visa Information
Disclosure 1 (Economic Security Threat)
IRCC proactively disclosed to CSIS the visa applications of several individuals who received a work permit in various research fields linked to economic security threat. These applications included personal information such as employment history, travel history, contact information, photos, passport information, and associate’s information. This was part of IRCC’s effort to proactively identify and share with CSIS information about individuals that may engage in activities that pose a threat to Canada’s economic prosperity.
While the national security concern posed by these types of economic security threats is well documented, the role that these individuals played in that space was unknown. IRCC selected the individuals in question based on one threat related criteria, but the other criteria used to narrow the pool individuals from several hundreds to a few individuals were unrelated to the threat the individuals posed. Indeed, IRCC chose these additional arbitrary criteria mainly for practical reasons.
For greater clarity, there was no information indicating that any of the several individuals in question were involved in activities that undermine the security of Canada. Most of these applications were not initially referred to CSIS for security screening by IRCC, meaning that the visa officer was fully satisfied that the applicants posed no threat. In one case, the application was sent for security screening but CSIS returned a favorable recommendation and the individual was granted a visa.
The proactive sharing of complete visa application packages with CSIS risked affecting these individuals’ privacy more than was reasonably necessary in the circumstances.
Disclosure 2 (Foreign Entity)
CSIS requested passport information about any individuals with a valid visa currently working for a specific foreign entity. IRCC did not have any passport applications for the individuals that matched the search criteria, but nevertheless disclosed entire visa applications for some individuals. IRCC also provided information about individuals who had previously worked at the foreign entity, and individuals who did not have a valid visa. This misalignment between what was requested and what was disclosed does not reflect a proper tailoring of information to meet SCIDA’s contribution and proportionality tests.
None of these individuals had been linked to a specific activity that undermined the security of Canada, either at the time of the request nor following the disclosure. CSIS and IRCC’s inability to characterize the nature of the individuals’ relationship to threat activities created a risk that IRCC’s disclosure may have affected their privacy more than was reasonably necessary in the circumstances.
Disclosure 3 (Bulk Data)
CSIS sent a letter to IRCC requesting the disclosure of information within immigration applications on individuals including a spreadsheet with certain identifying personal information (called “selectors”). While large data-set requests and disclosures are not prohibited by the SCIDA, the requirements imposed by the contribution and proportionality tests must be applied to every discrete piece of information disclosed. As such, this type of information would need to be responsibly assessed prior to disclosure.
While the CSIS request letter provides extensive rationale as to why the threat actor named in the request letter poses a threat to national security, the IRCC officials that authorized the disclosure did not have contemporaneous information on how these selectors, and, by extension the individuals linked to these selectors, are linked to the threat actor.
Nevertheless, IRCC disclosed significant personal details pertaining to several individuals. For example, the disclosure included a foreign state visa refusal, information about military service, a personal picture, and other documents that would have been provided as part of a visa application.
This disclosure included more information than what CSIS requested. Given that the identity of the individuals are unconfirmed, as CSIS’s request clearly stated that the purpose of this request was for identification, this suggests that IRCC risked disclosing more than the least amount of personal information necessary for CSIS to further its investigation.
While the legislative burden to ensure that the disclosure is authorized under SCIDA falls on the disclosing entity, in this case IRCC, it may be very complex fora disclosing entity to discharge its obligation under paragraphs 5(1)(a) and 5(1)(b)with these types of large data-sets requests, particularly when the requester provides very little rationale linking each selector or individual to the activity that undermines the security of Canada.
Annex C. Overview of SCIDA Disclosures in Prior Years
Disclosing Institution
Designated Recipient Institutions under the SCIDA, Schedule 3
CBSA
GAC
CNSC
CRA
CSE
CSIS
DND/CAF
Finance
FINTRAC
GAC
Health
IRCC
PHAC
PS
RCMP
TC
TOTAL
2022
CBSA
–
–
–
–
–
–
–
–
–
–
–
–
–
–
4
–
4
GAC
–
39
2
–
–
–
–
–
–
–
–
–
–
–
12
–
53
IRCC
–
59
56
–
–
–
–
–
–
–
–
–
–
–
–
–
115
RCMP
–
–
–
–
–
–
–
–
–
–
–
–
–
–
1
–
1
TOTAL
–
59
95
2
–
–
–
–
–
–
–
–
–
–
16
–
173
2021
DND/CAF
–
–
–
–
–
–
–
–
–
–
2
–
–
–
–
–
2
GAC
–
–
–
–
–
–
–
–
–
–
–
–
–
–
2
–
44
IRCC
–
68
79
–
–
–
–
–
–
–
–
2
–
1
–
–
149
TOTAL
–
68
122
–
–
–
2
–
–
–
–
2
–
1
2
–
195
2020
CBSA
–
–
–
–
–
–
–
–
–
–
1
–
–
–
–
–
4
GAC
–
–
–
–
–
–
–
–
–
–
–
–
25
–
–
13
40
IRCC
–
60
61
–
–
–
–
–
–
–
–
–
1
–
37
–
159
RCMP
–
–
1
–
–
–
–
–
–
–
–
1
–
–
–
–
3
TC
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
2
2
Other¹⁰
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
1
TOTAL
–
61
88
1
–
–
3
–
–
–
–
6
–
55
1
–
215
2019
CBSA
–
–
–
–
–
–
–
–
–
–
–
–
–
–
1
–
3
GAC
–
–
–
–
–
–
–
–
–
–
–
–
23
–
–
–
42
IRCC
–
5
17
–
–
–
–
–
–
–
–
–
1
–
36
–
59
RCMP
–
4
1
–
–
–
–
–
–
–
–
–
–
3
–
–
8
TC
–
–
–
–
–
–
–
–
–
–
–
–
–
–
1
–
2
TOTAL
–
4
5
–
41
–
1
–
–
–
1
–
–
–
–
–
114
Annex D. Findings and Recommendations
Record Keeping Requirements – Section 9
Finding 1. NSIRA found that every institution that disclosed or received information pursuant to SCIDA in 2023 complied with their record keeping obligations under section 9, but some records were inaccurate or imprecise.
Contribution and Proportionality Tests – Subsection 5(1)
Finding 2. NSIRA found, within the sample of disclosures reviewed, that disclosing institutions demonstrated they had satisfied themselves under the contribution and proportionality tests in compliance with subsection 5(1) of the SCIDA.
Recommendation 1. NSIRA recommends that disclosing institutions explicitly address the requirements of both paragraphs 5(1)(a) and 5(1)(b) in the records that they prepare under paragraph 9(1)(e) of the SCIDA.
Finding 3. NSIRA found that IRCC did not, in one instance, independently consider whether its disclosure related to activities that fell under the SCIDA exception for advocacy, protest, or dissent. Instead, IRCC satisfied itself of the SCIDA’s contribution test based on assumptions about how CSIS assessed activities that undermine the security of Canada.
Recommendation 2. NSIRA recommends that IRCC amend their SCIDA policy to underscore that IRCC must independently assess whether the disclosure is authorized. This assessment should consider whether the activity amounts to one of the exceptions to the SCIDA’s definition of activities that undermine the security of Canada.
Finding 4. NSIRA found that, throughout the course of 2023, IRCC improved the rigour of its proportionality assessments regarding disclosure of passport information. However, NSIRA identified three instances where IRCC disclosed visa information without applying the same rigorous approach, which risked disclosing more personal information than reasonably necessary in the circumstances.
Recommendation 3. NSIRA recommends that IRCC apply an iterative approach to its proportionality assessments, with a view to disclosing only the minimum information reasonably necessary in the circumstances to enable the recipient institution to further their investigation.
Finding 5. NSIRA found that CSIS requests to IRCC used inconsistent terminology and were often unclear about the relationship between the subject of the request and its investigation. At times, this lack of clear communication hindered IRCC’s efforts to satisfy itself that the disclosure was authorised under the SCIDA.
Recommendation 4. NSIRA recommends that CSIS use consistent terminology, and be clear about the nature of the link that has been established between the subject of a request and its investigation, to assist IRCC in satisfying itself of the proportionality test.
Reliability and Accuracy Statement – Subsection 5(2)
Finding 6. NSIRA found that disclosing institutions provided information regarding the accuracy of the information and reliability of the manner in which it was obtained in relation to all disclosures. However, CBSA made one verbal disclosure that did not include an explicit statement on accuracy and reliability.
Recommendation 5. NSIRA recommends that institutions avoid making verbal disclosures whenever possible. When they must occur, verbal disclosures should explicitly convey the requisite information on accuracy and reliability.
Finding 7. NSIRA found that CBSA’s record of disclosure form contradicts the SCIDA by allowing officials to opt out of providing information regarding accuracy and reliability.
Recommendation 6. NSIRA recommends that CBSA harmonize its record of disclosure form with the SCIDA, to convey the mandatory nature of providing information on accuracy and reliability at the time of the disclosure.
Finding 8. NSIRA found that IRCC used templated language to describe the disclosure’s accuracy and reliability that was not always relevant or specific to the circumstances of the disclosure.
Recommendation 7. NSIRA recommends that IRCC tailor its statements on accuracy and reliability as to ensure that each disclosure’s statement is specific to the circumstances of the case.
Information Sharing Agreement – Subsection 4(c)
Finding 9. NSIRA found that disclosures between IRCC and CSE that occurred following the enactment of their new information sharing agreement were compliant with both the SCIDA and their information sharing agreement.
This quarterly report has been prepared by management as required by section 65.1 of the Financial Administration Act and in the form and manner prescribed by the Directive on Accounting Standards, GC 4400 Departmental Quarterly Financial Report. This quarterly financial report should be read in conjunction with the 2023–24 Main Estimates.
This quarterly report has not been subject to an external audit or review.
Mandate
The National Security and Intelligence Review Agency (NSIRA) is an independent external review body that reports to Parliament. Established in July 2019, NSIRA is responsible for conducting reviews of the Government of Canada’s national security and intelligence activities to ensure that they are lawful, reasonable and necessary. NSIRA also hears public complaints regarding key national security agencies and their activities.
This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agency’s spending authorities granted by Parliament and those used by the agency, consistent with the 2023–24 Main Estimates. This quarterly report has been prepared using a special-purpose financial reporting framework (cash basis) designed to meet financial information needs with respect to the use of spending authorities.
The authority of Parliament is required before money can be spent by the government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authorities for specific purposes.
Highlights of the fiscal quarter and fiscal year-to-date results
This section highlights the significant items that contributed to the net increase or decrease in authorities available for the year and actual expenditures for the quarter ended September 30, 2023.
NSIRA Secretariat spent approximately 52% of its authorities by the end of the third quarter, compared with 39% in the same quarter of 2022–23 (see graph 1).
Graph 1: Comparison of total authorities and total net budgetary expenditures, Q3 2023–2024 and Q3 2022–2023
Text version of Figure 1
Comparison of total authorities and total net budgetary expenditures, Q3 2023–24 and Q3 2022–23
2023-24
2022-23
Total Authorities
$24.4
$29.8
Q2 Expenditures
$4.8
$4.7
Year-to-Date Expenditures
$12.8
$11.6
Significant changes to authorities
As at December 31, 2023, Parliament had approved $24.4 million in total authorities for use by NSIRA Secretariat for 2023–24 compared with $29.8 million as of December 31, 2022, for a net decrease of $5.3 million or 18% (see graph 2).
Graph 2: Variance in authorities as at December 31, 2023
Text version of Figure 2
Variance in authorities as at June 30, 2023 (in millions)
Fiscal year 2022-23 total available for use for the year ended March 31, 2023
Fiscal year 2023-24 total available for use for the year ended March 31, 2024
Vote 1 – Operating
28.1
22.6
Statutory
1.6
1.8
Total budgetary authorities
29.7
24.4
The decrease of $5.3 million in authorities is mostly explained by a gradual reduction in NSIRA Secretariat’s ongoing operating funding due to an ongoing construction project nearing completion.
Significant changes to quarter expenditures
The third quarter expenditures totalled $4.8 million for an increase of $0.1 million when compared with $4.7 million spent during the same period in 2022–2023. Table 1 presents budgetary expenditures by standard object.
Table 1
Variances in expenditures by standard object(in thousands of dollars)
Fiscal year 2023–24: expended during the quarter ended December 31, 2023
Fiscal year 2022–23: expended during the quarter ended December 31, 2022
Variance $
Variance %
Personnel
2,866
2,503
363
15%
Transportation and communications
110
82
28
34%
Information
1
4
(3)
(75%)
Professional and special services
486
1,271
(785)
(62%)
Rentals
78
83
(5)
(6%)
Repair and maintenance
1,161
685
476
69%
Utilities, materials and supplies
(1)
21
(22)
(105%)
Acquisition of machinery and equipment
83
2
81
4050%
Other subsidies and payment
(33)
17
(50)
(294%)
Total gross budgetary expenditures
4,751
4,668
83
2%
*Details may not sum to totals due to rounding*
Professional and special services
The decrease of $785,000 is due to the timing of invoicing for our Internal Support Services agreement.
Repair and maintenance
The increase of $476,000 is due to the timing of invoicing for an ongoing capital project.
Utilities, materials and supplies
The decrease of $22,000 is due to a temporarily unreconciled acquisition card suspense account.
Acquisition of machinery and equipment
The increase of $81,000 is due to the purchase of software licenses and the corresponding support and maintenance.
Other subsidies and payments
The decrease of $50,000 is explained by a prior year refund that was deposited to NSIRA’s account in error.
Significant changes to year-to-date expenditures
The year-to-date expenditures totalled $12.8 million for an increase of $1.2 million (11%) when compared with $11.6 million spent during the same period in 2022–23. Table 2 presents budgetary expenditures by standard object.
Table 2
Variances in expenditures by standard object(in thousands of dollars)
Fiscal year 2023–24: year-to-date expenditures as of December 31, 2023
Fiscal year 2022–23: year-to-date expenditures as of December 31, 2022
Variance $
Variance %
Personnel
8,766
7,751
1,015
13%
Transportation and communications
302
196
106
54%
Information
5
9
(4)
(44%)
Professional and special services
2,155
2,695
(540)
(20%)
Rentals
151
132
19
14%
Repair and maintenance
1,188
749
439
(59%)
Utilities, materials and supplies
56
49
7
14%
Acquisition of machinery and equipment
135
15
120
800%
Other subsidies and payment
89
18
71
394%
Total gross budgetary expenditures
12,847
11,614
1,233
11%
*Details may not sum to totals due to rounding*
Personnel
The increase of $1,015,000 relates to an increase in average salary, an increase in full time equivalent (FTE) positions, and back-pay from the new collective agreement for the EC and AS occupational groups.
Transportation and communications
The increase in $106,000 is due to the timing of the invoicing for our internet connections.
Professional and special services
The decrease of $540,000 is mainly explained by the conclusion of guard services contracts associated to a capital construction project and the timing of invoicing for internal support services.
Repair and maintenance
The increase of $439,000 is due to the timing of invoicing for an ongoing capital project.
Acquisition of machinery and equipment
The increase of $120,000 is mainly explained by the one-time purchase of a specialized laptop and licenses.
Other subsidies and payments
The increase of $71,000 is due to an increase in salary overpayments.
Risks and uncertainties
The NSIRA Secretariat has made progress on accessing the information required to conduct reviews; however, there continues to be risks associated with reviewees’ ability to respond to, and prioritize, information requests, hindering NSIRA’s ability to deliver its review plan in a timely way. The NSIRA Secretariat will continue to mitigate this risk by providing clear communication related to information requests, tracking their timely completion within communicated timelines, and escalating issues when appropriate.
There is a risk that the funding received to offset pay increases anticipated over the coming year will be insufficient to cover the costs of such increases and the year-over-year cost of services provided by other government departments/agencies is increasing significantly.
Mitigation measures for the risks outlined above have been identified and are factored into NSIRA Secretariat’s approach and timelines for the execution of its mandated activities
Significant changes in relation to operations, personnel and programs
There have been no changes to the NSIRA Secretariat Program.
Approved by senior officials:
John Davies Executive Director
Martyn Turcotte Director General, Corporate Services, Chief Financial Officer
Appendix
Statement of authorities (Unaudited)
(in thousands of dollars)
Fiscal year 2023–24
Fiscal year 2022–23
Total available for use for the year ending March 31, 2024 (note 1)
Used during the quarter ended December 31, 2023
Year to date used at quarter-end
Total available for use for the year ending March 31, 2023 (note 1)
Used during the quarter ended December 31, 2022
Year to date used at quarter-end
Vote 1 – Net operating expenditures
22,633
4,313
11,531
28.063
4,236
10,318
Budgetary statutory authorities
Contributions to employee benefit plans
1,755
438
1,316
1,728
432
1,296
Total budgetary authorities (note 2)
24,388
4,751
12,847
29,791
4,668
11,614
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
Departmental budgetary expenditures by standard object (unaudited)
(in thousands of dollars)
Fiscal year 2023–24
Fiscal year 2022–23
Planned expenditures for the year ending March 31, 2024 (note 1)
Expended during the quarter ended December 31, 2023
Year to date used at quarter-end
Planned expenditures for the year ending March 31, 2023
Expended during the quarter ended December 31, 2022
Year to date used at quarter-end
Expenditures
Personnel
13,372
2,866
8,766
13,389
2,503
7,751
Transportation and communications
650
110
302
597
82
196
Information
371
1
5
372
4
9
Professional and special services
4,906
486
2,155
4,902
1,271
2,695
Rentals
271
78
151
271
83
132
Repair and maintenance
4,580
1,161
1,188
9,722
685
749
Utilities, materials and supplies
73
(1)
56
173
21
49
Acquisition of machinery and equipment
132
83
135
232
2
15
Other subsidies and payments
33
(33)
89
133
17
18
Total gross budgetary expenditures (note 2)
24,388
4,751
12,847
29,791
4,668
11,614
Note 1: Includes only authorities available for use and granted by Parliament as at quarter-end.
Note 2: Details may not sum to totals due to rounding.
Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022: Backgrounder
Review of Government of Canada Institutions’ Disclosures of Information Under the Security of Canada Information Disclosure Act in 2022
Backgrounder
Backgrounder
ISSN: 2817-7525
This report presents findings and recommendations made in NSIRA’s annual review of disclosures of information under the Security of Canada Information Disclosure Act (SCIDA). It was tabled in Parliament by the Minister of Public Safety, as required under subsection 39(2) of the NSIRA Act, on November 1st, 2023.
The SCIDA provides an explicit, stand-alone authority to disclose information between Government of Canada institutions in order to protect Canada against activities that undermine its security. Its stated purpose is to encourage and facilitate such disclosures.
This report provides an overview of the SCIDA’s use in 2022. In doing so, it:
documents the volume and nature of information disclosures made under the SCIDA;
assesses compliance with the SCIDA; and
highlights patterns in the SCIDA’s use across Government of Canada institutions and over time.
The report contains six recommendations designed to increase standardization across the Government of Canada in a manner that is consistent with institutions’ demonstrated best practices and the SCIDA’s guiding principles.
Review of the Canadian Security Intelligence Service’s (CSIS) use of Geolocation information: Backgrounder
Review of the Canadian Security Intelligence Service’s (CSIS) use of Geolocation information
Backgrounder
Review Backgrounder
On August 23rd, 2019, the National Security and Intelligence Review Agency (NSIRA) presented the Minister of Public Safety and Emergency Preparedness with a classified report on its review of CSIS’s use of geolocation information.
In this review, NSIRA found that CSIS’s use of this geolocation data without a warrant risked breaching section 8 of the Canadian Charter of Rights and Freedoms (Charter), which protects against unreasonable search and seizure. On March 16, 2020, NSIRA submitted a report under section 35 of the NSIRA Act, to the Minister of Public Safety regarding the possible unlawful activity.
This review raised pressing questions regarding the use of publically available data, but that nevertheless engages a person’s reasonable expectation of privacy. NSIRA’s review examined the decision-making process that led CSIS to use this data without a warrant, and found that CSIS lacked the policies or procedures to ensure that, prior to using the data, CSIS sought legal advice to avoid its unlawful use.
The review was also an opportunity to note more broadly that, in this environment, ongoing legal support to CSIS’s data exploitation activities is essential in allowing CSIS to operate at an acceptable level of risk. It also noted that CSIS and the Department of Justice are expected to demonstrate institutional leadership in this regard.
Going forward, NSIRA will prioritize the scrutiny of CSIS’s use of technology, particularly new or emerging technologies that pose the greatest risks.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
