The Privacy Act gives individuals the right to access information about themselves that is held by the National Security and Intelligence Review Agency Secretariat, subject to certain specific and limited exceptions. The Privacy Act also protects the privacy of individuals by giving them substantial control over the collection, use, and disclosure of their personal information and by preventing others from having access to that information.
Section 72 of the act requires the head of each government institution to prepare an annual report on the administration of the act within the institution and to submit the report to Parliament.
This report to Parliament, which is prepared and tabled in accordance with Section 72 of the Privacy Act describes the activities of the National Security and Intelligence Review Agency Secretariat in administering the Act during the period of April 1, 2021 to March 31, 2022.
If you require more information or wish to make a request under the Access to Information Act or the Privacy Act, please direct your inquiries to the following:
Access to Information and Privacy Office National Security and Intelligence Review Agency P.O. Box 2430, Station “D” Ottawa, Ontario, K1P 5W5 Email: ATIP@nsira-ossnr.gc.ca
Who we are
Established in July 2019, NSIRA is an independent agency that reports to Parliament and conducts investigations and reviews of the federal government’s national security and intelligence activities.
The NSIRA Secretariat assists the Review Agency in fulfilling its mandate.
Mandate
NSIRA has a dual mandate to conduct reviews and investigations in relation to Canada’s national security or intelligence activities.
Reviews
NSIRA’s review mandate is broad, as outlined in subsection 8(1) of the National Security and Intelligence Review Agency Act (NSIRA Act). This mandate includes reviewing the activities of both the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE), as well as the national security- or intelligence-related activities of any other federal department or agency. This includes, but is not limited to, the national security or intelligence activities of the Royal Canadian Mounted Police (RCMP), the Canada Border Services Agency (CBSA), the Department of National Defence (DND) and Canadian Armed Forces (CAF), Global Affairs Canada (GAC), and the Department of Justice. Further, NSIRA may review any national security or intelligence matters that a minister of the Crown refers to NSIRA.
NSIRA reviews assess whether Canada’s national security and intelligence activities comply with relevant laws, policies, and ministerial directions, and whether they are reasonable and necessary. In conducting its reviews, NSIRA can make any findings or recommendations it considers appropriate.
Investigations
NSIRA is responsible for investigating national security or intelligence-related complaints from members of the public. As outlined in paragraph 8(1)(d) of the NSIRA Act, NSIRA has the mandate to investigate complaints about:
any activity of CSIS or of CSE;
decisions to deny or revoke certain federal government security clearances;
any complaint referred under subsection 45.53(4.1) or 45.67(2.1) of the Royal Canadian Mounted Police Act,
reports made under section 19 of the Citizenship Act, and
matters referred under section 45 of the Canadian Human Rights Act.
Access to Information and Privacy Office
NSIRA’s ATIP Office is accountable for the development and implementation of effective policies, guidelines, systems, and procedures to ensure that the NSIRA Secretariat meets its responsibilities under the Access to Information Act and the Privacy Act. For the reporting period, the NSIRA ATIP office consisted of:
1 full-time ATIP Coordinator
1 part-time ATIP Consultant
1 full-time Senior Director, who managed the ATIP office in addition to fulfilling normal duties as Senior Director of Corporate Services
NSIRA Legal Services supported the ATIP team on an as required basis.
The main activities of the ATIP Coordinator included:
monitoring compliance with ATIP legislation and relevant procedures and policies;
processing requests under both the Access to Information Act and the Privacy Act;
developing and maintaining policies, procedures, and guidelines to ensure that the NSIRA Secretariat respected the Access to Information Act and the Privacy Act;
maintaining Personal Information Banks and conducting privacy impact assessments.
preparing annual reports to Parliament and other statutory reports, as well as other material that might be required by central agencies; and
representing the NSIRA Secretariat in dealings with the Treasury Board of Canada Secretariat, the information and privacy commissioners, and other government departments and agencies in matters pertaining to the Access to Information Act and the Privacy Act.
To assist the ATIP Office in meeting its legislative obligations, NSIRA relied on a collaborative internal group of subject matter points of contact from all its branches.
Delegation Order
The Executive Director, as the Head of the National Security and Intelligence Review Agency Secretariat and pursuant to s.95(1) of the ATIA, is responsible for the implementation of the ATIA for NSIRA. Through the most recent NSIRA delegation order, the Executive Director has designated the ATIP Coordinator and ATIP Officer to perform the powers, duties, functions, or administrative tasks pertaining to the ATIA. These functions have limited delegation of authority under the Act and the Privacy Act, in accordance with the delegation of authority instrument approved by the Executive Director in August 2022. The recently amended ATIA delegation orders can be found in Appendix A.
Performance and Statistical Overview
Performance in Processing Access Requests
During the reporting period, the number of privacy requests received by NSIRA increased by 75% (7) compared to the previous year (4). All requests were completed in 2021-22, and no requests were carried over the next year.
NSIRA’s responses to most requests required intensive review of complex records, including extensive internal and external consultations. In 2021-22, NSIRA’s on-time response rate decreased to 71% from 75% in the previous reporting year.
Consultations
NSIRA received one new consultation request from another government institution which was responded within 30 days of its receipt.
Corrections and Notations
For this reporting period, NSIRA did not receive any requests for corrections of personal information.
Complaints and Investigations of Privacy Requests
NSIRA did not receive any complaints pursuant to the Privacy Act during this reporting period. However, one investigation was initiated by the Office of the Privacy Commissioner (OPC) concerning the cyber-attack discussed under the “Breaches” section below.
Training
In 2021–22, the ATIP office provided orientation sessions to new and current employees. In all, 3 separate sessions on access and privacy legislation were provided to 60 employees.
Policies, guidelines, procedures and initiatives
During the reporting period, the NSIRA Secretariat:
Initiated work on a Privacy Policy, a Privacy Protocol, and on a Privacy Breach Plan and Procedures; and
Submitted a request to the Treasury Board Secretariat (TBS) for the approval of changes respecting Personal Information Banks.
Monitoring processing time
Request processing times are monitored through the Access Pro software dashboard. The ATIP Coordinator notifies the Executive Director and suggests a course of action should any legislative timelines for responding to a Privacy Act request appear to be at risk.
Breaches
In March 2021, NSIRA was the victim of a cyber-attack on its public-facing network. As required by the TBS’ Directive on Privacy Practices, NSIRA reported the breach to the OPC and the TBS. Consistent with the Privacy Act, TBS requirements and advice from the OPC, the affected individuals were notified of the breach and how it could affect them.
Privacy Impact Assessments
NSIRA has completed a Privacy Impact Assessment (PIA) of its operations.
NSIRA is in the process of completing a PIA regarding its complaint investigation process.
Disclosure of Personal Information Under Section 8(2)
No disclosures were made pursuant to subsection 8(2) during the reporting period.
Appendices
Appendix A: Delegation Order
Access to Information Act Designation Order
The Executive Director of the National Security and Intelligence Review Agency, pursuant to section 95 of the Access to Information Act, hereby designates the persons holding the positions or acting in these positions, set out in the schedule hereto to exercise the powers and perform the duties and functions of the Executive Director of the National Security and Intelligence Review Agency as the head of a government institution under the section of the Access to Information Act set out in the schedule opposite each position.
Privacy Act Designation Order
The Executive Director of the National Security and Intelligence Review Agency, pursuant to section 73 of the Privacy Act*, hereby designates the persons holding the positions or acting in these positions, set out in the schedule hereto to exercise the powers and perform the duties and functions of the Executive Director of the National Security and Intelligence Review Agency as the head of a government institution under the section of the Privacy Act set out in the schedule opposite each position.
Appendix B: 2021-2022 Statistical Report on the Privacy Act
Name of institution: National Security and Intelligence Review Agency
Reporting period: 2021-04-01 – 2022-03-31
Section 1: Request Under the Access to Information Act
1.1 Number of Requests
Number of Requests
Received during reporting period
7
Outstanding from previous reporting period
0
Outstanding from more than one reporting period
0
Total
7
Closed during reporting period
7
Carried over to next reporting period
0
Carried over within legislated timeline
0
Carried over beyond legislated timeline
0
1.2 Channels of requests
Source
Number of Requests
Online
4
E-mail
3
Mail
0
In person
0
Phone
0
Fax
0
Total
7
Section 2: Informal requests
2.1 Number of informal requests
Number of Requests
Received during reporting period
0
Outstanding from previous reporting periods
0
Outstanding from more than one reporting period
0
Total
0
Closed during reporting period
0
Carried over to next reporting period
0
2.2 Channels of informal requests
Source
Number of Requests
Online
0
E-Mail
0
Mail
0
In person
0
Phone
0
Fax
0
Total
0
2.3 Completion time of informal requests
Completion Time
1 to 15 days
16 to 30 Days
31 to 60 Days
61 to 120 Days
121 to 180 Days
181 to 365 Days
More than 365 Days
Total
0
0
0
0
0
0
0
0
2.4 Pages released informally
Less Than 100 Pages Processed
101-500 Pages Processed
501-1000 Pages Processed
1001-5000 Pages Processed
More Than 5000 Pages Processed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
0
0
0
0
0
0
0
0
0
0
Section 3: Requests Closed During the Reporting Period
3.1 Disposition and completion time
Disposition of Requests
Completion Time
1 to 15 Days
16 to 30 Days
31 to 60 Days
61 to 120 Days
121 to 180 Days
181 to 365 Days
More Than 365 Days
Total
All disclosed
0
0
0
0
0
0
0
0
Disclosed in part
0
0
1
2
0
0
0
3
All exempted
0
0
0
0
0
0
0
0
All excluded
0
0
0
0
0
0
0
0
No records exist
2
2
0
0
0
0
0
4
Request abandoned
0
0
0
0
0
0
0
0
Neither confirmed nor denied
0
0
0
0
0
0
0
0
Total
2
2
1
2
0
0
0
7
3.2 Exemptions
Section
Numbers of Requests
18(2)
0
19(1)(a)
0
19(1)(b)
0
19(1)(c)
0
19(1)(d)
0
19(1)(e)
0
19(1)(f)
0
20
0
21
2
22(1)(a)(i)
0
22(1)(a)(ii)
0
22(1)(a)(iii)
0
22(1)(b)
1
22(1)(c)
0
22(2)
0
22.1
0
22.2
0
22.3
0
22.4
0
23(a)
0
23(b)
0
24(a)
0
24(b)
0
25
0
26
2
27
1
27.1
0
28
0
3.3 Exclusions
Section
Numbers of Requests
69(1)(a)
0
69(1)(b)
0
69.1
0
70(1)
0
70(1)(a)
0
70(1(b)
0
70(1)(c)
0
70(1)(d)
0
70(1)(e)
0
70(1)(f)
0
70.1
0
3.4 Format of information released
Paper
Electronic
Other
E-record
Data set
Video
Audio
1
2
0
0
0
0
3.5 Complexity
3.5.1 Relevant pages processed and disclosed for paper and e-record formats
Number of Pages Processed
Number of Pages Disclosed
Number of Requests
768
768
3
3.5.2 Relevant pages processed per request disposition for paper and e-record formats by size of requests
Disposition
Less Than 100 Pages Processed
101-500 Pages Processed
501-1000 Pages Processed
1001-5000 Pages Processed
More Than 5000 Pages Processed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
All disclosed
0
0
0
0
0
0
0
0
0
0
Disclosed in part
1
71
2
697
0
0
0
0
0
0
All exempted
0
0
0
0
0
0
0
0
0
0
All excluded
0
0
0
0
0
0
0
0
0
0
Request abandoned
0
0
0
0
0
0
0
0
0
0
Neither confirmed nor denied
0
0
0
0
0
0
0
0
0
0
Total
1
71
2
697
0
0
0
0
0
0
3.5.3 Relevant minutes processed and disclosed for audio formats
Number of Minutes Processed
Number of Minutes Disclosed
Number of Requests
0
0
0
3.5.4 Relevant minutes processed per request disposition for audio formats by size of requests
Disposition
Less Than 60 Minutes Processed
60 – 120 Minutes Processed
More than 120 Minutes Processed
Number of Requests
Minutes Processed
Number of Requests
Minutes Processed
Number of Requests
Minutes Processed
All disclosed
0
0
0
0
0
0
Disclosed in part
0
0
0
0
0
0
All exempted
0
0
0
0
0
0
All excluded
0
0
0
0
0
0
Request abandoned
0
0
0
0
0
0
Neither confirmed nor denied
0
0
0
0
0
0
Declined to act with the approval of the Information Commissioner
0
0
0
0
0
0
Total
0
0
0
0
0
0
3.5.5 Relevant minutes processed and disclosed for video formats
Number of Minutes Processed
Number of Minutes Disclosed
Number of Requests
0
0
0
3.5.6 Relevant minutes processed per request disposition for video formats by size of requests
Disposition
Less Than 60 Minutes Processed
60 – 120 Minutes Processed
More than 120 Minutes Processed
Number of Requests
Minutes Processed
Number of Requests
Minutes Processed
Number of Requests
Minutes Processed
All disclosed
0
0
0
0
0
0
Disclosed in part
0
0
0
0
0
0
All exempted
0
0
0
0
0
0
All excluded
0
0
0
0
0
0
Request abandoned
0
0
0
0
0
0
Neither confirmed nor denied
0
0
0
0
0
0
Total
0
0
0
0
0
0
3.5.7 Other complexities
Disposition
Consultation Required
Assessment of Fees
Legal Advice Sought
Other
Total
All disclosed
0
0
0
0
0
Disclosed in part
2
0
0
0
2
All exempted
0
0
0
0
0
All excluded
0
0
0
0
0
Request abandoned
0
0
0
0
0
Neither confirmed nor denied
0
0
0
0
0
Total
2
0
0
0
2
3.6 Closed requests
3.6.1 Requests closed within legislated timelines
Requests closed within legislated timelines
Number of requests closed within legislated timelines
5
Percentage of requests closed within legislated timelines (%)
71.42857143
3.7 Deemed refusals
3.7.1 Reasons for not meeting legislated timelines
Number of Requests Closed Past the Legislated Timelines
Principal Reason
Interference with Operations/Workload
External Consultation
Internal Consultation
Other
2
0
2
0
0
3.7.2 Requests closed beyond legislated timelines (including any extension taken)
Number of Days Past Legislated Timelines
Number of Requests Past Legislated Timeline Where No Extension Was Taken
Number of Requests Past Legislated Timeline Where an Extension Was Taken
Total
1 to 15 Days
0
0
0
16 to 30 Days
0
2
2
31 to 60 Days
0
0
0
61 to 120 Days
0
0
0
121 to 180 Days
0
0
0
181 to 365 Days
0
0
0
More than 365 Days
0
0
0
Total
0
2
2
3.8 Requests for translation
Translation Requests
Accepted
Refused
Total
English to French
0
0
0
French to English
0
0
0
Total
0
0
0
Section 4: Disclosures Under Subsections 8(2) and 8(5)
Paragraph 8(2)(e)
Paragraph 8(2)(m)
Subsection 8(5)
Total
0
0
0
0
Section 5: Requests for Correction of Personal Information and Notations
Disposition for Correction Requests Received
Number
Notations attached
0
Requests for correction accepted
0
Total
0
Section 6: Extensions
6.1 Reasons for extensions and disposition of requests
Number of requests where an extension was taken
15(a)(i) Interference with operations
9(1)(b) Consultation
9(1)(b) Consultation
Further review required to determine exemptions
Large volume of pages
Large volume of requests
Documents are difficult to obtain
Cabinet Confidence Section (Section 70)
External
Internal
3
0
0
0
0
0
3
0
0
6.2 Length of extensions
Length of Extensions
15(a)(i) Interference with operations
9(1)(b) Consultation
9(1)(b) Consultation
Further review required to determine exemptions
Large volume of pages
Large volume of requests
Documents are difficult to obtain
Cabinet Confidence Section (Section 70)
External
Internal
1 to 15 days
0
0
0
0
0
0
0
0
16 to 30 days
0
0
0
0
0
3
0
0
31 days or greater
0
0
Total
0
0
0
0
0
3
0
0
Section 7: Consultations Received From Other Institutions and Organizations
7.1 Consultations received from other Government of Canada institutions and other organizations
Consultations
Other Government of Canada Institutions
Number of Pages to Review
Other Organizations
Number of Pages to Review
Received during reporting period
1
52
0
0
Outstanding from the previous reporting period
0
0
0
0
Total
1
52
0
0
Closed during the reporting period
1
52
0
0
Carried over within regotiated timelines
0
0
0
0
Carried over beyond negotiated timelines
0
0
0
0
7.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation
Number of Days Required to Complete Consultation Requests
1 to 15 Days
16 to 30 Days
31 to 60 Days
61 to 120 Days
121 to 180 Days
181 to 365 Days
More Than 365 Days
Total
Disclose entirely
0
0
0
0
0
0
0
0
Disclose in part
0
1
0
0
0
0
0
1
Exempt entirely
0
0
0
0
0
0
0
0
Exclude entirely
0
0
0
0
0
0
0
0
Consult other institution
0
0
0
0
0
0
0
0
Other
0
0
0
0
0
0
0
0
Total
0
1
0
0
0
0
0
1
7.3 Recommendations and completion time for consultations received from other organizations outside the Government of Canada
Recommendation
Number of Days Required to Complete Consultation Requests
1 to 15 Days
16 to 30 Days
31 to 60 Days
61 to 120 Days
121 to 180 Days
181 to 365 Days
More Than 365 Days
Total
Disclose entirely
0
0
0
0
0
0
0
0
Disclose in part
0
1
0
0
0
0
0
0
Exempt entirely
0
0
0
0
0
0
0
0
Exclude entirely
0
0
0
0
0
0
0
0
Consult other institution
0
0
0
0
0
0
0
0
Other
0
0
0
0
0
0
0
0
Total
0
0
0
0
0
0
0
0
Section 8: Completion Time of Consultations on Cabinet Confidences
8.1 Requests with Legal Services
Number of Days
Fewer Than 100 Pages Processed
101-500 Pages Processed
501-1000 Pages Processed
1001-5000 Pages Processed
More Than 5000 Pages Processed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
1 to 15
0
0
0
0
0
0
0
0
0
0
16 to 30
0
0
0
0
0
0
0
0
0
0
31 to 60
0
0
0
0
0
0
0
0
0
0
61 to 120
0
0
0
0
0
0
0
0
0
0
121 to 180
0
0
0
0
0
0
0
0
0
0
181 to 365
0
0
0
0
0
0
0
0
0
0
More than 365
0
0
0
0
0
0
0
0
0
0
Total
0
0
0
0
0
0
0
0
0
0
8.2 Requests with Privy Council Office
Number of Days
Fewer Than 100 Pages Processed
101-500 Pages Processed
501-1000 Pages Processed
1001-5000 Pages Processed
More Than 5000 Pages Processed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
Number of Requests
Pages Disclosed
1 to 15
0
0
0
0
0
0
0
0
0
0
16 to 30
0
0
0
0
0
0
0
0
0
0
31 to 60
0
0
0
0
0
0
0
0
0
0
61 to 120
0
0
0
0
0
0
0
0
0
0
121 to 180
0
0
0
0
0
0
0
0
0
0
181 to 365
0
0
0
0
0
0
0
0
0
0
More than 365
0
0
0
0
0
0
0
0
0
0
Total
0
0
0
0
0
0
0
0
0
0
Section 9: Complaints and Investigations Notices Received
Section 31
Section 33
Section 35
Court action
Total
0
0
0
0
0
Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBS)
10.1 Privacy Impact Assessments
Number of PIA(s) completed
Number of PIAs modified
1
0
10.2 Institution-specific and Central Personal Information Banks
Personal Information Banks
Active
Created
Terminated
Modified
Institution-specific
2
0
0
0
Central
0
0
0
0
Total
2
0
0
0
Section 11: Privacy Breaches
11.1 Material Privacy Breaches reported
Number of material privacy breaches reported to TBS
Number of material privacy breaches reported to OPC
1
1
11.2 Non-Material Privacy Breaches
Number of non-material privacy breaches
0
Section 12: Resources Related to the Privacy Act
12.1 Allocated Costs
Expenditures
Amount
Salaries
$24,082
Overtime
$0
Goods and Services
$0
Professional services contracts
$97,006
Other
$0
Total
$121,088
12.2 Human Resources
Resources
Person Years Dedicated to Access to Information Activities
Full-time employees
0.300
Part-time and casual employees
0.000
Regional Staff
0.000
Consultants and agency personnel
0.500
Students
0.000
Total
0.800
Note: Enter values to three decimal places.
Appendix C: Supplemental Statistical Report on the Access to Information Act and Privacy Act
Section 1: Capacity to Receive Requests under the Access to Information Act and the Privacy Act
Number of weeks
Able to receive requests by mail
52
Able to receive requests by email
52
Able to receive requests through the digital request service
52
Section 2: Capacity to Process Records under the Access to Information Act and the Privacy Act
2.1 Number of weeks your institution was able to process paper records in different classification levels
No capacity
Partial Capacity
Full capacity
Total
Unclassified Paper Records
0
0
52
52
Protected B Paper Records
0
0
52
52
Secret and Top Secret Paper Records
0
0
52
52
2.2 Number of weeks your institution was able to process electronic records in different classification levels
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
