DAOD 1002-0, Administration of the Privacy Act

1. Introduction

Date of Issue: 2004-10-01

Date of Last Modification: 2015-09-30

Application: This DAOD is a directive that applies to employees of the Department of National Defence (DND employees) and an order that applies to officers and non-commissioned members of the Canadian Armed Forces (CAF members).

Supersession: NDHQ Instruction ADM(Per) 7/83, Privacy Act - DND Implementation

Approval Authority: Corporate Secretary (Corp Sec)

Enquiries: Director Access to Information and Privacy (DAIP)

2. Policy Direction

Context

2.1 Among the rights that the Canadian public most value are those with respect to their privacy and the sanctity of their personal information, i.e. information about an identifiable individual that is recorded in any form. The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.

Note – The terms “personal information” and “government institution” are defined in section 3 of the Privacy Act.

2.2 The Supreme Court of Canada has characterized the Privacy Act as "quasi-constitutional" law because of the role privacy plays in the preservation of a free and democratic society. Privacy protection in this sense means limiting government interventions into the private lives of Canadians to lawful and necessary purposes. This protection is an essential element in maintaining public trust.

2.3 Heads of government institutions are responsible for the effective, well-coordinated, and proactive administration of the Privacy Act and Privacy Regulations within their institutions.

Policy Statement

2.4 The DND and the CAF are committed to protecting the privacy of individuals with respect to their personal information that is under DND and CAF control. The personal information that the DND and the CAF create, collect and control must be maintained at a high standard. Within the DND and the CAF there will be a clear and consistent respect for both the letter and the spirit of the Privacy Act and Privacy Regulations.

Requirements

2.5 In order to implement this policy, the DND and the CAF must:

  1. facilitate compliance with the Privacy Act and Privacy Regulations in order to enhance their effective application;
  2. apply consistent practices and procedures in the administration of the Privacy Act and Privacy Regulations when responding to all requests filed for access to records of personal information; and
  3. ensure effective protection and management of personal information by identifying, assessing, monitoring and mitigating privacy risks in programs and activities involving the creation, collection, retention, use, disclosure and disposal of personal information.

3. Consequences

Consequences of Non-Compliance

3.1 Non-compliance with this DAOD may have consequences for both the DND and the CAF as institutions, and for DND employees and CAF members as individuals. Suspected non-compliance may be investigated. The nature and severity of the consequences resulting from actual non-compliance will be commensurate with the circumstances of the non-compliance. Consequences of non-compliance may include one or more of the following:

  1. the ordering of the completion of appropriate learning, training or professional development;
  2. the entering of observations in individual performance evaluations;
  3. increased reporting and performance monitoring;
  4. the withdrawal of any authority provided under this DAOD to a DND employee or CAF member;
  5. the reporting of suspected offences to responsible law enforcement agencies;
  6. the liability of Her Majesty in right of Canada;
  7. the application of specific consequences as set out in applicable laws, codes of conduct, and DND and CAF policies and instructions; and
  8. other administration administrative or disciplinary action, or both.

Note – In respect of the compliance of DND employees, see the Treasury Board (TB) Framework for the Management of Compliance for additional information.

4. Authorities

Authority Table

4.1 The following table identifies the authorities associated with this DAOD:

The ...has or have the authority to ...

Minister of National Defence

  • designate, by order, one or more officers or employees to exercise or perform any of the powers, duties or functions as the head of a government institution under the Privacy Act that are specified in the order.

Deputy Minister, Corp Sec and DAIP

  • exercise all powers, duties and functions as designated by the Minister under the Privacy Act; and
  • issue direction to the DND and the CAF on all matters related to the Privacy Act as specified by the President of the TB, the designated Minister responsible for preparing policy instruments concerning the operation of the Privacy Act and Privacy Regulations.

5. References

Acts, Regulations, Central Agency Policies and Policy DAOD

Other References

  • DAOD 1002-1, Requests under the Privacy Act for Personal Information
  • DAOD 1002-2, Informal Requests for Personal Information
  • DAOD 1002-3, Management of Personal Information