DAOD 1002-2, Informal Requests for Personal Information

1. Introduction

Date of Issue: 1999-04-09

Date of Modification: 2004-10-01

Application: This is a directive that applies to employees of the Department of National Defence (DND employees) and an order that applies to officers and non-commissioned members of the Canadian Armed Forces (CAF members).

Approval Authority: This DAOD is issued under the authority of the Assistant Deputy Minister (Finance and Corporate Services) (ADM(Fin CS)).

Enquiries: Director Access to Information and Privacy (DAIP)


2 Overview

Terminology

2.1 In this DAOD, the following terms have the same meaning as in section 3 of the Privacy Act:

  1. "personal information";
  2. "personal information bank"; and
  3. "Privacy Commissioner".

Access to Personal Information

2.2 DND employees and CAF members, current and former, may have access to their personal information under the control of the DND or the ACF by making:

  1. an informal request pursuant to this DAOD; or
  2. a formal request under the Privacy Act.

Formal Requests for Personal Information

2.3 For information concerning formal requests for personal information, see DAOD 1002-1, Requests under the Privacy Act for Personal Information.

2.4 The granting of informal access does not preclude an individual from submitting a formal request under the Privacy Act.


 

3. Operating Principles

Submission of an Informal Request

3.1 Informal requests normally permit a more expeditious access to specific personal information.

3.2 Individuals making informal requests for their personal information must:

  1. request, orally or in writing, their personal information directly from the office of primary interest (OPI) responsible for the physical custody and management of their personal information; and
  2. indicate the personal information bank (PIB) number from the Table of PIBs block, or provide a clear description of the requested information that corresponds to a PIB in the table.

3.3 If the request is for information that is not described in the Table of PIBs block, a formal request must be submitted to the DAIP.

3.4 Only formal requests can form the basis of a complaint to the Privacy Commissioner.

Access upon Retirement, Release or Transfer

3.5 Personal information gathered and maintained for personnel administration purposes during the employment of DND employees or the service of CAF members must, upon request, be made available to them upon their retirement, release or transfer.

Storage

3.6 Personal information that may be exempt under the provisions of the Privacy Act must be easily movable (i.e., within a temporary docket or a sealed envelope clearly marked "To be opened only by …") from those files for which informal access is normally granted.

3.7 If not required by the National Archives Act, the OPIs should not maintain duplicate copies of records.

Top of Page

4. Processing Informal Requests

Process

4.1 Informal access must:

  1. occur at a time and location convenient to both the OPI and the requester; and
  2. normally be given within 30 calendar days of the date of the request.

4.2 The following table outlines the actions performed by an OPI after receiving an informal request for personal information:

StepAction by OPI

1

Inform the requester of the difference between:

  • informal access;
  • andformal access under the Privacy Act.

2

If you ...

hold the requested information,

 

then ...

tell the requester.

 

If you ...

do not hold the requested information,

 

then ...

send the request to the appropriate OPI (if known) or direct the requester to the DAIP.

3

If the information requested is ...

contained in a PIB designated for informal access (See Table of PIBs block),

 

then ...

remove all personal information pertaining to other individuals and all other information that must be severed (see the information in the Severances map).


Note - When in doubt about how to apply severances, consult the DAIP for advice.

 

If the information requested is ...

not contained in a PIB designated for informal access,

 

then ...

tell the requester to send a formal request under the Privacy Act to the DAIP.

4

If the information requested is ...

not contained in a PIB designated for informal access,

 

then ...

tell the requester to send a formal request under the Privacy Act to the DAIP.

 

Inform the requester of any severances applied and their justifications (using the sections of the Privacy Act as guidance).

5

  • Provide the requester access to the requested information and, if practicable, provide access to a photocopier; or
  • Send the requester a copy of the requested information if viewing the information at DND or CAF facilities would reasonably cause the requester undue inconvenience.

Personal Information Released Inadvertently

4.3 If personal information about another individual is released inadvertently with requested information to a requester, the OPI must:

  1. advise the requester to return the personal information immediately to the OPI and not to retain any copies; and
  2. provide the DAIP with details of the inadvertent release.

 

5. Personal Information Banks Designated for Informal Access

Overview

5.1 The PIBs provide a summary of personal information held by the DND and the CAF. The Privacy Act requires that PIBs include all personal information that is organized or intended to be retrieved by:

  1. the individual's name;
  2. an identifying number or symbol; or
  3. other particular assigned only to that individual.

5.2 PIBs must also include personal information that has been, is being used or is available for use for an administrative purpose.

5.3 Requesters may be granted informal access to their personal information contained in the departmental PIBs designated for informal access listed in the table below.

5.4 Requests for personal information not found in the PIBs designated for informal access must be processed through the DAIP, the departmental privacy coordinator, by means of a formal request for personal information. (See DAOD 1002-1, Requests under the Privacy Act for Personal Information.)

Table of PIBs

5.5 The following table shows an alphabetical list, updated yearly, of the PIBs designated for informal access and the PIB number for that type of information:

PIB NamePIB Number

Academic Records - Students of a Canadian Military College

DND PPE 844

Administrative Review Case Files

DND PPE 814

Alert Manning Personnel System (AMPS)

DND PPE 871

Attendance and Leave

DND PSE 903

Cadet Instructor Cadre Personal Information Bank

DND PPE 822

Canadian Forces Casualty Database

DND PPE 817

Canadian Forces Command and Staff College - Boards/Selection Processes

DND PPE 821

Canadian Forces Drug Testing Program

DND PPE 890

Canadian Forces Employment Equity Program

DND PPE 816

Canadian Forces Member Personal Information File

DND PPE 818

Canadian Human Rights Act - Discrimination - Civilian

DND PPU 036

Canadian Human Rights Act - Discrimination - Military

DND PPU 035

Chaplain Service

DND PPE 807

Command and Staff Course - Student Files

DND PPE 843

Complaints Against Military Police Members

DND PPU 070

Conflict of Interest and Post-Employment Code - Military

DND PPE 864

CSE Mentor Program

DND PPE 820

Dental Records

DND PPE 811

Department of National Defence and Veterans Affairs Canada Centre for the Support of Injured and Retired Members and their Families

DND PPE 824

Dependant Education Allowances

DND PPE 876

Designation of Additional Dependants, Remuneration Supplement Claims and Hospital/Medical Claims Outside of Canada

DND PPE 809

Discipline

DND PSE 911

DSSPM - Clothing Online

DND PPE 829

Electronic Network Monitoring Logs

DND PSE 922

Employee Assistance

DND PSE 916

Employee Personnel Record

DND PSE 901

Employment Equity Program

DND PSE 918

Enrolment Bank- Applicants

DND PPU 025

Financial Assistance - Canadian Forces Personnel Assistance Fund (CFPAF)

DND PPE 802

Financial Counselling

DND PPE 803

Financial Planning

DND PPE 804

Grievances

DND PSE 910

Harassment

DND PSE 919

Harassment

DND PPE 875

History, Heritage and Honours

DND PPE 823

Human Resources Management Information System (HRMS)

DND PPE 805

Human Resource Research and Evaluation Information Data Bank

DND PPE 815

Identification and Access Control Cards

DND PPE 896

Identification and Building Pass Cards

DND PSE 917

Insurance - Service Income Security Insurance Plan (SISIP)

DND PPE 808

Internal Disclosure of Information Concerning Wrongdoing in the Workplace

DND PSE 923

La Relève Executive Feeder Group

DND PPE 861

Medical Professional Standards Register

DND PPE 898

Medical Records

DND PPE 810

Merit Award Program

DND PPE 826

Military Personnel - Grievance File

DND PPE 831

Military Police Audit Reports Data Bank

DND PPU 071

Military Police Credential Review Board Data Bank

DND PPE 833

Military Postgraduate Student Records

DND PPE 878

Minutes of Proceedings of Courts Martial

DND PPE 830

National Defence Fingerprint File

DND PPE 801

National Search and Rescue Secretariat

DND PPU 050

Non Public Fund (NPF) Employee Personnel Records

DND PPE 865

Occupational Safety and Health

DND PSE 907

Officer Boards for Academic Enhancement and Specialist Training Plans

DND PPE 848

Official Languages

DND PSE 906

Parking

DND PSE 914

Pay and Benefits

DND PSE 904

Pay Records File

DND PPE 858

Pension File

DND PPE 859

Performance Evaluation Report File

DND PPE 838

Performance Reviews and Employee Appraisals

DND PSE 912

Personnel Files - Training

DND PPE 842

Personnel Selection Officer Training Files

DND PPE 877

Privacy

DND PPU 030

Public Key Infrastructure (PKI) Service Request Forms

DND PPE 813

Recognition Policy

DND PSE 920

Request From and Disclosure to Investigative Bodies

DND PPE 854

Sea, Army and Air Cadet Personnel Files

DND PPE 839

Selection Board and Supplementary Selection Board Results

DND PPE 899

Selection Boards for the In-Service Commissioning Plans

DND PPE 847

Service Prison and Detention Barrack Records

DND PPE 863

Social Work Services

DND PPE 812

Squadron Personnel File - Officer Cadets

DND PPE 845

Staffing

DND PSE 902

Staffing Program

DND PPU 065

Suggestion Award Program

DND PPE 825

Training and Development

DND PSE 905

Travel and Relocation

DND PSE 913

Unit Military Personnel File

DND PPE 836

Values and Ethics Code for the Public Service

DND PSE 915

Vehicle, Ship, Boat and Aircraft Accidents

DND PSE 908

Workplace Daycare

DND PSE 930

Top of Page

6. Severances

Severances Based on Exemptions

6.1 When personal information is released informally, severances must be applied based on the exemptions under the Privacy Act, as set out in the Exemption Table block.

Mandatory and Discretionary Exemptions

6.2 There are two different types of exemptions governing the release of personal information as shown in the Exemption Table block.

Under the column labelled Requirement to Withhold, a designation of ...means the information ...

mandatory

shall not be released.

discretionary

may or may not be released.

 

Note - In many cases, the decision to release the information is based on the injury test.

Injury Test

6.3 Severances based on an injury test provide for the denial of access to requested information if disclosure "could reasonably be expected to have a detrimental effect" to the interest specified in the exemption.

6.4 Three general factors shall be considered when evaluating potential injury, as explained in more detail in the document of the Treasury Board of Canada Secretariat entitled Exemptions. Those factors are the degree to which the injury is:

  1. specific;
  2. current; and
  3. probable.

Example - Injury Test

6.5 If the release of personal information pertaining to an ongoing investigation would likely result in the disappearance of evidence not yet collected, the reasoning of paragraph 22(1)(b) of the Privacy Act shall be used as guidance to refuse access to the information.

6.6 In the case of a formal request under the Privacy Act, paragraph 22(1)(b) would be legally invoked, not just used as guidance.

Exemption Table

6.7 The exemptions under the Privacy Act that are used to sever information for informal requests for personal information are set out in the following table:

ExemptionInformation relating to ...Requirement to WithholdAction

18(2)

exempt banks

Discretionary

Do not release without consulting the DAIP.

19(1)
19(2)

personal information obtained in confidence (from another government, organization or institution)

Mandatory

Do not release unless the government, organization or institution that provided the information consents to its release or makes the information public.

20

federal-provincial affairs

Discretionary

Do not release if the release could reasonably be expected to be injurious to the conduct of federal-provincial affairs.

21

international affairs and defence

Discretionary

Apply the injury test.

22(1)(a)

law enforcement and investigations

Discretionary

Apply the exemption, as necessary, in relation to the investigative bodies specified in section 5 of the Privacy Regulations.

22(1)(b)

law enforcement and investigations

Discretionary

Apply the injury test.

22(2)

policing services for provinces or municipalities

Mandatory

Do not release without consulting the DAIP.

23

security clearances

Discretionary

Do not release if the release could reasonably be expected to reveal the identity of who provided the information.

24

individuals sentenced for an offence

Discretionary

Apply the injury test.

25

safety of individuals

Discretionary

Do not release if the release could reasonably be expected to threaten the safety of individuals.

26

another individual

Mandatory/
Discretionary

Do not release information concerning other individuals without their consent. Otherwise, the information can only be released in accordance with subsection 8(2) of the Privacy Act.

27

solicitor-client privilege

Discretionary

Do not release without consulting the DAIP (who will consult legal services as required).

28

medical records

Discretionary

Apply the injury test for information relating to the physical/mental health of the requester. Refer to section 13 of the Privacy Regulations.

7. Responsibilities

Responsibility Table

7.1 The following table identifies the responsibilities regarding informal requests for personal information:

The ...is/are responsible for ...

DAIP

  • establishing policies and procedures to permit individuals efficient informal access to personal information to which they are entitled;
  • providing training pertaining to informal requests for personal information within the DND and the CAF;
  • advising individuals when their personal information has been released inadvertently;
  • creating and amending PIBs within the DND and the CAF, with Treasury Board approval;
  • ensuring that the Privacy Act, regulations, DAODs, guidelines and publications pertaining to informal requests for personal information are available within the DND and the CAF; and
  • providing guidance to OPIs on questions concerning informal requests for personal information.

OPIs

  • complying with the Privacy Act when granting individuals informal access to their personal information;
  • providing informal access to personal information in accordance with this DAOD;
  • refraining from annotating records to indicate that an individual was afforded informal access;
  • maintaining statistics in order to measure workload and client service associated with informal access; and
  • consulting the DAIP if there is any doubt about whether personal information may be accessed or disclosed.

8. References

Acts, Regulations, Central Agency Policies and Policy DAOD

Other References

  • DAOD 1001-0, Access to Information
  • DAOD 1001-1, Formal Requests for Access to Departmental Information
  • DAOD 1001-2, Informal Requests for Access to Departmental Information
  • DAOD 1002-1, Requests under the Privacy Act for Personal Information
  • DAOD 1002-3, Management of Personal Information
  • CFAO 15-2, Release - Regular Force
  • Defence Subject Classification and Disposition System
  • MPPol & TP, Information Management: Release of Information and disclosure, Chapter 11