2024‑2025 Annual Report on the Privacy Act
©His Majesty the King in Right of Canada, as represented by the Military Police Complaints Commission of Canada, 2025.
Catalogue No. DP2‑4E
ISSN: 2369‑1824 (Electronic PDF, English)
Table of Contents
- Introduction
- Organizational Structure to Fulfill the MPCC’s Privacy Act Responsibilities
- Delegation Order
- Performance 2024-25
- Training and Awareness
- Policies, Guidelines and Procedures
- Initiatives and Projects to Improve Privacy
- Summary of Key Issues and Actions Taken on Complaints
- Material Privacy Breaches
- Privacy Impact Assessments
- Public Interest Disclosures
- Monitoring Compliance
1. Introduction
The Military Police Complaints Commission of Canada (MPCC) is pleased to submit to Parliament its Annual Report on the administration of the Privacy Act for its fiscal year 2024-25 (April 1, 2024 to March 31, 2025). This report was prepared and tabled in accordance with section 72 of the Privacy Act.
The purpose of the Privacy Act is to provide:
- individuals with the right to access and correct personal information about themselves that is under the control of a government institution; and
- the legal framework for the collection, retention, use, disclosure, disposition and accuracy of personal information in the administration of programs and activities by government institutions subject to the act.
Under the Privacy Act, personal information is defined as “information about an identifiable individual that is recorded in any form.”
Examples include information relating to:
- the race, national or ethnic origin, colour, religion, age or marital status of an individual;
- the education or the medical, criminal, financial or employment history of an individual;
- the address, fingerprints or blood type of an individual; and
- any identifying number, symbol or other particular identifier assigned to an individual.
The MPCC is an administrative tribunal created by Parliament to provide independent, civilian oversight of the Canadian Forces Military Police. As a federal institution, it is part of the Defence portfolio for reporting purposes.
The MPCC's mandate is set out in Part IV of the National Defence Act, which provides the following powers:
- monitoring investigations by the Canadian Forces Provost Marshal of military police conduct complaints;
- reviewing disposition of conduct complaints about military police members, at the request of complainants;
- investigating complaints of interference made by military police members;
- conducting public interest investigations and hearings;
- reporting findings and making recommendations to the military police and national defence leadership.
The mission of the MPCC is to promote and ensure the highest standards of conduct by the military police, to deter interference in military police investigations and to enhance public confidence in military policing.
The MPCC did not have any non-operational (“paper”) subsidiaries to report during this review period.
Finally, the MPCC has submitted and tabled its reports to Parliament.
2. Organizational Structure to Fulfill the MPCC’s Privacy Act Responsibilities
The MPCC is a micro-organization of 31 employees. To fulfil its Privacy Act requirements, privacy protection is a shared responsibility; however, the Access to Information and Privacy (ATIP) mandate resides with the Corporate Services Sector.
The Senior Director, Corporate Services, is identified as the MPCC’s ATIP Coordinator. He is supported by both the Manager of Corporate Reporting, ATIP and Administration and the Administrative Services Officer which in total dedicate an average of 13.3% of their time to fulfil the MPCC’s obligations under both the Access to Information Act and the Privacy Act. The MPCC also hires one ATIP consultant, as required.
The ATIP coordinator is responsible for implementing and managing programs and services relating to the MPCC’s administration of the Access to Information Act and the Privacy Act, as well as for providing advice to its employees as they fulfil their obligations under both Acts.
Responding to Privacy Act requests is a shared responsibility between the delegated request processing team and the Offices of Primary Interest (OPI).
The main activities involved in processing Privacy Act requests are as follows:
- Analyze purpose/history of requests, interpret legislation, and determine information that may be disclosed, exempted or excluded.
- Provide advice and consultation to requesters, third-party stakeholders and the MPCC’s management and employees, respond to questions and concerns, ensure that they have a clear understanding of legislation, the MPCC policies and procedures for handling requests and other Privacy Act related issues, including document security classification.
- Conduct research and consultations with other departments and third parties to prepare responses to requests.
- Provide recommendations for the preparation of evidence to be disclosed during a Public Interest Hearing in accordance with Privacy Act legislation, Open Court Principles and other related policies and procedures.
- Prepare reports for the MPCC’s management on Privacy Act requests and other Privacy Act related matters, including statistical reports, Annual Reports for submission to Parliament and information required by Info Source.
The MPCC did not provide services related to privacy to other government institutions and was not a party to any services agreements with other government institutions under section 73.1 of the Privacy Act.
3. Delegation Order
Pursuant to section 73(1) of the Privacy Act, the Chairperson has delegated certain of her powers, duties and functions under the Privacy Act and Regulations to the Senior Director Corporate Services, the Manager of Corporate Reporting, ATIP and Administration and the Administrative Services Officer. The Delegation Order in effect on March 31, 2025, found in Appendix A was signed in October 2023.
4. Performance 2024-25
During this review period, the MPCC received 13 Privacy Act request and completed 11 Privacy Act requests. The MPCC disclosed in part 162 pages for 1 request, 2 requests were abandoned, 8 were requests for which no records existed, and 2 requests were transferred to the 2025-26 fiscal year due to extensions. Therefore, the MPCC had no records for this reporting period that disclosed all information.
The MPCC responded to 90.9% of the Privacy Act requests within the legislated timeline and completed 10 within 0 to 15 days and 1 within 31-60 days. All active requests during this review period were closed, and none are outstanding from previous reporting periods.
The graphic below shows, for 2020 21 to 2024-25, the numbers of Privacy Requests the MPCC completed each year. The MPCC received only 10 requests in 2020 21. This number increased significantly during the 2021-22 reporting period but decreased slightly in 2022 23. In 2023-24 the request has significantly increased again and then decreased in 2024-25. It is difficult to determine the number of Privacy Act requests in any given year as demonstrated in the graph below.
To note, a number of the requests received are intended for the Department of National Defence (DND), to access military police documents, but are mistakenly submitted to us. When a requester types military police in the centralized ATIP portal, the MPCC comes up and therefore we receive several requests intended for DND. This is one of the reasons why the MPCC is seeking to change the name of our organization through legislative change.
Alternate format
| 2020‑21 | 2021‑22 | 2022‑23 | 2023‑24 | 2024‑25 |
|---|---|---|---|---|
| 10 | 17 | 14 | 24 | 13 |
The MPCC received no consultations relating to the Privacy Act from another government institution.
5. Training and Awareness
The MPCC’s learning directive requires that all new employees complete two mandatory online courses related to Access to Information and Privacy knowledge about properly processing requests and protecting personal information through the Canada School of Public Service portal i.e., Fundamentals of Information Management (COR501) and Access to Information and Privacy Fundamentals (COR502). Managers and the Human Resources ensure that the mandatory training from the MPCC’s learning directive is completed within the prescribed timeframe.
New employees arriving at the MPCC attend an internal awareness session which provides an overview of the proper handling of information and privacy requests, as well as their role and responsibilities relating to the Privacy Act, within their first weeks at the MPCC.
6. Policies, Guidelines and Procedures
During this reporting period, the ATIP team used its new procedure to provide quarterly status reports on Access to Information and Privacy requests received and closed to the attention of the MPCC’s Executive committee.
7. Initiatives and Projects to Improve Privacy
The following internal initiatives to improve Privacy were implemented during the reporting period:
- ATIP team actively participates in events organized by the Access to Information and Privacy Communities Development Office (APCDO) to keep our knowledge up to date and to keep abreast of best practices.
- Reviewed our process for obtaining Executive Committee approval for the release of documents related to access to information and/or privacy requests to ensure a consistent application of relevant laws and regulations.
8. Summary of Key Issues and Actions Taken on Complaints
During the reporting period, one complaint was filed against the MPCC with the Office of the Privacy Commissioner of Canada (OPC). An OPC investigator reviewed the case and confirmed that the MPCC had taken all necessary steps to contain the breach, which was deemed non-material. Additionally, no appeals concerning privacy breaches were filed in Federal Court.
9. Material Privacy Breaches
No material privacy breach occurred at the MPCC during the reporting period.
10. Privacy Impact Assessments
No Privacy Impact Assessments were completed during the reporting period.
11. Public Interest Disclosures
During the reporting period, the MPCC did not disclose any personal information pursuant to subsection 8(2)(m) of the Privacy Act.
12. Monitoring Compliance
The Manager, Corporate Reporting, ATIP and Administration regularly monitors the timelines associated with the processing of requests through ongoing communications with OPIs and the Senior Director of Corporate Services. From the receipt to the closure of all Privacy requests, the MPCC monitors processing times by promptly entering all actions and activities in its internal ATIP status report (which includes both Access to Information and Privacy requests). Legislated timelines are also carefully entered into the report to prevent any delays in the processing of the requests received and to ensure that requests are dealt with in a timely manner. In view of the upward trend in the number of requests, the MPCC has noted the need to capture this information for monitoring purposes and is implementing a process to track this information more formally for the next reporting period.
Throughout the year, the Senior Director of Corporate Services / ATIP Coordinator submits the ATIP Status reports to the Executive Committee as an information item on their meeting agendas. The Executive Committee consists of the Chairperson (Deputy Head), the Senior General Counsel and Director General, the Senior Director Corporate Services / ATIP Coordinator and the General Counsel and Senior Director of Operations.
During the review process of requests, the MPCC evaluates records that need to be sent for consultation with other federal institutions. Consultation with other federal institutions is done when it is required for the proper exercise of discretion or when there is an intention to disclose records. The ATIP consultant identifies the need for consultation and explains it to the office of primary interest (OPI). Once the OPI agrees, it will then be provided to the Deputy Head for approval.
During this reporting period, the MPCC was unable to explore ways to assess the feasibility of making frequently requested types of information publicly available on the MPCC’s website due to lack of resources (employees) in the ATIP team.
The MPCC ensures appropriate privacy protections in contracts, agreements and arrangements by adding the General conditions to its various contracting documents. The four conditions applied are (1) Compliance with Applicable Laws, (2) Confidentiality, (3) Conflict of interest and (4) Access to information. The Compliance with Applicable Laws condition ensures that the contractor handles personal information in accordance with applicable privacy laws. The Confidentiality condition protects sensitive information by preventing unauthorized disclosure and maintaining privacy. The Conflict of interest condition ensures impartiality and prevents personal gain that could compromise privacy. Finally, the Access to information condition balances transparency with privacy rights, as individuals can access relevant records while protecting sensitive information.
Appendix A – Privacy Act Delegation Order
Access to Information Act and Privacy Act Delegation Order
Access to Information Act and Privacy Act Delegation Order
The Chairperson of the Military Police Complaints Commission of Canada, pursuant to section 95(1) of the Access to Information Act and section 73(1) of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise certain powers, duties and functions of the Chairperson as the head of a federal institution, under the provisions of the Act and related regulations set out in the schedule opposite each position. This designation replaces all previous delegation orders.
Me Tammy Tremblay, MSM, CD, LL.M
Chairperson
Military Police Complaints Commission of Canada
Signed in Ottawa, Ontario, Canada this 13th day of October, 2023
Schedule
Privacy Act Delegation Order
The Chairperson of the Military Police Complaints Commission of Canada, pursuant to section 73(1) of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Chairperson as the head of the Military Police Complaints Commission of Canada, under the provisions of the Act and related regulations set out in the schedule opposite each position. This designation replaces all previous designation orders.
| Provision | Description | Chairperson | Senior Director of Corporate Services | Manager, Corporate Reporting, ATIP and Administration | Administrative Services Officer |
|---|---|---|---|---|---|
| 8(2)(e) | Disclose to investigative body | no | no | ||
| 8(2)(j) | Disclosure for research or statistical purposes | no | no | ||
| 8(2)(m) | Disclosure in the public interest or in the interest of the individual | no | no | ||
| 8(4) | Copies of requests under paragraph 8(2)(e) | ||||
| 8(5) | Notice of disclosure under paragraph 8(2)(m) | no | no | ||
| 9(1) | Record of disclosures | no | no | ||
| 9(4) | Consistent uses | no | no | ||
| 10 | Personal information banks | no | no | ||
| 14 | Notice where access requested | ||||
| 15 | Extension of time limits | no | no | ||
| 16(1)(a) & (b) | Where access refused | no | no | ||
| 17(2)(b) | Language of access | ||||
| 17(3)(b) | Access in an alternative format | ||||
| Exemption Provisions of the Privacy Act | |||||
| 18(2) | Exemption – Exempt banks | no | no | ||
| 19(1) | Exemption – Personal information obtained in confidence | no | no | ||
| 19(2) | Exemption – Where disclosure authorized | no | no | ||
| 20 | Exemption - Federal-provincial affairs | no | no | ||
| 21 | Exemption - International affairs and defence | no | no | ||
| 22 | Exemption - Law enforcement and investigations | no | no | ||
| 22.3 | Exemption - Public Servants Disclosure Protection Act | no | no | ||
| 23 | Exemption - Security clearances | no | no | ||
| 24 | Exemption - Individuals sentenced for an offence | no | no | ||
| 25 | Exemption - Safety of individuals | no | no | ||
| 26 | Exemption - Information about another individual | no | no | ||
| 27 | Exemption - Protected information – solicitors, advocates and notaries | no | no | no | |
| 28 | Exemption - Medical record | no | no | ||
| Other Provisions of the Privacy Act | |||||
| 33(2) | Right to make representations | no | no | ||
| 35(1)(b) | Notice of actions to implement recommendations of Commissioner | ||||
| 35(4) | Access to be given to complainant | ||||
| 36(3)(b) | Notice of actions to implement recommendations of Commissioner concerning exempt banks | ||||
| 51(2)(b) | Special rules for hearings | no | no | ||
| 51(3) | Ex parte représentations | no | no | ||
| 72 | Annual report to Parliament | no | no | ||
| Privacy Regulations | |||||
| 9 | Examination of information | ||||
| 11(2) | Notification that correction to personal information has been made | ||||
| 11(4) | Notification that correction to personal information has been refused | ||||
| 14 | Examination in presence of medical practitioner or psychologist | no | no | ||
Dated at the City of Ottawa this 13th day of October, 2023
Me Tammy Tremblay, MSM, CD, LL.M
Chairperson
Military Police Complaints Commission of Canada
- Date modified: