Canadian Economic News, November 2022 Edition

This module provides a concise summary of selected Canadian economic events, as well as international and financial market developments by calendar month. It is intended to provide contextual information only to support users of the economic data published by Statistics Canada. In identifying major events or developments, Statistics Canada is not suggesting that these have a material impact on the published economic data in a particular reference month.

All information presented here is obtained from publicly available news and information sources, and does not reflect any protected information provided to Statistics Canada by survey respondents.

Resources

The Government of Canada announced on November 2nd that under the Investment Canada Act (ICA) it had ordered the divestiture of the following investments by foreign investors in Canadian mineral companies following scrutiny by Canada's national security and intelligence community:
- Sinomine (Hong Kong) Rare Metals Resources Co., Limited is required to divest itself of its investment in Power Metals Corp. of Vancouver;
- Chengze Lithium International Limited is required to divest itself of its investment in Lithium Chile Inc. of Calgary; and
- Zangge Mining Investment (Chengdu) Co., Ltd. is required to divest itself of its investment in Ultra Lithium Inc. of Vancouver.
Toronto-based Yamana Gold Inc. announced it had entered into an arrangement agreement with Agnico Eagle Mines Limited of Toronto and Pan American Silver Corp. of Vancouver for the acquisition by Pan American of all of the issued and outstanding common shares of Yamana for total consideration consisting of USD $1.0 billion in cash and the issuance of approximately 153.5 million common shares of Pan American and approximately 36.1 million common shares of Agnico. The companies said the Arrangement will close late in the first quarter of 2023, subject to shareholder and regulatory approvals and closing conditions customary in transactions of this nature.

Financial

Toronto-based Summit Industrial Income REIT, GIC Private Limited of Singapore, and Dream Industrial REIT (DIR) of Toronto announced they had entered into an agreement under which a joint venture between GIC and DIR will acquire Summit in an all-cash transaction valued at approximately $5.9 billion, including the assumption of certain debt. The companies said the transaction is expected to close in the first quarter of 2023, subject to customary conditions, including Summit unitholder, court, and regulatory approvals.
Toronto-based Home Capital Group Inc. announced it had entered into a definitive agreement to be acquired by a wholly-owned subsidiary of North Carolina-based Smith Financial Corporation in a transaction that values the equity of the company at approximately $1.7 billion. Home Capital said the transaction is expected to close in mid-2023, subject to shareholder, court, and regulatory approvals and other customary closing conditions.

Other news

The Government of Canada tabled the 2022 Fall Economic Statement on November 3rd, which included investment in workers, a plan to increase immigration targets, protecting the rights of road transportation workers, launching the Canada Growth Fund, and an investment tax credit for clean technologies and for clean hydrogen. The Government forecasts a $36.4 billion deficit in 2022-2023 and real GDP growth of 3.2% in 2022 and 0.7% in 2023.
The Government of Canada announced on November 16th that regarding Baffinland Iron Mines Corporation's Mary River Mine Phase 2 development project proposal, the Government was accepting the recommendation of the Nunavut Impact Review Board (NIRB) that the proposal, in its current form, should not proceed at this time. The Government said the NIRB recommended that it not proceed due to potentially significant adverse impacts on vegetation and freshwater, leading to adverse socio-economic effects on Inuit harvesting, culture, land use, and food security in Nunavut, and also warned of adverse eco-systemic effects on marine mammals and fish, caribou, and other terrestrial wildlife.
The Government of Ontario released the 2022 Ontario Economic Outlook and Fiscal Review on November 14th, which included tax relief for small businesses and persons with disabilities, investing in the Skills Development Fund and low income seniors, and extending the cuts to the gas tax and fuel tax rates. The Government forecasts a $12.9 billion deficit in 2022-2023 and real GDP growth of 2.6% in 2022 and 0.5% in 2023.
The Canadian Union of Public Employees (CUPE) announced on November 21st that the central bargaining committee for 55,000 frontline education workers who are members of CUPE's Ontario School Boards Council of Unions (OSBCU) had reached a tentative agreement with the Ontario government and the Council of Trustees' Associations (CTA). CUPE said frontline education workers employed by 63 school boards and one school authority across the province will vote on whether or not to accept the agreement.
The Government of Alberta released its 2022-23 Mid-year Fiscal Update and Economic Statement on November 24th. The Government forecasts a $12.3 billion surplus in 2022-2023 and real GDP growth of 4.8% in 2022 and 2.7% in 2023.
The Government of Saskatchewan announced on November 1st it had introduced the Saskatchewan First Act which amends the Constitution of Saskatchewan to confirm Saskatchewan's sovereign autonomy and asserts Saskatchewan's exclusive legislative jurisdiction under the Constitution of Canada over a number of areas, including:
- the exploration for non-renewable natural resources;
- the development, conservation and management of non-renewable natural and forestry resources; and,
- the operation of sites and facilities for the generation and production of electrical energy.
Vancouver-based Ritchie Bros. Auctioneers Incorporated and IAA, Inc. of Illinois announced they had entered into a definitive agreement under which Ritchie Bros. will acquire IAA, a digital marketplace connecting vehicle buyers and sellers, in a stock and cash transaction valued at approximately USD $7.3 billion including the assumption of net debt. The companies said the transaction is expected to close in the first half of 2023, subject to regulatory and shareholder approval and other customary closing conditions.
New Brunswick-based Cooke Inc., parent company of Cooke Aquaculture Inc., announced the completion of its acquisition of Tassal Group Limited of Australia for a total enterprise value of approximately $1.5 billion.
EDF Renewables of France, EIH S.à.r.l, a subsidiary of Calgary-based Enbridge Inc, and CPP Investments of Toronto announced that the 480-megawatt Saint-Nazaire Offshore Wind Farm off the southwest coast of France is now fully operational. EDF, EIH, and CPP officially launched construction of the wind farm in September 2019 alongside industrial partners and local stakeholders.

United States and other international news

The U.S. Federal Open Market Committee (FOMC) raised the target range for the federal funds rate by 75 basis points to 3.75% to 4.00% and said it anticipates that ongoing increases in the target range will be appropriate. The last change in the target range was a 75 basis points increase in September 2022. The Committee also said it will continue reducing its holdings of Treasury securities and agency debt and agency mortgage-backed securities.
The Bank of England's Monetary Policy Committee (MPC) voted to increase the Bank Rate by 75 basis points to 3.0%. The last change in the Bank Rate was a 50 basis points increase in September 2022.
The Monetary Policy and Financial Stability Committee of Norway's Norges Bank raised the policy rate by 25 basis points to 2.5%. The last change in the policy rate was a 50 basis points increase in September 2022.
The Executive Board of Sweden's Riksbank raised the repo rate by 75 basis points to 2.5%. The last change in the repo rate was a 100 basis points increase in September 2022.
The Reserve Bank of Australia (RBA) increased the target for the cash rate by 25 basis points to 2.85%. The last change in the target for the cash rate was a 25 basis points increase in October 2022.
The Reserve Bank of New Zealand (RBNZ) increased the Official Cash Rate (OCR), its main policy rate, by 75 basis points to 4.25%. The last change in the OCR was a 50 basis points increase in October 2022.
The Bahamas-based FTX Trading Ltd. announced that it, West Realm Shires Services Inc., Almeda Research Ltd., and approximately 130 additional affiliated companies had commenced voluntary proceedings under Chapter 11 of the United States Bankruptcy Code in order to begin an orderly process to review and monetize assets.
California-based HP Inc. announced it expects to reduce gross global headcount by approximately 4,000-6,000 employees, to be completed by the end of fiscal 2025.

Financial market news

West Texas Intermediate crude oil closed at USD $78.20 per barrel on November 29th, down from a closing value of USD $86.53 at the end of October. Western Canadian Select crude oil traded in the USD $55 to $72 per barrel range throughout November. The Canadian dollar closed at 73.65 cents U.S. on November 29th, up from 73.27 cents U.S. at the end of October. The S&P/TSX composite index closed at 20,277.41 on November 29th, up from 19,426.14 at the end of October.

Survey on Sexual Misconduct in the Canadian Armed Forces

Date: September 2022

Program manager: Director, Centre for Social Data Integration and Development Director General, Social Data Insights, Integration and Innovation Branch

Reference to Personal Information Bank (PIB):

Personal information collected through the Survey on Sexual Misconduct in the Canadian Armed Forces is described in Statistics Canada's "Special Surveys" Personal Information Bank. The Personal Information Bank refers to information collected through Statistics Canada's ad hoc surveys which are conducted on behalf of other government departments, under the authority of the Statistics Act. "Special surveys" covers a variety of socio-economic topics including health, housing, labour market, education and literacy, as well as demographic data.

The "Special Surveys" Personal Information Bank (Bank number: StatCan PPU 026) is published on the Statistics Canada website under the latest Info Source chapter.

Description of statistical activity:

Statistics Canada will be conducting the Survey on Sexual Misconduct in the Canadian Armed Forces, on a cost-recovery basis on behalf of the Department of National Defence. The survey will provide insight on sexual assault, sexualized and discriminatory behaviours, and knowledge and perceptions of policies and responses to sexual misconduct. This will be the third collection cycle for the Department of National Defence on this topic; the survey is collected every two years, with the previous two cycles being 2016 and 2018 (the 2020 collection was postponed due to COVID-19).

The survey content includes questions on witnessing and experiencing inappropriate sexual behaviours, discrimination based on sex, sexual orientation, or gender identity, and incidences of sexual assault. It also includes questions about the characteristics of sexual misconduct behaviours and incidences, their impact and reporting of these experiences. Additionally, it contains questions on the age, sex at birth, gender identity, visible minority, Indigenous status, and disability of the respondent. The survey includes specific questions about military members and reservists and their rank over the past 12 months leading up to collection.

This data will be collected from all Regular Force members (approximately 56,000 members, with some exclusions) and members of the Primary Reserve (approximately 27,000) using an employee list provided by the Department of National Defence. This survey is conducted under the authority of the Statistics Act and the response rate is expected to be 30%. Although this collection is being performed for the Department of National Defence, there is no data sharing agreement nor any intent or plan to share any microdata from this survey with them; only aggregate results will be reported. As with previous cycles, SSMCAF 2022 is requesting an exemption from the Directive of Informing Survey Respondents (ISR) to remove the general statement related to data linkage.

Reason for supplement:

While the Generic Privacy Impact Assessment (PIA) addresses most of the privacy and security risks related to statistical activities conducted by Statistics Canada and applied to the two previous cycles of the survey (2016 & 2018), this supplement describes the measures (see below, Mitigation Factors) being implemented for collection and access to the information for this cycle due to the sensitivity of the questions asked and the public scrutiny surrounding sexual misconduct in the Canadian Armed Forces following the release of the Independent External Comprehensive Review on the Department of National Defence and the Canadian Armed Forces in May 2022 highlighting deficiencies around the management of sexual misconduct. This supplement also presents an analysis of the necessity and proportionality of this new collection of personal information.

Necessity and Proportionality

The collection and use of personal information for the Mental Health and Access to Care Survey can be justified against Statistics Canada's Necessity and Proportionality Framework:

Necessity:
The Survey on Sexual Misconduct in the Canadian Armed Forces will support the Department of National Defence's continued efforts to address and prevent sexual misconduct in its workplace and amongst its workforce. The content of the survey, including the personal information being requested, was deemed necessary for understanding, and, ultimately, preventing and addressing experiences of inappropriate sexual behaviours. Research suggests the risk of experiencing sexual harassment and victimization varies according to a number of factors, many of which require the collection of personal information, such as age. Gathering non-identifiable data would not enable the identification of these risk factors and would result in potentially ineffective interventions.

Research on sexual misconduct has identified certain risk factors such as gender, education, income, visible minority status, disability status and marital status. The data will be analyzed according to these factors to determine if they are also associated with an increased risk of sexual harassment and victimization in the workplace specifically.

This work has become even more necessary in light of the publication of the Independent External Comprehensive Review on the Department of National Defence and the Canadian Armed Forces released in May 2022 highlighting deficiencies around the management of sexual misconduct. Notably, this report also highlighted privacy concerns around the Department of Defence's own sexual misconduct tracking and analysis system, further justifying the need for Statistics Canada, Canada's foremost statistical expert, to collect and analyze data independently.
Effectiveness - Working assumptions:
Conducting surveys is the only way to obtain estimates of both reported and unreported sexual misconduct. This is required in order to fully understand the scope of sexual misconduct in the workplace and to put in place preventative measures. This high quality, timely and relevant data will help inform workplace codes of conduct, as well as other policies, laws and programs designed to prevent and respond to sexual misconduct in the workplace. The survey is a census of individuals working for the Canadian Armed Forces. The expected benefit of the project will be proportional to the quality of the data.

Other surveys of a similar nature have been carried out by Statistics Canada, such as:
- Survey of Sexual Misconduct at Work (SSMW) (PIA);
- Survey of Safety in Public and Private Spaces (SSPPS);
- Survey of Individual Safety in the Postsecondary Student Population (SISPSP) (PIA);
- General Social Survey (GSS) on Victimization, 1999, 2004, 2014, 2019; and,
- General Statistics Survey (GSS) at Work and Home.
These surveys provide valuable insights and are also used to study the prevalence of sexual harassment over time.
Proportionality:
Proportionality has been considered based on the following elements – sensitivity and ethics:
- Sensitivity: The Survey on Sexual Misconduct in the Canadian Armed Forces is a voluntary survey, and the collection method is similar to other voluntary household surveys. Due to the fact that this information is submitted voluntarily, the risk related to the high sensitivity of this data collection method is considered low. However, the nature of the questions in this survey are of a more sensitive nature. As such, additional mitigation factors (see below) are being implemented to ensure that the collection methods are proportional to the needs for the data.
- Ethics: The Survey on Sexual Misconduct in the Canadian Armed Forces has been developed using past, similar surveys as precedents to determining best practices, in particular to assist victims in accessing support and to reduce response burden. Additional steps are being taken to reduce burden and assist the Survey on Sexual Misconduct in the Canadian Armed Forces respondents (see below, Mitigation Factors).
Data collected through the Survey on Sexual Misconduct in the Canadian Armed Forces will contain only the variables required to achieve the statistical goals of the survey. The public benefits of the survey findings, which are expected to inform policies, programs and support services aimed at improving workplace culture and work-related settings, are believed to be proportional to the potential privacy intrusion for this voluntary survey. The results will be used to inform policies and training to promote culture change and future support services for those affected by sexual misconduct.
Alternatives:
Few sources have gathered data on self-reported sexual victimization in the workplace. In 2016, the General Social Survey provided some insight on sexual harassment in a survey focused on the larger topic of Canadians at work and home. In 2017, Insights West, a market research firm surveyed women exclusively on whether and how often they experience sexual harassment at work. That same year, Employment and Social Development Canada surveyed 1,000 people and held public consultations to better understand the types of harassment behaviours that take place in Canadian workplaces. However, no other quality sources report comprehensive and in-depth information such as the characteristics, impact and reporting of these incidents or the industries and settings in which they occur. Furthermore, existing crime data available from administrative data sources are limited to officially reported events that meet the threshold for criminality and are known to significantly underrepresent true rates of sexual victimization in the population. As such, data gaps exist and more information is needed in order to help guide policies, laws, programs and support services that prevent and respond to these behaviours in the workplace. Additionally, considering the potential bias in the Department of National Defence's own reporting and analysis system, no viable data alternatives exist that could provide such information on the Canadian Armed Forces population specifically. Finally, despite previous cycles of the Survey on Sexual Misconduct in the Canadian Armed Forces providing similar insight, the issue persists, necessitating this regular data collection; it will also provide more up to date information than the previous 2018 cycle, as regular collections allow for time-series analyses which may provide even greater insight in the form of trends and comparisons.

Mitigation factors:

This content has undergone in-person testing, including a voluntary round of sensitivity testing to identify and address potential sources of harm for future respondents. As expected, some questions were considered sensitive by the test respondents but the overall risk of harm to survey participants was deemed manageable through the mitigating actions outlined here.

Consent

All respondents will be informed that their participation is voluntary before being asked any questions.

Access to personal information

Statistics Canada has established that answers collected from survey respondents will not be disclosed to the Department of National Defence or Canadian Armed Forces members. As with previous cycles, the master files for analysis will be placed in Research Data Centres (where all data sets have been stripped of personal details such as names, addresses and phone numbers that could be used to identify particular individuals), with additional clear restrictions preventing employees of the Department of National Defence or members of the Canadian Armed Forces from accessing. Furthermore, all results from analysis conducted at Research Data Centres is vetted by Statistics Canada, thus ensuring confidentiality of the survey respondents from their employer.

Support Services

Since survey questions may evoke emotional reactions from the respondents, contact information for support services and resources for victims of sexual violence will be made available to respondents in various forms, including in material communicated in their workplace, material included on the survey questionnaire and on the Statistics Canada website.

Feedback

At the end of the survey questionnaire, we have included an open question to understand the experience and impact that the survey had on respondents. We hope to be able to draw the same conclusions that other surveys on the topic have made: that although this topic is a difficult one, respondents appreciate being heard, feel valued and believe there are benefits to the survey.

Conclusion:

This assessment concludes that, with the existing Statistics Canada safeguards, any remaining risks are such that Statistics Canada is prepared to accept and manage the risk.

Instruction in the Minority Official Language – 2021 Census promotional material

Help spread the word about 2021 Census data on instruction in an official language minority in Canada. These data were released on November 30, 2022.

Quick facts

The 2021 Census of Population provides new data on the children eligible for instruction in the minority official language at the primary and secondary levels, based on the three criteria established by the Canadian Charter of Rights and Freedoms.
In 2021, 897,000 children were eligible for instruction in the minority official language at the primary and secondary levels, namely in English in Quebec (304,000) and in French in Canada outside Quebec (593,000).
Among the provinces and territories in Canada outside Quebec, Ontario (350,000), Alberta (67,000), British Columbia (56,000), New Brunswick (49,000) and Manitoba (30,000) had the highest population of children eligible for instruction in French.
Among the provinces and territories, New Brunswick (36.0%), Quebec (18.1%), Yukon (14.1%) and Ontario (12.6%) had the largest proportions of children eligible for instruction in the minority official language. About 1 in 10 children (10.5%) were eligible for instruction in French in Canada outside Quebec.
Across Canada, over 90% of eligible children were living within 15 kilometres of a minority official language school.
In Canada outside Quebec, 292,000 school-aged children attended a regular French program at a primary or secondary French-language school in Canada, representing 64.7% of eligible children aged 5 to 17. This proportion was higher in New Brunswick (80.6%) and Yukon (71.0%), but lower in British Columbia (55.7%), Newfoundland and Labrador (54.2%) and Alberta (49.6%). In Quebec, 175,000 school-aged children attended an English primary or secondary school in Canada, representing 76.2% of eligible children aged 5 to 17 in this province.
The new data on language of instruction show that, among persons in Canada outside Quebec aged 5 years and older, almost 1.2 million studied in a regular French program in a French-language school, 1.6 million in a French immersion program, and 137,000 in both types of programs.
Nearly 1 million people aged 5 and older living in Quebec at the time of the 2021 Census studied at an English primary or secondary school in Canada.

Resources

The Daily- 897,000 children are eligible for instruction in the minority official language in Canada)

Social media content

Statistics Canada encourages our community supporters to share our content and images to their own social media accounts. You can save the images to your device and copy and paste the text content to your social media platforms.

Post 1

Almost one in eight children in Canada was admissible for instruction in the official minority language in 2021. Check out the new #2021Census data on the topic here:

bit.ly/3VR0byb

Download image for post 1

Post 1

New data from the #2021Census reveal an updated portrait on instruction in the official minority language in Canada, not only for children, but also for adults.

For more info:

bit.ly/3VR0byb

Download image for post 2

Web images

Official Language Tile (JPG, 103 KB)

Terms of use

See the terms of use for information on the approved use of official wordmarks, identifiers and content.

Report a problem or mistake on this page

Date modified:: 2022-12-08

Labour and Language of Work – 2021 Census promotional material

Help spread the word about 2021 Census data on labour and language of work in Canada. These data were released on November 30, 2022.

Quick facts

In the face of population aging and the COVID-19 pandemic, the number of health care workers increases by over 200,000 in five years to 1.5 million in 2021.
The construction industry, with over 1.3 million workers, continues to be an important employer for men, who work mostly as labourers and in skilled trades.
Growth in professional, scientific and technical services employment outpaces that of all other industries, with 1.5 million employed in 2021.
Four million Canadians are working in sales and service occupations.
The participation rate fell from 65.2% in 2016 to 63.7% in 2021 as more baby boomers near or enter retirement age.
From 2016 to 2021, a record 1.3 million new immigrants came to Canada seeking opportunities, boosting labour market growth.
Recent immigrants in 2021 experienced lower unemployment rates than earlier cohorts.
Participation rates increased from 2016 to 2021 for many racialized groups, with notable increases for Korean and West Asian Canadians.
Participation rates declined for First Nations people and Inuit as their labour force growth lags behind their population increases.
In Canada's biggest cities, employment rates in 2021 are highest among those in Quebec and the Prairies.
The information and communication technology sector is a key employer in six Canadian high-tech hubs, and employed more than 600,000 workers nationally in 2021.
In May 2021, there were 4.2 million people working at home, up from 1.3 million in 2016.
Working at home is most prominent in big cities and among people in professional occupations—with over 5% of teleworkers relocating from where they lived 12 months earlier.
Despite a record-high number and share of Canadians speaking a non-official language at home, English and French remained the languages of convergence in workplaces across the country as 98.7% of workers used one of these two languages most often at work. Overall, 77.1% of workers mainly used English at work, 19.9% mainly used French, and 1.7% used English and French equally.

Resources

Social media content

Statistics Canada encourages our community supporters to post our content and images to their own social media accounts. You can save the images to your device and copy and paste the text content to your social media platforms to share.

Post 1

#DYK? Healthcare and social assistance; construction; and professional, scientific and technical services accounted for nearly one third of all employment in Canada in 2021.

To learn more, check out our new #2021Census data:

bit.ly/3gJqpDK

Download image for post 1

Post 1

In 2021, immigrants made up over one-quarter of Canada's core-aged labour force.

For more info from the #2021Census :

bit.ly/3gJqpDK

Download image for post 2

Post 31

While more Canadians than ever speak a non-official language at home, 77.1% of workers mainly used English at work, 19.9 % mainly used French, and 1.7% used both equally.

Learn more from the #2021Census data:

bit.ly/3gJqpDK

Download image for post 3

Web Images

Labour Tile (JPG, 111 KB)

Terms of use

See the terms of use for information on the approved use of official wordmarks, identifiers and content.

Report a problem or mistake on this page

Date modified:: 2023-01-03

Privacy preserving technologies, part three: Private statistical analysis and private text classification based on homomorphic encryption

By: Benjamin Santos and Zachary Zanussi, Statistics Canada

Introduction

What's possible in the realm of the encrypted and what use cases can be captured with homomorphic encryption? The Data Science Network's first article in the privacy preserving series, A Brief Survey of Privacy Preserving Technologies, introduces privacy enhancing technologies^{Footnote 1} (PETs) and how they enable analytics while protecting data privacy. The second article in the series, Privacy Preserving Technologies Part Two: Introduction to Homomorphic Encryption, took a deeper look at one of the PETs, more specifically homomorphic encryption (HE). In this article, we describe applications explored by data scientists at Statistics Canada in encrypted computation.

HE is an encryption technique that allows computation on encrypted data as well as several paradigms for secure computing. This technique includes secure outsourced computing, where a data holder allows a third party (perhaps, the cloud) to compute on sensitive data while ensuring that input data is protected. Indeed, if the data holder wants the cloud to compute some (polynomial) function $f$ on their data $v$ , they can encrypt it into a ciphertext, denoted $[v]$ , send it safely to the cloud which computes $f$ homomorphically to obtain $[f (v)]$ , and forward the result back to the data holder, who can decrypt and view $f (v)$ . The cloud has no access to the input, output, or any intermediate data values.

Figure 1: Illustration of a typical HE workflow.

An illustration of a typical HE workflow. The data, $v$ , is encrypted, putting it in a locked box $[v]$ . This value is sent to the compute party (the cloud). Gears turn and the input encryption $[v]$ is transformed into the output encryption, $[f (v)]$ , as desired. This result is forwarded back to the owner who can take it out of the locked box and view it. The cloud doesn't have access to input, output, or intermediate values.

HE is currently being considered by international groups for standardization. The Government of Canada does not recommend HE or the use of any cryptographic technique before it's standardized. While HE is not yet ready for use on sensitive data, this is a good time to explore its capabilities and potential use cases.

Scanner data

Statistics Canada collects real time data from major retailers for a variety of data products. This data describes the daily transactions performed such as a description of the product sold, the transaction price, and metadata about the retailer. This data is called "scanner data", after the price scanners used to ring a customer through checkout. One use of scanner data is to increase the accuracy of the Consumer Price Index, which measures inflation and the strength of the Canadian dollar. This valuable data source is treated as sensitive data—we respect the privacy of the data and the retailers that provide it.

The first step in processing this data is to classify the product descriptions into an internationally standardized system of product codes known as the North American Product Classification System (NAPCS) Canada 2017 Version 1.0. This hierarchical system of seven-digit codes is used to classify different types of products for analysis. For example, one code may correspond to coffee and related products. Each entry in the scanner data needs to be assigned one of these codes based on the product description given by the retailer. These descriptions, however, are not standardized and may differ widely between different retailers or across different brands of similar products. Thus, the desired task is to convert these product descriptions, which often include abbreviations and acronyms, into their codes.

After they've been classified, the data is grouped based on its NAPCS code and statistics are computed on these groups. This allows us to gain a sense of how much is spent on each type of product across the country, and how this value changes over time.

Figure 2: High level overview of the scanner data workflow with sample data.

High level overview of the scanner data workflow. First, the product descriptions are classified into NAPCS codes. Examples are given: "mochi ice cream bon bons" is assigned NAPCS code 5611121, while "chipotle barbeque sauce" is assigned 5611132. Application 2 is to assign these codes to the descriptions. The product descriptions have a few identifiers and a price value attached. Application 1 is to sort the data by these codes and identifiers, and compute statistics on the price values.

Sample dataset 1

Description ID1 ID2 Value

"mochi ice cream bon bons" 054 78 $5.31

"chipotle barbeque sauce" 201 34 $3.80

Application 2

Sample dataset 2

NAPCS ID1 ID2 Value

5611121 054 78 $5.31

5611132 201 34 $3.80

Application 1

Statistics (total, mean, variance)

Sample dataset 1
Description	ID1	ID2	Value
"mochi ice cream bon bons"	054	78	$5.31
"chipotle barbeque sauce"	201	34	$3.80

Sample dataset 2
NAPCS	ID1	ID2	Value
5611121	054	78	$5.31
5611132	201	34	$3.80

Given the data's sensitivity and importance, we've targeted it as a potential area where PETs can preserve our data workflow while maintaining the high level of security required. The two tasks above have, up to now, been performed within Statistics Canada's secure infrastructure, where we can be sure the data is safe at the time of ingestion and throughout its use. In 2019, when we were first investigating PETs within the agency, we decided to experiment using the cloud as a third-party compute resource, secured by HE.

We model the cloud as a semi-honest party, meaning it will follow the protocol we assign it, but it will try to infer whatever it can about the data during the process. This means we need sensitive data to always be encrypted or obscured. As a proof-of-concept, we replaced the scanner data with a synthetic data source, which allows us to conduct experiments without putting the security of the data at risk.

Application 1: Private statistical analysis

Our first task was to perform the latter part of the scanner data workflow – the statistical analysis. We constructed a synthetic version of the scanner data to ensure its privacy. This mock scanner data consisted of thirteen million records, each consisting of a NAPCS code, a transaction price, and some identifiers. This represents about a week's worth of scanner data from a single retailer. The task was to sort the data into lists, encrypt it, forward it to the cloud, and instruct the cloud to compute the statistics. The cloud would then forward us the still-encrypted results, so we could decrypt and use them for further analysis.

Suppose our dataset is sorted into lists of the form $v = (v_{1}, \dots, v_{l})$ . It's relatively straightforward to encrypt each value $v_{i}$ into a ciphertext $[v_{i}]$ and send the list of ciphertexts $([v_{1}], \dots, [v_{l}])$ to the cloud. The cloud can use homomorphic addition and multiplication to calculate the total, mean, and variance and return these as ciphertexts to us (we'll see how division is handled for the mean and variance later in this article). We do this for every list, and decrypt and view our data. Simple, right?

The problem with a naïve implementation of this protocol is data expansion. A single CKKS^{Footnote 2} ciphertext is a pair of polynomials of degree $2^{14}$ with 240-bit coefficients. All together, it may take 1 MB to store a single record. Over the entire dataset of thirteen million, this becomes 13 TB of data! The solution to this problem is called packing.

Packing

Ciphertexts are big, and we have a many small pieces of data. We can use packing to store an entire list of values into a single ciphertext, and the CKKS scheme allows us to perform Single Instruction Multiple Data (SIMD) type operations on that ciphertext, so we can compute several statistics at once! This ends up being a massive increase in efficiency for many HE tasks, and a clever data packing structure can make the difference between an intractable problem and a practical solution.

Suppose we have a list of $l$ values, $v = (v_{1}, v_{2}, \dots, v_{l})$ . Using CKKS packing, we can pack this entire list into a single ciphertext, denoted by $[v]$ . Now, the operations of homomorphic addition and multiplication occur slot-wise in a SIMD fashion. That is, if $u = (u_{1}, u_{2}, \dots, u_{l})$ encrypts to $[u]$ , then we can compute homomorphic addition to get

$[u] \oplus [v] = [u + v]$

where $[u + v]$ is an^{Footnote 3} encryption of the list $(u_{1} + v_{1}, u_{2} + v_{2}, \dots, u_{l} + v_{l})$ . This homomorphic addition takes as much time to compute as if there was only one value in each ciphertext, so it's clear we can get an appreciable efficiency boost via packing. The downside is that we now must use this vector structure in all of our calculations, but with a little effort, we can figure out how to vectorize relevant calculations to take advantage of packing.

Figure 3: An illustration of packing. The four values can either be encrypted into four separate ciphertexts, or all be packed into one.

An illustration of packing. Four values, $v_{1}, v_{2}, v_{3}, v_{4}$ , need to be encrypted. In one case, they can all be encrypted into separate ciphertexts, depicted as locked boxes. In another, we can pack all four values into a single box. In the former case, it will take four boxes, which is less efficient to store and to work with. The latter case, packing as many values as possible, is almost always preferred.

Now I know what you are thinking - doesn't packing, which stores a bunch of values within a vector, make it impossible to compute values within a list? That is, if we have $v = (v_{1}, v_{2}, \dots, v_{l})$ , what if I wanted $v_{1} + v_{2}$ ? We have access to an operation known as rotation. Rotation takes a ciphertext that is an encryption of $(v_{1}, v_{2}, \dots, v_{l})$ and turns it into $R o t ([v])$ , which is an encryption of $(v_{2}, v_{3}, \dots, v_{l}, v_{1})$ . That is, it shifts all the values left in one slot, sliding the first value into the last slot. So, by computing $[v] \oplus R o t ([v])$ , we get

$(v_{1} + v_{2}, v_{2} + v_{3}, \dots, v_{l} + v_{1})$ ,

and the desired value is in the first slot.

Mathematically, packing is achieved by exploiting the properties of the cleartext, plaintext and ciphertext spaces. Recall that the encryption and decryption functions are maps between the latter two spaces. Packing requires another step called encoding, which encodes a vector of (potentially complex, though in our case, real) values $v$ from the cleartext space into a plaintext polynomial $p$ . While the data within $p$ is not human-readable as-is, it can be decoded into the vector of values by any computer without requiring any keys. The plaintext polynomial $p$ can then be encrypted into the ciphertext $[v]$ and used to compute statistics on scanner data.^{Footnote 4}

Efficient statistical analysis using packing

Getting back to the statistical analysis on scanner data, remember that the problem was that encrypting every value into a ciphertext was too expensive. Packing will allow us to vectorize this process, making its orders of magnitude more efficient in terms of communication and computation.

We can now begin to compute the desired statistics on our list $v = (v_{1}, v_{2}, \dots, v_{l})$ . The first value of interest is the total, $T_{v} = \sum_{i = 1}^{l} v_{i}$ , obtained by summing all the values in the list. After encrypting $v$ into a packed ciphertext $[v]$ , we can simply add rotations of the ciphertext $[v]$ to itself until we have a slot with the sum of all the values. In fact, we can do better than this naïve strategy of $l$ rotations and additions- we can do it in $\log_{2} l$ steps by rotating one slot first, then by two slots, then four, then eight, and so on until we get the total $T_{v}$ in a slot.

Next, we want the mean, $M_{v} = T_{v} / l$ . To do this, we encrypt the value $1 / l$ into the ciphertext $[1 / l]$ and send it along with the list $[v]$ . We can then simply multiply this value by the ciphertext that we got when computing the total. It's a similar story for the variance, $V_{v} = 1 / l \sum_{i = 1}^{l} (v_{i} - M_{v})^{2}$ , where we subtract the mean from $[v]$ , multiply the result by itself, compute the total again, and then multiply again by the $[1 / l]$ ciphertext.

Let's investigate the savings that packing afforded us. In our case, we had about 13 million data points which separates into 18,000 lists. Assuming that we could pack every list into a single ciphertext, that reduces the size of the encrypted dataset by almost three orders of magnitude. But in reality, the different lists were all different sizes, with some being as large as tens of thousands of entries and others as small as two or three, with the majority falling in the range of hundreds to thousands. Through some clever manipulation, we were able to pack multiple lists into single ciphertexts and run the total, mean, and variance algorithms for them all at once. By using ciphertexts that can pack 8,192 values at once, we were able to reduce the number of ciphertexts to just 2,124. At about 1 MB per ciphertext, this makes the encrypted dataset about two gigabytes (GBs). With the cleartext data taking 84 megabytes (MB), this left us with a data expansion factor of about 25 times. Overall, the encrypted computation took around 19 minutes, which is 30 times longer than unencrypted.

Application 2: Private text classification based on homomorphic encryption

Next, we tackled the machine learning training task. Machine learning training is a notoriously expensive task, so it was unclear whether we'd be able to implement a practical solution.

Next, we tackled the machine learning training task. Machine learning training is a notoriously expensive task, so it was unclear whether we'd be able to implement a practical solution. Recall the first task in the scanner data workflow - the noisy, retailer-dependent product descriptions need to be classified into the NAPCS codes. This is a multiclass text classification task. We created a synthetic dataset from an online repository of product descriptions and tagged them with one of five NAPCS codes.

Running a neural network is basically multiplying a vector past a series of matrices, and training a neural network involves forward passes, which is evaluating training data in the network, as well as backward passes, which is using (stochastic) gradient descent and the chain rule to find the best way to update the model parameters to improve performance. All this boils down to multiplying values by other values, and by having access to homomorphic multiplication, training an encrypted network is possible in theory. In practice, this is hampered by a core limitation of the CKKS scheme: the leveled nature of homomorphic multiplications. We'll discuss this element first, and then explore the different protocol aspects designed to mitigate it.

Ciphertext levels in CKKS

In order to protect your data during encryption, the CKKS scheme adds a small amount of noise to each ciphertext. The downside is that this noise accumulates with consecutive operations and needs to be modulated. CKKS has a built-in mechanism for this, but unfortunately it only allows for a bounded number of operations on a single ciphertext.

Suppose we have two freshly encrypted ciphertexts - $[v_{1}]$ and $[v_{2}]$ . We can homomorphically multiply them to get the ciphertext $[v_{1} \otimes v_{2}]$ . The problem is that the noise^{Footnote 5} in this resulting ciphertext is much larger than in the freshly encrypted ones, so if we multiplied it by freshly encrypted $[v_{3}]$ , the result would be affected by this mismatch.

What would first have to rescale the ciphertext $[v_{1} \otimes v_{2}]$ . This is transparently handled by the HE library, but under the hood, the ciphertext is moved to a slightly different space. We say that $[v_{1} \otimes v_{2}]$ has been moved down a level, meaning. the ciphertext started out on level $L - 1$ , and after rescaling, it is left on level $L - 1$ . The value $L$ is determined by the security parameters we chose when we set up the HE scheme.

Now we have $[v_{1} \otimes v_{2}]$ which has a normal amount of noise but is on level $L - 1$ , and the freshly encrypted $[v_{3}]$ which is still on level $L$ . Unfortunately, we can't perform operations on ciphertexts that are on different levels, so we first have to reduce the level of $[v_{3}]$ to $L - 1$ by modulus switching. Now that both ciphertexts are on the same level, we can finally multiply them as desired. We don't need to rescale the result of additions, but we do for every multiplication.

Figure 4: An illustration of levels

An illustration of levels. On the left we can see the level on which each ciphertext resides: from top to bottom, we have levels $L$ , $L - 1$ , and $L - 2$ . Freshly encrypted $v_{1}$ , $v_{2}$ , and $v_{3}$ all inhabit level $L$ on top. After multiplying, $v_{1} \otimes v_{2}$ move down to level $L - 1$ . If we want to multiply $v_{1} \otimes v_{2}$ by $v_{3}$ , we need to first bring $v_{3}$ down to level $L - 1$ . The resulting product, $v_{1} \otimes v_{2} \otimes v_{3}$ lives on level $L - 2$ .

This leveled business has two consequences. One, the developer needs to be conscious of the level of the ciphertexts they're using. And two, the ciphertexts will eventually reach level 0 after many consecutive multiplications, at which point it's spent, and we can't perform any more multiplications.

There are a few options for extending computations beyond the number of levels available. The first is a process called bootstrapping, where the ciphertext is homomorphically decrypted and re-encrypted, resulting in a fresh ciphertext. This process can theoretically result in an unbounded number of multiplications. However, the added expense adds a cost to the computation. Alternatively, one can refresh the ciphertexts by returning them to the secret key holder, who can decrypt and re-encrypt them before returning them to the cloud. Sending ciphertexts back and forth adds a communication cost but this is sometimes worth it when there aren't many ciphertexts to send.

Impact of levels on our network structure

We had to consider this fundamental constraint on HE when designing our neural network. The process of training a network involves performing a prediction, evaluating the prediction, and updating the model parameters. This means that every round, or epoch, of training consumes multiplicative levels. We tried to minimize the number of multiplications needed to traverse forward and backward through the network to maximize the number of training rounds available. We'll now describe the network structure and the data encoding strategy.

The network architecture was inspired by the existing solution in production. This amounted to an ensemble model of linear learners. We trained several single layer networks separately, and at prediction time, we had each learner vote on each entry. We chose this approach because it reduced the amount of work required to train each model - less training time meant fewer multiplications.

Each layer in a neural network is a weight matrix of parameters multiplied by data vectors during the forward pass. We can adapt this to HE by encrypting each input vector into a single ciphertext and encrypting each row of the weight matrix into another ciphertext. The forward pass then becomes several vector multiplications, followed by logarithmically many rotations and multiplications to compute the sum of the outputs (recall that matrix multiplication is a series of dot products, which are a component-wise multiplication followed by computing the sum resulting values).

Preprocessing is an important part of any text classification task. Our data were short sentences which often contained acronyms or abbreviations. We chose to use a character $n$ -gram encoding with $n$ equal to three, four, five, and six - "ice cream" was broken into the 3-grams {"ice", "cre", "rea", "eam"}. These $n$ -grams were collected and enumerated over the entire dataset and were used to one-hot encode each entry. A hashing vectorizer^{Footnote 6} was used to reduce the dimension of the encoded entries.

Similarly, to how we packed multiple lists together in the statistical analysis, we found we could pack together multiple models and train them at once. Using a value $N = 2^{15}$ meant we could pack 16,384 values into each ciphertext, so if we hashed our data to 4,096 dimensions, we could fit four models into each ciphertext. This had the added benefit of reducing the number of ciphertexts required to encrypt our dataset by a factor of four. Meaning we could train four models simultaneously.

Our choice of encryption parameters meant we had between 12 and 16 multiplications before we ran out of levels. With a single layer network, the forward pass and backward pass took two multiplications each, leaving us room for three to four epochs before our model ciphertexts were spent. Our ensembles meant we could train several ciphertexts worth of models if desired, meaning we could have as many learners as desired at the cost of additional training time. Carefully modulating which models learned on what data helped us maximize the overall performance of the ensemble.

Our dataset consisted of 40,000 training examples and 10,000 test examples each evenly distributed over our five classes. To train four submodels for six epochs took five hours and resulted in a model that obtained 74% accuracy on the test set. Using the ciphertext refreshing tactic previously described, we can hypothetically train for as many epochs as we'd like, though every refresh adds more communication cost to the process^{Footnote 7}. After training, the cloud sends the encrypted model back to StatCan, and we can run it in the cleartext on data in production. Or we can keep the encrypted model on the cloud and run encrypted model inference when we have new data to classify.

Conclusion

This concludes the Statistics Canada series of applications of HE to scanner data explored to date. HE has a number of other applications which might prove interesting to a national statistics organization such as Private Set Intersection, in which two or more parties jointly compute the intersection of private datasets without sharing them, as well as Privacy Preserving Record Linkage, where parties additionally link, share, and compute on microdata attached to their private datasets.

There's a lot left to explore in the field of PETs and StatCan is working to leverage this new field to protect the privacy of Canadians while still delivering quality information that matters.

Meet the Data Scientist

If you have any questions about my article or would like to discuss this further, I invite you to Meet the Data Scientist, an event where authors meet the readers, present their topic and discuss their findings.

Thursday, December 15
2:00 to 3:00 p.m. ET
MS Teams – link will be provided to the registrants by email

Footnotes

Footnote 1

The terminology "privacy enhancing techniques (PPT)" was used in previous articles of the series. However, the term "privacy enhancing technologies (PET)" is also used interchangeably within the literature.

Return to footnote 1 referrer

Footnote 2

Named after the authors Cheon, Kim, Kim, & Song of a homomorphic encryption scheme for arithmetic of approximate numbers, see references.

Return to footnote 2 referrer

Footnote 3

This is a subtle but important point to make. The encryption function employed in homomorphic encryption is always randomized, so that computing the encryption of the same value with the same key twice gives you different encryptions. This is necessary, because otherwise an adversary can simply compute encryptions of a bunch of different values and try to match them against unknown encrypted data. This requirement is known as semantic security in the cryptographic community.

Return to footnote 3 referrer

Footnote 4

A more detailed explanation is given here: CKKS explained: Part 1, Vanilla Encoding and Decoding

Return to footnote 4 referrer

Footnote 5

There are two factors at play here. Not only is the noise larger in the product ciphertext, but the scale is also larger. We won't discuss scale in this article, but the interested reader can learn more here: Craig Gentry's PhD Thesis.

Return to footnote 5 referrer

Footnote 6

A hashing vectorizer is a technique used in Natural Language Processing that converts a collection of text documents to a matrix of token occurrences. A popular implementation can be found here: sklearn.feature_extraction.text.HashingVectorizer

Return to footnote 6 referrer

Footnote 7

To put things in perspective, the cleartext model attains nearly the same accuracy in 80 epochs on a few seconds of overall training time.

Return to footnote 7 referrer

References

North American Product Classification System (NAPCS) Canada 2017 Version 1.0

Cheon, J. H., Kim, A., Kim, M., & Song, Y. (2016). Homomorphic Encryption for Arithmetic of Approximate Numbers.Cryptology ePrint Archive.

C. Gentry. (2009). A fully homomorphic encryption scheme. PhD thesis, Stanford University: Craig Gentry's PhD Thesis

Zanussi, Z., Santos B., & Molladavoudi S. (2021). Supervised Text Classification with Leveled Homomorphic Encryption. In Proceedings 63rd ISI World Statistics Congress (Vol. 11, p. 16). International Statistical Institute - Statistical Science for a Better World

Report a problem or mistake on this page

Date modified:: 2022-12-05

Quarterly Survey of Financial Statements: Weighted Asset Response Rate - third quarter 2022

Weighted Asset Response Rate
Table summary
This table displays the results of Weighted Asset Response Rate. The information is grouped by Release date (appearing as row headers), 2020, Q2, Q3, and Q4, and 2021, Q1 and Q2 calculated using percentage units of measure (appearing as column headers).
Release date	2021		2022
	Q3	Q4	Q1	Q2	Q3
	quarterly (percentage)
November 23, 2022	79.0	80.9	76.2	76.1	56.2
August 25, 2022	79.0	80.9	75.0	55.7	..
May 25, 2022	79.0	77.3	56.7	..	..
February 23, 2022	75.6	54.2	..	..	..
November 23, 2021	56.7	..	..	..	..
.. not available for a specific reference period Source: Quarterly Survey of Financial Statements (2501)

Amendment to the Employee Wellness Surveys Privacy Impact Assessment (PIA) & Supplement to Statistics Canada's Generic PIA

Statistics Act Employment and Social Development Canada (ESDC) Employee Wellness Survey (EWS)
Privacy Impact Assessment (PIA) Summary

Introduction

This amendment applies to the Employee Wellness Surveys and Pulse Check Surveys PIA (signed by the Chief Statistician on November 5, 2021), and shall also be considered a supplement to Statistics Canada's Generic Privacy Impact Assessment for statistical survey activities as this ESDC EWS will operate under the authority of the Statistics Act on a cost-recovery basis for the client, ESDC, to be administered on employees of ESDC by Statistics Canada.

Objective

An Amendment to the Employee Wellness Surveys and Pulse Check Surveys PIA & Supplement to Statistics Canada's Generic Privacy Impact Assessment – Statistics Act Employment and Social Development Canada (ESDC) Employee Wellness Survey (EWS) was conducted to determine if there were any privacy, confidentiality or security issues with this activity and, if so, to make recommendations for their resolution or mitigation.

Description

The original EWS survey was collected under the authority of the Financial Administration Act (FAA) from Statistics Canada and Statistical Survey Operations employees and was examined in the Employee Wellness Surveys - PIA, whereas this new collection will be conducted under the authority of the Statistics Act on a cost recovery basis for ESDC on their employees. As such, while Statistics Canada's Generic Privacy Impact Assessment (PIA) addresses most of the privacy and security risks related to statistical activities conducted by Statistics Canada, this amendment and supplement is required to describe how the internal HR personal information activity framework that operates under the authority of the FAA (the original EWS) is being modified to collect personal information externally under the authority of the Statistics Act.

This ESDC EWS will be administered one time, with the potential for future cycles.
One key change is that, unlike in the original EWS analysis, linking activities involving the following PIBs will not be performed for the ESDC EWS:
Another change is that for this survey, the sample file will be provided by ESDC, and it will be matched, following collection, to the survey frame that will be built by Statistics Canada from the Incumbent file. The sample file will contain basic personal information for each of their employees (first and last name, email address, first official language and Personal Record Identifier [PRI]). The Incumbent file comes from Treasury Board Secretariat (TBS), and is an extract from the Public Services and Procurement Canada (PSPC) pay system. The Incumbent file is the most comprehensive administrative file available to federal Government of Canada institutions, by nature of its relation to their pay and staffing. Although it contains a great deal of information on employees, their positions, status and pay, only a small number of variables are required and retained from this file for inclusion on the survey frame – which will only be used internally at Statistics Canada for statistical processing purposes (see Section 4 for more detail on the variables taken from the Incumbent file for employees of ESDC).
New content has been added to the questionnaire:
- Questions about organizational unit at a level of granularity which describes where within the ESDC portfolio an employee works down to branch or region (level 4) in order to ensure that the diverse yet distinct work environments found across portfolios and regions is represented and identifiable in the data.
- Questions under the TBS Personal Information Bank for Employment Equity and Diversity (PSE 918) which include Indigenous Identity, Gender, and Sociodemographic Characteristics.
  - These questions will provide important context allowing to understand unique challenges experienced by unique populations which support the Call to Action on Equity, Diversity, and Inclusion "Nothing about us, without us".
- A question which asks "Would you say you are: Heterosexual, Lesbian or gay, Bisexual, Or please specify" which provides important information about the unique experiences which may be had by different based on how a respondent identifies.
- A question which asks "On a scale from 1 to 10, where 1 is "not at all important" and 10 is "critically important", how important is addressing psychological health and safety within ESDC? " in order to determine how much weight employees give particular services or programs.
- A question which asks "How far along do you think ESDC is in terms of creating and sustaining a psychologically healthy and safe work environment? Use a scale from 1 to 10, where 1 is "Just getting started" and 10 is "Sustaining well established policies/programs/supports" in order go gauge employee perception of how mature ESDC is with their Mental Health strategy implementation.
- A question which asks "Below is a list of workplace-based services and supports available to help employees cope with challenging situations and issues related to mental health. Please indicate all the services/supports of which you are aware" in order to understand which programs employees are aware of.

Risk area identification and categorization

The risk area identification has changed from the original Employee Wellness Surveys and Pulse Check Surveys (EWSPCS) PIA in the following sub-sections; privacy risk has decreased.

Risk area identification
b) Type of personal information involved and context
Only personal information, with no contextual sensitivities, collected directly from the individual or provided with the consent of the individual for disclosure under an authorized program. (this was "2" for EWSPCS, is "1" for this ESDC Statistics Act collection)	1
g) Technology and privacy
No (specific technology category was "yes" for EWSPCS and is "no" for this ESDC Statistics Act collection)

Conclusion

This assessment of the Amendment to the Employee Wellness Surveys and Pulse Check Surveys PIA & Supplement to Statistics Canada's Generic Privacy Impact Assessment – Statistics Act Employment and Social Development Canada (ESDC) Employee Wellness Survey (EWS) did not identify any privacy risks that cannot be managed using existing safeguards.

Commuting – 2021 Census promotional material

Help spread the word about 2021 Census data on commuting in Canada. These data were released on November 30, 2022.

Quick facts

The way Canadians commute was altered in 2021 by the pandemic, with lockdowns to slow the spread of COVID-19 and changes in how and where Canadians worked leading to 2.8 million fewer commuters, compared with five years earlier.
The number of Canadians "car commuting" — that is, travelling to work by car, truck or van as a driver or as a passenger—declined by 1.7 million from five years earlier to reach 11 million in May 2021. The drop in car commuting mainly occurred among those working in professional service industries, while the number of front-line workers commuting by car increased.
There were 245,000 fewer Canadians making car commutes of at least 60 minutes, compared with May 2016.
The number of people usually taking public transit to work fell from 2 million in 2016 to 1 million in May 2021, declining for the first time since the census began collecting commuting data in 1996.
With the economy more open and most public health measures related to the pandemic removed, the number of car commuters, at 12.8 million, had exceeded 2016 levels by May 2022. However, the number of public transit commuters, at 1.2 million, remained well below pre-COVID-19 levels.
Despite the drop in public transit use, the proportion of Canadians using mass transit or walking or cycling to get to work was higher than that of Americans.
While Canadian government investments in walking and bicycle trails continues, nearly 300,000 fewer workers were usually using active transit (walking or bicycling) as a main mode of commuting in May 2021, compared with five years earlier. By May 2022, active transit commuting in the provinces had increased to 941,000 from 788,000 in May 2021, but was still lower than the 1.1 million recorded in 2016.

Resources

The Daily - Has the COVID-19 pandemic changed commuting patterns for good?

Social media content

Post 1

New #2021Census data offers important insights on what getting to work in May 2021 meant for diverse groups of Canadians.

Find the newly-released data here:

bit.ly/3EI8HZf

Download image for post 1

Post 1

The number of people usually taking public transit to work fell from 2016 to 2021, declining for the first time since the census began collecting commuting data in 1996.

Learn more:

bit.ly/3EI8HZf

Download image for post 2

Post 31

With the economy more open and most public health measures removed, the number of car commuters had exceeded 2016 levels by May 2022.

Learn more:

bit.ly/3EI8HZf

Download image for post 3

Post 4

From May 2021 to May 2022, active transit commuting had increased as a main mode of commuting, but was still lower than the 1.1 million recorded in 2016.

Learn more:

bit.ly/3EI8HZf

Download image for post 4

Web images

Commuting tile (JPG, 103 KB)

Terms of use

See the terms of use for information on the approved use of official wordmarks, identifiers and content.

Report a problem or mistake on this page

Date modified:: 2023-01-03

Information for respondents

Additional information

Your information may also be used by Statistics Canada for other statistical and research purposes.

Your participation in this survey is required under the authority of the Statistics Act.

Authority

Data are collected under the authority of the Statistics Act, Revised Statutes of Canada, 1985, Chapter S-19.

Confidentiality

By law, Statistics Canada is prohibited from releasing any information it collects that could identify any person, business, or organization, unless consent has been given by the respondent, or as permitted by the Statistics Act. Statistics Canada will use the information from this survey for statistical purposes only.

Data-sharing agreements

To reduce respondent burden, Statistics Canada has entered into data-sharing agreements with provincial and territorial statistical agencies and other government organizations, which have agreed to keep the data confidential and use them only for statistical purposes. Statistics Canada will only share data from this survey with those organizations that have demonstrated a requirement to use the data.

Section 11 of the Statistics Act provides for the sharing of information with provincial and territorial statistical agencies that meet certain conditions. These agencies must have the legislative authority to collect the same information, on a mandatory basis, and the legislation must provide substantially the same provisions for confidentiality and penalties for disclosure of confidential information as the Statistics Act. Because these agencies have the legal authority to compel businesses to provide the same information, consent is not requested and businesses may not object to the sharing of the data.

For this survey, there are Section 11 agreements with the provincial and territorial statistical agencies of Newfoundland and Labrador, Nova Scotia, New Brunswick, Quebec, Ontario, Manitoba, Saskatchewan, Alberta, British Columbia and the Yukon.

The shared data will be limited to information pertaining to business establishments located within the jurisdiction of the respective province or territory.

Section 12 of the Statistics Act provides for the sharing of information with federal, provincial or territorial government organizations. Under Section 12, you may refuse to share your information with any of these organizations by writing a letter of objection to the Chief Statistician, specifying the organizations with which you do not want Statistics Canada to share your data and mailing it to the following address:

Chief Statistician of Canada
Statistics Canada
Attention of Director, Investment, Science and Technology Division
150 Tunney's Pasture Driveway
Ottawa, ON
K1A 0T6

You may also contact us by email at statcan.istdinformation-distinformation.statcan@statcan.gc.ca.

For this survey, there are Section 12 agreements with the statistical agencies of Prince Edward Island, Northwest Territories and Nunavut, as well as with Public Safety Canada .

For agreements with provincial and territorial government organizations, the shared data will be limited to information pertaining to business establishments located within the jurisdiction of the respective province or territory.

Record linkage

To enhance the data from this survey and to reduce respondent burden, Statistics Canada may combine it with information from other surveys or from administrative sources.

Reporting instructions

For this questionnaire:

Please complete this questionnaire for Canadian operations of this organization.

Report dollar amounts in Canadian dollars.
Report dollar amounts rounded to the nearest dollar.
If precise figures are not available, provide your best estimate.
Enter "0" if there is no value to report.

Organization characteristics

Organization characteristics - Question identifier: 1

Which of the following does your organization currently use? Select all that apply.

Website for your organization
Social media accounts for your organization
E-commerce platforms and solutions
Web-based applications
Open source software
Cloud computing or storage
Internet-connected smart devices or Internet of Things (IoT)
Intranet
Blockchain technologies
Voice over Internet Protocol (VoIP) services
OR
Organization does not use any of the above

Organization characteristics - Question identifier: 2

What type of data does your organization store on cloud computing or storage services? Include data that are backed-up. Select all that apply.

Confidential employee information
Confidential information about customers, suppliers or partners
Confidential organizational information
Commercially sensitive information
Non-sensitive or public information
OR
Organization does not store data on cloud computing or storage services

Organization characteristics - Question identifier: 3

Does anyone in your organization use personally-owned devices such as smartphones, tablets, laptops or desktop computers to carry out regular work-related activities? Include devices that are subsidized by the organization.

Yes
No
Do not know

Cyber security environment

Cyber security environment - Question identifier: 4

Which cyber security measures does your organization currently have in place?

Include on-site and external security measures, including those provided by parent organizations or other external parties (e.g., Shared Services Canada, Treasury Board of Canada Secretariat). Select all that apply.

Mobile security
Anti-malware software to protect against viruses, spyware, ransomware, etc.
Web security
Email security
Network security
Data protection and control
Point-Of-Sale (POS) security
Software and application security
Hardware and asset management
Identity and access management
Physical access controls
OR
Organization does not have any cyber security measures in place
OR
Do not know

Cyber security environment - Question identifier: 5

Did any of the following parent organizations or external parties require your business or organization to implement certain cyber security measures?

Select all that apply.

Supplier of physical goods
Supplier of digitally delivered goods or services
Supplier of other services that are not digitally delivered
Customer
Partner
Canadian regulator
Cyber security standard or cyber security certification program
Federal Government lead agency, partner or service provider
Cyber risk insurance provider
OR
None of the above

Cyber security environment - Question identifier: 6

How many employees does your organization have that complete tasks related to cyber security as part of their regular responsibilities?

Include part-time and full-time employees. Examples of tasks these employees may complete include:

managing, evaluating or improving the security of networks, web presence, email systems or devices
patching or updating the software or operating systems used for security reasons
completing tasks related to recovery from previous cyber security incidents.

Exclude individuals employed by a parent organization, or external IT consultants or contractors.

If precise figures are not available, please provide your best estimate.

One employee
Two to five employees
6 to 15 employees
Over 15 employees
None
Do not know

Cyber security environment - Question identifier: 7

What are the main reasons your organization does not have any employees that complete tasks related to cyber security as part of their regular responsibilities? Select all that apply.

Organization uses private sector consultants or contractors to monitor cyber security
Organization uses public sector consultants or contractors to monitor cyber security
Organization has cyber risk insurance
Organization is in the process of recruiting a cyber security employee
Organization is unable to find an adequate cyber security employee
Organization lacks the resources to employ a cyber security employee
Cyber security is not a high enough risk to the organization

Cyber security environment - Question identifier: 8

What percentage of the employees that complete tasks related to the cyber security of your organization as part of their regular responsibilities identify as the following genders? Gender refers to current gender, which may be different from sex assigned at birth and may be different from what is indicated on legal documents.

Exclude individuals employed by a parent organization, or external IT consultants or contractors.

If precise figures are not available, please provide your best estimate.

Female
Male
Another gender

Cyber security environment - Question identifier: 9

Did your organization share best practices or general information on cyber security risks with your employees in 2022?

Include the sharing of information through email, bulletin boards, general information sessions on subjects related to:

recognizing and avoiding email scams
importance of password complexity and basic security techniques
securing your web browser and safe web browsing practices
avoiding phishing attacks
recognizing and avoiding spyware.

Information shared with internal IT personal
Information shared with other employees
- Yes
- No
- Not applicable
- Do not know

Cyber security environment - Question identifier: 10

Did your organization provide formal training to develop or upgrade cyber security related skills of your employees or stakeholders in 2022 ? Include training provided by parent organizations or other external sources.

Provided training to internal IT personnel
Provided training to other employees
Provided training to stakeholders such as suppliers, customers or partners
- Yes
- No
- Not applicable
- Do not know

Cyber security environment - Question identifier: 11

What are the three main reasons your organization spends time or allocates budget on cyber security measures or related skills training? Select up to three.

Allow employees to work remotely securely
Protect the reputation of the organization
Protect personal information of employees, suppliers, customers or partners
Protect trade secrets and intellectual property
Compliance with laws, regulations, contracts or other government organizations
Organization has suffered a cyber security incident previously
Prevent downtime and outages
Prevent fraud and theft
Secure continuity of organizational operations
OR
Organization does not spend time or money on cyber security measures or related skills training

Cyber security readiness

Cyber security readiness - Question identifier: 12

Which risk management arrangements does your organization currently have in place?

Select all that apply.

A written policy in place to manage internal cyber security risks
A written policy in place to manage cyber security risks associated with supply chain partners
A written policy in place to report cyber security incidents
Other type of written policy related to cyber security
A Business Continuity Plan (BCP) with processes to manage cyber security threats, vulnerabilities and risks
Employees with responsibility for overseeing cyber security risks and threats
Members of senior management with responsibility for overseeing cyber security risks and threats
A consultant or contractor to manage cyber security risks and threats
Monthly or more frequent patching or updating of operating systems for security reasons
Monthly or more frequent patching or updating of software for security reasons
Cyber risk insurance
OR
Organization does not have any risk management arrangements for cyber security

Cyber security readiness - Question identifier: 13

Which are covered under your cyber risk insurance policy? Select all that apply.

Direct losses from an incident
Restoration expenses for software, hardware, and electronic data
Interruptions (loss of productive time) and reputation losses
Third-party liability
Financial losses
Security breach remediation and notification expenses
Claims made by employees

Cyber security readiness - Question identifier: 14

Prior to responding to this survey, were you aware of any cyber security standards or cyber security certification programs that organizations can apply for?

Include:

Canadian, foreign and international standards and programs
standards and programs that you were aware of but your organization was not eligible for or did not apply for.

Select all that apply.

Cyber security standards
- Specify which standards you were aware of
Cyber security certification programs
- Specify which certification programs you were aware of
OR
Not aware of any cyber security standards or certification programs

Cyber security readiness - Question identifier: 15

Which activities does your organization undertake to identify cyber security risks?

Select all that apply.

Monitoring employee behaviour
Monitoring network and organizational systems
A formal assessment of cyber security risks, undertaken by an employee
A formal assessment of cyber security risks, undertaken by a parent organization or other external party
Penetration testing, undertaken by an employee
Penetration testing, undertaken by a parent organization or other external party
Assessment of the security of Internet-connected smart devices or Internet of Things (IoT) devices
Investment in threat intelligence
Complete audit of IT systems, undertaken by a parent organization or other external party
Organization conducts other activities to identify cyber security risks
OR
Organization does not conduct any activity to identify cyber security risks

Cyber security readiness - Question identifier: 16

How often does your organization conduct activities to identify cyber security risks? Select all that apply.

On a scheduled basis
After a cyber security incident occurs
When a new IT initiative or project is launched
On an irregular basis

Cyber security readiness - Question identifier: 17

How often is senior management in your organization given an update on actions taken regarding cyber security? Select all that apply.

On a scheduled basis
After a cyber security incident occurs
When a new IT initiative or project is launched
Senior management have tools to track cyber security issues
Senior management is given an update on an irregular basis
OR
Senior management is not updated on cyber security issues

Organization resiliency

Organization resiliency – Question identifier: 18

Which three cyber security risks or threats would you consider to have the most detrimental impact on your organization? Select up to three.

Theft or compromise of software or hardware
Unauthorized access, manipulation and theft of data
Identity theft
Scams and fraud
Improper usage of computers or network
Malicious software
Denial of Service (DoS) or Distributed Denial of Service (DDoS)
Disruption or defacing of web presence
Loss of reputation or erosion of public trust

Organization resiliency - Question identifier: 19

How concerned is your organization about its susceptibility to future cyber security risks and threats?

Extremely concerned
Very concerned
Somewhat concerned
Slightly concerned
Not at all concerned

Cyber security incidents

Cyber security incidents - Question identifier: 20

To the best of your knowledge, which cyber security incidents impacted your organization in 2022? Select all that apply.

Incidents to disrupt or deface the business or web presence
Incidents to steal personal or financial information
Incidents to steal money or demand ransom payment
Incidents to steal or manipulate intellectual property or organizational data
Incidents to access unauthorised or privileged areas
Incidents to monitor and track organizational activity
Incidents with an unknown motive
OR
Organization was not impacted by any cyber security incidents in 2022

Cyber security incidents - Question identifier: 21

In 2022, was your organization contacted by any of the following parent organizations or other external parties regarding their cyber security events because they may have involved your organization?

Select all that apply.

Suppliers, customers or partners
IT consultant or contractor
Persons or group that perpetrated the incidents
Cyber risk insurance provider
Police services
Canadian Centre for Cyber Security (Cyber Centre)
Office of the Privacy Commissioner
Regulator
Another government organization
Industry association
Bank or other financial institution
Software or service vendor
Other parties not mentioned above
OR
Parent organizations or other external parties did not report cyber security incidents to the organization in 2022

Cyber security incidents - Question identifier: 22

You previously indicated that parent organizations or other external parties contacted your organization about their cyber security events because they may have involved your organization in 2022. How did your organization handle those cyber security events?

Select all that apply.

Events were resolved internally
Events were resolved with the parent organization or other external party
Events were resolved through an IT consultant or contractor
Events were reported to a police service
Events were reported to other parents organizations or other external parties
Organization is currently working with the parent organization or other external party to resolve the events
OR
No action was taken by the organization

Cost of cyber security incidents

Cost of cyber security incidents - Question identifier: 23

In 2022, what was the total amount your organization spent to prevent or detect cyber security incidents? Exclude costs that were incurred specifically due to previous cyber security incidents (e.g., recovery costs from previous cyber security incidents).

If precise figures are not available, provide your best estimate in Canadian dollars.

Enter "0" if there is no value to report.

Cost of employee salary related to prevention or detection
Cost of training employees, suppliers, customers, or partners
Cost of hiring IT consultants or contractors
Cost of legal services or public relations (PR) services
Cost of cyber security software
Cost of hardware related to cyber security
Annual cost of cyber risk insurance or equivalent
Other related costs

Cost of cyber security incidents - Question identifier: 24

In 2022, what was the total cost to your organization to recover from the cyber security incidents? Exclude costs related to prevention and detection of cyber security incidents as these were asked in the previous question.

If precise figures are not available, provide your best estimate in Canadian dollars.

Enter "0" if there is no value to report.

Cost of employee salary related to recovery
Cost of training employees, suppliers, customers, or partners
Cost of hiring IT consultants or contractors
Cost of legal services or public relations (PR) services
Cost of new or upgraded cyber security software
Cost of new or upgraded hardware related to cyber security
Increased cost of cyber risk insurance or equivalent
Reimbursing suppliers, customers, or partners
Fines from regulators or authorities
Ransom payments
Other related costs

Impact of cyber security incidents

Impact of cyber security incidents - Question identifier: 25

To the best of your knowledge, who perpetrated the cyber security incidents in 2022? Select all that apply.

Incidents to disrupt or deface the organization or web presence
Incidents to steal personal or financial information
Incidents to steal money or demand ransom payment
Incidents to steal or manipulate intellectual property or organizational data
Incidents to access unauthorised or privileged areas
Incidents to monitor and track organizational activity
Incidents with an unknown motive

An employee at a parent organization or other external party
An internal employee
Supplier, customer or partner
OR
Do not know

Impact of cyber security incidents - Question identifier: 26

What were the methods used by the perpetrator for the cyber security incidents? Select all that apply.

Exploiting software, hardware, or network vulnerabilities
Hacking or password cracking
Identity theft
Scams and fraud
Ransomware
Other malicious software
Denial of Service (DoS) or Distributed Denial of Service (DDoS)
Disruption or defacing of web presence
Abuse of access privileges by a current or former internal party
Other
OR
Do not know

Impact of cyber security incidents - Question identifier: 27

You previously indicated that your organization has cyber risk insurance. Did your organization attempt to make a claim on that policy after the cyber security incidents in 2022? Select all that apply.

Yes, we successfully made a claim against the organization's cyber risk insurance
Yes, we attempted to make a claim against the organization's cyber risk insurance but were unsuccessful
Yes, we attempted to make a claim against the organization's cyber risk insurance and it is still in progress
OR
No, we have not attempted to make a claim for any of the cyber security incidents

Impact of cyber security incidents - Question identifier: 28

How was your organization impacted by the cyber security incidents in 2022?

Select all that apply.

Loss of revenue
Loss of suppliers, customers, or partners
Additional repair or recovery costs
Prevented the use of resources or services
Prevented employees from carrying out their day-to-day work
Additional time required by employees to complete their day-to-day work
Damage to the reputation of the organization or erosion of public trust
Fines from regulators or authorities
Discouraged organization from carrying out a future activity that was planned
Minor incidents, impact was minimal to the organization
Other
OR
Do not know

Impact of cyber security incidents - Question identifier: 29

As a result of cyber security incidents, approximately how many hours of downtime did your organization experience in 2022?

Include:

total downtime for mobile devices, desktops and networks
time periods during which there was either reduced activity or inactivity of employees or the organization.

If precise figures are not available, provide your best estimate.

Hours
OR
Organization did not experience any downtime in 2022
OR
Do not know

Cyber security incidents reporting

Cyber security incidents reporting - Question identifier: 30

Did your organization report any cyber security incidents to a police service in 2022?

Include all levels of police service including federal, provincial, territorial, municipal and Indigenous.

Yes
No
Do not know

Cyber security incidents reporting - Question identifier: 31

Which cyber security incidents did your organization report to a police service in 2022?

Select all that apply.

Incidents to disrupt or deface the organization or web presence
Incidents to steal personal or financial information
Incidents to steal money or demand ransom payment
Incidents to steal or manipulate intellectual property or organizational data
Incidents to access unauthorised or privileged areas
Incidents to monitor and track organizational activity
Incidents with an unknown motive

Cyber security incidents reporting - Question identifier: 32

What were the reasons for reporting incidents to a police service in 2022? Select all that apply.

To reduce the damage caused by the incidents
To lower the probability of other organizations being impacted by the same incidents
To help catch the perpetrators
To fulfill the requirements of customers, suppliers, partners, regulators, cyber security standards or cyber security certification programs
Other
- Specify other reasons

Cyber security incidents reporting - Question identifier: 33

What were the reasons for not reporting some or all of the cyber security incidents to a police service in 2022?

Select all that apply.

Incidents were resolved internally
Incidents were resolved through an IT consultant or contractor
To protect the reputation of the organization or stakeholders
Did not want to spend more time or money on the issue
Police service would not consider incidents important enough
Police service was unsatisfactory in the past
Unsure of where or how to report
Reporting process is too complicated
Did not think the perpetrator would be convicted or adequately punished
Minor incidents, not important enough for organization
Lack of evidence
Did not think of contacting a police service
OR
Organization reported all cyber security incidents to a police service in 2022

Cyber security incidents reporting - Question identifier: 34

Excluding police services, which parent organization or other external party did your organization report the cyber security incidents to in 2022?

Select all that apply.

Suppliers, customers or partners
IT consultant or contractor
Cyber risk insurance provider
Canadian Centre for Cyber Security (Cyber Centre)
Office of the Privacy Commissioner
Canadian Anti-Fraud Centre (CAFC)
Other government department or agency
Regulator
Industry association
Bank or other financial institution
Software or service vendor
OR
Organization did not report any cyber security incidents to a parent organization or other external parties in 2022

Cyber security incidents reporting - Question identifier: 35

What were the reasons for not reporting some or all the of the cyber security incidents to a parent organization or other external party in 2022?

Select all that apply.

Incidents were reported to a police service only
Incidents were resolved internally
To keep knowledge of the incidents internal
To protect the reputation of the organization or stakeholders
Lack of evidence
No benefit to reporting
Minor incidents, not important enough for organization
Did not think of reporting the incidents to a parent organization or other external party
OR
Organization reported all cyber security incidents to a parent organization or other external parties in 2022

Cyber security incidents reporting - Question identifier: 36

In responding to the cyber security incidents in 2022, which parent organizations or external parties did your organization contact for information or advice?

Select all that apply.

Suppliers, customers or partners
IT consultant or contractor
Cyber risk insurance provider
Legal services
Police services
Canadian Centre for Cyber Security (Cyber Centre)
Office of the Privacy Commissioner
Canadian Anti-Fraud Centre (CAFC)
Other Government department or agency
Regulator
Industry association
Bank or other financial institution
Software or service vendor
Internet community
Family, friends, or acquaintances
Computer repair shop
OR
Organization did not contact any parent organizations or external parties in 2022

Notification of intent to extract web data

Notification of intent to extract web data - Question identifier: 37

What is this organization's website address?

We may also visit this organization's website to search for additional publicly available information using automated methods, being careful not to impede the functionality of the website.

Website address

Current cyber security trends

Current cyber security trends - Question identifier: 38

In 2022, what was the total value of ransom payments made by your organization?

More than $0, but less than or equal to $10,000
More than $10,000, but less than or equal to $50,000
More than $50,000, but less than or equal to $100,000
More than $100,000, but less than or equal to $250,000
More than $250,000, but less than or equal to $500,000
More than $500,000
The organization did not make ransom payments in 2022
Do not know

Current cyber security trends - Question identifier: 39

In 2022, did your organization make ransom payments using cryptocurrency?

Yes
No
Do not know

Current cyber security trends - Question identifier: 40

In 2022, which parent organizations or external parties did your organization work with to resolve ransomware incidents?

Include all parent organizations or external parties your organization reported the ransomware incident to.

Select all that apply.

IT consultant or contractor
Cyber risk insurance provider
Royal Canadian Mounted Police (RCMP)
Other police services
Canadian Centre for Cyber Security (Cyber Centre)
Canadian Anti-Fraud Centre (CAFC)
Office of the Privacy Commissioner
Other parent organizations or external parties
OR
The organization did not work with parent organizations or external parties to resolve ransomware incidents in 2022
OR
Do not know

Current cyber security trends - Question identifier: 41

Why does your organization not have cyber risk insurance?

Select all that apply.

The organization's existing insurance policies cover cyber security risks
The cost of cyber risk insurance is too high
The organization's existing cyber security measures provide enough protection that cyber risk insurance is unnecessary
The organization had no cyber security risks
The organization has not considered obtaining cyber risk insurance
Not applicable to this organization
Other reasons for not having cyber risk insurance
OR
Do not know

Current cyber security trends - Question identifier: 42

Which of the following population groups do your organization's cyber security employees belong to?

Select all that apply.

White
Indigenous
Visible minority
OR
Do not know

Current cyber security trends - Question identifier: 43

What are the highest academic certificates, diplomas or degrees your organization's cyber security employees hold?
Select the highest academic certificate, diploma or degree that each cyber security employee holds.

Less than high school diploma or its equivalent
High school diploma or a high school equivalency certificate
Trades certificate or diploma
College, CEGEP or other non-university certificate or diploma (other than trades certificates or diplomas)
University certificate or diploma below the bachelor's level
Bachelor's degree
University certificate, diploma or degree above the bachelor's level
OR
Do not know

Current cyber security trends - Question identifier: 44

What cyber security certifications do your organization's cyber security employees hold?

Include certifications that are no longer active.
Exclude academic certificates, diplomas or degrees.

Select all that apply.

Certified Ethical Hacker
Certified Information Security Manager
Certified Information Systems Professional
GIAC Security Expert
Security+
Other certifications
OR
None
OR
Do not know

Current cyber security trends – Question identifier: 45

Which qualification does your organization value the most when evaluating a potential new cyber security employee?

Experience working in cyber security
Academic certificates, diplomas or degrees related to cyber security
Cyber security certifications
Other cyber security training
Other qualifications
- Specify other qualifications (text box)
Organization has never attempted to hire a cyber security employee
Do not know

Current cyber security trends – Question identifier: 46

In 2022, did your organization encounter any challenges finding qualified cyber security employees or retaining existing cyber security employees?

Select all that apply.

Challenges finding qualified cyber security employees
Challenges retaining cyber security employees
OR
The organization did not encounter any challenges finding or retaining qualified cyber security employees in 2022
OR
Do not know

Current cyber security trends – Question identifier: 47

What challenges did your organization encounter when hiring cyber security employees in 2022?

Select all that apply.

Applicants lacking skills
Applicants lacking experience
Salary requests too high
Not enough time or resources for effective recruitment
Lack of candidate interest in the position
Other challenges
- Specify other challenges (text box)
OR
Do not know

Current cyber security trends – Question identifier: 48

For which reasons did cyber security employees leave your organization in 2022?

Select all that apply.

Recruited by other organization
Limited internal promotion or development opportunities
High stress levels at work
Lack of flexibility (work-life balance)
Better salary
Other reasons
- Specify other reasons (text box)
OR
No cyber security employees left the organization in 2022
OR
Do not know

Statement outlining results, risks and significant changes in operations, personnel and program

A) Introduction

Statistics Canada's mandate

Statistics Canada ("the agency") is a member of the Innovation, Science and Industry portfolio.

Statistics Canada's role is to ensure that Canadians have access to a trusted source of statistics on Canada that meets their highest priority needs.

The agency's mandate derives primarily from the Statistics Act. The Act requires that the agency collects, compiles, analyzes and publishes statistical information on the economic, social, and general conditions of the country and its people. It also requires that Statistics Canada conduct the census of population and the census of agriculture every fifth year and protects the confidentiality of the information with which it is entrusted.

Statistics Canada also has a mandate to co-ordinate and lead the national statistical system. The agency is considered a leader, among statistical agencies around the world, in co–ordinating statistical activities to reduce duplication and reporting burden.

More information on Statistics Canada's mandate, roles, responsibilities and programs can be found in the 2022-2023 Main Estimates and in the Statistics Canada 2022-2023 Departmental Plan.

The Quarterly Financial Report:

should be read in conjunction with the 2022-2023 Main Estimates;
has been prepared by management, as required by Section 65.1 of the Financial Administration Act, and in the form and manner prescribed by Treasury Board of Canada Secretariat;
has not been subject to an external audit or review.

Statistics Canada has the authority to collect and spend revenue from other federal government departments and agencies, as well as from external clients, for statistical services and products.

Basis of presentation

This quarterly report has been prepared by management using an expenditure basis of accounting. The accompanying Statement of Authorities includes the agency's spending authorities granted by Parliament and those used by the agency consistent with the Main Estimates for the 2022-2023 fiscal year. This quarterly report has been prepared using a special purpose financial reporting framework designed to meet financial information needs with respect to the use of spending authorities.

The authority of Parliament is required before moneys can be spent by the Government. Approvals are given in the form of annually approved limits through appropriation acts or through legislation in the form of statutory spending authority for specific purposes.

The agency uses the full accrual method of accounting to prepare and present its annual departmental financial statements that are part of the departmental results reporting process. However, the spending authorities voted by Parliament remain on an expenditure basis.

B) Highlights of fiscal quarter and fiscal year-to-date results

This section highlights the significant items that contributed to the net decrease in resources available for the year, as well as actual expenditures for the quarter ended September 30.

Description for Chart 1: Comparison of gross budgetary authorities and expenditures as of September 30, 2021, and September 30, 2022, in thousands of dollars
This bar graph shows Statistics Canada's budgetary authorities and expenditures, in thousands of dollars, as of September 30, 2021 and 2022:

As at September 30, 2021
Net budgetary authorities: $880,572

Vote netting authority: $120,000

Total authority: $1,000,572

Net expenditures for the period ending September 30: $560,849

Year-to-date revenues spent from vote netting authority for the period ending September 30: $33,338

Total expenditures: $594,187

As at September 30, 2022
Net budgetary authorities: $617,492

Vote netting authority: $120,000

Total authority: $737,492

Net expenditures for the period ending September 30: $384,638

Year-to-date revenues spent from vote netting authority for the period ending September 30: $19,201

Total expenditures: $403,839

Description for Table A: Departmental expenditures by Standard Object (unaudited)

This table displays the variance of departmental expenditures by standard object between fiscal 2021-2022 and 2022-2023. The variance is calculated for year to date expenditures as at the end of the second quarter. The row headers provide information by standard object. The column headers provide information in thousands of dollars and percentage variance for the year to date variation.

Description for Appendix A: Statement of authorities (unaudited)

This table displays the departmental authorities for fiscal years 2021-2022 and 2022-2023. The row headers provide information by type of authority, Vote 105 – Net operating expenditures, Statutory authority and Total Budgetary authorities. The column headers provide information in thousands of dollars for Total available for use for the year ending March 31; used during the quarter ended September 30; and year to date used at quarter-end of both fiscal years.

Description for Appendix B: Departmental expenditures by Standard Object (unaudited)

This table displays the departmental expenditures by standard object for fiscal years 2021-2022 and 2022-2023. The row headers provide information by standard object for expenditures and revenues. The column headers provide information in thousands of dollars for planned expenditures for the year ending March 31; expended during the quarter ended September 30; and year to date used at quarter-end of both fiscal years.

Chart 1 outlines the gross budgetary authorities, which represent the resources available for use for the year as of September 30.

Significant changes to authorities

Total authorities available for 2022-23 have decreased by $263.1 million, or 26.3%, from the previous year, from $1,000.6 million to $737.5 million (Chart 1). The net decrease is mostly the result of the following:

A decrease of $293 million for the 2021 Census of Population and Census of Agriculture programs due to the cyclical nature of funding winding down in 2022–2023;
An increase of $36.8 million for the Disaggregated Data Action Plan;
An increase of $6.8 million for collective bargaining;
An increase of $28.1 million for various initiatives including Census of Environment, Quality of Life Framework for Canada, Cost Recovery & Census Program Integrity, and Supporting Access to Sexual and Reproductive Health Care Information and Services.

In addition to the appropriations allocated to the agency through the Main Estimates, Statistics Canada also has vote net authority within Vote 1, which entitles the agency to spend revenues collected from other federal government departments, agencies, and external clients to provide statistical services. The vote netting authority is stable at $120 million when comparing the second quarter of fiscal years 2021-2022 and 2022-2023.

Significant changes to expenditures

Year-to-date net expenditures recorded to the end of the second quarter decreased by $176.2 million, or 31.4% from the previous year, from $560.8 million to $384.6 million (see Table A: Variation in Departmental Expenditures by Standard Object).

Statistics Canada spent approximately 63% of its authorities by the end of the second quarter, compared with 63.7% in the same quarter of 2021-2022.

Table A: Variation in Departmental Expenditures by Standard Object (unaudited)
Departmental Expenditures Variation by Standard Object:	Q2 year-to-date variation between fiscal year 2021-2022 and 2022-2023
Departmental Expenditures Variation by Standard Object:	$'000	%
(01) Personnel	-9,330	-2.6
(02) Transportation and communications	-46,099	-86.3
(03) Information	-12,628	-78.7
(04) Professional and special services	-118,754	-86.0
(05) Rentals	-3,085	-17.1
(06) Repair and maintenance	-558	-67.8
(07) Utilities, materials and supplies	-220	-36.9
(08) Acquisition of land, buildings and works	-	N/A
(09) Acquisition of machinery and equipment	-395	-14.6
(10) Transfer payments	-	N/A
(12) Other subsidies and payments	721	126.9
Total gross budgetary expenditures	-190,348	-32.0
Less revenues netted against expenditures:
Revenues	-14,137	-42.4
Total net budgetary expenditures	-176,211	-31.4
Note: Explanations are provided for variances of more than $1 million.

Personnel: There is an overall decrease in the agency's activities as the 2021 Census was in its main operational period last fiscal year. This decrease is partly offset by the increase in salary spending due the Budget 2021 Initiatives that started towards the end of 2021-22.

Transportation and communications: The decrease is mainly due to postage costs for the mailing of Census questionnaires and related materials and travel expenditures for enumerators for 2021 Census collection which occurred last fiscal year.

Information: The decrease is mainly due to printing costs for the 2021 Census materials which occurred last fiscal.

Professional and special services: The decrease is mainly due to the remuneration of Statistics Act employees hired to conduct the 2021 Census.

Rentals: The overall decrease is mainly due to the building space rentals related to the census operations as they are winding down in 2022-2023. This decrease is partly offset by the increase of the Software Licenses and Maintenance Fees for the GCDocs Licenses caused by a timing difference in invoicing compared to last year.

Revenues: The decrease is mainly due to a timing difference in invoicing compared to last year.

C) Significant changes to operations, personnel and programs

In 2022–2023, Statistics Canada will continue processing and analysing Census data, and disseminating the remaining major 2021 Census data releases. Six data releases are planned in 2022-23. For the Census of Population, four releases took place so far (April, July, August and September) and the others are scheduled in October and November 2022. There are seven major 'themed' release dates for the dissemination of data from the 2021 Census of Population (2021 Census dissemination planning: Release plans). The Census of Agriculture took place in May of 2021. This contrasts with last year, when Statistics Canada focused on data collection and processing activities of the 2021 Census program.

The agency is managing other changes in operations and program activities with financial implications including:

Continued effort and collaboration to provide data and insights related to the impact of the pandemic on the society and economy;
New initiatives announced in the Budget 2021 are ramping up and activities related to those initiatives are on track;
Increase in revenues due to cyclical programs and restoring paused programs post pandemic.

D) Risks and uncertainties

Statistics Canada will address the issues and corresponding uncertainties raised in this Quarterly Financial Report by implementing corresponding risk mitigation measures captured in the 2022-23 Corporate Risk Profile and at the program level.

Statistics Canada continues to pursue and invest in modernizing business processes and tools to maintain its relevance and maximize the value it provides to Canadians. To address uncertainties, the agency is implementing the Census of Environment, the Quality of Life Framework for Canada and the Disaggregated Data Action Plan initiatives to meet the evolving needs of users and remain relevant as an agency.

Statistics Canada requires a skilled workforce to achieve its objectives; however, it is difficult to compete with other organizations in the data ecosystem and the current labour market situation. To address uncertainties, Statistics Canada proactively recruits from universities and colleges across Canada promoting a strong workplace culture, a healthy work-life balance and put forward the Equity, Diversity and Inclusion Action Plan. In addition, the Integrated Business and Human Resources plan targets attracting talented employees with an increased focus on diversity, inclusion and official languages.

Statistics Canada is collaborating with federal partners to access IT services and support to realise its modernization objectives and transition its infrastructure and applications to the Cloud, while incurring minimal impact to activities and costs. To address uncertainties, the agency is working closely with its federal partners, while adhering to the agency's notable financial planning management practices and integrated strategic planning framework.

Approval by senior officials

Approved by:

Anil Arora
Chief Statistician
Ottawa, Ontario
November 24, 2022

Kathleen Mitchell
Acting Chief Financial Officer
Ottawa, Ontario
November 24, 2022

Appendix

Statement of Authorities (unaudited)
	Total available for use for the year ending March 31, 2023^{Table note *}	Used during the quarter ended September 30, 2022	Year-to-date used at quarter-end	Total available for use for the year ending March 31, 2022^{Table note *}	Used during the quarter ended September 30, 2021	Year-to-date used at quarter-end
	Fiscal year 2022-2023			Fiscal year 2021–2022
	in thousands of dollars
Vote 1 — Net operating expenditures	537,525	179,360	344,655	794,138	242,754	520,295
Statutory authority — Contribution to employee benefit plans	79,967	19,992	39,983	86,434	20,277	40,554
Total budgetary authorities	617,492	199,352	384,638	880,572	263,031	560,849
Table note * Includes only Authorities available for use and granted by Parliament at quarter-end. Return to the first table note * referrer

Departmental budgetary expenditures by Standard Object (unaudited)
	Planned expenditures for the year ending March 31, 2023	Expended during the quarter ended September 30, 2022	Year-to-date used at quarter-end	Planned expenditures for the year ending March 31, 2022	Expended during the quarter ended September 30, 2021	Year-to-date used at quarter-end
	Fiscal year 2022-2023			Fiscal year 2021–2022
	in thousands of dollars
Expenditures:
(01) Personnel	616,003	183,705	354,558	663,309	186,653	363,888
(02) Transportation and communications	17,064	3,734	7,320	72,692	18,122	53,419
(03) Information	13,135	2,079	3,418	27,902	11,290	16,045
(04) Professional and special services	52,156	11,063	19,349	205,167	62,863	138,104
(05) Rentals	24,931	4,828	14,956	18,503	9,062	18,041
(06) Repair and maintenance	690	111	265	779	734	823
(07) Utilities, materials and supplies	2,523	162	377	1,922	377	597
(08) Acquisition of land, buildings and works	807	-	-	756	-	-
(09) Acquisition of machinery and equipment	10,115	734	2,307	9,485	1,162	2,702
(10) Transfer payments	-	-	-	-	-	-
(12) Other subsidies and payments	68	463	1,289	57	438	568
Total gross budgetary expenditures	737,492	206,879	403,839	1,000,572	290,701	594,187
Less revenues netted against expenditures:
Revenues	120,000	7,526	19,201	120,000	27,670	33,338
Total revenues netted against expenditures	120,000	7,526	19,201	120,000	27,670	33,338
Total net budgetary expenditures	617,492	199,353	384,638	880,572	263,031	560,849

Subscribe to

Date modified:: 2025-04-11