Generally speaking, how it works is that we get receipt of a request. They now come in at night with the online portals. Once we get a request, the front-end staff—in most ATIP shops you have an administrative staff—will log the request into the ATIP tracking system, which is the software we talked about earlier. The request is logged in to the system, and then it moves over to a pod, if you will. All the new requests that came in the day before, the night before, are sitting in this pod. There are a couple of hundred of them on any given day in our institution.
What happens then is that management assigns them to the analysts. They're farmed out. We have about 40-odd analysts that respond to these requests, and the requests go to them. The first thing to do when you get one of these new requests is read it and make sure you understand it. If you do not understand the request, you go back and seek clarification right away. We will not task it out within the CBSA to do a record retrieval if we don't understand it ourselves.
When we look at the subject of a request, one of the first things we do is query our system to see if someone else has requested something similar. As you know, we put the subject lines of completed requests on the Internet. If I processed a similar request in the past, I can offer that up as a request that can satisfy your immediate needs, or maybe something that can help you out in the interim as I process your new request for similar information. That is also done, because if we can satisfy you by giving you something we've given someone else without having to process the whole request, we save everyone time. You're happy and we're happy. Everyone's happy.
Once we understand the request properly, we have this initial 30-day window to make a lot of decisions. In that 30-day window I have to guess, often without even having the records, what's going to be coming my way. Am I going to need third party consultations? Am I going to have to consult other government institutions? What are my indications of the volume that I'm going to receive? A lot of that is done by phone with the program area that has the physical records. You try to guesstimate what's coming through the pipe, because if you don't take your time extension within the first 30 days, you can't take it. That's your window.
You may be lucky enough to get the information within the first 30 days. At CBSA they come by way of a drop zone. To expedite the processing, we created an online drop zone. The records are electronically put into a portal and they're grabbed by my staff. CBSA is fully automated; we don't have paper. If we receive paper, we scan it, and then we shred the paper. Everything moves in a system.
Once we get the information back to us, to make sure that we have good, solid recommendations, that we have what's being requested—not more, not less—and that we have a thorough review of what's coming my way before I do an ATIP analysis, we have a mandatory process whereby an executive level director or above at the CBSA needs to sign off that what is being requested is included in ATIP. It's complete. It's accurate. It's not too much. It's not too little. Here are the sensitivity recommendations or the recommendation to do a full disclosure. Those files are then assigned to an ATIP analyst.
A lot of folks say, “Can you process this in 30 days?” To give you an idea of the volumes right now, currently at ATIP CBSA my folks have between 80 and 100 files each. Every single day when they arrive in the morning, they have about 80 to 100 to juggle, with an expectation to either get it out the door in 30 days or to make the determination within 30 days of whether an extension is needed and how long it needs to be. You can see it's a very, very heavy workload, and everything is done very quickly, in time, in my office.
When you get that all back, to finish the process you have to do a line-by-line review. Seriously, it's a line-by-line review. Most of the exemptions, as I told you, are discretionary, so you have to ask yourself whether this is something that I can release to the public. Is it something I need to exempt? If I exempt it and it's a discretionary exemption, how do I exercise my discretion? How do I document it? Why am I choosing to release or not release? We'll document the exercise of discretion both ways. If we do a disclosure, we'll document why we're doing a disclosure. If we don't, we'll document why.
Once this is all done, it has to go to a delegated person. The Minister of Public Safety has delegated certain individuals to sign off on ATIP requests. The lowest delegation at CBSA is a team leader; most are signed by them. They will do a cursory review of the line-by-line review that is done by the analysis, to make sure that everything was done properly and everything's sustainable in law. Then they sign off.
To close, at CBSA all true access requests—those are non-personal access requests—come to me from the delegated team leader for a quick review to make sure that everything was done properly. Then I give them the go-ahead and it's disclosed.