The Audit of Access to Information and Privacy (ATIP) Practices was approved by the Deputy Minister as part of the 2016-19 risk-based audit plan.
Open and transparent government figures prominently in the agenda of the federal government. In both the December 2015 Speech from the Throne and the federal budget in March 2016, the Government committed to Canadians and Parliamentarians to raise the bar for openness and transparencyFootnote 1.
Responsibilities related to access to information and privacy are set out primarily through the Access to Information Act and the Privacy Act. The Access to Information Act provides members of the public and corporations with the legislative right, subject to certain limited and specific exceptions, to access information in records under the control of a government institution. The Privacy Act provides members of the public with the legislative right to access and request the correction of their personal information under the control of Federal Government institutions.
Veterans Affairs Canada has a centralized ATIP Unit located in Charlottetown, Prince Edward Island, which ensures that the responsibilities under both acts are met. The main activities of the VAC ATIP Unit are:
- Processing requests for information submitted under the Access to Information Act and the Privacy Act;
- Developing policies, procedures and guidelines in support of ATIP legislation and central agency requirements;
- Promoting awareness of both acts to ensure employees understand their roles and responsibilities;
- Monitoring compliance with both acts, regulations and central agency requirements;
- Preparing annual reports on the administration of the ATIP acts to Parliament;
- Leading the development of privacy impact assessments (PIAs);
- Coordinating the resolution of any complaints against VAC which have been submitted to the Information Commissioner under the Access to Information Act and to the Privacy Commissioner under the Privacy Act;
- Providing centralized management of privacy breaches;
- Analyzing and responding to privacy and access to information policy issues;
- Reviewing new forms for the collection of personal information;
- Developing appropriate privacy notice statements;
- Evaluating contracts and memoranda of understanding;
- Providing VAC staff and senior management with advice, guidance and training on ATIP issues; and
- Supporting VAC in meeting its commitments to openness and transparency through proactive disclosure of information and the release of information via informal avenues.
In addition to the ATIP Unit, other areas of the Department have a role to play in fulfilling its obligations with respect to access to information and privacy requests. These include the following:
- Liaison officers; responsible for coordinating the retrieval, review, and submission of information to ATIP to satisfy access and privacy requests.
- All employees; responsible for ensuring that they provide information related to any access to information or privacy requests received by the institution.
- All managers; responsible for ensuring that they support their staff in meeting the obligations under the applicable legislation, through prioritizing access to information and privacy requests in workload management.