Audit of Access to Information and Privacy (ATIP) Management - Follow-up Report Status Update as of December 31, 2014

PDF Version (32 Kb, 5 Pages)

Action Plan Implementation Status Update Report to the Audit Committee - As of December 31, 2014

Corporate Secretariat

Audit of Access to Information and Privacy (ATIP) Management
Approval Date: 27/06/14
Project Recommendations Action Plan Expected
Completion Date
Program Response
1. The Corporate Secretary should undertake a thorough review of ATIP policies and procedures with a view to identifying and addressing any gaps, inconsistencies or other improvement opportunities within the materials. In addition to the current practice of addressing issues on an as-needed basis, a schedule should also be developed, which would require an appropriately periodic review of policies and procedures.

1. The Corporate Secretariat will conduct a thorough review of ATIP policies and procedures once every fiscal year. If, however, there are legislative or TBS policy amendments, the Corporate Secretariat will review on an ad hoc basis. In particular, the Corporate Secretariat will review the following:

  1. Service standard documents;
  2. Access to Information and Privacy
    guidelines and policy manuals; and
  3. The ATIP Operations manual
    ("ATIP Employee Handbook")
    • August 2014 and every fiscal year forward: Review of ATIP policies and procedures.
    • Ad hoc: Review of ATIP policies and procedures if legislative or TBS policy changes.
August 2014

Status: Request to close (Completed)

Update/Rationale:
As of 04/11/2014:

1. The Corporate Secretariat thoroughly reviewed ATIP policies and procedures by examining service standards, ATIP policies and guidelines and the ATIP Operations Manual.

A review of the ATIP policies and procedures in August 2014 led to the following updates to the ATIP Operations Manual and Service Standard documents:

  • Closing files – Specific steps on how to close files and what documentation needs to be included in the physical files
  • Pro-active disclosure - Added information on positing of summaries of previously completed ATIP requests
  • Aboriginal governments - Added information on section 13(1)(e), information obtained in confidence from Aboriginal Governments
  • Graduation Rates - Added information on treating files where graduation rate is less than 25% and included BN from ESDPP
  • PIA guidelines updated and posted on AANDC intranet (August 2014)

2. The Corporate Secretariat will update the ATIP Operations manual to reflect any gaps and to ensure consistency with the Treasury Board Secretariat Directive on the Administration of the Access to Information Act.

  • August 2014: Update the ATIP Operations manual to reflect any gaps identified in the report of the Audit of ATIP management
August 2014

2. The Corporate Secretariat updated the ATIP Operations Manual to maintain consistency with the Treasury Board Secretariat Directive on the Access to Information Act. The following updates were made to the ATIP Operations Manual:

  • Time extensions - Added information on notifying OIC when extensions are over 30 days.
  • Obstructing the Act - Added information on section 67.1 of the Act, including internal policy on dealing with potential cases of obstruction
  • Added information on John Doe v. Ontario (Finance), 2014 SCC 36 case (Section 21 of the ATIA)

AES: Implementation complete. Recommendation to close. Closed.

2. The Corporate Secretary should review, and update as applicable, the training programs offered by the ATIP Directorate. This would include:

  • Enhancing the Sectors' and Regions' access to hands-on training and guidance. In developing these enhancements, it is recommended that regional/sectoral representatives are solicited for their input.
  • Conducting an assessment regarding the sufficiency of the privacy training program relative to the Directorate's responsibility to educate and promoting awareness of privacy and privacy-related issues throughout the Department
The Corporate Secretariat will review and update as applicable the training programs offered by the ATIP Directorate on an annual basis. In particular, the Corporate Secretariat will take the following actions:  

Status: Request to Close (Complete)

Update/Rationale:
As of 04/11/2014:

a. Convene a series of conference calls/meetings with regional/sectoral representatives for input and feedback on the specific improvements or needs for an ATIP training program; and July 2014 a. Input solicited from ATIP Liaison Officers for ALO regional/sectoral operations manual and for training needs during ALO calls July 25, 2014 to August 21, 2014

b. Assess the sufficiency of the ATIP training program, and add further content and substance to the ATIP training program, which focus on promoting awareness of privacy and privacy-related issues throughout the Department.

  • September 2014 - Provide a new ATIP training program, which includes privacy-related issues, as well as the process by which Privacy Impact Assessments (PIAs) are prepared and approved within AANDC.
September 2014

b. PIA guidelines were updated in August 2014 and a section was added to the Privacy Policy Awareness training deck.

A Privacy Policy Awareness Training session was added to the list of "recommended" training in the Learning and Development Directorate's learning calendar

AES: Implementation complete. Recommend to close. Closed.

3. The Corporate Secretary should clarify expectations, roles and responsibilities for driving efficiencies within ATIP Management, and establish related objectives and practices designed to improve process efficiency. Practices could include facilitating the sharing of best practices between Regions and Sectors; reporting on the ATIP Directorate's performance against internal service standards; and tracking the Department-wide level of effort required to process requests in order to monitor and identify improvements to efficiency. 1. The Corporate Secretariat will develop a comprehensive regional/sectoral operations manual that will ensure uniform best practices for the processing and retrieval of ATIP records across the Department for ATIP Liaison Officers in the sectors and regions. October 2014

Status: Completed-Closed.

Update/Rationale:
As of 31/12/2014:

1.

  • ATIP Liaison Officer (ALO) meetings to discuss the development of an ALO regional/sectoral manual officially commenced July 25, 2014 and ended August 21, 2014.
  • Manual finalized and included on the departmental Intranet site January 2015.

2. The Corporate Secretariat will add further details on compliance with additional internal ATIP service standards to its quarterly reports. Further, the Corporate Secretariat will continue to report on performance against internal service standards in the Corporate Secretariat's quarterly reports, Treasury Board Secretariat statistical reports and Annual Reports to Parliament.

Quarterly: Add additional internal service standards to quarterly report. Report adherence to internal service standards in Q1 to Q4 reports.

May 2015 and every May thereafter: File TBS statistical report.

June 2014 and every June thereafter: File Annual Reports to Parliament

September 2014

2. The Corporate Secretariat has added additional details relative to internal ATIP service standards to its Quarterly reporting, specifically ATIP's 48-hour turnaround times on requests received and tasked to programs/sectors.

The Corporate Secretariat will continue to file statistical reports and Annual Reports in accordance with TBS policy.

3. The Corporate Secretariat will liaise with the Treasury Board Secretariat Information and Privacy Policy Division (IPPD) to determine the options for tracking the Department-wide level of effort required to process requests in order to monitor and identify improvements to efficiency. July 2014

3. The ATIP Directorate is tracking the total amount of time utilized to process formal Access and Privacy Requests. Staff will track their time individually on each file; this time will be added to the time submitted by programs and sectors on impact statements (process already in place). An excel sheet will be compiled for total time of all requests each month.

AES: Implementation Complete. Closed.
 
 

Did you find what you were looking for?

What was wrong?

You will not receive a reply. Don't include personal information (telephone, email, SIN, financial, medical, or work details).
Maximum 300 characters

Thank you for your feedback

Date modified: