Audit of Access to Information and Privacy (ATIP) Management - Follow-up Report Status Update as of September 30, 2014

1. The Corporate Secretariat will conduct a thorough review of ATIP policies and procedures once every fiscal year. If, however, there are legislative or TBS policy amendments, the Corporate Secretariat will review on an ad hoc basis. In particular, the Corporate Secretariat will review the following:

1. Service standard documents;
2. Access to Information and Privacy
   guidelines and policy manuals; and
3. The ATIP Operations manual
   ("ATIP Employee Handbook")
   • August 2014 and every fiscal year forward: Review of ATIP policies and procedures.
   • Ad hoc: Review of ATIP policies and procedures if legislative or TBS policy changes.

Status: Request to close (Completed)

Update/Rationale:
As of 04/11/2014:

1. The Corporate Secretariat thoroughly reviewed ATIP policies and procedures by examining service standards, ATIP policies and guidelines and the ATIP Operations Manual.

A review of the ATIP policies and procedures in August 2014 led to the following updates to the ATIP Operations Manual and Service Standard documents:

• Closing files – Specific steps on how to close files and what documentation needs to be included in the physical files
• Pro-active disclosure - Added information on positing of summaries of previously completed ATIP requests
• Aboriginal governments - Added information on section 13(1)(e), information obtained in confidence from Aboriginal Governments
• Graduation Rates - Added information on treating files where graduation rate is less than 25% and included BN from ESDPP
• PIA guidelines updated and posted on AANDC intranet (August 2014)

2. The Corporate Secretariat will update the ATIP Operations manual to reflect any gaps and to ensure consistency with the Treasury Board Secretariat Directive on the Administration of the Access to Information Act.

• August 2014: Update the ATIP Operations manual to reflect any gaps identified in the report of the Audit of ATIP management

2. The Corporate Secretariat updated the ATIP Operations Manual to maintain consistency with the Treasury Board Secretariat Directive on the Access to Information Act. The following updates were made to the ATIP Operations Manual:

• Time extensions - Added information on notifying OIC when extensions are over 30 days.
• Obstructing the Act - Added information on section 67.1 of the Act, including internal policy on dealing with potential cases of obstruction
• Added information on John Doe v. Ontario (Finance), 2014 SCC 36 case (Section 21 of the ATIA)

AES: Implementation complete. Recommendation to close. Closed.

2. The Corporate Secretary should review, and update as applicable, the training programs offered by the ATIP Directorate. This would include:

• Enhancing the Sectors' and Regions' access to hands-on training and guidance. In developing these enhancements, it is recommended that regional/sectoral representatives are solicited for their input.
• Conducting an assessment regarding the sufficiency of the privacy training program relative to the Directorate's responsibility to educate and promoting awareness of privacy and privacy-related issues throughout the Department

Status: Request to Close (Complete)

Update/Rationale:
As of 04/11/2014:

b. Assess the sufficiency of the ATIP training program, and add further content and substance to the ATIP training program, which focus on promoting awareness of privacy and privacy-related issues throughout the Department.

• September 2014 - Provide a new ATIP training program, which includes privacy-related issues, as well as the process by which Privacy Impact Assessments (PIAs) are prepared and approved within AANDC.

b. PIA guidelines were updated in August 2014 and a section was added to the Privacy Policy Awareness training deck.

A Privacy Policy Awareness Training session was added to the list of "recommended" training in the Learning and Development Directorate's learning calendar

AES: Implementation complete. Recommend to close. Closed.

Status: Underway

Update/Rationale:
As of 04/11/2014:

1.

• ATIP Liaison Officer (ALO) meetings to discuss the development of an ALO regional/sectoral manual officially commenced July 25, 2014 and ended August 21, 2014.
• Draft completed October 2014
• 'Last call' for sectors/regions to provide comments on the draft manual sent out
• Document in final approvals stage with Corporate Secretary (ETA November 14, 2014)

2. The Corporate Secretariat will add further details on compliance with additional internal ATIP service standards to its quarterly reports. Further, the Corporate Secretariat will continue to report on performance against internal service standards in the Corporate Secretariat's quarterly reports, Treasury Board Secretariat statistical reports and Annual Reports to Parliament.

Quarterly: Add additional internal service standards to quarterly report. Report adherence to internal service standards in Q1 to Q4 reports.

May 2015 and every May thereafter: File TBS statistical report.

June 2014 and every June thereafter: File Annual Reports to Parliament

2. The Corporate Secretariat is adding additional details relative to internal ATIP service standards to its Quarterly reporting, specifically ATIP's 48-hour turnaround times on requests received and tasked to programs/sectors.

The Corporate Secretariat will continue to file statistical reports and Annual Reports in accordance with TBS policy.

3. The ATIP Directorate is tracking the total amount of time utilized to process formal Access and Privacy Requests. Staff will track their time individually on each file; this time will be added to the time submitted by programs and sectors on impact statements (process already in place). An excel sheet will be compiled for total time of all requests each month.

AES: Implementation on-going.