Language selection



Prepared by:
Audit Services Canada from Public Works and Government Services Canada

The Access to Information Act gives Canadian citizens, permanent residents, or any person or corporation present in Canada a right to access information that is contained in government records. The Privacy Act provides them with the right to access their personal information held by the government and protection of that information against unauthorized use and disclosure. Ministers and department heads are responsible for ensuring that they are in compliance with each of these pieces of legislation.

In October 2010 the Office of the Privacy Commissioner (OPC) released a report in response to a complaint alleging Veterans Affairs Canada's (VAC or the Department) mishandling of a Veteran's personal information. The Privacy Commissioner concluded the Department was not compliant with federal privacy legislation and lacked the controls to protect sensitive information from being widely disseminated within the Department. The OPC made the following four recommendations to help the Department in addressing the issues noted in its report. The Department should:

  1. Take immediate steps to develop an enhanced privacy policy framework with adequate protections and controls to regulate access to personal information within the department.
  2. Revise existing information-management practices and policies to ensure that personal information is shared within the department on a need-to-know basis only. Personal information, including but not limited to sensitive medical information, should not be shared with programs that have no operational requirements for access to such information.
  3. Provide training for employees about appropriate personal information-handling practices.
  4. Review procedures to ensure that consent is obtained prior to personal information being transferred to veterans' hospitals.

In response to the OPC report, and at the Minister's request, the Department prepared a ten-point action plan specifically outlining the steps being taken. Item nine of the action plan was to conduct an independent annual assessment of the Department's compliance with the Access to Information Act and Privacy Act (the Acts).The Department engaged Audit Services Canada (ASC) to conduct this first annual assessment of the Department's compliance with the Acts.

Date modified: