Federal Privacy Commissioner on Bill c-27 news release.

Report into the 2021 cyber attack on Newfoundland health information systems released.

Privacy Commissioner of Canada announced his office is launching a joint investigation into OpenAI

Federal Privacy Commissioner launches new guidance on workplace privacy

Cybersecurity: Best Practices for Setting Up a Security Operations Centre

Alberta IPC finds risk of significant harm from stolen server.

Updates to Chapter 3 for the Guide to FOIP and the Guide to LA FOIP are now available!

Steps for effectively deploying multi-factor authentication.

Concerns about AI

Blog

Continuous Improvement at our Retreat

July 28, 2022 - Ron Kruzeniski, Information and Privacy Commissioner

An organization needs to continually look at its processes and determine what works and what does not seem to be effective. We did that this July. Among other things, we discussed our issuing of draft reports. Our current process includes sending them out asking for factual correction and we have gotten few factual corrections.  In many instances we have gotten a second submission either repeating the same arguments as in the first submission or coming up with a different argument that was not in the first submission. As a result, we will be amending our Rules of Procedure so that we will not be sending out draft reports except in unique situations. This change will come into effect on September 1, 2022. The amended Rules of Procedure will be posted sometime earlier in August.

I would ask public bodies and applicants to ensure the facts laid out in their submissions are as accurate as can be. We will be relying on factual statements in the submissions when analyzing the situation and preparing the report. I will be encouraging analysts, where the facts are unclear, to immediately email the public body or applicant to clarify the facts and if one does not reply to the inquiry, the analysis will continue without the clarification.

Also in our discussions, we realized a change we made a number of years ago was not working as intended. We had indicated that we would share the public body’s index of records with the applicant. It had been hoped that would result in more informal resolutions or a narrowing of what records were at issue in a review. Unfortunately, it did not have that effect and the quality of the index of records provided to our office went down. So, going forward we will not share the index of records unless there is consent, and we ask that public bodies make the index of records detailed to assist in our reviews. I will be amending the Rules of Procedure to reflect this change.

It should be noted that in our reports we will refer to the Index of Records and list the records that are at issue.

 

 

Categories: Blog

Back to Blog