Language selection


A privacy guidance checklist

This checklist should help give you a better idea of what privacy guidance you should be following and when, while completing your initiative.


Depending on your initiative, some of these steps may have already been completed.

List personal information


Once you know what privacy deliverables are needed, get started right away. Depending on the complexity of your initiative, this work could take a team several months to complete.

Privacy deliverables

Ensuring protection

Retention measures

Privacy training


These steps may differ from one institution to the next, depending on its structure and available resources.


  • consult the appropriate stakeholders to review your privacy deliverables
  • stakeholders may include experts in privacy, law, information management and information technology specialists, etc.


  • submit your deliverables for approval at the appropriate levels in your institution
  • if you created an Information Sharing Arrangement (ISA), make sure it's been signed by all parties. The appropriate level of approval can change depending on the exact nature of the ISA and level of risk involved


  • create a schedule to regularly maintain and update your privacy deliverables
  • ensure processes are reviewed regularly as well and updated any time there’s a change to the way your initiative manages people’s information
  • make sure any new employees receive appropriate training.


Publish a privacy notice

  • publish your privacy notice before collecting any personal information
  • depending on the way your initiative collects information, your privacy notice may be delivered online, as a paper copy, or a call center agent may provide a summary out loud

Address any risks

  • continue to address any risks identified in your Privacy Impact Assessment (PIA)
  • consider including privacy training as part of your onboarding for new staff who have access to personal information
  • update access controls if there have been any changes in staffing or roles
    • access controls should be updated any time there are any new hires, departures or changes to positions or files


Continuously review and update your privacy deliverables and processes, especially if there are any changes to the way information is handled. Despite best efforts, a privacy breach can still happen. Make sure to modify your breach plan based on any lessons learned, even after launch.

Did you find what you were looking for?

What was wrong?

You will not receive a reply. Don't include personal information (telephone, email, SIN, financial, medical, or work details).
Maximum 300 characters

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: