Management Response and Action Plan - Audit of Privacy Practices

December 2012

Audit of Privacy Practices
Recommendations Management Response and
Planned Management Action
Deliverables Expected Completion Date Responsibility
Recommendation 1

It is recommended that the Assistant Deputy Minister (ADM), Corporate Services Branch (CSB) implement a privacy management framework to support the management and monitoring of departmental privacy practice.

(This recommendation will supersede recommendation 5b from the Audit of Information Management)

Management agrees with this recommendation.

A Performance Management Framework (PMF) will be finalized to outline the rules and practices by which senior management defines privacy expectations, assigns or delegates powers and responsibilities, and accountability for compliance with the Act and its supporting policies.

It should be noted that since June 2012, Health Canada has been providing corporate services to the Public Health Agency of Canada, and that the Performance Management Framework, when finalized, will be used by both institutions.

Enterprise PMF presented to Partnership Executive Committee.

March 2013

ADM-CSB

Recommendation 2

It is recommended that the Assistant Deputy Minister, Corporate Services Branch   review and update its Delegation Order under the Privacy Act so as to identify clear accountability for privacy responsibilities.

Management agrees with this recommendation.

The Delegation Order will be reviewed to determine whether it is necessary and/or appropriate to re-assign powers, duties and functions under the Privacy Act. If necessary, a modified Delegation Order will be put in place following the review.

Review of delegation order finalized

March 2013

ADM-CSB

Recommendation 3

It is recommended that the Assistant Deputy Minister, Corporate Services Branch improve the Department's Privacy Impact Assessment process to better align it with the Treasury Board Directive.

Management agrees with this recommendation.

The existing Privacy Impact Assessment (PIA) Toolkit has been in place since 2006, but will be reviewed, improved and updated for the use of both Health Canada and the Public Health Agency of Canada.

The Branch will develop an internal communications strategy to promote employee understanding of the need and the process involved in finalizing a Privacy Impact Assessment. This multi-faceted strategy will include posting the toolkit to the Health Canada Intranet.

Enterprise PIA Toolkit updated

June 2013

ADM-CSB

Commence implementation of internal communications  strategy

June 2013

ADM-CSB

Recommendation 4

It is recommended that the Assistant Deputy Minister, Corporate Services Branch enhance its privacy awareness and training strategy with specific training requirements for Health Canada employees most actively involved in the handling of personal information.

Management agrees with the recommendation.

A comprehensive privacy awareness strategy will be developed that identifies specific training requirements for those Health Canada and Public Health Agency of Canada employees most actively involved in the handling of personal information.

Enterprise Training Strategy presented to Partnership Executive Committee   

June 2013

ADM-CSB

Recommendation 5

It is recommended that the Assistant Deputy Minister, Corporate Services Branch collaborate with the other Branches to coordinate a review of forms in use by program directorates for the collection of personal information for compliance with the notice provision of the Act and Directive on Privacy Practices.

Management agrees with this recommendation.

Access to Information and Privacy Division will review, in conjunction with the appropriate branch, those forms identified in the audit as not complying with the notice provisions of the Act in order to identify whether changes need to be made.

A review will be completed of all departmental forms used for the collection of personal information to ensure that the respective branches are aware of the requirements, and make amendments as required.

Identified forms reviewed

June 2013

ADM-CSB

All forms reviewed

June 2014

ADM-CSB

Recommendation 6

It is recommended that the Assistant Deputy Minister, Corporate Services Branch collaborate with the other Branches to coordinate a review to update Program standard operating procedures, guidelines and protocols in order to strengthen controls for the collection, use, disclosure and retention of personal information.  

Management agrees with this recommendation.

Guidelines for the collection of personal information will be issued by the Access to Information and Privacy Division.

A sample of program procedures and protocols will be reviewed by the ATIP Division within one year of the issuance of the above-noted guidelines to ensure that the collection of personal information is being undertaken in accordance with them.

Guidelines developed and provided to programs

December 2013

ADM-CSB

Review completed

December 2014

ADM-CSB

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: