Access to Information and Privacy Policies Fact Sheet

For Employees of Government Institutions

In general terms, the Access to Information Act gives Canadian citizens, permanent residents and any person or any corporation present in Canada the right of access to information contained in federal government records, subject to certain exceptions. The Privacy Act regulates how the federal government manages personal information under its control.  It also provides individuals with a right of access to their personal information and a right to request corrections.  Employee personal information is also protected by the legislation.

As an employee, you are responsible for ensuring that any records you create are properly managed to facilitate access to that information.  You are also required to ensure that personal information is handled in accordance with the Privacy Act.

The passage of the Federal Accountability Act (FedAA) in 2006 resulted in the most significant amendments to the Access to Information Act and the Privacy Act since both were enacted in 1983.  Among other changes, the scope of application of both laws was expanded and now includes approximately 250 government institutions. Also, the FedAA introduced a requirement in the Access to Information Act to provide assistance to those requesting access without regard to their identity and to provide complete and timely responses to such requests.  This is referred to as "duty to assist."

In recent years, the federal government has also begun the work of reducing the number of its policies.  With the recent amendments to the Access to Information Act and the Privacy Act and the policy renewal initiative, the time had come to update the access and privacy policies that support these laws.  These had not been substantially changed since 1993.

On April 1, 2008, the new Policy on Access to Information, the Policy on Privacy Protection, and the Directive on the Social Insurance Number came into effect.  Additional directives and standards will be issued over the next few years.

What does this mean for you?

Much of the content of the policies is aimed at Access to Information and Privacy (ATIP) officials within your institution.  However, there are some new requirements that you need to be aware of when performing your duties as a public servant.

Duty to Assist:

Most notably, the Policy on Access to Information requires that those requesting access to records be assisted and their identities protected.  In other words, requestors must be helped regardless of who they are.  Your institution will be establishing written procedures (if it has not already done so) that outline how requests are to be handled and what the timelines are. As an employee, you are expected to follow these procedures and respect the timelines involved if you are asked to respond to a request for access. You are also expected to provide assistance.


If your duties involve developing contracts or agreements with outside parties or other public sector institutions, you must ensure that the provisions of both Acts are respected.  If a foreign-based contractor or a foreign-based contractor with a Canadian affiliate will be handling personal information from your institution, appropriate privacy protection clauses must be included in the contract with that third party.  For more information on privacy and contracting, please see TBS's Guidance Document – Taking Privacy into Account Before Making Contracting Decisions .

Social Insurance Number (SIN):

Is your group considering collecting the Social Insurance Number (SIN) for a new program or activity?  You will need to check the new Directive on the Social Insurance Number to learn how to obtain approval for such an activity.  Does your program already collect the SIN?  If so, is the usage authorized?  The directive includes a list specifying authorized uses of the SIN.  If your program is not on this list, you will have to stop collecting the SIN.

Obstruction of right of access:

As employees, you should be aware that obstructing the right of access to information is a criminal offence.  Obstruction includes destroying or changing a record, making a false record or hiding a record.  It also includes asking or advising someone else to do any of those things.  A more complete list of the actions that constitute obstruction is outlined in section 67.1 of the Access to Information Act.

Your institution may also be subject to the Public Servants Disclosure Protection Act (PSDPA).  The PSDPA establishes a mechanism for the disclosure on wrongdoing in the public sector, to protect public servants who make disclosures, and to provide objective treatment and due process for those against whom allegations are made.

We would like to remind employees that obstructing the right of access to information is a criminal offence under the Access to Information Act. Such a violation would also be considered as "wrongdoing" in the context of the PSDPA.

For more information

If you wish to learn more about the renewed ATIP policies and SIN directive or if you would like more information on your obligations under the Access to Information Act and the Privacy Act, please contact your ATIP Coordinator.

Page details

Date modified: