Western Economic Diversification Canada
Symbol of the Government of Canada

Common menu bar links

Appendix A – WD Privacy Protection Policy (Revised January 19, 2011)

Warning The following document is out of date.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

Policy Objective

Western Economic Diversification Canada (WD) is fully committed to both the spirit and the intent of the Privacy Act, which are based on the principles of open government and to ensure the privacy of individuals with respect to their personal information held by the Department. Therefore, WD’s Privacy Protection Policy ensures that the Department effectively and consistently administers it responsibilities in accordance with the Privacy Act and its Regulations.

Policy Statement

This Policy is based on the Privacy Act and the principles of open government from which it is derived. Specifically, the objectives are to:

  • facilitate statutory and regulatory compliance, and enhance effective application of the Privacy Act and its Regulations by WD;
  • ensure consistency in practices and procedures in administering the Act and Regulations so that applicants receive assistance in filing requests for access to personal information; and
  • ensure effective protection and management of personal information by identifying, assessing, monitoring and mitigating privacy risks in government programs and activities involving the collection, retention, use, disclosure and disposal of personal information.

The expected results of this Policy are:

  • sound management and decisions with respect to the handling and protection of personal information, including identifying numbers;
  • clear responsibilities in WD for decision-making and managing the operation of the Privacy Act and its Regulations, including complete, accurate and timely responses to Canadians and individuals who are present in Canada and who exercise their right to access to, and correction of, their personal information under the control to the Department;
  • consistent public reporting on the administration of the Act through WD’s Annual Report to Parliament, statistical report and the annual publication of Info Source chapters, which are produced by the Treasury Board of Canada Secretariat (TBS); and
  • identification, assessment and mitigation of privacy impacts and risks for all new or modified programs and activities that involve the use of personal information.

Return to the top of this pagetop of page

Policy Requirements

The TBS Policy on Privacy Protection (April 1, 2008), specifically Section 6 – Policy Requirements, provides guidance as follows which WD has adopted:

  • Delegation: The head of the Department (the Minister) is responsible for deciding whether to delegate any of his/her powers, duties and functions under the Act. When the decision is made to delegate responsibilities, WD must have in place a current Delegation Order, signed by the Minister, authorizing which responsibilities may be carried out by particular officials. The powers, duties and functions that may be delegated appear in Appendix B of the TBS Policy.
  • Privacy Awareness: WD is responsible for making its employees aware of the policies, procedures and legal responsibilities of the Act.
  • Protecting the Identity of Applicants: WD shall ensure that applicants’ identities are protected and only disclosed when authorized by virtue of the Act, and where there is a clear need to know in order to perform duties and functions related to the Act.
  • Processing Privacy Requests: WD shall establish effective procedures and systems to respond to privacy requests, that include:
    • directing departmental employees to provide accurate, timely and complete responses to requests made under the Act;
    • implementing written procedures and practices to ensure every reasonable effect is made to help requestors receive complete, accurate and timely responses;
    • establishing effective process and systems to respond to requests for access to, and correction of, personal information and to document deliberations and decisions made concerning requests received under the Act; and
    • establishing procedures that ensure personal information is reviewed to determine if it is subject to the Act, whether exemptions apply and conduct necessary consultations pursuant to the Act are undertaken.
  • Cabinet Confidences: WD shall follow established procedures concerning consultations with the Privy Council Office prior to excluding Cabinet Confidences.
  • Contracts and Agreements: WD shall establish measures, when personal information is involved, to ensure that it meets the requirements of the Act when contracting with private sector organizations or when entering into agreements or arrangements with public sector institutions
  • Notifying the Privacy Commissioner: WD shall notify the Privacy Commissioner of any planned initiatives (legislation, regulations, policies or programs) that could relate to the Act or to any of its provisions, or that may have an impact on the privacy of Canadians at the early stage of development to permit the Commissioner to review and discuss the issues involved.
  • Use of the Social Insurance Number: WD shall ensure compliance with the specific terms and conditions related to the use of Social Insurance Numbers and the specific restrictions with regard to its collection, use and disclosure.
  • Privacy Impact Assessments (PIAs): WD shall ensure that, when applicable, privacy impact assessments and multi-institutional PIAs are developed, maintained and published of the Department’s public website.
  • Privacy Protocol for Non-Administrative Purposes: WD shall establish a Privacy Protocol for the collection, use or disclosure of personal information for non-administrative purposes, including research, statistical, and audit and evaluation purposes.
  • Exempt Banks: WD shall consult with TBS on any proposal for the establishment or revocation of an exempt bank, and submit specific requests to the President of the Treasury Board with regard to the proposal.
  • Monitoring and Reporting Requirements: The ATIP Coordinator is responsible for monitoring compliance of the Policy as it relates to the Act, and ensuring that:
    • an Annual Report to Parliament is prepared and tabled in each House of Parliament;
    • an annual statistical report on the administration of the Act is submitted to TBS;
    • new or modified Personal Information Bank (PIB) descriptions are prepared and registered with TBS; and
    • the Department’s Info Source chapter is updated at a minimum annually, including proposed new or modified PIBs

Return to the top of this pagetop of page

Departmental Procedures

WD has developed a Privacy Protection Procedures Manual for the use of WD staff administering the legislation and provides a balanced approach to explaining how the legislation permits both the disclosure and withholding of personal information that has been requested.

In addition, the manual addresses additional mandatory privacy-related requirements including: the correction of personal information, privacy breaches, privacy and contracting, the Social Insurance Number, and the creation and registration of Personal Information Banks (PIBs).

In addition, a Privacy Impact Assessment Handbook and related documents, templates and a Privacy Protocol have been developed in accordance with the requirements of the TBS Directive on Privacy Impact Assessment, which came into effect on April 1, 2010.

The manual and handbook will serve as a reference tools for Regional ATIP Liaison Officers and staff, for the purpose of helping WD staff better understand the implications of the Privacy Act and to build a network within WD to ensure top quality responses to requests for information.

Return to the top of this pagetop of page


The Privacy Act is supported by a number of legislative, regulatory, policy and procedural instruments that reinforce certain provisions of the Act, as well as provide interpretation and practical guidance of specific sections. These documents include:

Department of Justice Canada

  • Access to Information Act: http://laws.justice.gc.ca/en/A-1/
  • Access to Information Regulations: http://laws-lois.justice.gc.ca/eng/regulations/SOR-83-507/
  • Access to Information Act Heads of Government Institutions Designation Order:
  • Library and Archives of Canada Act:
  • Privacy Act: http://laws.justice.gc.ca/en/P-21/index.html
  • Privacy Regulations: http://laws.justice.gc.ca/en/showtdm/cr/SOR-83-508
  • Privacy Act Heads of Goverment Institutions Designation Order: http://laws-lois.justice.gc.ca/eng/

Treasury Board of Canada Secretariat

  • Access to Information – Policies and Guidelines:
  • http://publiservice.tbs-sct.gc.ca/pubs_pol/gospubs/tbm_121/siglist_e.asp
  • Communications Policy of the Government of Canada:
  • http://publiservice.tbs-sct.gc.ca/pubs_pol/sipubs/comm/comm_e.asp
  • Employee Privacy Code: http://www.tbs-sct.gc.ca/pubs_pol/gospubs/TBM_128/CHAP3_3-eng.asp
  • Directive on Privacy Impact Assessment (April 1, 2010):
  • http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=18308
  • Directive on Privacy Practices (April 1, 2010):
  • Directive on Privacy Requests and Correction of Personal Information (April 1, 2010):
  • Directive on Social Insurance Number (April 1, 2008):
  • Guidance Document: Taking Privacy into Account Before Making Contracting Decisions
  • Guidance on Preparing Information Sharing Agreements Involving Personal Information (July 2010):
  • Guidelines for Privacy Breaches:
  • Management of Government Information – Policies and Procedures:
  • Policy on Government Security:
  • Policy on Prevention and Resolution of Harassment in the Workplace:
  • Policy on Privacy Protection:

Return to the top of this pagetop of page

Western Economic Diversification Canada

  • Privacy Protection Procedures Manual
  • Privacy Breach Directive
  • Privacy Impact Assessment (PIA) Handbook
    • Privacy Protocol
    • Core PIA Template
    • PIA Report Template

In the event of a discrepancy, the Access to Information Act and its Regulations, Orders in Council, the Minister’s Delegation of Authority, directives and official Treasury Board policies shall take precedence over this Policy and WD’s procedures.

Date of Application

This Policy was adopted at a Management Accountability Committee meeting of Western Economic Diversification Canada on November 19, 2008, as part of its Policy Suite. It was revised and approved by Executive Committee on January 19, 2011, and shall apply to all programs services of the Department.

Policy Change Control

Revision Number Date Issued Author Brief Description of Change
v1.0 November 19, 2008 ATIP Officer New policy based on the April 2008 TBS Privacy Protection Policy.
v2.0 February 19, 2011 ATIP Officer Bi-annual review and update to ensure April 2010 TBS privacy-related directives are incorporated.