The Canada Council for the arts requires a resource to provide analysis of documentation for exemptions/exclusion; third party consultations; and preparing release packages within the time parameters of the Access to Information and Privacy Acts, while ensuring compliance with the Acts, Regulations, and policy instruments, coordinating responses to all privacy and access to information requests for the Canada Council. Requests cover a range of topics relevant to the Canada Council’s mandate and responsibilities.
Frequent topics of interest pertain to the peer assessment process, assessment letters related to specific grant applications, funding to individual professional artists and arts organizations, statistics and contracts related to the administration of the Canada Council’s programs and activities.
The required services and deliverables may include, but are not limited to, the following:
a) Assist in the modernization of the Access to information and Privacy (ATIP) Office, including the development of policies and procedures manuals on ATIP;
b) Develop, update, implement and maintain institution specific ATIP policies, procedures, directives, processes, protocols and tools as requested by the Project Authority;
c) Brief Senior management on ATIP related issues;
d) Provide advice and guidance to internal and external stakeholders as requested on the administration of the ATIP legislation and associated institutional and TB policies, directives, procedures, protocols, guidelines and processes as well as on complex or sensitive privacy issues;
e) Develop and deliver the Canada Council’s training and awareness program on the application of the ATIP Acts and related institutional and TB policies, procedures, directives, processes and protocols as well as on sound privacy practices for the creation, collection, accuracy, validation, use, disclosure, retention and disposition of personal information in the format and timelines;
f) Provide advice on records and information management, including compliance with the Library and Archives of Canada Act and the institutional policies on records and information management and the TB Policy on Service and Digital;
g) Provide advice on the interaction between the ATIP Acts, record and information management and the TB Policy on Government Security;
h) Conduct Privacy Impact Assessments (PIA) or assist with the conduct of PIAs, which includes meetings with internal and external stakeholders; review institutional programs or activities to determine whether a PIA is required or a protocol for non-administrative uses of personal information is sufficient; review and prepare privacy risk management plans outlining identified privacy risks and appropriate measures to take in order to mitigate them;
i) Develop, review or update personal information banks (PIB) as required for registration with TBS in the format and timelines;
j) Investigates privacy breaches or assist with their investigation, and report the results of the investigation to senior management, the Office of the Privacy Commissioner of Canada (OPC) and other appropriate authorities;
k) Assist with the preparation of the statistical and annual reports on the administration of the ATIP Acts;
l) Process requests for information under the Access to Information Act and the Privacy Act, including the development of rationale and other documentation to support exemptions or actions taken under the ATIP Acts, in the defense of complaints submitted to the Office of the Information Commissioner (OIC) and OPC and court reviews. This includes interacting with applicants, as required;
m) Advise senior management on ATIP-related matters and provide interpretation, information, and guidance; brief them on such matters via briefing notes, written instructions, or by being present at meetings to deliver verbal instructions
n) Conduct privacy and compliance audits; conduct security and threat risk assessments; investigate privacy breaches
o) Advise on requests pertaining to the personal information of data subjects
p) Edit and verify documentation to ensure compliance with legal and regulatory requirements and to ensure its accuracy and completeness
q) Produce collection notices and privacy statements
r) Develop a curriculum for the instruction of ATIP trainers
s) Documentation should be generated to provide a year-long roadmap outlining ATIP operations, including milestones and success indicators to track development
t) Conduct an end-of-year evaluation of ATIP operations and provide the ATIP team with a list of improvement and training opportunities
In the course of performing the services, it will be necessary to review, analyze and apply:
• The federal Privacy Act and Privacy Regulations;
• The federal Access to Information Act and Access to Information Regulations;
• The Library and Archives of Canada Act;
• TB policies, directives and guidelines on ATIP;
• TB policies, directives and guidelines on records and information management;
• Library and Archives of Canada guidelines on records and information management;
• TB Policy on Government Security and related directives, standards and guidelines;
• Relevant OIC and OPC guidance documents;
• Court decisions on ATIP related issues;
• Institution specific policies, directives, standards, guidelines, processes and protocols; and,
• The Canada Council for the Arts Act and other applicable federal legislation as required.
