Yukon Information and Privacy Commissioner
Resources for Public Bodies
Best Practices

Under the ATIPP Act, both the Records Manager and the public body have the duty to assist an applicant. The duty to assist obliges both to meet a threshold of reasonableness in responding to a request for records. "Every reasonable effort" is an effort which a fair and rational person would expect to be done or would find acceptable. The use of "every" indicates that efforts to assist will be thorough and comprehensive. The public body and Records Manager must be able to verify the completeness of efforts to assist an applicant, best accomplished by keeping records of the processes, actions and decisions taken to respond to a request.
Guidance

This guide is written for public bodies who have received a request for review under the Access to Information and Protection of Privacy Act (ATIPP Act).

Public bodies are often called upon to undertake searches for records in response to access requests made under the Access to Information and Protection of Privacy Act. This guidance document offers suggestions and outlines steps that public body employees should consider when conducting a search for records in response to an access to information request.

Canadian privacy laws all contain provisions that allow for the disclosure of personal information or personal health information in the event of an emergency. This document provides guidance on the provisions in Yukon's privacy laws.

The Yukon Information and Privacy Commissioner is reminding public bodies and custodians to ensure the protection of personal information and personal health information when employees working from home use this information. This document provides guidance on how to do so.

Ideas for individuals, businesses & public organizations – how to manage the risk of ransomware

The purpose of these guidelines is to assist public bodies identify when it is appropriate to use video surveillance and evaluate whether in using video surveillance involving the collection, use and disclosure of personal information the requirements of the ATIPP Act can be met.

The only way for a public body to effectively assess and manage privacy risks for any project involving personal information is to conduct a privacy impact assessment (PIA). Completing a PIA enables a public body to identify any risks associated with the collection, use or disclosure of personal information and ensure the information is properly managed in compliance with the ATIPP Act.

This document provides step-by-step guidance for Yukon's public bodies on how to implement an effective privacy management program.
Tools

This tool is designed as a resource for public bodies to ‘self-evaluate’ the maturity of their privacy management program.
Information Sheets

The COVID-19 pandemic has led to the development and use of new variations of cybercrime. In particular, texting, email, phone calls and social media are being used to trick people into giving out personal or financial information, often by playing on fears and concerns about COVID-19. This advisory is meant to create additional awareness of these problems and provide advice about what to do.

The Yukon Information and Privacy Commissioner (IPC) is issuing this advisory to inform Yukoners about a recent cyber security incident involving the Zoom videoconferencing application and to provide information about how to reduce risks to privacy.

The Yukon Information and Privacy Commissioner provides advice to government, public organizations, businesses, employees and the public in regard to protecting personal information while working from home or other remote locations, in particular in regard to applications that support remote work and the potential privacy risks of using them.
Relevant FAQs
- Is the Information and Privacy Commissioner part of government?
No, the Information and Privacy Commissioner (IPC) is an independent officer of the Yukon Legislative Assembly and is, therefore, not part of the Yukon government.
In Yukon, the IPC is the same person as the Ombudsman and the Public Interest Disclosure Commissioner. For more information about these roles, our website at: http://www.yukonombudsman.ca.
The IPC is responsible for monitoring compliance with HIPMA and the Access to Information and Protection of Privacy Act (ATIPP).
ATIPP applies to Yukon public bodies, such as Yukon government departments. HIPMA applies to custodians (see ‘What is a custodian?’).
The IPC has a number of responsibilities under these Acts and has broad authority to investigate complaints made, including the power to compel production of records and witnesses. Under HIPMA, the IPC has adjudicative authority. This means she can make findings of fact and law that are binding on custodians. At the conclusion of an adjudication, called a ‘consideration’ under HIPMA, she has the authority to recommend any remedy that she determines appropriate.
- When does the IPC hold inquiries?
Most requests for review initially proceed to mediation to try to settle the issues for review. Where a request for review is not completely settled during mediation, a party can ask the IPC to conduct an inquiry. The IPC has discretion to decide whether to proceed to inquiry.
- What happens in an inquiry?
An inquiry is the final stage in the request for review process. An inquiry is a formal adjudicative process conducted by the IPC. The parties to an inquiry are entitled to make representations * to the IPC about the issues identified for inquiry. In most inquiries, the representations are made in writing and the parties do not appear before the IPC.
If the IPC decides to proceed to inquiry, a notice of inquiry is issued to the parties. The notice of inquiry outlines the next steps in the inquiry. The notice of inquiry will confirm:
- the parties to the inquiry,
- the sections of the ATIPP Act that will be considered,
- the issues for inquiry,
- the timeline for notifying the IPC of any preliminary objections to the inquiry,
- the schedule for delivery and exchange of initial and reply submissions from the parties, and
- a deadline for requesting the IPC’s approval for “in camera”* submission material.
At the inquiry, the IPC considers the Fact Report prepared by the mediator, the representations received from the parties, reviews any records in dispute, and decides how each issue should be resolved and makes her recommendation(s) *. The IPC issues a written report to the parties setting out her findings, recommendation(s) and reasons for the findings and recommendation(s). Some of the things the IPC can recommend are:
- the release of some or all of the information in a record
- the modification of a fee waiver
- the correction of personal information