For federal institutions
The Federal Government needs information about citizens to deliver effective programs and services, and to shape sound public policies. However, individuals also need to be confident that their personal information will be protected and handled appropriately.
The Privacy Act governs the personal information handling practices of the federal institutions. It limits the collection, use, sharing and disclosure of individuals’ personal information. It also gives individuals the right to access and request correction of personal information about themselves held by the federal government.
The Treasury Board of Canada Secretariat (TBS) is responsible for preparing policy instruments concerning the operation of the Privacy Act and its regulations. This includes issuing directives and guidelines related to the Privacy Act.
The Office of the Privacy Commissioner of Canada (OPC) oversees compliance with the Privacy Act and aims to help federal institutions improve their personal information handling practices.
From this page, you can find a variety of information and resources designed to help federal institutions protect privacy.
Find information about the privacy law that applies to Canada’s federal government departments and agencies.
Access information and guidance created to help federal institutions ensure they are handling personal information appropriately.
Learn more about privacy breaches and how organizations should respond if they experience a breach.
Access tips and guidance for federal government institutions conducting privacy impact assessments.
Key privacy protection tips for federal human resources professionals
Find tips for protecting employee privacy based on real-life examples from Privacy Act investigations by the OPC.
Public safety and law enforcement
Learn about some of the privacy issues that arise in the context of public safety and law enforcement, and find information on how federal privacy laws apply.
Guidance on Deemed Denials under the Privacy Act
Read OPC guidance for ATIP coordinators within federal institutions about providing individuals with timely access to personal information.
Privacy and outsourcing for federal institutions
Find information related to outsourcing in accordance with the Privacy Act.
What to expect during a complaint investigation under the Privacy Act
Find information about the complaint investigation process and what is expected of complainants and implicated federal institutions.
Frequently asked questions
This list highlights advice and information related to privacy issues that employees of federal institutions frequently ask about when they contact us.
How can an institution report a privacy breach to the OPC?
Use our breach reporting form for federal institutions.
Can an institution release personal information without a person’s consent?
The Privacy Act sets out circumstances in which government institutions may disclose personal information in the public interest without consent. Go to our page on public interest disclosures.
What does the OPC expect from institutions making representations in relation to a complaint?
See the explanation of the government institution’s role in: What to expect during a complaint investigation under the Privacy Act
What does the OPC expect in a PIA?
See our Guide for Submitting Privacy Impact Assessments to the OPC.
How does the OPC interpret and apply the Privacy Act?
We publish summaries and reports from our investigations into federal institutions. These offer concrete examples of how the OPC enforces the Privacy Act.
- Date modified: