In order to effectively carry out our mandates as set out in the Access to Information and Protection of Privacy Act (ATIPPA, 2015) and the Personal Health Information Act (PHIA), the Office of the Information and Privacy Commissioner (OIPC) has two “lines of business”: Investigations; and Advocacy and Compliance.

Under both pieces of legislation, the Investigations branch handles access and privacy complaints, as well as own motion investigations, and prosecutions. This branch is also responsible for time extension requests and requests to disregard an access to information request under the ATIPPA 2015.

Similarly, under both Acts, the Advocacy and Compliance branch carries out privacy breach reporting, Privacy Impact Assessment (PIA) reviews, training and education. This branch also monitors compliance with the ATIPPA, 2015 through auditing of Public Bodies. Education initiatives include workshops/conferences and information sessions for public bodies (including coordinators), custodians and the general public. This branch also participates in educational activities designed to promote awareness of and compliance with the ATIPPA, 2015 and PHIA.

What We Do

Advocacy and Compliance

  • Education

    Access and Privacy Analysts for the Office of the Information and Privacy Commissioner are available to make presentations to interested groups within the Province about the ATIPPA, 2015, the PHIA and the Commissioner's Office.

    Please contact us at 1-877-729-6309 or 1-709-729-6309 or by email

  • Privacy Breach
    Make a complaint or learn about Privacy Breaches
  • Audit and Compliance Program
    An audit provides an assessment of whether a public body is following good personal information protection, access and correction practices. A public body being reviewed under the Audit and Compliance Program may be assessed on any aspect of its ATIPPA, 2015 obligations with regard to access, collection, use, disclosure, protection, retention, or disposal of personal information.
  • Privacy Impact Assessments
    A Privacy Impact Assessment (PIA) is a tool that documents how the public body protects the personal information it collects, uses, discloses, stores and destroys and critically examines the project, initiative, or proposed system or scheme to ensure it is in compliance with the ATIPPA, 2015.