Newfoundland and Labrador's Information and Privacy Commissioner is an independent Officer of the House of Assembly. The Commissioner has a broad range of responsibilities and powers under both the Access to Information and Protection of Privacy Act, 2015 (ATIPPA, 2015) and the Personal Health Information Act (PHIA).

Oversight of these Acts includes conducting reviews of decisions and investigating and attempting to resolve complaints about access to information and protection of privacy involving public bodies under the ATIPPA, 2015 and custodians of personal health information under the PHIA. The Commissioner may also make recommendations in order to uphold the Acts and encourage better compliance.

Access to Information and Protection of Privacy Act, 2015 (ATIPPA, 2015)


The Access to Information and Protection of Privacy Act (ATIPPA) was passed by the Newfoundland and Labrador House of Assembly in March of 2002. It replaced the old Freedom of Information Act, which came into effect in 1981. The ATIPPA's access provisions were proclaimed into force on January 17, 2005 and its privacy provisions were proclaimed into force on January 16, 2008.

In 2010, the legislation underwent a statutory review process, led by an independently appointed Review Commissioner, John R. Cummings, Q.C. After the final report of Commissioner Cummings was published in January 2011, government drafted amendments to the Act known as Bill 29, which was passed after three days of filibuster debate by the 11 opposition members in June 2012. While government claimed Bill 29 would strengthen and enhance the provincial access and privacy law, experts in law, democracy, access and privacy felt the bill would do the opposite – weaken and diminish the existing access and privacy rights of citizens. There was strong opposition as well from journalists and citizens and the resulting debate and conflict eventually led to a decision by Premier Tom Marshall to undertake another legislative review, with the goal of creating the best access and privacy statute in Canada, and one of the best in the world.

The 2014 ATIPPA Review Committee consisted of Committee Chair, Clyde Wells (former Chief Justice, and former Premier of Newfoundland and Labrador), Jennifer Stoddart (former Privacy Commissioner of Canada), and retired journalist Doug Letto. The Committee spent many months reviewing the legislation and speaking with and reviewing the submissions of various interested parties and citizens before completing its Report in March 2015. The recommendations made by the Review Committee in its Report were accepted by government, leading to the adoption of a new access and privacy law, Access to Information and Protection of Privacy Act, 2015 (ATIPPA, 2015), which came into force on June 1, 2015.

The ATIPPA, 2015 governs access to records in the custody of or under the control of a public body, and sets out requirements for the collection, use, storage and disclosure of personal information contained in the records each maintains. A public body is defined in section 2 of the legislation and includes provincial departments and agencies, school districts, public post-secondary institutions, health boards and municipalities.

A cornerstone of this legislation is the establishment of this Office as the independent review mechanism. As such, the Information and Privacy Commissioner has been given specific powers to investigate access and privacy complaints from individuals and groups who feel that their access to information or privacy rights, as provided for in the ATIPPA, 2015, have been violated. The Commissioner can require a public body to produce any document relevant to an investigation, may enter an office of a public body and examine, and if necessary make copies of, a record in the custody of the public body, and has the power to make recommendations for better compliance with the ATIPPA, 2015. In certain circumstances the Commissioner may file his recommendations with the Supreme Court Trial Division and such an order is enforceable against a public body as if it were an order or judgment of the Court.

It is important to note the distinction between the provincial ATIPP Office and the Office of the Information and Privacy Commissioner. The ATIPP Office, as part of the Office of Public Engagement, is responsible for the overall administration and coordination of the legislation, while the Commissioner, as an Officer of the House of Assembly, acts as the independent review mechanism under the legislation. Specific information on the role of the ATIPP Office can be found on the Office of Public Engagement website opens in new window opens in new window.


The chief purpose of Newfoundland and Labrador's ATIPPA, 2015 is to facilitate democracy and highlight the importance of protecting personal information:

Section 3(1) The purpose of this Act is to facilitate democracy through

  1. ensuring that citizens have the information required to participate meaningfully in the democratic process;
  2. increasing transparency in government and public bodies so that elected officials, officers and employees of public bodies remain accountable; and
  3. protecting the privacy of individuals with respect to personal information about themselves held and used by public bodies.

This purpose is achieved through a number of measures outlined in section 3(2), including:

Commissioner’s Powers and Duties

The Commissioner may exercise powers and duties under the ATIPPA, 2015 by:

Personal Health Information Act (PHIA)


Newfoundland and Labrador’s Personal Health Information Act (PHIA) is a law which establishes rules regarding how your personal health information is to be handled. It protects your privacy as well as your right of access to your own personal health information.

PHIA governs information held by custodians of your personal health information, whether in the public sector, such as your nearest hospital, or the private sector, such as a dentist or pharmacist. Most personal health information, with few exceptions, is considered to be in the control or custody of a custodian and is therefore covered by PHIA. Examples of some major custodians include:

PHIA recognizes that you expect your health information to remain confidential and that it should only be collected, used or disclosed for purposes related to your care and treatment. However, PHIA also acknowledges that personal health information is sometimes needed to manage the health care system, for health research and for other similar purposes. Furthermore, law enforcement officials, health officials and others may also have a legitimate need to access personal health information, under limited and specific circumstances. PHIA balances your right to privacy with the legitimate needs of persons and organizations providing health care services to collect, use and disclose such information.

If you wish to access your personal health information, or if you have an inquiry about how your personal health information is being collected, used or disclosed, you may contact your health care provider. For more information about PHIA, visit the PHIA web page of the Department of Health and Community Services at opens in new window opens in new window.


The purposes of PHIA are accomplished by:

Commissioner’s Powers and Duties

The Commissioner may exercise his powers and duties under PHIA by: