Management Action Plan: Horizontal Audit of Protection of Personal Information

This action plan was developed by Library and Archives Canada as a follow-up to the Horizontal Audit of Protection of Personal Information performed by the Office of the Comptroller General.

 Audit Recommendation

Management Action

Area
Responsible

Expected
Completion
Date

  1. Departments should ensure that delegation orders are updated and appropriately approved.

LAC has reviewed and updated its delegation of authorities under Section 73 of the Privacy Act.

Corporate Services

Completed

  1. Departments should ensure that roles and responsibilities are appropriately documented and should ensure that employees are aware of them and have the necessary tools to discharge their responsibilities.

A Privacy Management Suite (PMS) on the protection of personal information was reviewed and approved by Management Board.  The PMS include: LAC Procedures for PIA and Privacy breaches, and Procedures Establishing and Managing Intellectual Access Conditions for Private Funds and Archival Collections. These identify roles and responsibilities for the protection of personal information.

Specific training will be developed and provided to employees with responsibilities related to the management of personal information.

Services Branch


 


 


 


 


 

Services Branch

Completed


 


 


 


 


 

March 31st, 2015

  1. Departments should ensure that PIAs are considered and conducted appropriately when developing new, or substantially modified programs and activities.

LAC Procedures for PIA was developed and approved by the Management Board. This policy clearly addresses the roles and responsibilities for risk analysis related to the protection of personal information.

Services Branch

Completed

  1. Departments should ensure that access rights are appropriate and effective for the protection of personal information.

As part of Safety Week, a communication will be sent to all LAC employees on the accountability of stakeholders in the management and protection of personal information.

Guidelines and Procedures will be developed to establish the responsibilities for managing access rights to LAC's different systems, including training.

Chief
Information Officer



Chief Information Officer

October 1st, 2014





March 31st, 2015

  1. Departments should ensure that privacy notices comply with the Directive on Privacy Practices and the Directive on Social Insurance Number.

 

Not applicable to Library and Archives Canada

 

  1. Departments should ensure that all privacy breaches are managed appropriately.  This includes documentation and reporting of the breach and remedial actions taken to address it.

LAC Procedures for Privacy Breaches was presented to Management Board and approved.  It establishes the procedures to follow in the event of a privacy breach.

Services Branch

Completed

  1. Departments should assess whether their monitoring mechanisms are appropriate for the size and complexity of the department's mandate and the risk associated with the personal information administered.

LAC will review its monitoring practices to ensure they are relevant and reflect LAC's size and complexity.

Access to Information and Privacy reports will be presented to LAC's Business Operations Committee (BOC) and Management Board (MB) before being tabled in Parliament.  This will also be a yearly standing item on BOC and MB agendas.

Services Branch



Services Branch

March 31st, 2015



December 31st –
Annual basis

Date modified: