Thank you, Mr. Speaker. Thank you, Mr. Dolynny.
Inclusion of IPC in Implementation of Health Information Act
The committee is in agreement with the Commissioner’s assertion that the GNWT can only benefit from involving the office of the IPC in the work that it is doing to implement the Health Information Act and encourages the GNWT to avail itself of the expertise that the office can provide.
Recommendation 4
The Standing Committee on Government Operations recommends that the Government of the Northwest Territories work closely with the Information and Privacy Commissioner on the implementation of the Health Information Act.
Delays and Breaches under ATIPP
As noted by the IPC in her 2013-2014 Annual Report, the ATIPP Act requires public bodies to respond to access requests within 30 days. Certain exceptions are provided for in very specific instances. As the IPC points out, it is concerning that seven out of 12 access matters dealt with in review recommendations pertained to the failure of a public body to reply to an access request in a timely manner. The committee shares this concern.
The IPC pointed out to the committee that, in many instances, the reasons cited by departments in requesting extensions under the act and in explaining the causes for delays are not adequate because they do not fall within the reasons for delays provided for by the act.
The committee shares the IPC’s concern and discussed ways in which this issue may be improved. The IPC offered the following suggestions to departments to improve their response times: institute a GNWT policy to prioritize the response from departments to access requests; use redaction software, which automates the process of censoring materials to be released in response to a request; and train more people to respond to access requests, to minimize the impact of staff absences on response times.
With respect to privacy breaches, the ATIPP Act requires a public agency to respond within 90 days to any recommendations made by the IPC as the
result of investigating a complaint. The IPC did note that almost all privacy breaches are the result of human error and that these are rarely, if ever, caused maliciously or with intent. She also observed that, during the course of her time in office, she is not aware of a public body taking disciplinary action against an employee responsible for a breach of privacy. The IPC noted that the Department of Justice offers ATIPP training for any GNWT employees who want it and that it is important for staff to understand their obligations in signing employee confidentiality agreements.
The committee wishes to stress to the GNWT the importance of meeting its statutory obligations under the act and to ensuring that enough staff are adequately trained to meet those obligations without undue delay.
Recommendation 5
The Standing Committee on Government Operations recommends that the Government of the Northwest Territories work closely with departments to help them improve their response times under the act and that the GNWT make clear what sanctions will be imposed for departments that fail to meet their statutory commitments.
Mr. Speaker, I would now like to pass the report over to our chair of Government Operations, Mr. Nadli.