HomeEn FrançaisContact the Ombudsman
About the OfficeAccess and Privacy DivisionOmbudsman Division










Legislation
Legislation
Legislation



What's New
Site Map
Search
Privacy & Site Policy

 


Access and Privacy Division



The Privacy Compliance Tool

A privacy impact assessment is a diagnostic tool designed to assist organizations in reviewing their compliance with statutory information privacy requirements. This Privacy Compliance Tool (PCT) focuses on the provisions of The Freedom of Information and Protection of Privacy Act (FIPPA) and The Personal Health Information Act (PHIA) of Manitoba .

While the use of this due diligence tool is not a requirement under the Acts, it is an obligation of public bodies and trustees to be in compliance with the provisions of the legislation. The PCT will assist public bodies and trustees be in compliance, and may be used by any entity that is developing or revising a program, a practice, legislation, information system, or embarking on any other initiative that involves identifiable personal or personal health information. It may also be used to review existing programs.

The PCT consists of three documents:

  • The privacy compliance Checklist, which provides considerations for assessing compliance in a structured format. By responding systematically to the specific questions or statements related to each privacy element, public bodies and trustees will be able to review practices and determine what action may be needed to initiate or improve compliance.
  • The privacy compliance Guide , which identifies some best practices and provides assistance in completing the Checklist . It should be regarded as required reading prior to starting the assessment process.
  • The privacy compliance Checklist at a Glance , which provides an overview of the assessment considerations and responses.

The PCT has been designed as a self-assessment instrument for use by entities that fall within the scope of both FIPPA and PHIA. To make the process more straightforward for organizations that are under PHIA alone, our office is preparing a separate and shorter PCT omitting references to FIPPA wherever possible.

Some public bodies or personal health information trustees may already have a privacy impact assessment template that they have used. The Privacy Compliance Tool is not intended to dislodge any effective instrument that is in place, but we do invite public bodies and trustees to use it as a measure of or as a supplement to any existing tool.

The PCT is available in two formats: Portable Document Format (PDF) and Microsoft Word. To view and print the PDF version, you will need to have the Adobe Acrobat Reader installed on your system. You may get a copy of the Acrobat Reader from the Adobe web site .

Word version:

FIPPA and PHIA Privacy Compliance Tool, Guide (Word)
FIPPA and PHIA Privacy Compliance Tool, Checklist (Word)
FIPPA and PHIA Privacy Compliance Tool, Checklist at a Glance (Word)

PDF Version:

FIPPA and PHIA Privacy Compliance Tool, Guide (pdf)
FIPPA and PHIA Privacy Compliance Tool, Checklist (pdf)
FIPPA and PHIA Privacy Compliance Tool, Checklist at a Glance (pdf)

Back to Top