The Auditor General of Canada is entitled to receive any information, reports, and explanations from members of the federal public administration that are necessary to fulfill the mandate established by the Auditor General Act. As a result of carrying out these statutory responsibilities, the Office of the Auditor General (OAG) requires access to various types of information, including personal information about identifiable individuals within the meaning of the Privacy Act. The OAG also collects personal information when:
- corresponding with individuals,
- interacting with members of the public, or
- engaging in other administrative activities.
The OAG’s management of the personal information within its control is governed by the legislative requirements of the Auditor General Act and the Privacy Act, as well as by the policy requirements set out by the Treasury Board Secretariat. The OAG is committed to protecting the privacy, confidentiality, and security of personal information by adhering to applicable requirements. These requirements are reinforced by the OAG’s methodology and professional practices with respect to ensuring the:
- safe custody,
- accessibility, and
- retrievability of audit documentation, which include privacy considerations.
The Auditor General reports to Parliament annually on the administration of the Privacy Act within the Office. In addition, information about the functions, programs, activities, and personal information holdings of the OAG is publicly available on Info Source: Sources of Federal Government and Employee Information.
With respect to financial audits, performance audits, special examinations, and environmental petitions, the OAG has published specific personal information banks (PIBs) with descriptions of relevant personal information together with the class of records, purpose, consistent uses, and retention and disposal standards. The personal information described in these specific PIBs has been used, is being used, or is available for an identified purpose and is under the control of the OAG.
For the various internal services that are administered to support the needs of the OAG’s mandated programs and other corporate obligations, the OAG relies on several standard PIBs developed by the Treasury Board Secretariat. These general PIBs describe personal information that may be found in records created, collected, and maintained by most government institutions to support common internal functions, programs, and activities, such as human resources, finance, IM/IT, procurement, and other services.
The Auditor General has designated the Access to Information and Privacy (ATIP) Coordinator to be responsible for developing and implementing effective privacy policies, guidelines, systems, and procedures. Any inquiries, questions, or concerns about how the OAG manages the personal information within its control should be sent to the OAG ATIP Coordinator.
Formal complaints regarding the use of personal information or other privacy matters should be sent to the Privacy Commissioner of Canada at the following address:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3