Info Source Online Publishing Requirements

Info Source publication and updates

4.1 Causing the institution’s Info Source page to be published on its website, meeting the following criteria:

• 4.1.1 The link to the page is in a reasonably prominent location on the website, such that an inexperienced user seeking corporate information would be able to find it easily;
• 4.1.2 The link uses the full title Info Source; and
• 4.1.3 The page clearly states the date on which it was last updated.

4.2 Causing the institution’s Info Source page to be updated annually, incorporating any applicable feedback from the Treasury Board of Canada Secretariat (TBS) regarding the previous year’s page, in advance of the institution’s annual due date (annual due dates are listed in Appendix A).

4.3 Notifying TBS that the institution has updated its Info Source page, in advance of its annual due date, by sending an email to the Access to Information Policy and Performance Division (AIPPD) at ippd-dpiprp@tbs-sct.gc.ca that:

• 4.3.1 Contains links to the Info Source page in both official languages;
• 4.3.2 Describes any major changes to the page or states that no changes were made (major changes include new programs, activities, institution-specific Classes of Records (CoRs), institution-specific Personal Information Banks (PIBs), and updated disclosure summaries);
• 4.3.3 Identifies any new programs or activities that are collecting the Social Insurance Number; and
• 4.3.4 If applicable, identifies any changes made in response to feedback or explains why recommended changes were not made.

Content of the Info Source page

4.4 Under the heading “Introduction to Info Source,” using the following text:

• Info Source describes the programs and activities, and the information holdings related to programs and activities, of government institutions subject to the Access to Information Act to facilitate the right of access. It also provides individuals, including current and former employees of the Government of Canada, with relevant information to access personal information about themselves held by government institutions subject to the Privacy Act and to exercise their rights under the Privacy Act.
• An index of institutions that are subject to the Access to Information Act and the Privacy Act is available centrally.
• The Access to Information Act and the Privacy Act assign overall responsibility to the President of Treasury Board (as the designated Minister) for the government-wide administration of the legislation.

4.5 Under the heading “Background”:

• If an institution has background information available elsewhere on its website

  4.5.1 Providing a clearly labelled hyperlink or hyperlinks to the following information:

  • 4.5.1.1 The institution’s history;
  • 4.5.1.2 Reference to the institution’s legislative foundation; and
  • 4.5.1.3 How the institution reports to Parliament.

• If an institution does not have background information available elsewhere on its website

  4.5.2 Providing a concise description of:

  • 4.5.2.1 The institution’s history;
  • 4.5.2.2 The institution’s legislative foundation; and
  • 4.5.2.3 How the institution reports to Parliament.

• If an institution owns subsidiaries that do not maintain their own separate Info Source pages

  4.5.3 Describing the situation of any wholly owned subsidiaries that do not report separately by:

  • 4.5.3.1 Including a statement indicating that the reporting requirements of certain wholly owned subsidiaries are met by the parent institution’s Info Source page; and
  • 4.5.3.2 Listing the titles of these wholly owned subsidiaries.

4.6 Under the heading “Responsibilities”:

• If an institution has information on its mandate, program responsibilities and major policies available elsewhere on its website

  4.6.1 Providing a clearly labelled hyperlink or hyperlinks to the following information:

  • 4.6.1.1 The institution’s mandate;
  • 4.6.1.2 The institution’s program responsibilities; and
  • 4.6.1.3 The institution’s major policies.

• If an institution does not have information on its mandate, program responsibilities and major policies available elsewhere on its website

  4.6.2 Providing a concise description of:

  • 4.6.2.1 The institution’s mandate;
  • 4.6.2.2 The institution’s program responsibilities; and
  • 4.6.2.3 The institution’s major policies.

4.7 Under the heading “Institutional programs and activities”:

• 4.7.1 Organizing the section into two subsections: “Institution-specific content” and “Internal services”;
• 4.7.2 Within each subsection, presenting the institution’s programs, activities, and related Classes of Records (CoRs) and Personal Information Banks (PIBs) in the following order:
  • 4.7.2.1 Description of the first program;
  • 4.7.2.2 Description of the first activity that is associated with the first program;
  • 4.7.2.3 Description of all CoRs that are associated with that activity (as applicable); and
  • 4.7.2.4 Immediately following each description of a CoR, descriptions of all PIBs relevant to that CoR if any.
  • This order must be repeated until all programs, activities, and related CoRs and PIBs are described. Where a program has multiple activities, the program should appear only once before the first activity. Where a program does not have any separately itemized activities, any related CoRs must follow directly after the program.
  • See Appendix B for examples of how this organization scheme would be applied to different situations.
• 4.7.3 All CoRs, whether institution-specific or standard, must contain the following fields, as applicable:
  • 4.7.3.1 Title (mandatory): Should reflect the records being described;
  • 4.7.3.2 Note (if applicable): Should be used only to describe relevant information that is not captured by other fields (for example, the former name of a program or the date when a program was terminated);
  • 4.7.3.3 Description (mandatory): Must describe in detail the records and information created, collected and maintained by the institution as evidence of, and information about, the activity; and must provide information about the records (not the program), the activity or the branch that administers the activity;
  • 4.7.3.4 Document types (mandatory): Must identify specific document types contained in the files (for example, contracts, statements of work, proposals, evaluation criteria, memoranda, procedures, policies, legal opinions, project plans, surveys, statistical reports, agendas and minutes of meetings);
  • 4.7.3.5 Disclosure summaries (mandatory): Must identify the third parties to whom the program or activity shared personal information via contracts, information sharing agreements, and information sharing arrangements. Where no such disclosure has occurred, institutions must indicate so.
    • This new requirement is the first phase of implementing 4.2.26 of the Directive on Privacy Practices, which came into effect on October 26, 2022.  More detailed summaries will be required in future.
    • This requirement does not apply to cases of single, one-time disclosures of personal information or those subject to security, legal and other considerations.
    • This requirement includes only contracts, information sharing agreements, and information sharing arrangements that took effect or were substantially modified after October 26, 2022.  However, for the sake of transparency, institutions may opt to include other contracts, information sharing agreements, and information sharing arrangements that are currently in effect.
    • Programs and activities, such as internal services, that relate to standard PIBs and central PIBs should include disclosure summaries in their CoRs. There is no need to notify TBS about changes to these PIBs beyond the requirements spelled out above in 4.3.2.
  • 4.7.3.6 Format (if applicable): Identifies non-standard record formats only (for example, audio tapes, videotapes, photographs, maps and specific types of database software); does not list electronic or paper formats; and
  • 4.7.3.7 Record Number (mandatory): composed of a unique number created by the institution using:
    • the institution’s Federal Identity Program acronym or commonly used acronym; and
    • a unique file or identification number used within the institution to identify the CoR.
• 4.7.4 All PIBs that are registered, pending approval and registration, or pending termination must be listed.
• If the institution is waiting for TBS to approve and register a new PIB, approve modifications to an existing PIB or terminate an existing PIB, that PIB should be clearly marked as “pending TBS approval,” “modification pending TBS approval” or “to be removed pending TBS approval” in the Notes field.
• 4.7.5 The “Institution-specific content” subsection describes all programs, activities, CoRs and PIBs that are specific to the institution. (In one rare circumstance, a small amount of institution-specific content may be described elsewhere, as set out in subsection 4.7.6.3 of this document.) The institution is responsible for identifying institution-specific programs and activities, institution-specific CoRs, institution-specific PIBs and central PIBs;
• 4.7.6 The “Internal services” subsection describes those programs and activities (and their related standard CoRs and standard PIBs) that are administered across the institution, to support the needs of other programs and corporate obligations within the institution. The “Internal services” subsection must, as appropriate:
  • 4.7.6.1 Follow the structure provided in the Internal Services template;
  • 4.7.6.2 Omit any standard CoRs or PIBs from the template that are not relevant to the institution; and
  • 4.7.6.3 Include institution-specific programs, activities, CoRs and PIBs only if the standard programs, activities, CoRs and PIBs are not sufficient to accurately describe the institution’s internal services information holdings;

4.8 Under the heading “Classes of personal information,” describing any classes of personal information held by the institution;

4.9 Under the heading “Manuals,” providing a bulleted list, in alphabetical order by title, of all manuals (instructions, handbooks or written procedures) used by employees in administering or carrying out institutional programs and activities that affect the public, which may be fully or partially released;

4.10 Under the heading “Additional information”, including the following standard text:

• For general information about making a request for access to information or personal information, see Make an access to information or personal information request.
• To make a request for information online, access the Access to Information and Personal Information Online Request Service.
• To make a request for information under the Access to Information Act or the Privacy Act by mail, mail your letter or completed Access to Information Request Form (Access to Information Act) or Personal Information Request Form (Privacy Act), along with any necessary documents (such as consent or the $5 application fee for a request under the Access to Information Act), to the following address:
• [Title and address of the official with delegated authority for Access to Information and Privacy (ATIP), or of the head of the institution if there is no delegation of authority]
• In accordance with the Access to Information Act and the Privacy Act, an area on the premises will be made available to review original materials on site if that is the applicant’s preference (and it is practical to do so), or if it is not practical to create copies of the material.
• Please note: Each request made to [name of institution] under the Access to Information Act must be accompanied by an application fee of $5. For requests made online, this is paid at the time of application via credit card. For requests made by mail, this should be paid by enclosing cheque or money order made payable to [either to the Receiver General for Canada, or if the institution does not have a Receiver General Account, the name of the institution].
• The Government of Canada encourages the release of information through requests outside of the formal request processes. To make an informal request, contact:
• [The address, telephone number and website (as applicable) of one or more central information source(s) where members of the public may obtain information informally. Institutions may also include regional addresses, as applicable. A general contact for information must be listed rather than the ATIP office.]
• You may also wish to search summaries of completed access to information requests for which [name of institution] has already provided responses [link], as this information may be more easily obtained. You may also wish to review available open data regarding [name of institution] [link]. [Omit portion regarding open data if not applicable.]
• [Name of institution] conducts privacy impact assessments (PIAs) to ensure that privacy implications will be appropriately identified, assessed and resolved before a new or substantially modified program or activity involving personal information is implemented. Summaries of completed PIAs [link] are available.

A.1 March 31

• Belledune Port Authority
• British Columbia Treaty Commission
• Canada Infrastructure Bank
• Canada Lands Company CLC Limited (wholly owned subsidiary)
• Canada Lands Company Limited (parent Crown corporation)
• Canada-Newfoundland and Labrador Offshore Petroleum Board
• Canada-Nova Scotia Offshore Petroleum Board
• Canadian Forces Morale and Welfare Services
• Canadian High Artic Research Station (Polar Knowledge Canada)
• Canadian Museum of Immigration at Pier 21
• Canadian Race Relations Foundation
• Canadian Space Agency
• Destination Canada
• Federal Bridge Corporation Limited
• Federal Public Service Health Care Plan Administration Authority
• Freshwater Fish Marketing Corporation
• Great Lakes Pilotage Authority Canada
• Gwich’in Land and Water Board
• Gwich’in Land Use Planning Board
• Historic Sites and Monument Board of Canada
• Jacques Cartier and Champlain Bridges Incorporated
• Laurentian Pilotage Authority Canada
• Mackenzie Valley Environmental Impact Review Board
• Mackenzie Valley Land and Water Board
• Marine Atlantic Inc.
• Montreal Port Authority
• Nanaimo Port Authority
• Nunavut Impact Review Board
• Nunavut Planning Commission
• Nunavut Surface Rights Tribunal
• Nunavut Water Board
• Old Port of Montréal Corporation
• Pacific Pilotage Authority Canada
• Parc Downsview Park Inc.
• Port Alberni Port Authority
• Prince Rupert Port Authority
• Public Sector Pension Investment Board
• Revera Inc.
• Saguenay Port Authority
• Sahtu Land and Water Board
• Sahtu Land Use Planning Board
• Saint John Port Authority
• Seaway International Bridge Corporation
• Sept-Îles Port Authority
• St. John’s Port Authority
• Sustainable Development Technology Canada
• Thunder Bay Port Authority
• Toronto Port Authority
• Trois-Rivières Port Authority
• Vancouver Fraser Port Authority
• Windsor Port Authority
• Windsor-Detroit Bridge Authority
• Yukon Environmental and Socio-economic Assessment Board
• Yukon Surface Rights Board

A.2 June 30

• Agriculture and Agri-Food Canada
• Atlantic Canada Opportunities Agency
• Canada Border Services Agency
• Canada Enterprise Emergency Funding Corporation
• Canada Growth Fund Inc.
• Canada Revenue Agency
• Canada School of Public Service
• Canada TMP Finance Ltd
• Canadian Heritage
• Canadian Radio-television and Telecommunications Commission
• Canadian Security Intelligence Service
• Canadian Transportation Agency
• Correctional Service of Canada
• Crown-Indigenous Relations and Northern Affairs Canada
• Department of Finance Canada
• Employment and Social Development Canada
• Environment and Climate Change Canada
• Exinvest Inc
• Export Development Canada
• FinDev Canada
• Fisheries and Oceans Canada
• Global Affairs Canada
• Health Canada
• Immigration, Refugees and Citizenship Canada
• Indigenous Services Canada
• Innovation, Science and Economic Development Canada
• International Development Research Centre
• Library and Archives Canada
• National Defence
• National Research Council Canada
• Office of the Superintendent of Financial Institutions Canada
• Office of the Veterans Ombudsman
• Parks Canada
• Public Health Agency of Canada
• Public Prosecution Service of Canada
• Royal Canadian Mounted Police
• Shared Services Canada
• Statistics Canada
• Transport Canada
• Treasury Board of Canada Secretariat
• Veterans Affairs Canada

A.3 September 30

• Administrative Tribunals Support Service of Canada
• Bank of Canada
• Canada Economic Development for Quebec Regions
• Canada Energy Regulator
• Canadian Broadcasting Corporation
• Canadian Grain Commission
• Canadian Human Rights Commission
• Canadian Northern Economic Development Agency
• Department of Justice Canada
• Farm Products Council of Canada
• Financial Consumer Agency of Canada
• Financial Transactions and Reports Analysis Centre of Canada
• Immigration and Refugee Board of Canada
• Impact Assessment Agency of Canada
• Infrastructure Canada
• Law Commission of Canada
• Military Grievances External Review Committee
• Military Police Complaints Commission
• National Film Board of Canada
• National Security and Intelligence Review Agency
• Natural Resources Canada
• Northern Pipeline Agency Canada
• Office of the Auditor General of Canada
• Office of the Chief Electoral Office
• Office of the Commissioner of Lobbying of Canada
• Office of the Commissioner of Official Languages
• Office of the Correctional Investigator of Canada
• Office of the Information Commissioner of Canada
• Office of the Intelligence Commissioner of Canada
• Office of the Privacy Commissioner of Canada
• Office of the Public Sector Integrity Commissioner of Canada
• Pacific Economic Development Canada
• Parole Board of Canada
• Patented Medicine Prices Review Board
• Prairies Economic Development Canada
• Privy Council Office
• Public Safety Canada
• Public Service Commission of Canada
• Public Services and Procurement Canada
• RCMH-MRCF Inc.
• Royal Canadian Mountain Police External Review Committee
• Secretariat of the National Security and Intelligence Committee of Parliamentarians
• Trans Mountain Corporation
• Veterans Review and Appeal Board
• Women and Gender Equality Canada

A.4 December 31

• Asia Pacific Foundation of Canada
• Atlantic Pilotage Authority Canada
• Atomic Energy of Canada Limited
• Business Development Bank of Canada
• Canada Council for the Arts
• Canada Deposit Insurance Corporation
• Canada Development Investment Corporation
• Canada Eldor Inc.
• Canada Hibernia Holding Corporation
• Canada Innovation Corporation
• Canada Mortgage and Housing Corporation
• Canada Post
• Canadian Accessibility Standards Development Organization
• Canadian Air Transport Security Authority
• Canadian Centre for Occupational Health and Safety
• Canadian Commercial Corporation
• Canadian Dairy Commission
• Canadian Food Inspection Agency
• Canadian Institutes of Health Research
• Canadian Museum for Human Rights
• Canadian Museum of History and the Canadian War Museum
• Canadian Museum of Nature
• Canadian Nuclear Safety Commission
• Civilian Review and Complaints Commission for the Royal Canadian Mounted Police
• College of Immigration and Citizenship Consultants
• College of Patent and Trademark Agents
• Communications Security Establishment Canada
• Copyright Board Canada
• Defence Construction Canada
• Farm Credit Canada
• Federal Economic Development Agency for Northern Ontario
• Federal Economic Development Agency for Southern Ontario
• First Nations Financial Management Board
• First Nations Tax Commission
• Halifax Port Authority
• Hamilton-Oshawa Port Authority
• Ingenium – Canada’s Museums of Science and Innovation
• Invest in Canada Hub
• National Arts Centre
• National Capital Commission
• National Gallery of Canada
• Natural Sciences and Engineering Research Council of Canada
• Office of the Administrator of the Fund for Railway Accidents Involving Designated Goods
• Office of the Administrator of the Ship-source Oil Pollution Fund
• Office of the Ombudsman, National Defence and the Canadian Forces
• Pierre Elliott Trudeau Foundation
• Quebec Port Authority
• Royal Canadian Mint
• Social Sciences and Humanities Research Council of Canada
• Standards Council of Canada
• Telefilm Canada
• The National Battlefields Commission
• Transportation Safety Board of Canada
• VIA Rail Canada Inc

B.1 Example 1

A program that has two activities, with each activity having a different number of related CoRs, and some CoRs (but not others) having related PIBs, would be presented as follows on the institution’s Info Source page:

• Program description
  • First activity description
    • First (only) CoR description
      • First (only) PIB description
  • Second activity description
    • First CoR description (no corresponding PIB)
    • Second CoR description
      • First PIB description
      • Second PIB description

B.2 Example 2

A program that has no separately itemized activities but has a related CoR (that does not have a related PIB) would be presented as follows on the institution’s Info Source page:

• Program description (activity not listed separately)
  • CoR description (no corresponding PIB)