Terms of Reference
The Access to Information and Protection of Privacy Act, 2015, SNL2015, c.A-1.2 (“ATIPPA, 2015”) was adopted in June 2015, replacing the original 2002 legislation.
Pursuant to section 117 of ATIPPA, 2015, the Minister Responsible for Access to Information and Protection of Privacy Office is required to refer the legislation to a committee for a comprehensive review every five years.
This 2025 review is being undertaken in the context of significant global and local developments in privacy law, digital governance, and public expectations regarding the protection of personal information.
Mandate
The Committee shall conduct a comprehensive review of the provisions and operation of ATIPPA, 2015, with a particular emphasis on the protection of privacy. The review will include, but not be limited to, the following areas:
- Review of 2020 Recommendations
- Consideration of the 2020 Statutory Review recommendations issued by the Honourable David B. Orsborn for applicability or revision.
- Access to Information Provisions
- Review exceptions to access, timelines for response, and the effectiveness of current administrative procedures and the current cost schedule.
- Privacy Safeguards and Emerging Technologies
- Evaluate whether ATIPPA, 2015 adequately addresses risks associated with newly evolving technologies, including but not limited to:
- artificial intelligence;
- biometric data; and
- surveillance technologies.
- Evaluate whether ATIPPA, 2015 adequately addresses risks associated with newly evolving technologies, including but not limited to:
- Personal Information Protection
- Examine whether current definitions and protections for personal information are sufficient considering evolving data collection practices and technology;
- Consider the need for enhanced safeguards for sensitive categories of data;
- Consider whether clarification is required around the rights of a minor in accessing or protecting their personal information.
- Privacy Breach Management
- Review the effectiveness of current privacy breach notification requirements and timelines;
- Assess the adequacy of public body obligations for breach prevention, response, and reporting.
- Public Body Practices and Accountability
- Evaluate the privacy management frameworks of public bodies, including the role of Privacy Impact Assessments and mandatory training;
- Consider whether additional oversight or enforcement mechanisms are needed.
- Public and Public Body Experience
- Gather feedback on the experience of individuals and public bodies in their experience operating under ATIPPA, 2015.
- Schedule A Review
- Review the list of provisions in Schedule A to determine the necessity of their continued inclusion.
Committee Composition
The Committee reviewing the legislation shall consist of Keri-Lynn Power LLB (Hons), LLM who shall complete the review independent of the Government of Newfoundland and Labrador.
Public Engagement
The Committee may receive written submissions and conduct consultations/hearings with interested entities, including but not limited to:
- The general public;
- The Office of the Information and Privacy Commissioner;
- Academic experts;
- Indigenous organizations;
- Government Departments, Agencies, Boards and Commissions and any Public Body subject to the Act; and
- The ATIPP Office.
Public consultation/hearing methods may include in-person sessions (where feasible), online questionnaires and feedback, and virtual engagement sessions to ensure broad and inclusive participation.
Sessions may be scheduled at the discretion of the Committee. Consideration will be given to the use of alternate methods of consultation that promote the engagement of interested parties, regardless of regional location (e.g. online questionnaires, etc.).
Timeline
The Committee shall complete its work and deliver its final report to the Minister Responsible for Access to Information and Protection of Privacy Office on or before January 31, 2027.