Skip to main content

Access to Information and Protection of Privacy

Welcome to the Access & Privacy Resources Page 

As a public body, the Northwest Territories Power Corporation, its employees and contractors, are required to comply with “privacy” legislation in the collection, use, retention and sharing of information. However, there is much more to the Access to Information and Protection of Privacy Act (ATIPP) than protecting privacy so below are a number of resources that can be accessed anytime via the links provided.

Every NTPC employee and contractor is responsible for understanding the ATIPP and complying with its provisions.  Jannet Ann Leggett, the HR Policy and Privacy Specialist (HPPS) is NTPC’s resident ATIPP subject matter expert.

  • All new employees and contractors require ATIPP/NT training.  To book a training date, email  [email protected].
  • Any Access & Privacy Questions or real/suspected privacy concerns, contact the HPPS @ (867) 874-5253 or via email: [email protected].

About Access to Information and Protection of Privacy Act (ATIPP)

Every province and territory of Canada, as well as the federal government, has ATIPP legislation. Generally, the purpose of ATIPP legislation and Regulations is to make public and government bodies more accountable for the information collected, used, shared and held within and across departments and other public bodies or corporations. By accountable, ATIPP gives the public a right of access to information contained in records held by public bodies such as the NTPC, with some exceptions as permitted under ATIPP.  

In 1996, the Northwest Territories (NT) enacted ATIPP legislation (ATIPP/NT) and Regulation (Regulation).  In 2021, ATIPP/NT and Regulation were amended – and included new privacy-specific provisions. 

Available Training on ATIPP/NT

  • To access ATIPP/NT legislation and Regulation, click on this link .
  • To view the PowerPoint presentation summarizing key amendments to ATIPP/NT legislation and Regulation to which NTPC is accountable, click on this link
  • Contact NTPC's HR Policy and Privacy Specialist (HPPS) to provide customized training for new employee or NTPC team at @ (867) 874-5253 or via email: [email protected].

Access to ATIPP/NT and NTPC Access and Privacy Resources

Government of the Northwest Territories (GNWT) ATIPP Online Tutorial

  • GNWT's  ATIPP General Awareness Course is mandatory training for NTPC employees and contractors, click on this link.

Office of the Information and Privacy Commissioner/NT (OIPC/NT)

  • OIPC/NT's website about ATIPP/NT, including forms and information regarding fees, click on this link.

NTPC ATIPP Awareness and Promotions:

Each employee and contractor is required to obtain privacy training. 

  • Effective awareness and application of ATIPP/NT legislation and Regulation requires attendance to privacy training, which can be provided on a one-to-one or team basis. 
  • It is the supervisor's responsibility to ensure their direct reports receive privacy training as part of on-boarding, as well as refresher training, and specialized training after a real or potential privacy breach event. 

​All NTPC staff should receive refresher ATIPP/NT

  • To schedule on-boarding or refresher training, email the HPPS at [email protected] or call 867-874-5253.

NTPC ATIPP Awareness and Promotions:

  • Mobile Devices: Tips for Security & Privacy, click on this link
  • NTPC Ten Top Tips for ATIPP Compliance (draft 3Oct23), click on this link. 
  • Data Privacy Week: January 22-28, 2023, click on this link

Identifying, Responding to, and Documenting a Real/Potential Privacy Breach

Under ATIPP/NT, NTPC’s employees and contractors have a duty to immediately report a real or suspected breach or threat risk to NTPC employee, corporate or other sensitive information

  • If there is a real or suspected incident, the HPPS should be notified immediately via email: [email protected] or click on this link.
  • NTPC also has a Privacy Breach Response Checklist to assist with documenting the privacy breach response and investigation.  Click on this link to access the Privacy Breach Response checklist (WORD format).
  • There is a K2 form for documenting, evaluating and reporting a real or suspected privacy breach.  It is available on NTPC's PowerLine under Forms or click on this link.

Training: Privacy Breach Evaluation and Reporting

  • To access the PowerPoint tutorial on responding to/reporting of a real of suspected privacy breach, click on this link. This link will request your network credentials, which is the user name and password you use to log on to your computer.
  • To access the manual for reporting and assessing a real or suspected privacy breach using K2 Privacy Breach form, click on this link.

Records Management: Effective Access & Security of NTPC Documents

Both as a responsible Corporation and a public body, it is important to identify and safeguard the security of NTPC records on a day-by-day basis. 

  • As well, as such records may be subject to a request for information under ATIPP/NT, consistent attention to detail and procedures is required in the archival and safeguarding files and/or records that should be treated as "confidential" or "sensitive".

On a department by department basis, the Director of each NTPC team should identify what types of records are to be treated as “confidential" and/or "sensitive”.  

Examples of "confidential" or "sensitive" records include, but not limited to:

  • Human Resources (HR) files, including files that supervisors may hold on staff reporting directly to them.
  • NTPC business-sensitive documents that may be deemed “confidential” such as legal agreements, memoranda of understanding, records related to any legal actions and their outcomes.
  • NTPC information, including maps, photographs, safety reports, etc. that pertain to NTPC’s physical and digital assets, as well as its operations.
  • Other types of records that a department may determine should be treated as "confidential" or "sensitive".

Effective handling and management in Archival of Records

NTPC's records management system, as well as personnel assigned to oversee records management, storage, retrieval and disposal is under the office of the Director, Information Technology (DIT).

  • It is essential to learn and follow directives from the office of the DIT for ensuring that documents that need to be retained for a period of time are properly catalogued, boxed and securely stored at the NTPC warehouse. 
  • When the purpose or need of documents has ended, the records management process will include the secure recovery of the documents or archived document box, followed by the secure destruction (shredded) of the records. 
  • Effective records handling and management is critical for NTPC to respond to an ATIPP request for information in a timely manner.

Failure to follow records management protocols established by the office of the DIT and designated records management staff person creates substantial risks to NTPC, including, but not limited to:

  • Loss or exposure to sensitive NTPC information that results in a Privacy Breach and possibly investigation by the Office of the Information and Privacy Commissioner.
  • Real or potential access or theft of employee, corporate and infrastructure-related technical information, diagrams, schematics, and email histories of decision-making discussions. 
  • Damage to NTPC Corporate reputation in the context of inadequate safety measures to safeguard corporate, employee and customer information.

For more information about Records Management procedures at the NTPC, contact the office of the DIT.