6. Corporate services

Corporate services at the Office of the Information Commissioner of Canada (OIC) provides strategic and corporate leadership for planning and reporting, human resources and financial management, security and administrative services, internal audit and evaluation, and information management and technology.

Corporate services are essential to supporting program delivery at the OIC. The Commissioner and her corporate services team continued in 2015–2016 to ensure efficient operations and exemplary service to Canadians.

Obtaining and promoting talent

The Commissioner has implemented, or continued to implement, several initiatives in 2015–2106 in order to obtain and promote talent within the OIC. In implementing these initiatives, the Commissioner ensures she is attracting high performing recruits to the OIC, developing leaders within the organization and providing opportunities for employees to apply specific skills.

These measures are driven in part by the changing demographics of the OIC’s workforce, and the differing expectations that younger, millennial employees have within the workplace.

One of the benefits of obtaining and promoting talented employees is that the OIC will be staffed with a fully engaged, expertly trained workforce that is able to achieve investigative excellence.

Performance management of investigators

2015–2016 saw the continued implementation of a performance management model for investigators that is focused on open dialogue, with investigators proactively identifying needs for training and tools. This framework emphasizes continuous feedback in order to achieve set goals. Formal performance management processes are also put in place, with early work objectives determined, and with regular assessments built into the process. Training plans are also developed as part of the formal performance management process.

New orientation guide

The OIC hired new investigators in early 2016. This cohort of new investigators benefited from a new orientation guide, completed in December 2015. The purpose of this guide is to integrate new employees into the organizational culture of the OIC.

The new orientation guides provides a comprehensive overview of the OIC’s structure, its organizational priorities and its code of values and ethics. It also provides information on employees’ professional development, human resources information, as well as practical administrative and logistical information.

Identifying training needs

As described in “Focus on training and procedures for investigators”, several new training sessions were introduced in 2015–2016 for investigators. This is in addition to the training needs that investigators are encouraged to self-identify as part of the OIC’s performance management strategy for investigators (see above, “Performance management of investigators”).

Although new training initiatives focused on investigators in 2015–2016, employees in other groups at the OIC were encouraged to attend these sessions. Professional development opportunities were also made available for employees in legal services, corporate services and public affairs, in order to meet their professional designation requirements or, through an agreement with the Canada School of Public Service, to attend mandatory management training and functional expertise training.

Shared services

Taking advantage of shared services with other organizations is an important tool for the Commissioner. It allows the OIC to rely on expertise it does not have in-house while also reducing risk and efficiently managing limited resources.

Where possible, when the OIC undertakes shared service agreements, these are developed with other agents of Parliament, whose needs are often similar.

In 2015–2016, there were several on-going projects at the OIC that took advantage of shared services. These included: the implementation of a new financial system shared with the Office of the Privacy Commissioner and hosted by the Canadian Human Rights Tribunal; a new human resources information system (MyGCHR); the adoption of the pay modernization system (Phoenix), which is administered by Public Services and Procurement Canada (PSPC); and compensation and classification services from PSPC.

The OIC has also entered into a number of shared service agreements with co-tenants. These include shared security, mailroom and library service agreements.

In addition to sharing services, the OIC has also shared its corporate expertise with other organisations. For example, in 2014–2015, the OIC finished implementation of a new case management system. After its implementation, several organisations from the federal government and from provincial commissioners’ offices came to the OIC for a demonstration of the new system and learn about its effectiveness, security and the cost-benefits it can provide.

Security awareness and cyber security

In 2015–2016, the OIC put a renewed focus on security awareness. In November 2015, the Privy Council Office Departmental Security Officer Centre for Development gave a security awareness training session to OIC employees. To mark Security Awareness Week (February 8 to 12, 2016), the security teams from all the tenants in the building came together to offer presentations, security exercises and workstation demonstrations. Lastly, in March 2016 the OIC security team launched a Cyber Security Awareness Resource Centre on the OIC’s intranet.

Audit of the information technology security infrastructure

An audit of the OIC’s information technology security infrastructure was commenced in 2015–2016 and is expected to be completed in 2016. The purpose of this audit is to assess the OIC’s information technology security posture.

The need for this audit was identified in the OIC’s 2014–2018 Integrated Risk-Based Internal Audit and Evaluation Plan as part of the OIC’s internal audit function. The purpose of the OIC’s internal audit function is to assess and improve the effectiveness of risk management, control and governance processes at the OIC.

Audit and evaluation

The OIC’s Audit and Evaluation Committee (AEC) meets four times a year to discuss subjects such as the OIC’s finances, caseload, litigation before the court, and human resources. The AEC provides the Commissioner with independent and objective advice, guidance and recommendations on the adequacy of the OIC's control and accountability processes, as well as the use of evaluation within the OIC, in order to support management practices, decision-making and program performance.

In 2015–2016, the AEC closely monitored the financial situation of the OIC. They also held discussions on targeted efforts to foster an exceptional workplace at the OIC. Training for investigators was also broadly discussed with AEC members.

The Office of the Information Commissioner’s Open Government Implementation Plan

In 2015–2016, the Commissioner has developed the Office of the Information Commissioner’s Open Government Implementation Plan (OGIP). The OGIP describes the activities and deliverables the OIC will achieve to meet the requirements of the Directive on Open Government. This Directive establishes an open by default position across the Government of Canada and requires institutions to maximize the release of data and information, with a goal to effect a fundamental change in government culture.

Proactive disclosure at the OIC

Even before the implementation of an OGIP, the OIC already proactively posted the following data and information:

  • Monthly complaints data;
  • Data about extension notices (section 9(2) of the Act);
  • Observations on the health of the access to information regime;
  • Correspondence with designated officials; and
  • Submissions to parliamentary committees.

In order to maximize its impact, the OIC’s OGIP was developed in an integrated manner, with input from various stakeholders across the office, including information management, information technology, access to information and privacy, and communications. The working group tasked with delivering on the activities of the OGIP will be co-chaired by representatives from information management and access to information and privacy.

The creation of the OGIP presented an opportunity for the OIC to build on its existing open government initiatives while creating new, innovative methods and activities that will benefit both the access community and Canadians.

New disposition authority with Library and Archives Canada

In November 2015, Library and Archives Canada informed the Commissioner it had issued a new disposition authorisation for her office, as well as the offices of the Lobbying, Official Languages, Privacy and Public Sector Integrity commissioners. This disposition authorisation replaced all existing institution-specific and multi-institutional disposition authorisations that were in place at the OIC at that time, with some exceptions.

The new disposition authorisation identifies records of archival value or activities that generate archival records and includes validation requirements.

The Commissioner is in compliance with her obligations under this new disposition authorisation.

Representation on the heads of federal agencies steering committee

In 2015–2016, the Commissioner became the agents of Parliament’s representative on the heads of federal agencies steering committee.

The purpose of this committee is to champion small department and agency issues with central agencies and other branches of the federal public service. The steering committee meets on a monthly basis from September to June to exchange ideas and concerns, and develop strategies to advocate for and influence on behalf of small departments and agencies concerning the development and application of government policies, standards and practices.

Access to information and privacy

For information on the Commissioner’s access to information and privacy activities in 2015–2016, consult her annual reports to Parliament on these topics on her website.

Appendix B (page 63) contains the annual report of the Information Commissioner ad hoc, who investigates complaints about the Office of the Information Commissioner’s handling of access requests.