Mr. Speaker, data sets released in open format must adhere to the Privacy Act, the Treasury Board policy on privacy protection, the Treasury Board directive on privacy practices, the Treasury Board standard on security organization and administration, and the Treasury Board directive on open government.
The links to the above-noted documents are found as follows: Privacy Act: http://laws-lois.justice.gc.ca/eng/acts/p-21/; policy on privacy protection: www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12510; directive on privacy practices: www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=18309; standard on security organization and administration: www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=12333; and directive on open government: www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=28108.
When federal departments proactively release data sets, a review for compliance with the Access to Information Act is not required unless a formal access to information request is made. However, before posting, data sets must be verified against a defined set of legal, security and policy requirements to ensure they do not contain sensitive information, such as identifiable personal information.