Compliance Sector
Compliance Sector Profile
Deputy Commissioner: Brent Homan
- Joining the OPC as Director General (PIPEDA) in 2012, Brent Homan has served as Deputy Commissioner of the Compliance Sector since 2018.
Executive Assistant: Melissa Kenny
Personnel
- Total FTEs: 50
- Deputy Commissioner’s Office
- 1 EX-03 (Deputy Commissioner)
- 1 AS-03 (Executive Assistant)
- 1 EC-05 (Business Intelligence Officer)
- 1 PM-06 (Senior Advisor)
- Sector: 46
- Deputy Commissioner’s Office
- Vacant FTEs:
- Deputy Commissioner’s Office: 0
- Sector: 4
Organizational Chart (2 levels)
Text version of Organizational Chart (2 levels)
Deputy Commissioner, Compliance [EX-03], Brent Homan
- Executive Director, Compliance, Intake and Early Resolution [EX-02], Sue Lajoie
- Director, Privacy Act Compliance [EX-01], Amanda Edmunds
- Director, PIPEDA Compliance [EX-01], Michael Maguire
- Business Intelligence Officer and Strategic Advisor [EC-05], Tess Kim (note 1: on leave) (note 2: replaced by Mely Jean-Claude acting)
Role
- The Compliance Sector focuses on addressing existing privacy compliance issues through a continuum of enforcement activities to ensure violations of the law are identified and that remedies are secured.
Key Activities
- The Compliance Sector activities include not only investigations in response to complaints filed by Canadians, but also a shift towards more proactive enforcement activities, such as audits, breach records inspections and Commissioner-initiated investigations.
- On the other end of the enforcement continuum, the vast majority of the complaints received at the OPC – approximately 80% – are resolved through summary investigations or early resolution, a mediation-oriented and less-resource intensive approach to resolve matters of a less systemic nature.
- The OPC’s Compliance Sector is a leader in both domestic and international enforcement collaboration, thus expanding enforcement capacity and amplifying impacts. Enforcement collaboration enables the Sector to leverage the combined strengths of the OPC and its counterparts to expand their collective enforcement capacity and amplify the impact of the compliance outcome.
- In Fiscal Year 2021-2022, the Sector completed over 529 investigations and closed 622 cases through its early resolution process.
Priorities
- 2022-2023 Operational Plan
Privacy Act Compliance Directorate
Director: Amanda Edmunds
- Amanda Edmunds joined the OPC in September 2011 and worked as a PIPEDA manager for breach investigations, complaint intake and early resolution before becoming Director for the Privacy Act Compliance Directorate in 2019.
Personnel
- Total FTEs: 12.5
- 1 EX-01
- 6 PM-06
- 4 PM-05
- 1 PM-04
- .5 AS-01 (shared with PIPEDA Compliance Directorate)
- Vacant FTEs: 2.5
- 2 PM-06
- .5 AS-01
Organizational Chart (2 levels)
Text version of Organizational Chart (2 levels)
Director, Privacy Act Compliance [EX-01], Amanda Edmunds
- Manager [PM-06], Sofia Scichilone
- Senior Advisor [PM-06], Lahoussine Aniss
- Senior Advisor [PM-06], Virginia Freeborn
- Senior Advisor [PM-06], Nicole Lewandowski
- Senior Advisor [PM-06], James MacLeod
Role
- As part of OPC’s mandate to protect the privacy rights of individuals, the Privacy Act Compliance Directorate focuses on:
- Conducting investigations under the Privacy Act concerning the collection, use and disclosure of personal information by federal institutions, and investigations related to access to personal information held by federal institutions; and
- Conducting proactive enforcement actions, including audits, of federal institutions.
Key Activities
- Investigating complaints that are not suitable for Early Resolution or summary investigations, and conducting Commissioner-initiated investigations and audits.
- Providing investigative insights into policy development, government advisory services, and public communications work, including publishing investigative findings.
- In Fiscal Year 2021-2022, PA Compliance completed 85 investigations and published case summaries or full reports on six investigations.
Priorities
- Pandemic-related investigations.
- Investigation of RCMP Project Wide Awake.
- Investigation of [redacted].
- Investigation of [redacted].
- Investigation of [redacted].
- Security Infrastructure Upgrade.
- Investigations Case Management System (Ci2) redesign, to leverage automation and efficiencies potential from upgrading software in the move to the Cloud.
Personal Information Protection and Electronic Documents Act (PIPEDA) Compliance Directorate
Director: Michael Maguire, LL.B., B.Comm (Finance)
- Michael Maguire joined the OPC in 2012, holding positions of Senior Advisor, Manager, and then Director (since 2019) of the PIPEDA Compliance Directorate.
Personnel
- Total FTEs: 12.5
- 1 EX-01
- 7 PM-06
- 1 PM-05
- 3 PM-04
- .5 AS-01 (shared with PA Compliance Directorate)
- Vacant FTEs:
- 1 PM-04/05
- .5 AS-01
Organizational Chart (2 levels)
Text version of Organizational Chart (2 levels)
Director, Personal Information Protection and Electronic Documents Act Compliance [EX-01], Michael Maguire
- Manager [PM-06], Prosper Béral (note 1: on assignment in the Executive Secretariat) (note 2: replaced by Trevor Yeo acting)
- Manager [PM-06], Catherine Labbé
- Senior Advisor [PM-06], Abby Aldana
- Senior Advisor [PM-06], Julie Beaumont
- Senior Advisor [PM-06], Laura McLeod
- Senior Advisor [PM-06], Moonus Shaikh
- Senior Advisor [PM-06], Sylvie Tremblay
- Senior Advisor [PM-06], Trevor Yeo
Role
- As part of OPC’s mandate to protect the privacy rights of individuals, The PIPEDA Compliance Directorate works towards ensuring private sector organizations’ compliance with PIPEDA by:
- Conducting investigations under PIPEDA about the collection, use and disclosure of personal information in the course of commercial activities, and
- Conducting proactive enforcement actions, including commissioner-initiated investigations (and audits) of private sector organizations.
Key Activities
- Investigating complaints, including via formal powers, site visits, interviews, etc., that are not suitable for early resolution or summary investigation. This includes Commissioner-initiated or complaint-driven investigations into novel legal or privacy issues and emerging technologies or business models, often involving large multi-national enterprises and collaboration with domestic or international partners.
- Negotiating with respondents and legal counsel to obtain commitments and issues legally sound plain-language reports of finding.
- Playing an active leadership role in various domestic and international enforcement cooperation fora to establish relationships, tools and joint initiatives to further the privacy rights of Canadians. This includes managing key relationships with international partners and domestic counterparts, and leading and/or being actively involved in various enforcement cooperation networks and working groups.
- Collaborating with and supporting cross-office colleagues in the development of public-facing materials to communicate the OPC’s interpretations and expectations in relation to PIPEDA with a view to achieving broad-based compliance.
Priorities
- MindGeek investigation
- Global Privacy Assembly
- Key bilateral relationships
- Memorandums of understanding
- Federal, Provincial and Territorial activities
- [Redacted]
- Investigation into [redacted].
- Investigation into [redacted].
- Investigating [redacted].
Compliance, Intake and Resolution Directorate
Executive Director: Sue Lajoie
- Sue Lajoie joined the OPC as the Director General of Privacy Act Investigations in 2012. In 2019, she was appointed as Executive Director of the OPC’s new Compliance, Intake, and Resolution Directorate. She has occupied a number of leadership positions in various government organizations, including the Department of National Defence, the Treasury Board of Canada Secretariat, and Health Canada.
Personnel
- Total FTEs: 21
- 1 EX-02
- 1 AS-02
- 1 CR-04
- 4 PM-06
- 10 PM-05
- 1 PM-04
- 3 PM-03
- Vacant FTEs:
- 0 vacancies
Organizational Chart (2 levels)
Text version of Organizational Chart (2 levels)
Executive Director, Compliance, Intake and Resolution [EX-02], Sue Lajoie
- Manager [PM-06], Sonja Hanisch
- Manager [PM-06], Patrick Samson
- Manager [PM-06], Jason Trudeau
- Senior Advisor [PM-06], Christina Derenzis
- Senior Advisor [PM-06], Robert Eggleton
- Senior Advisor [PM-06], Iain McKenna
Role
- As part of the OPC’s mandate to protect the privacy rights of individuals, the Compliance, Intake, and Resolution Directorate performs compliance work under both the Privacy Act and PIPEDA and is responsible for complaint intake and the early resolution of complaints.
Key Activities
- The Complaint Intake performs registrar functions ensuring that the OPC has jurisdiction over issues raised in complaints received.
- The Early Resolution Unit resolves complaints through mediation. Where resolution of complaints cannot be mediated, it conducts summary investigations and issues finding. Approximately 80-90% of complaints received by the OPC are concluded by the Early Resolution Unit.
- The Breach Response Unit reviews and follows up on privacy breach reports submitted under the mandatory breach notification schemes, and carries out breach investigations and breach records inspections. It also proactively engages organizations or institutions where our office has not received reports relating to public breaches. On average the Breach Response Unit reviews 1,000 breach reports per year.
- The Compliance Monitoring Unit ensures the implementation of the OPC’s recommendations included in reports of findings. It also ensures that the terms of Compliance Agreements are respected.
Priorities
- Compliance monitoring of Desjardins: In May 2019, Desjardins notified the OPC and the Commission d’accès à l’information du Québec (CAI) of a breach that ultimately affected close to 9.7 million individual Canadians. The OPC’s investigation concluded that Desjardins violated PIPEDA with regards to accountability, data retention periods and security safeguard measures. Desjardins has been providing progress reports to the OPC and the CAI every six months on its implementation of a comprehensive action plan in line with OPC recommendations and the CAI’s order. The final deliverable, an external audit report, is due on December 15, 2022. See: Investigation into Desjardins’ compliance with PIPEDA following a breach of personal information between 2017 and 2019.
- Compliance monitoring of the RCMP: In June 2021, the OPC published its special report to Parliament on the investigation into RCMP’s use of Clearview AI. It found that the RCMP failed to properly assess the potential Privacy Act compliance risks that the use of Clearview’s massive database and facial recognition technology presented. Further, it did not have systems in place to track, identify, assess, and control such novel collection of personal information. The RCMP has been providing progress reports every quarter on its implementation of OPC recommendations to reduce privacy risks presented by new technologies. A final report is due on June 30, 2022. See: Report of findings: Investigation into the RCMP’s collection of personal information from Clearview AI (involving facial recognition technology).
- [Redacted]
- Security infrastructure upgrade.
- RROSH assessment tool.
- Privacy Act Extension Order, No. 3.
- Date modified: