The officer will meet with the organization’s
representative for a preliminary discussion of
the intent, purpose and scope of the review.
When the officer requires access to any of
the organization’s premises, he or she will
satisfy security requirements. The officer
may interview any person in private on the
premises, examine records and obtain copies
or extracts of such records. The officer will
return any document within 10 days of a
request for their return but may ask for them
again if the need arises.
Once the audit is finished, the officer will
brief the organization’s representative on the
findings. The officer will report the audit
findings to the Commissioner who will
make recommendations. The Commissioner
will send the report to the organization and
may ask to be kept informed of actions the
organization takes to correct problems.
The Commissioner may include the audit
report in his or her annual report or may
make public the personal information
management practices of an organization if
the Commissioner considers it to be in the
public interest to do so.