Northwest Territories · ATIPP & Bill 29

Access and privacy for Northwest Territories public bodies, in one platform

AccessPoint manages ATIPP Act requests and the privacy impact assessments, breach notifications, and binding Commissioner orders that Bill 29 introduced — pre-configured for the Northwest Territories and running inside your own Microsoft 365 tenant.

Northwest Territories at a glance

Response deadline
20 business days from receipt; a late response is a deemed refusal (s. 8)
Extensions
Self-extend up to 20 business days on defined grounds; any longer extension needs the Commissioner's authorization (ss. 11, 11.1)
Application fee
None — the application fee was removed in 2021; service fees apply only above a $250 chargeable total
Privacy impact assessments
Mandatory before new programs and systems collect personal information (s. 42.1, Bill 29)
Oversight
Information and Privacy Commissioner — binding order-making since 2021 (Bill 29)
Languages
English, French, and the territory's nine official Indigenous languages (s. 7)

Built for Northwest Territories

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

ATIPP request lifecycle

Intake to disclosure on the NWT's 20-business-day clock — with deemed-refusal alerts, section 11 and 11.1 extensions, the Division B exemption catalogue, the section 5.1 public-interest override, and Commissioner-ready records, all on Microsoft 365.

Binding orders and appeals

Since Bill 29 the Commissioner issues binding orders, not recommendations. AccessPoint tracks an order to give access (section 35), the 20-business-day compliance clock, and the appeal to the Supreme Court (section 37) — with orders enforceable as orders of the Court.

Privacy impact assessments

Run the section 42.1 PIA that Bill 29 made mandatory before a new enactment, system, program, or service handles personal information — with multi-body common-or-integrated assessments routed to the Commissioner for review.

Mandatory breach notification

Log a privacy breach and get a live checklist: report material breaches to the Commissioner (section 49.9) and notify affected individuals on a real risk of significant harm (section 49.10), each computed with its own timing.

Court-ready evidence

Every action lands on a hash-chained audit ledger — so when an order is filed with the Supreme Court or a decision is appealed, the record, its reasons, and the full history export as a court-ready evidence package.

In your own NWT tenant

Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no cross-border transfers, no per-user fees.

The Bill 29 modernization

Bill 29 gave the Commissioner binding orders. AccessPoint runs the regime it created.

On July 30, 2021, Bill 29 turned the Northwest Territories from a recommendation regime into one of the few territories where the Information and Privacy Commissioner issues binding orders — a public body must comply within 20 business days or appeal to the Supreme Court, and an order can be filed and enforced as an order of the Court. The same amendments made privacy impact assessments mandatory for new programs and systems and introduced mandatory breach notification. AccessPoint is configured to all of it — the 20-business-day clock, the order-and-appeal path, PIAs, and breach reporting — on one platform in your own tenant.

Binding orders The Commissioner's orders are enforceable as orders of the Supreme Court; comply within 20 business days or appeal.
Mandatory breach notification Report material breaches to the Commissioner and notify individuals on a real risk of significant harm.
Mandatory PIAs A privacy impact assessment before new programs and systems collect personal information.

Configured out of the box

Installing the ca-nt-atipp configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: FOI Workflow Quick Check
  • The ATIPP Act (SNWT 1994, c. 20) and Bill 29 as the legal-authority and citation spine
  • The NWT statutory-holiday calendar and 20-business-day due-date rules, with deemed-refusal alerts
  • The Division B mandatory and discretionary exemptions, colour-coded for redaction, with the section 5.1 public-interest override
  • Section 11 and 11.1 extension reasons with citations, including Commissioner authorization
  • The NWT service-fee schedule with the $250 threshold and fee waivers — no application fee
  • Commissioner order and appeal grounds and dispositions, with the Supreme Court appeal path
  • Section 42.1 PIA templates and the Division E breach-notification workflows
  • ATIPP correspondence templates with statutory wording, in English and French

Northwest Territories Questions

Does the NWT Commissioner really issue binding orders now?

Yes. Bill 29, in force July 30, 2021, replaced the former recommendation model with binding order-making. After a review the Information and Privacy Commissioner can order a public body to give access (section 35); the body must comply within 20 business days or appeal to the Supreme Court of the Northwest Territories (section 37), and an order can be filed and enforced as an order of the Court (section 35(6)). AccessPoint tracks orders, the compliance clock, and the appeal path, with court-ready evidence from the audit ledger.

What did Bill 29 change for privacy?

It made privacy impact assessments mandatory before a public body develops a new enactment, system, program, or service that handles personal information (section 42.1), and it introduced mandatory breach notification — reporting material breaches to the Commissioner (section 49.9) and notifying affected individuals on a real risk of significant harm (section 49.10). AccessPoint runs PIAs and a live breach-notification calculator on the same platform, with a full audit trail.

What is the response deadline in the Northwest Territories?

Twenty business days from receipt (section 8); a late response is a deemed refusal. A public body may self-extend up to 20 business days on defined grounds (section 11), and any longer extension needs the Commissioner's authorization (section 11.1). AccessPoint computes the due date on the NWT business-day calendar and tracks every extension.

Where does Northwest Territories data reside?

Entirely within your own Microsoft 365 and Azure tenant. Requests, documents, assessments, and audit history never leave your control — no third-party cloud and no cross-border data transfers.

Run Northwest Territories Access and Privacy in One Platform

Try AccessPoint free for 30 days, pre-configured for the Northwest Territories. No credit card required.

Start Free Trial