Nunavut · ATIPP Act

Access and privacy for Nunavut public bodies, in one platform

AccessPoint manages ATIPP Act access requests and the mandatory breach notification Nunavut was first in Canada to adopt — configured to Nunavut's inherited statute exactly, and running inside your own Microsoft 365 tenant.

Nunavut at a glance

Response deadline
30 days from receipt (s. 8)
Extensions
An extension for a reasonable period on defined grounds, with notice to the applicant (s. 11) — no fixed statutory cap
Application fee
$25 for general-information requests; none for your own personal information
Breach notification
Mandatory — material breaches to the Commissioner, individuals on a real risk of significant harm (ss. 49.9–49.10)
Oversight
Information and Privacy Commissioner (recommendations, with appeal to the Nunavut Court of Justice)
Languages
Inuktut, English, and French (s. 7); no fee for translation of a record

Built for Nunavut

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

ATIPP request lifecycle

Intake to disclosure on Nunavut's 30-day clock — with section 11 extensions, the mandatory and discretionary exemption catalogue, fee estimates on the Nunavut schedule, and IPC-ready records, all built on Microsoft 365.

Breach notification, done right

Nunavut was the first jurisdiction in Canada to require breach notification by all public bodies. AccessPoint logs a breach and runs a live checklist — material breaches to the Commissioner (section 49.9), affected individuals on a real risk of significant harm (section 49.10).

IPC reviews and court appeals

Track a review to its report and recommendations (section 35), record the head's decision within the 30-day window (section 36), and follow the appeal to the Nunavut Court of Justice (section 37) — all on one clock-aware workspace.

Service in Nunavut's languages

Nunavut's official languages are Inuktut, English, and French, and there is no fee to translate a record (section 7). AccessPoint ships bilingual and localizes to Inuktut so notices and correspondence meet the applicant in their language.

Ready for reform

Nunavut's Act is configuration-driven in AccessPoint, so the day order-making, a statutory PIA duty, or wider coverage is legislated, you reconfigure the rules — you do not replace the system.

In your own Nunavut tenant

Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no cross-border transfers, no per-user fees.

An inherited statute, configured exactly

Nunavut runs Canada's oldest access statute. AccessPoint fits it exactly — and grows when it changes.

Nunavut carried the Northwest Territories' 1990s ATIPP Act forward at division in 1999 and has kept its original shape: a 30-day response clock, an Information and Privacy Commissioner who recommends rather than orders, and appeals to the Nunavut Court of Justice. Reform has been urged for years — a comprehensive IPC review, repeated committee reports, and a 2024 amendment bill that was withdrawn — but the core statute still stands. AccessPoint is configured to the Act Nunavut actually has, not a modernized cousin, including the mandatory breach notification Nunavut was first in Canada to adopt. And because every rule is configuration-driven, the day order-making or a statutory PIA duty arrives, you reconfigure — you do not re-platform.

Recommendation model The Commissioner reports and recommends; the head decides, with appeal to the Nunavut Court of Justice.
A breach-notification first The mandatory public-body breach reporting Nunavut pioneered, tracked to the Commissioner and affected individuals.
Ready for reform Configuration-driven, so a future move to order-making or statutory PIAs is a setting, not a migration.

Configured out of the box

Installing the ca-nu-atipp configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: FOI Workflow Quick Check
  • The ATIPP Act (C.S.Nu., c. A-20) and its regulations as the legal-authority and citation spine
  • The Nunavut statutory-holiday calendar and 30-day due-date rules
  • The mandatory and discretionary exemptions, colour-coded for redaction
  • Section 11 extension grounds with citations and applicant-notice requirements
  • The Nunavut fee schedule — a $25 general-request fee, none for personal information, and waivers
  • IPC review grounds and dispositions, with the Nunavut Court of Justice appeal path
  • The Division E breach-notification workflows (ss. 49.9–49.11)
  • ATIPP correspondence templates with statutory wording, in English and French, with Inuktut localization available

Nunavut Questions

What kind of oversight does Nunavut's ATIPP Act provide?

A recommendation model. After a review the Information and Privacy Commissioner issues a report with recommendations (section 35); within 30 days the head of the public body decides whether to follow them (section 36), and an applicant can appeal the decision to the Nunavut Court of Justice (section 37). The Commissioner does not issue binding orders. AccessPoint tracks the review, the head's decision, and the appeal path, with a full audit trail.

Does Nunavut require breach notification?

Yes — and it was the first jurisdiction in Canada to require it of all public bodies. A material privacy breach must be reported to the Commissioner (section 49.9), and affected individuals must be notified where the breach poses a real risk of significant harm (section 49.10). AccessPoint logs breaches and runs a live notification checklist computed from those duties.

Nunavut's Act is dated — what happens when it is modernized?

AccessPoint is configuration-driven, so it fits the Act as it stands today — the 30-day clock, the recommendation model, the $25 general-request fee — and adapts as the law changes. Reform has been recommended repeatedly, through a comprehensive IPC review, committee reports, and a withdrawn 2024 amendment bill; when order-making, statutory PIAs, or new coverage arrive, you reconfigure rather than replace the system.

Where does Nunavut data reside?

Entirely within your own Microsoft 365 and Azure tenant. Requests, documents, assessments, and audit history never leave your control — no third-party cloud and no cross-border data transfers.

Run Nunavut Access and Privacy in One Platform

Try AccessPoint free for 30 days, pre-configured for Nunavut. No credit card required.

Start Free Trial