1 / 21

Freedom of Information Protection of Privacy FOIP

2. History of Canadian Privacy Laws . FederalAccess to Information Act - 1983Privacy Act - 1983Personal Information Protection and Electronic Documents Act (PIPEDA)

Download Presentation

Freedom of Information Protection of Privacy FOIP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. Freedom of Information & Protection of Privacy (FOIP) November 2006

    2. 2

    3. 3 What is FOIP? Alberta law which: Grants people a right of access to records under the custody or control of a public body (subject to limited and specific exceptions) Governs the way personal information is collected, used and shared by public bodies Provides for an independent review by the Information and Privacy Commissioner

    4. 4 Part I - Access to Records General Inquiries Active dissemination of information FOIP Requests Founded on three principles: government information should be available to the public the necessary exceptions to the right of access should be limited and specific decisions on disclosure of government information should be reviewed independently of government

    5. 5 Application of the the FOIP Act The FOIP Act applies to all records in the custody or under the control of AU created both before and after the FOIP Act came into force (subject to specific and limited exceptions) Record: information recorded in any form (e.g., notes, images, audiovisual recordings, books, documents, maps, drawings, photographs, letters, vouchers and papers) Custody: Physical possession Legal ownership irrelevant Control: Not in possession, but still have authority to manage the record Exclusions (of interest to AU): Question to be used on an examination Teaching materials Research information Material that is published or available for purchase

    6. 6 Right of Access Anyone can request any record 30 days to respond (extension possible) Fees (personal vs. general) Consultations with affected parties Severing Release records unless Mandatory exception applies Discretionary exception applies AND “harms test” satisfied

    7. 7 Mandatory Exceptions Confidential Third Party Business Interests Trade secrets Commercial, financial, labour relations, scientific or technical information of a third party BUT only if disclosure would present harm (e.g., harm the competitive position of the third party) Third Party Personal Privacy Must be an unreasonable invasion

    8. 8 Discretionary Exceptions Any disclosure that could reasonably be expected to harm: Individual or public safety Law enforcement activities Advice, proposals, recommendations or policy options developed by or for a public body Economic interest of a public body Testing/auditing procedures or techniques Confidential evaluations Privileged information In-camera deliberations of a governing body (AUGC and AUAC)

    9. 9 Access – Other Issues Disclosure in the Public Interest Risk of significant harm to environment or to health and safety Personal Information Banks (PIBs) Collection of information that is organized or retrievable by the name of the individual or by an identifying number or other particular assigned to the individual Public bodies must publish a directory of PIBs that contains the following information: Title and location of the PIB Description of the type of personal information Authority for collecting the personal information Must be kept as current as practicable (annual review)

    10. 10 Part II – Protecting Privacy What is privacy? Often equated with confidentiality Has been characterized as the right to be left alone, to be secure in one’s home and free from unwanted interference In the context of the privacy laws, privacy means having control over one’s personal information Choice of whether to disclose information at all Control over with whom it is shared Control over how it is used Don’t lose control once you’ve released your information

    11. 11 Part II – Protecting Privacy What is personal information? Information about an identifiable individual that is recorded in any form Age, sex, birth date, marital status, educational history, race, political beliefs, fingerprints, health and health care history, criminal history Identifiers (SIN, Student ID #) Home contact information Individual’s personal opinions and others opinions about the individual

    12. 12 Survey Results 90% of respondents willing to disclose name 78% willing to disclose email address 61% willing to disclose street address 14% willing to disclose weight 13% willing to disclose income 12% willing to disclose job title 11% willing to disclose employer 8% willing to disclose net worth NRF Foundation/Adjoined Consulting Research; Retail Demand Insights 2006

    13. 13 How to Protect Personal Information 4 Golden Rules Collect only information that is necessary to carry out operations Collect information directly from the individual Only use information for the purpose for which it was collected Disclose information only to the individual it is about or other University employees that need to know

    14. 14 Collection of Personal Information Direct from the individual on a need to know basis Legal authority Accurate and complete Correction Protection Minimum retention of one year if used to make a decision about the individual

    15. 15 Use of Personal Information Intended purpose or consistent purpose With the individual’s consent Alumni records for fundraising purposes

    16. 16 Disclosure of Personal Information To the individual Individual consents Pursuant to laws of Alberta or Canada Where the disclosure would not be an unreasonable invasion of privacy Enrollment in a program Attendance at convocation Receipt of award Within AU on a need to know basis Law enforcement 28 other specific situations

    17. 17 Roles & Responsibilities FOIP Office Process Access to Information and Privacy requests Apply applicable exemptions and exclusions Apply relevant case law Interpret law and policy Advise internally on application of FOIP legislation and policy Respond to complaint investigations by Office of Information and Privacy Commissioner Advice and guidance on collection and use of personal information Privacy Impact Assessments Faculty/Staff Maintain records in an easily retrievable fashion Locate, retrieve and provide relevant records to FOIP Officer within 10 calendar days Formulate appropriate recommendations to FOIP Office by conducting preliminary review of records Advise FOIP Office of new or revised requirements to collect or use personal information (Privacy Impact Assessment)

    18. 18 Best Practices – Contracting Out Contracting out does not absolve AU from its privacy obligations for the personal information under its custody/control Conduct a Privacy Impact Assessment, if warranted, at an early stage prior to contracting out a program or service involving personal information Include proper privacy protection clauses in contracts to safeguard against unauthorized collection, use, disclosure or disposal of personal information

    19. 19 Best Practices – FOIP Requests Work closely with the FOIP Office to: Resolve issues as they arise Ensure the request is clearly understood Advise if search/programming/CPU time is required Prepare disclosure recommendations Retrieve all relevant records and DO NOT remove or delete information from those records Do not destroy transitory records or records scheduled for destruction

    20. 20 Best Practices – Creating Records Do Not: write inappropriate personal comments/notes assume all information will be confidential release sensitive information: information subject to FOIP Act exemptions and exclusions should be reviewed by the Privacy Advisor misfile records destroy documents if you are not sure of their retention status

    21. 21 Best Practices – Privacy Breach Contact individuals affected Contact Office of the Information and Privacy Commissioner Review Security Measures

More Related