Freedom of Information and Protection ofPrivacy Guidelines and Practices 2000 /dlberta GOVERNMENTOFALBERTA Freedom of Information and Protection of Privacy GUIDELINES AND PRACTICES September 2000 m ydlborra GOVERNMENTOFALBERTA 1 Producedby Information Management and Privacy Alberta Municipal Affairs 201, 10808 -99 Avenue Edmonton, Alberta, Canada T5K 0G5 Phone: (780) 422-2657 Fax: (780) 427-1120 Web site: http://www.gov.ab.ca/foip ©Government ofAlberta ISBN 077851000X INTRODUCTION Thispublicationprovides acomprehensivereference tool forthe applicationofthe Freedom ofInformation andProtection ofPrivacy (FOIP) Actby all organizationsthat are subjectto theAct inAlberta. It interprets theActandthe FOIP Regulation, sets out roles andresponsibilities, and offers guidance on approaches andprocedures. It is intendedto be used by staffwho will beprocessing FOIP requests and carrying out privacy protectionmeasures. Thispublication isprovided as informationonly, and is intended to serve as a supplement to theFOIPActand Regulation. The information contained in it is provided as a guideline, not as binding rules, except fora limited numberofpolicy statements that are clearly indicated in bold text. All examples used areprovided as illustrations and should not be used as authority for any decisions made undertheAct. This publication is notto be used as a substitute for legal advice. In case ofany doubt as to the proper application oftheAct please referto , the FOIP Coordinatorofyourpublic body. This edition ofFreedom ofInformation andProtection ofPrivacy: Guidelinesand Practices incorporates amendments to the FOIP legislationup to July 1, 2000, including the amendments introduced intheFreedom ofInformation andProtection ofPrivacy AmendmentAct, 1999. References to the FOIPActandthe FOIP Regulation appear in boldtext. Referencesto other legislationare inplaintext. The Office ofthe Information and Privacy Commissionerpublishes Orders, Practice Notes and Investigation Reports. Alberta Municipal Affairs, InformationManagement and Privacy, publishes FOIP Bulletins and other guidelines. Thispublicationreferences policy and guideline information, and Commissioner’s Orders released upto July 1, 2000. Forfurther information aboutthe administration oroperation oftheAct please contact: , Information Management and Privacy Alberta Municipal Affairs 201, 10808-99 Avenue* Edmonton, Alberta T5K 0G5 * Phone: (780) 422-2657 Fax: (780) 427-1120 Web site: http://www.gov.ab.ca/foip * Effective October 2000, ourmailing address will be 16th Floor, Commerce Place, 10155 - 102 Street, Edmonton, T5J4L4. Digitized by the Internet Archive 2016 in https://archive.org/details/freedomofinforma00unse_0 Freedom of Information and Protection of Privacy Guidelines and Practices Table of Contents Chapter 1: Overview 1 1.1 Purposes ofFOIPAct 1 1.2 Public Bodies Within the Scope ofthe Act .....1 1.3 Organizations NotWithin the Scope ofthe Act 3 1.4 Scope ofthe Act 4 1.5 Records Covered by the Act 5 1.6 Custody or Control ..6 1.7 Records Excluded from the Act 7 1.8 Accessing Information 14 1.9 Routine Access to Information 15 1.10 Practices for Routine Disclosure and Active Dissemination 18 Chapter 2: Administration ofthe FOIPAct 23 2.1 Public Body - Roles and Responsibilities ..23 2.2 Delegation of FOIP Responsibilities .26 2.3 Province-Wide Administration ofthe Act 27 2.4 Liability, Sanctions and Penalties 29 Chapter 3: Access to Records 31 3.1 Who Has a Right ofAccess 31 3.2 Access Tools 31 3.3 Receiving a FOIP Request 33 3.4 Processing a FOIP Request 46 3.5 Responding to a FOIP Request 62 September 2000 Page i Table ofContents Chapter 4: Exceptions to the Right ofAccess 67 4.1 Overview .67 4.2 Relationship to OtherActs 72 4.3 Disclosure Harmful to Business Interests of a Third Party....73 4.4 Disclosure Harmful to Personal Privacy 82 4.5 Disclosure Harmful to Public or Individual Safety ....98 4.6 Confidential Evaluations 102 4.7 Disclosure Harmful to Law Enforcement .....................105 4.8 Intergovernmental Relations .............119 4.9 Cabinet and Treasury Board Confidences 124 4.10 Local Public Body Confidences 130 4.1 1 Advice from Officials 135 4.12 Economic and Other Interests ofa Public Body orthe Government ofAlberta 145 4.13 Testing Procedures 152 4.14 Privileged Information 153 4.15 Disclosure Harmful to Historical Resources, Rare, Endangered orVulnerable Life 164 4.16 Information That Is orWill Be Published 165 Chapter 5: Third Party Intervention and Notice 167 5.1 Overview .....167 5.2 When is Third Party Notification Required? .....167 5.3 How is a Third Party Notification Process Carried Out? 168 5.4 Content ofThird Party Notice 169 5.5 Notice to Applicant 170 5.6 Response from Third Party 170 5.7 Notice of Decision 171 5.8 Time Limits 172 5.9 Time Extension 174 Chapter 6: Disclosure in the Public Interest 179 6.1 Overview 179 6.2 Disclosure 179 6.3 Public Interest 181 6.4 Determination of Public Interest 182 6.5 Scope 183 6.6 Notification 183 6.7 Review 184 6.8 Disclosure to the Commissioner 184 Page September 2000 ii 1 FOiP Guidelines andPractices Chapter 7: Protection of Privacy .187 7.1 Overview 187 7.2 Purposes ofCollection 189 7.3 Manner of Collection 192 7.4 Accuracy and Retention 201 7.5 Correction of Personal Information 203 7.6 Protection of Personal Information 208 7.7 Use of Personal Information ....21 7.8 Disclosure of Personal Information 215 7.9 Consistent Uses .....237 7.10 Disclosure for Research or Statistical Purposes .238 7.11 Disclosure of Information in Archives .........242 7.12 Record of Purposes 245 7.13 Exercise of Individual Rights by Other Persons 246 Chapter 8: Records and Information Management 249 8.1 Overview 249 8.2 Scope 249 8.3 Powers ofthe Commissioner 250 8.4 Records Issues Relating to Access Requests .250 8.5 Records and Information Management Principles 253 8.6 Records and Information Management Policy Components ..254 Chapter 9: Privacy and Information Management 261 9.1 Overview ............261 9.2 Privacy and Security ImpactAssessments 263 9.3 Checklist forthe Review of Personal Information Systems 266 9.4 Review of Forms .....274 9.5 Security Policy and Practices .....277 9.6 Data Sharing and Data Matching 281 Chapter 10: Information and Privacy Commissioner .....287 10.1 Overview 287 10.2 Appointment 287 10.3 Mandate and Powers 287 10.4 Monitoring Role 289 10.5 Provision ofAdvice 290 September2000 Page iii Table ofContents 10.6 Disclosure to the Commissioner 291 10.7 Powers 291 10.8 Access to Information 291 10.9 Powerto Disregard Requests.... 292 10.10 Statements Provided to the Commissioner 294 10.11 Protection from Liability 294 10.12 Delegation ofthe Commissioner’s Powers 295 10.13 Reviews and Investigations 295 10.14 Adjudicator Process 302 10.15 Judicial Review 303 APPENDIXES: Appendix 1: Definitions .....305 Appendix 2: Delegation Table 317 Appendix 3: Model Letters 323 Appendix 4: Privacy Reviews and Compliance Audits 369 Appendix 5: Model FOIP Request Charts 379 Appendix 6: Freedom ofInformation andProtection ofPrivacyAct Forms 389 INDEXES: Index of Freedom ofInformation and Protection ofPrivacyAct and Regulation Citations.... 393 Index of Information and Privacy Commissioner’s Order and Investigation Report Citations 403 Index ofWords and Phrases Discussed or Defined 407 Subject Index 415 Page iv September 2000