Privacy and Access in British Columbia

Similar documents
ACCESSING GOVERNMENT INFORMATION IN. British Columbia

INDEX. A Access and correction requests, see also Access to and correction of personal information. .. Part 8 of the Act, 110

INDEX. A Access and correction requests, see also Access to and correction of personal information. .. Part 8 of the Act, 115

CITY OF VANCOUVER DUTY TO ASSIST

NEWFOUNDLAND AND LABRADOR OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER

The British Columbia Utilities Commission: Customer Complaints Guide

3RD SESSION, 41ST LEGISLATURE, ONTARIO 67 ELIZABETH II, Bill 14. An Act with respect to the custody, use and disclosure of personal information

A Guide to Ontario Legislation Covering the Release of Students

MANITOBA FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY RESOURCE MANUAL

PERSONAL INFORMATION PROTECTION ACT

Guide for Municipalities

2.16 Freedom of Information and Protection of Privacy Act

PRIVACY IMPACT ASSESSMENT

GUIDING PRINCIPLES PRIVACY & INFORMATION SHARING IN CASES OF SEXUAL ABUSE & ASSAULT

Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012

Five Year Review of the Personal Information Protection and Electronic Documents Act (PIPEDA)

The Freedom of Information and Protection of Privacy Act

Fraser Health INVITATION TO TENDER

The New Mandatory Data Breach Requirements under Canada s Federal Privacy Act

The Health Information Protection Act

Privacy Law Template. Prepared for The Alberta First Nations Information Governance Centre. By Krista Yao

FOIP Bulletin. Definitions. In this issue Introduction 1 1 Definitions. Number 14 June 2003

Review and Investigation Procedures

Legal Aid Ontario. Privacy policy

Complaint Under the Freedom of Information and Protection of Privacy Act Regarding ICBC s Collection of Personal Information OIPC File 7524

Order F14-44 WORKERS COMPENSATION APPEALS TRIBUNAL. Elizabeth Barker, Adjudicator. October 3, 2014

GUIDE TO OIPC PROCESSES (PIPA)

The Local Authority Freedom of Information and Protection of Privacy Act

BILL NO. 42. Health Information Act

Order F14-20 MINISTRY OF TRANSPORTATION AND INFRASTRUCTURE. Hamish Flanagan Adjudicator. June 30, 2014

Frequently Asked Questions for Municipalities LOCAL GOVERNMENT BODIES RECORDS

2017 REVIEW OF THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT (FIPPA) COMMENTS FROM MANITOBA OMBUDSMAN

BEST PRACTICES FOR RESPONDING TO ACCESS REQUESTS

B I L L. No. 30 An Act to amend The Freedom of Information and Protection of Privacy Act

Order F14-57 OFFICE OF THE POLICE COMPLAINT COMMISSIONER. Ross Alexander Adjudicator. December 23, 2014

ELECTRONIC TRANSACTIONS ACT

Order F09-18 VANCOUVER POLICE DEPARTMENT. Celia Francis, Senior Adjudicator. November 6, 2009

MINISTRY OF HEALTH SERVICES

OFFICE OF THE INFORMATION & PRIVACY COMMISSIONER for Prince Edward Island. Order No. PP Re: Elections PEI. March 15, 2019

Office of the Information and Privacy Commissioner Province of British Columbia Order No July 11, 1997

Port Glasgow St Andrew s Data Protection Policy

THE FREEDOM OF INFORMATION ACT, Arrangement of Sections PART I PRELIMINARY

Mannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy

INFORMATION SHARING AGREEMENT BETWEEN THE MINISTRY OF JUSTICE AND THE CROWN LAW OFFICE JULY 2017

Access to Information and Protection of Privacy Act

Data Protection Policy

Financial Dispute Resolution Service (FDRS)

WASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT

Order CITY OF VANCOUVER. David Loukidelis, Information and Privacy Commissioner January 12, 2004

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT

Protecting Your Privacy

TELUS Transparency Report

All Personal Information and data obtained through the use of the City s surveillance cameras will be property of the City of Camrose.

Memorandum of Understanding between SAMPLE. Toronto Police Service (hereinafter called the "Service") and. (hereinafter called the "Agency")

Order F17-46 UNIVERSITY OF BRITISH COLUMBIA. Celia Francis Adjudicator. October 19, 2017

FOI Legislation and Litigation Update

Order BRITISH COLUMBIA GAMING COMISSION

Data Protection Act 1998 Policy

ROUTINE ACCESS POLICY. For the Nova Scotia Workers Compensation Appeals Tribunal. October 2003 (Revised April 2005)

HEALTH INFORMATION ACT

PERSONAL INFORMATION PROTECTION ACT REVIEW QUESTIONNAIRE

P July 14, 2011

Order MINISTRY OF WATER, LAND AND AIR PROTECTION

Code of Procedure for Matters under the Personal Health

Compliance & Enforcement Manual

SPECIAL COMMITTEE TO REVIEW THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT

CERTIFIED DENTAL ASSISTANT APPLICATION INSTRUCTIONS FOR TEMPORARY CERTIFICATION

Order F05-21 LAND AND WATER BRITISH COLUMBIA INC.

Definitions The following terms have these meanings in this Policy: a. Act Personal Information Protection and Electronic Documents Act;

Law Enforcement Request for Personal Information Procedures - What to do When a Police Officer Asks for Information

Order F05-25 MINISTRY OF HEALTH. Errol Nadeau, Adjudicator. August 10, 2005

Data Protection Policy and Procedure

Presentation Outline

The Privacy Policy links to the following Objective contained within the City Plan

INTRODUCTION... 3 WHY DOES THE OIPC HOLD INQUIRIES?... 3 WHO PARTICIPATES IN AN INQUIRY?... 3 HOW LONG DOES AN INQUIRY TAKE?... 4

University of Wollongong

Privacy. Purpose. Scope. Policy. Appendix A

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016

ALBERTA INFORMATION AND PRIVACY COMMISSIONER

Order F16-25 BC SECURITIES COMMISSION. Elizabeth Barker Senior Adjudicator. May 17, 2016

State Records Act 1998 No 17

CITY OF VANCOUVER BRITISH COLUMBIA

REVIEW OF THE MOUNT POLLEY MINE TAILINGS POND FAILURE AND PUBLIC INTEREST DISCLOSURE BY PUBLIC BODIES

APPLICATION INSTRUCTIONS FOR PRACTISING CERTIFIED DENTAL ASSISTANT

INFORMATION SHARING AGREEMENT

ASSOCIATION OF PROFESSIONAL ENGINEERS AND GEOSCIENTISTS OF BRITISH COLUMBIA,

OFFICE OF THE INFORMATION & PRIVACY COMMISSIONER for Prince Edward Island. Order No. FI Re: Department of Communities, Land, and Environment

Office of the Commissioner of Lobbying Ottawa, Ontario September 24, The Lobbyists Code of Conduct A Consultation Paper

The Duty to Assist: A Comparative Study

Condominium Management Regulatory Authority of Ontario Access and Privacy Policy

F R E Q U E N T L Y A S K E D Q U E S T I O N S

Order F07-07 ELECTIONS BRITISH COLUMBIA. David Loukidelis, Information and Privacy Commissioner. March 30, 2007

GOVERNMENT OF ONTARIO COMMON RECORDS SERIES LEGAL SERVICES. February 5, 2009 ARCHIVES OF ONTARIO

Access to Information

Bill C-58: An Act to amend the Access to Information Act and the Privacy Act and to make consequential amendments to other Acts

COLLEGE OF OPTOMETRISTS OF BRITISH COLUMBIA. Bylaws

THE FEDERAL LOBBYISTS REGISTRATION SYSTEM

Professor Colin J. Bennett Department of Political Science University of Victoria British Columbia, Canada

INFORMATION FOR RESPONDENTS

AACP. AACP Decision Framework on Naming Homicide Victims

Transcription:

Privacy and Access in British Columbia B.C. s Freedom of Information and Protection of Privacy Act Matt Reed, Director of Strategic Privacy, Legislation and Training Privacy, Compliance and Training Branch Ministry of Finance June 6, 2016

Agenda Introductions This Session: A high level overview of the Freedom of Information and Protection of Privacy Act (FOIPPA) including: Intro to FOIPPA Access Privacy Security

Our Branch Privacy, Compliance and Training Branch Of the Corporate Information and Records Management Office (CIRMO) Responsible for FOIPPA, Personal Information Protection Act (PIPA), Document Disposal Act (DDA), and Electronic Transactions Act (ETA) and all policy, standards and directives that flow from them. Services, support and leadership to assist ministries and other public bodies in complying with FOIPPA Input and advice on legislative proposals and reviews Privacy training PIAs Privacy breach investigation

The Privacy Commissioner Information and Privacy Commissioner Information and Privacy Commissioner is an independent Officer of the Legislature Elizabeth Denham is B.C. s Information and Privacy Commissioner The Office of the Information and Privacy Commissioner (OIPC): conducts reviews and investigations to ensure compliance with FOIPPA mediates FOI disputes comments on FOI and privacy implications of proposed legislative schemes or public body programs

Legislative Landscape Freedom of Information and Protection of Privacy Act (FOIPPA) public sector access and privacy legislation; applies to public bodies in B.C. Personal Information Protection Act (PIPA) private sector privacy legislation; applies to organizations (more than just businesses) in B.C. Personal Information Protection and Electronic Documents Act (PIPEDA) applies to federal works, undertakings or businesses (banks, airlines, and telecommunications companies) applies to the collection, use and disclosure of personal information in the course of a commercial activity and across borders. Canada s Access to Information Act and Privacy Act are the federal equivalents to the BC FOIPPA (access and privacy obligations for federal government institutions and the federally regulated)

Purposes of FOIPPA Accountable to the public: A right of access to records, Limited exceptions to the right of access Independent review of decisions made under the Act. Protects privacy: A right to request correction, and Preventing the unauthorized collection, use, or disclosure of personal information by public bodies.

Coverage of FOIPPA APPLIES TO: all records in the custody or under the control of a public body

Public Bodies Ministries, Crown Corporations, Agencies, Boards, Commissions Local government, health care bodies, municipal police, educational bodies Governing bodies of professional organizations

Records Any information recorded or stored by any means whether in hard copy or in electronic format This includes books, documents, maps, drawings, photographs, text messages, letters, e-mails, telephone records, black books, vouchers, papers, etc...

Custody Physical possession May not be responsible for content Responsible for providing access to and security of the record Responsible for managing, maintaining, preserving and disposing of the record

Control Authority to manage, restrict, regulate or administer the use or disclosure of a record Indicators of control: Created by an employee of a public body, Created by a consultant for the public body, Specified in a contract, Subject to inspection, review or copying by the public body under contract.

Access to Information a.k.a. Freedom of Information (FOI)

The Request Process Written request Sufficient detail to identify record sought Copy or original Must provide proof of authority if acting for another person persons under 19 years of age persons who have committees deceased persons

Duty to Assist Openly, accurately and without delay Requirement to create records If the decision is that no records exist -- make sure that is correct If there are no records, tell applicant: other sources for the records other available records that are similar to what the applicant has requested.

Timelines & Fees Timelines 30 business days 30 day extension possible- further extensions through the OIPC Fees Locating, preparing, handling, and copying Limitations to what can be charged. Written estimates must be provided (track time!) Applicants may request a fee waiver Fees prescribed by regulation

Exceptions & Severing Must release unless an exception applies Disclosure should be the rule, not the exception Two types of exceptions: Mandatory and Discretionary

Mandatory Exceptions The head must not release requested information: Section 12: Cabinet confidences Section 21: Third party business information Section 22: Disclosure harmful to personal privacy Section 22.1: Related to abortion services 17

Discretionary Exceptions The head of a public body may refuse to disclose requested information. Two parts to applying a discretionary exception: Does the exception apply? Exercise discretion

Exercising Discretion Purpose of the Legislation Balance of interests Severing Historical practice Nature of the record Will disclosure increase public confidence? Age of the record Previous orders

Exercising Discretion The purpose of the Legislation Balance of interests (what is purpose of exception) Severing Historical practice Nature of the record Will disclosure increase public confidence? Age of the record Sympathetic or compelling need Previous orders

Tips Tips for responding to requests 1. Communicate, communicate, communicate! 2. Raise awareness of legislated timelines and other requirements in FOIPPA 3. It s not personal It s business! 4. Consider a staged release of records

Embarrassment is not an exception!

Public Interest Public Interest Paramount s. 25 Overrides any other provision of the Act: Whether or not request for access made Must release information, without delay To the public, affected group or applicant Information about a risk of significant harm to environment or health or safety of the public or a group of people; or other disclosure which is, for any other reason, clearly in the public interest.

What is privacy?

What is Privacy? It is not defined in FOIPPA, PIPA or any legislation in Canada None of the statutes define privacy but aim to achieve it with rules for how personal information is to be collected, used and disclosed. Different types of privacy: physical, spatial, informational

What is Privacy? The foundation of privacy laws Informational self determination an individual s personal information is their own to the extent possible, the individual controls how their personal information is collected, used and disclosed

Information Management Guiding Principles Right Information Right Person Right Purpose Right Time Right Way Managed based on the need to know and least privilege principles Access only to the minimum amount of personal information required to perform employment duties Access permissions should be assigned consistently and kept up to date

A World Without Privacy Ordering Pizza in the 21 st century Created by the American Civil Liberties Union Link: http://www.aclu.org/pizza/index.html?orgid=ea071904&mx=1414&h=1

Personal Information What is Personal Information? Personal information means recorded information about an identifiable individual other than contact information

Collection Collection of Personal Information Key to protecting privacy Personal information can only be collected if: Authorized under an Act For law enforcement Related directly to and necessary for an operating program or activity Planning or evaluating a program or activity of the public body By observation at a public event Other authorities (domestic violence, provincial identity services)

Collection How Personal Information is Collected Information must be collected directly from the individual, except in limited circumstances. Must notify the individual of the purpose, the legal authority, and who to contact with questions, except in limited circumstances.

Collection

Use Use of Personal Information A public body may only use personal information: For the purpose for which it was obtained or compiled, or for a consistent purpose: a reasonable connection to the original purpose, and necessary to perform the duties of, or for operating a legally authorized program, of the public body If the individual has consented to the use. For a purpose for which the personal information has been disclosed to it under the Act.

Disclosure Disclosure of Personal Information Disclosure only in limited circumstances You could do a PIA to figure out if you have authority. Inside versus outside Canada important distinction 24 inside/outside Canada authorities 10 inside Canada only authorities Disclose based on a need to know limit distribution limit content

Disclosure Disclosure of Personal Information - Examples Within Canada only: consistent purpose program planning or evaluation On the web (outside of Canada): consent (written) public, voluntarily attended event (e.g. photos of ribbon cutting) social media engagement (e.g. via Facebook) under an enactment

Who needs to know?

Accuracy and Completeness If your public body is using personal information to make a decision that directly affects the individual. then. You must make every reasonable effort to ensure that the personal information is accurate and complete.

Correction The Right to Correction Individual has right to request correction of personal information Section 29 applies to factual errors or omissions in personal information, not to expressions of judgement The right to request correction is distinct from the public body s duty to annotate Section 29 does not function as an avenue for appeal

Retention Must retain personal information for at least 1 year after it is used to make a decision that directly affects the individual so that the individual has a reasonable opportunity to access it; This is the minimum standard ensure that you also meet other applicable legal and policy requirements.

Security Reasonable security arrangements Appropriate and proportional Storage & Access must be in Canada Safeguards should include: Physical measures Technological measures Policies/Procedures

Information Incidents Information Incident Response

Useful Links Privacy, Compliance and Training Branch: http://www2.gov.bc.ca/gov/content/governments/services-forgovernment/information-management/privacy Policy & Procedures Manual; PIA Process with Template; Contracting link to PPS; etc): http://www2.gov.bc.ca/gov/content/governments/servicesfor-government/information-management/privacy/resources The Freedom of Information and Protection of Privacy Act: http://www.bclaws.ca/eplibraries/bclaws_new/document/id/freeside/9 6165_00 BC Office of the Information and Privacy Commissioner: http://www.oipc.bc.ca/

Useful Resources FOIPPA Policy and Procedures Manual http://www.cio.gov.bc.ca/cio/priv_leg/manual/index.page? Key Steps to Responding to Privacy Breaches - http://www.oipc.bc.ca/guidance-documents/1428 Protecting Personal Information Outside the Office http://www.oipc.bc.ca/guidance-documents/1447

Questions?

BC Privacy and Access Helpline: 250-356-1851 (Enquiry BC 1 800 663-7867) Privacy.Helpline@gov.bc.ca

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback