ALBERTA INFORMATION AND PRIVACY COMMISSIONER

Similar documents
Legal Aid Ontario. Privacy policy

MANITOBA FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY RESOURCE MANUAL

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER H September 22, 2006 CALGARY HEALTH REGION. Review Number H0960

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F November 26, 2015 ALBERTA JUSTICE AND SOLICITOR GENERAL

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F December 19, 2013 WORKERS COMPENSATION BOARD. Case File Number F5771

Order INQUIRY REGARDING THE UNIVERSITY OF BRITISH COLUMBIA S SEARCH FOR RECORDS

Privacy Law Template. Prepared for The Alberta First Nations Information Governance Centre. By Krista Yao

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F June 30, 2016 CALGARY POLICE SERVICE. Case File Number F7689

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F March 28, 2017 WORKERS COMPENSATION BOARD. Case File Number F8005

INDEX. A Access and correction requests, see also Access to and correction of personal information. .. Part 8 of the Act, 110

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F December 20, 2017 EDMONTON POLICE SERVICE. Case File Number F8141

INDEX. A Access and correction requests, see also Access to and correction of personal information. .. Part 8 of the Act, 115

Privacy and Access in British Columbia

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F November 12, 2014 ALBERTA JUSTICE AND SOLICITOR GENERAL

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F November 2, 2016 CALGARY POLICE SERVICE. Case File Number F7427

AUCKLAND DISTRICT LAW SOCIETY INC. JAMIE WAUGH- BARRISTER TERMS OF ENGAGEMENT

Order MINISTRY OF WATER, LAND AND AIR PROTECTION

Frequently Asked Questions for Municipalities LOCAL GOVERNMENT BODIES RECORDS

3RD SESSION, 41ST LEGISLATURE, ONTARIO 67 ELIZABETH II, Bill 14. An Act with respect to the custody, use and disclosure of personal information

REPORT WITH RESPECT TO THE APPLICATION FOR REVIEW OF IN RELATION TO INFORMATION REQUESTED FROM SASKATCHEWAN GOVERNMENT INSURANCE

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F February 9, 2018 ALBERTA JUSTICE AND SOLICITOR GENERAL

Condominium Management Regulatory Authority of Ontario Access and Privacy Policy

PERSONAL INFORMATION PROTECTION ACT

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER

Definitions The following terms have these meanings in this Policy: a. Act Personal Information Protection and Electronic Documents Act;

2018/19 APPLICATION FOR GRANT OF AN AUSTRALIAN REGISTRATION CERTIFICATE AS AN AUSTRALIAN-REGISTERED FOREIGN LAWYER IN NEW SOUTH WALES

Order F05-25 MINISTRY OF HEALTH. Errol Nadeau, Adjudicator. August 10, 2005

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F February 9, 2018 CITY OF EDMONTON. Case File Number

CONSUMER REPORTING ACT

BENEFIT PAYMENT AGREEMENT. Between ( DF ) A Company duly incorporated in accordance with the laws of. The Republic of South Africa,

Review and Investigation Procedures

THE LAW SOCIETY OF ALBERTA. IN THE MATTER OF THE LEGAL PROFESSION ACT, RSA 2000, c L-8, - and -

(434/2003; amendments up to 893/2015 included)

Health Profession Corporations

The Duty to Assist: A Comparative Study

BYLAWS OF MINOR HOCKEY ASSOCIATION OF CALGARY

ACCESS AND PRIVACY POLICY

Access to Personal Information Procedure

SOCIAL CARE WALES (INVESTIGATION) RULES 2017 INTERNAL VERSION

MAKING AN APPLICATION FOR A

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER P August 13, NINKOVICH GRAVEL LTD. and SAFETY DOCUMENTS

PERSONAL INFORMATION PROTECTION ACT REVIEW QUESTIONNAIRE

IMMIGRATION Canada. Applying to Change Conditions or Extend Your Stay in Canada - Visitor

Order COLLEGE OF PHARMACISTS OF BRITISH COLUMBIA

Sales Order (Processing Services)

Opinions and Written Advice

Amendments to IIROC Rule 20 Corporation Hearing Processes to Eliminate IIROC s Appeal Panels and Response to Public Comment RULE 20

All Personal Information and data obtained through the use of the City s surveillance cameras will be property of the City of Camrose.

Rural Municipality of Mount Stewart, PEI A Bylaw for Municipal Elections Proceedings Bylaw #

JOINT RULES of the Florida Legislature

Freedom of Information Act 2000 (Section 50) Decision Notice

MEDICAL SCHEMES AMENDMENT BILL

Petition to the Minister of Municipal Affairs Revised March 2017

Canadian Anti-Doping Program Privacy and Personal Information Policy. processed by the CCES in the course of administrating and implementing the CADP.

Refusing a request under the EIR

New Application and forms - Groups of Five

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F June 4, 2018 ALBERTA HUMAN RIGHTS COMMISSION. Case File Number F8587

NEWFOUNDLAND AND LABRADOR OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER

TERMS OF REFERENCE INSURANCE & FINANCIAL SERVICES OMBUDSMAN SCHEME INCORPORATED

THE FINANCE SECTOR NON-EXECUTIVE DIRECTOR FORUM CONSTITUTION

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F December 15, 2011 CALGARY POLICE SERVICE. Case File Number F5425

BYLAWS OF Open Source Hardware Association ARTICLE I MEMBERS

Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012

Alberta Municipal Affairs

AFRRCS First Responder Agreement for Agency Review Draft 1.0 AFRRCS ACCESS AGREEMENT

Judges Ethics Committee 1. judges ethics committee bill 2008

BILL NO. 42. Health Information Act

ALBERTA OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER ORDER F December 10, 2018 EDMONTON POLICE COMMISSION. Case File Number

TITLE 9. CODE OF CIVIL PROCEDURE CHAPTER 63. OATH, ACKNOWLEDGMENT, AND OTHER PROOF ARTICLE 1: OATHS, CERTIFICATIONS, NOTARIZATIONS AND VERIFICATIONS

889 (05/04) Auditor s Guide. Province of British Columbia

APPLICATION FOR NEW: SOLE PROPRIETOR

Commission levels of <50%

independent and effective investigations and reviews PIRC/00328/17 APRIL 2018 Report of a Complaint Handling Review in relation to Police Scotland

THE LAW SOCIETY OF ALBERTA IN THE MATTER OF THE LEGAL PROFESSION ACT; AND

Province of Alberta AUDITOR GENERAL ACT. Revised Statutes of Alberta 2000 Chapter A-46. Current as of December 15, Office Consolidation

INTERNAL AUDIT DIVISION REPORT 2017/124

CCTV Code of Practice

FOIP Guidelines and Practices 2002 Edition Now Available

The Freedom of Information and Protection of Privacy Act

Application for a Certificate of Authorization for a Health Profession Corporation

ALBERTA INFORMATION AND PRIVACY COMMISSIONER ORDER May 3, 2000 ALBERTA CHILDREN S SERVICES. Review Number 1713

RETAIL CLIENT AGREEMENT. AxiForex Pty. Ltd. Level 10, 90 Arthur St, North Sydney, NSW 2060 AUSTRALIA

Making a complaint about a Member of the Board of the Authority

SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER

Data Protection Policy

Great Leighs Primary School. Data Protection and Freedom of Information Policy. Adopted: April Review Date: April 2018.

Application for a Public Accountant Licence

INTRODUCTION... 3 WHY DOES THE OIPC HOLD INQUIRIES?... 3 WHO PARTICIPATES IN AN INQUIRY?... 3 HOW LONG DOES AN INQUIRY TAKE?... 4

BEFORE THE IMMIGRATION ADVISERS COMPLAINTS AND DISCIPLINARY TRIBUNAL. Decision No: [2013] NZIACDT 28. Reference No: IACDT 027/11

Unigestion UK Limited Complaints Management Policy

Real Estate Council of Ontario

1 October Code of CONDUCT

Application for Homeward Bond and Indemnity Agreement

PRIVACY AND ELECTRONIC COMMUNICATIONS (EC DIRECTIVE) REGULATIONS 2003 SUPERVISORY POWERS OF THE INFORMATION COMMISSIONER FIXED MONETARY PENALTY NOTICE

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

GRANT AGREEMENT ( Agreement ) Effective as at the last date of signing.

BERMUDA LEGAL AID (GENERAL) REGULATIONS 1980 BR 70 / 1980

Guidance For Legal Representatives

DEFIANCE COUNTY COMMUNICATIONS CENTER 113 Biede Ave Defiance, Ohio Date of Application:

APPLICATION FOR REINSTATEMENT: SALESPERSON / BROKER

Transcription:

ALBERTA INFORMATION AND PRIVACY COMMISSIONER Report on the Investigation into Complaint Regarding the Retention and Disclosure of Personal Information By a Public Body November 4, 1999 Human Resources and Employment The Complaint On September 30, 1998, the Office of the Information and Privacy Commissioner received a privacy complaint concerning Human Resources and Employment, formerly known as Alberta Family and Social Services (the Public Body ). In the letter to the Commissioner, the Complainant alleged that the Public Body breached the Freedom of Information and Protection of Privacy Act (the FOIP Act ) when it: 1. Failed to provide the information to which the Complainant was seeking access. 2. Used the Complainant s personal information in making a decision that directly affected the Complainant, but did not retain the personal information used so that the Complainant might have the opportunity to obtain access to it. 3. Disclosed the Complainant s personal information to a third party. Under section 51(1)(a) of the FOIP Act, the Commissioner may conduct investigations to ensure compliance with any provision of this Act. In addition, section 51(2)(e) of the FOIP Act states: 51(2) Without limiting subsection (1), the Commissioner may investigate and attempt to resolve complaints that (e) personal information has been collected, used or disclosed by a public body in violation of Part 2. Accordingly, the Commissioner assigned me to investigate the Complainant s allegations. This report outlines my findings and recommendations. Background The Complainant was a client of a District Office in Calgary (the District Office ). Complainant was eligible for benefits under the Supports for Independence program. During 1996, the On February 2, 1996, a Financial Benefits Worker from the District Office issued a Record of Debt that indicated the Complainant owed the Public Body a total of $4,766.00 in overpayments.

- 2 - A second Record of Debt was issued to the Complainant on June 19, 1996 indicating that the amount owing to the Public Body had been revised to $6,022.00. Subsequently, the Complainant declared bankruptcy and the outstanding debt to the Public Body was written off as part of the Complainant s bankruptcy claim. Issues The issues before this investigation are: 1. Did the Public Body respond to the Complainant s request for access as set out in section 9(1) of the FOIP Act? 2. Did the Public Body retain the Complainant s personal information in accordance with section 34 of the FOIP Act? 3. Did the Public Body disclose the Complainant s personal information in violation of Part 2 of the FOIP Act? 4. Did the Public Body make reasonable efforts to protect the Complainant s personal information from such risks as unauthorized disclosure (section 36 of the FOIP Act)? Issue #1: Did the Public Body respond to the Complainant s request for access as set out in section 9(1) of the FOIP Act? In the letter to the Commissioner, the Complainant wrote: Although requesting information time and time again, my request has been ignored. At this point in time, I can safely say my request has been refused I have consistently been given the run around and the strong advice to give up my quest. What information is the Complainant seeking? The Complainant is seeking a breakdown on how the 1996 overpayments were calculated. Although the outstanding debt was written off, the Complainant wants to set the record straight. The Complainant believes the overpayments were calculated incorrectly, and has difficulty in understanding how the Public Body arrived at the overpayments given the information provided by the Complainant to the Financial Benefits Worker. What is an overpayment? Benefits are paid to clients in advance at the beginning of each month. The benefits paid to clients vary dependent upon various factors such as the client s income, employment category (is the client employable, handicapped, etc.) and the client s needs (number of dependents, marital status, etc.). Overpayments arise when a client receives benefits from the Public Body that the client is not eligible or entitled to receive when the benefit was issued. When an overpayment has been established, the client is required to repay to the Public Body the amount of the overpayment. In other words, an overpayment is a debt that the client owes to the Public Body.

- 3 - Did the Public Body respond to the Complainant s request for information in accordance with the access provisions of the Freedom of Information and Protection of Privacy Act? Section 9(1) of the FOIP Act states: 9(1) The head of a public body must make every reasonable effort to assist applicants and to respond to each applicant openly, accurately and completely. During the investigation, I found that the Complainant had made a number of attempts to obtain access to information on how the 1996 overpayments were calculated. However, the Complainant did not submit a request for access to information under the FOIP Act. As the Public Body did not receive a formal access application under the FOIP Act, a review to determine whether its response is in compliance with the access provisions of the FOIP Act is not appropriate. As a result, I recommended that the Complainant submit a formal access application under the FOIP Act. The Complainant filed a formal access application to the Public Body in October 1998 for documents relating to the 1996 overpayment information contained on the Complainant s Supports for Independence files. The Public Body released records responsive to the Complainant s access request on November 20, 1998. The Complainant expressed concern that the records disclosed did not reveal how the 1996 overpayments were specifically calculated. The Public Body s FOIP Coordinator offered to meet with the Complainant to discuss the overpayments. However, given the Complainant s experiences with the Public Body, the Complainant preferred that the Office of the Information and Privacy Commissioner continue with its investigation. I personally reviewed all the documentation contained in the Complainant s Support for Independence files, and the records released by the Public Body in response to the Complainant s access application under the FOIP Act. In my view, the Public Body has disclosed all records responsive to the Complainant s formal access application. I believe the information that the Complainant is seeking does not exist, and will discuss this matter further in my report. I conclude that the Public Body responded to the Complainant s formal access request as set out in section 9(1) of the FOIP Act. I do not believe that there would be any further gain or benefit for the Complainant in pursuing this issue further. Issue #2: Did the Public Body Retain the Complainant s Personal Information in Accordance with Section 34 of the FOIP Act? At the time of the Complainant s access request, section 34 of the FOIP Act reads: 34 If an individual s personal information will be used by a public body to make a decision that directly affects the individual, the public body must (a) make every reasonable effort to ensure that the information is accurate and complete, and (b) retain the personal information for at least one year after using it so that the individual has a reasonable opportunity to obtain access to it.

- 4 - (note: section 34 of the FOIP Act was amended effective May 19, 1999. However, as the Complainant s access request and privacy complaint were made before the amendments came into force, the FOIP Act prior to the amendments apply.) What are the requirements under section 34? In order for section 34 to apply, the following conditions must first be met: 1. that there be an individual s personal information; and 2. that the Public Body use that personal information to make a decision that directly affects that individual. If these two conditions are satisfied, section 34 imposes the following duties on a public body: 1. The Public Body must make every reasonable effort to ensure that the individual s personal information was accurate and complete (section 34(a)). 2. The Public Body must retain the individual s personal information for at least one year after using it so that the individual has a reasonable opportunity to obtain access to it (section 34(b)). Is there an individual s personal information? Personal information is defined in section 1(1)(n) of the FOIP Act. The relevant portions of section 1(1)(n) read: 1(1)(n) personal information means recorded information about an identifiable individual, including (i) the individual s name, home or business address or home or business telephone number, (vii) information about the individual s educational, financial, employment or criminal history, The Complainant provided the Financial Benefits Worker with copies of bank statements, invoices, cheques and handwritten notes regarding the Complainant s income and expenditures. I find that this information is the Complainant s personal information in accordance with section 1(1)(n) of the FOIP Act. Did the Public Body use the Complainant s Personal Information in a Decision That Directly Affected the Complainant? The Public Body claimed that the overpayments charged to the Complainant in 1996 were determined based on its review of the information provided by the Complainant to the Public Body. The information reviewed by the Public Body included bank statements, invoices, cheques, and notes regarding the Complainant s income and expenditures. As noted earlier, this is the Complainant s personal information. Therefore, I conclude the Public Body used the Complainant s personal information in a decision that directly affected the Complainant.

- 5 - Did the Public Body make every reasonable effort to ensure that the Complainant s personal information was accurate and complete as required under section 34(a) of the FOIP Act? The Record of Debt is a standard form completed by the Public Body whenever a debt owing to the Public Body is identified. Although the intent of the Record of Debt is to show how an overpayment was calculated, I found that the Record of Debt form is not an easy document to read or understand. With respect to the two Records of Debt issued to the Complainant in 1996, I found that the benefits and allowances that the Complainant received were itemized. However, incomes that the Complainant supposedly received were grouped into total amounts under one item headed as other income. The Records of Debt did not provide an explanation as to the basis of the totals recorded as other income. In addition, my review of the Complainant s files failed to identify any record that showed clearly how the figures for other income were derived. As the Financial Benefits Worker who was responsible for the 1996 overpayment calculations was not available, I was unable to meet with this individual. I asked the Public Body to provide me with a detailed explanation as to how the 1996 overpayments were calculated. My request was forwarded to the District Office for reply. Despite several exchanges of correspondences and requests for clarification/information, the responses provided to my office did not provide me with a clear understanding as to how the other income totals were determined. Finally, through the assistance of the Public Body s Freedom of Information and Privacy Branch, I met with an employee of the Public Body s Head Office Financial Accounting Unit (the Employee ). I asked the Employee to review the Complainant s files and, based on the information on the Complainant s files, to provide me with a breakdown as to how the 1996 overpayments were calculated. The Employee reviewed with me each of the documents provided by the Complainant to the Financial Benefits Worker in 1996 i.e. bank statements, cheques, invoices, etc. Through a number of discussions and the exchange of correspondences over a period of several months, we re-constructed a breakdown of the other income totals. This information was provided to the Complainant. Based on the review conducted by the Employee, I am of the following opinion: 1. The Public Body may have made reasonable efforts to ensure that the Complainant s personal information was accurate when it made the decision regarding the 1996 overpayments i.e. requesting that the Complainant provide copies of the bank statements, income statements, etc. to verify the Complainant s income and expenses. 2. However, I questioned the Public Body s efforts in ensuring that the Complainant s personal information was complete. In the Commissioner s Order 98-002, he states: [para 86] The Concise Oxford Dictionary, Ninth Edition, defines complete to mean, in part, having all its parts; entire; finished. Black s Law Dictionary defines complete to mean, in part, including every item or element; without omissions or deficiencies; not lacking in any element or particular. I accept those definitions for the purpose of interpreting section 34(a). In order to determine the other income totals, the Financial Benefits Worker would have taken the Complainant s personal information and identified those specific data elements that qualified as

- 6 - income. These would be added up to arrive at the other income totals that were recorded on the Record of Debt forms. Although copies of the Complainant s bank statements, invoice statements, etc. were retained on the Complainant s files, there was no explanation as to how the information contained in these documentation were used in the calculation of the figures recorded on the Record of Debt forms. If the Complainant s personal information was complete, it should have been easily discernible from a review of the Complainant s files as to the basis of other income totals. However, the District Office did not provide me with a detailed explanation as to how the other income totals were calculated. It took over 3 months for the Employee in the Public Body s Head Office to account for each of the data elements that comprised (or could have comprised) the other income totals. While our reconstruction accounted for the majority of the income data elements, we were uncertain of a couple of the data elements due to lack of supporting documentation. Given the amount of time and work required to re-construct this information, I conclude that the Public Body did not make a reasonable effort to ensure that the Complainant s personal information was complete as required by section 34(a) of the FOIP Act. Did the Public Body retain the Complainant s Personal Information As Required by Section 34(b) of the FOIP Act? I reviewed the Complainant s Support for Independence files. Copies of bank statements, invoices, cheques and handwritten notes regarding the Complainant s income and expenditures were kept on the Complainant s files. In addition, copies of the two Records of Debts sent to the Complainant were also on the Complainant s files. Therefore, I find that the Public Body retained the Complainant s personal information in accordance with section 34(b) of the FOIP Act. Issue #3: Did the Public Body disclose the Complainant s personal information in violation of Part 2 of the FOIP Act? Did the Public Body disclose the Complainant s Personal Information? The Complainant alleged that the Public Body disclosed the Complainant s personal information to a third party. In March 1996, the Complainant received a telephone call from the Complainant s estranged spouse (the Spouse ). The Complainant claimed that the Spouse had received an envelope from the District office, and that the envelope contained the Complainant s bank statements, visa bills, and income tax return. The Complainant provided this office with a copy of the envelope that shows a postal stamp date of March 28, 1996. The envelope is addressed to the Spouse and had the District Office s name and address stamped on the upper left-hand corner as the return address. The Complainant claimed that when this matter was brought to the Financial Benefits Worker s attention, the Financial Benefits Worker indicated that it was a simple error as the Complainant used to live at that address. In reviewing the Complainant s files, I found that correspondences sent to the Complainant before and after March 28, 1996 were sent to the Complainant s correct address. Therefore, the Financial Benefits Worker s explanation that the Complainant used to live at that address seems odd, and it does not explain why the envelope was addressed to the Spouse.

- 7 - The Manager of the District Office claimed no knowledge of the incident, and therefore, could not provide any information to assist the investigation on this matter. The Public Body s head office suggested that there could be a variety of reasons for the Spouse to receive an envelope from the District Office, such as the District Office could have been responding to a general enquiry from the Spouse. During the investigation, the Spouse contacted me and corroborated the Complainant s claim. The Spouse advised me that: 1. The Spouse received an envelope with a return address of the District Office in 1996. 2. The envelope was addressed to the Spouse. 3. The envelope contained copies of the Complainant s bank statements, visa stuff, and financial stuff and that there were notes in the Complainant s handwriting. 4. There was no covering letter enclosed in the envelope. The Spouse did not know who had sent this material, and the purpose for the disclosure. 5. The Spouse had no dealings with the Public Body, and had not made any request for information to the District Office. The Spouse does not know how the District Office would have obtained the Spouse s name and address. The Spouse has no stake in the outcome of this investigation; therefore, I believe the Spouse s information gives weight to the Complainant s allegations. No representatives in the Public Body could provide me with any first hand evidence concerning this issue. I have no idea as to why the District Office would have sent the Complainant s personal information to the Spouse. However, I believe that the Public Body most likely did disclose the Complainant s personal information to the Spouse. Is the Disclosure in Violation of Part 2 of the Freedom of Information and Protection of Privacy Act? Section 38(1) of the FOIP Act sets out the provisions under which a public body may disclose personal information. None of the provisions under section 38(1) of the FOIP Act appear to apply to the disclosure of the Complainant s personal information to the Spouse. The disclosure is not for the purpose for which the information was collected, the disclosure is not with the consent of the individual the information is about, and the disclosure is not authorized by legislation. Therefore, I conclude that the Public Body disclosed personal information in violation of Part 2 of the FOIP Act.

- 8 - Issue #4: Did the Public Body make reasonable efforts to protect the Complainant s personal information from such risks as unauthorized disclosure? The Complainant did not raise this issue. Under section 51(1)(a) of the FOIP Act, the Commissioner may conduct investigations to ensure compliance with any provisions of the FOIP Act. This issue is raised as a result of my investigation. The Spouse claimed that the Complainant s personal information was sent without a covering letter to explain the purpose of the disclosure. In other words, the documents were simply placed in the envelope and sent to the Spouse. In reviewing the Complainant s files, I noticed a handwritten note on one document that read: Documentation was mailed to [the Complainant s estranged spouse] The document is not dated, and the writer of this note is not identified. However, as the document makes reference to the Complainant in the third person, it appears that the writer of this note is not the Complainant. As the information relates to the Complainant s expenses, it would seem that the writer was most likely an employee of the Public Body. The writer is not the Financial Benefits Worker as the note also references the Financial Benefits Worker. As the information contained on the document relates to the information that the Complainant had provided to the Financial Benefits Worker in 1996, it would seem logical that the notes were taken sometime in 1996 or shortly thereafter. Therefore, I believe the Complainant did raise this matter to an employee of the Public Body. However, there is no indication on the Complainant s files that any action was taken by the Public Body to determine whether the disclosure did or did not occur. Under section 36 of the FOIP Act, bodies subject to the FOIP Act have a responsibility to ensure that safeguards are in place to protect personal information. Section 36 of the FOIP Act states: 36 The head of a public body must protect personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or destruction. Under section 36 of the FOIP Act, it would be reasonable for a body subject to the FOIP Act, upon receipt of a privacy complaint, to first determine whether the complaint has merit. Subsequently, the body should review its procedures or arrangements to determine whether these safeguards are adequate in protecting personal information. The employee who wrote the note that the Complainant s personal information was disclosed to the estranged spouse should have referred the allegation to appropriate personnel to determine whether it had merit. Conclusions Issue #1: Did the Public Body respond to the Complainant s request for access as set out in section 9(1) of the FOIP Act? I concluded that the Public Body disclosed records that were responsive to the Complainant s formal access application as set out in the FOIP Act. Based on the results of my investigation, I believe the information that the Complainant is seeking does not exist.

- 9 - Issue #2: Did the Public Body retain the Complainant s personal information in accordance with section 34 of the FOIP Act? I concluded that the information used by the Public Body was incomplete. If the information was complete, the Public Body could have easily provided an explanation as to how the 1996 overpayments were calculated. Not all of the income data elements were accounted for during the reconstruction. Issue #3: Did the Public Body disclose the Complainant s personal information in violation of Part 2 of the FOIP Act? I concluded that the Public Body most likely disclosed the Complainant s personal information to the Complainant s estranged spouse. The Public Body could not provide any first hand evidence as to whether the disclosure did or did not occur. However, the estranged spouse corroborated the Complainant s allegations. The disclosure of the Complainant s personal information to the estranged spouse is not in accordance with the provisions outlined in section 38(1) of the FOIP Act. Therefore, I believe that the Public Body breached the Complainant s privacy. Issue #4: Did the Public Body make reasonable efforts to protect the Complainant s personal information from such risks as unauthorized disclosure? There is evidence on the Complainant s files to indicate that the Complainant had raised the issue of unauthorized disclosure to an employee of the Public Body. However, there is no indication that the Public Body undertook any action on the complaint. Under the provisions of section 36 of the FOIP Act, the Public Body should at least investigate the complaint to determine whether the allegations had merit. Recommendations Based on the findings of the investigation, I would make the following recommendations for the consideration of the head of the Public Body: 1. That the Public Body redesign the Record of Debt form so that it is easier to read and understand. The Record of Debt form needs to be simplified so that individuals can clearly discern how the overpayments were calculated and the basis of the figures recorded on the Record of Debt form. Individuals who have a debt owing to the Public Body have a right to understand the basis of the debt being charged to them. 2. That the Public Body retain documentation used to calculate overpayments in such a manner so that a person can easily and quickly understand the basis of the overpayments. It should not take an independent reviewer such as the Employee (who is knowledgeable of this matter) over three months to reconstruct how the overpayments were calculated. 3. That employees of the Public Body be reminded, through training or other communication strategies, of their responsibilities under the FOIP Act to protect individuals privacy. These responsibilities include referring complaints of unauthorized access, use, and disclosure to appropriate personnel who can determine whether the allegations have merit. In addition, there should be a clear record kept as to what personal information has been sent or received by employees.

- 10 - Closing Comments I would like to express my appreciation to the Public Body s Information and Privacy Branch and the Employee of the Public Body s head office for their assistance and cooperation during this investigation. Submitted by, Marylin Mun Portfolio Officer

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback