New Era of Access to Information and Privacy Presentation to the Union of Municipalities of New Brunswick 2013 Annual Conference Fredericton, NB – October 4, 2013
Mar 31, 2015
New Era of Access to Information and
Privacy
Presentation to the Union of Municipalities of New Brunswick
2013 Annual ConferenceFredericton, NB – October 4, 2013
On September 1, 2010, a new law regarding access to information and protection of privacy came into effect: Right to Information and Protection of Privacy Act◦ Designed for the public sector◦ Promotes spirit of openness and transparency◦ Grants right to request information relating to the
public business of a public body◦ Grants right to request one’s personal information◦ Obligates public bodies to protect private
information at all times◦ Act “ Came to Town” on September 1, 2012
Introduction
◦ Also created on September 1, 2010
◦ Independent of government
◦ Commissioner: Officer of Legislative Assembly
◦ Impartial oversight body to ensure compliance with Right to Information and Protection of Privacy Act
(as well as Personal Health Information Privacy and Access Act)
Office of the Access to Information and Privacy
Commissioner
Interprets the Act
Informs the public of its rights
Promotes openness and transparency
Provides guidance on how best to apply the new rules
Ensures compliance with the Act
Role of Commissioner’s Office
Receives:
◦ General inquiries about the Act ◦ Complaints regarding responses to requests for access to
information ◦ Notification of privacy concerns or breaches of the Act (the
handling of personal information found in records during its collection, use, disclosure, retention, or destruction)
Investigates and Resolves:
◦ Complaints informally if at all possible
Publishes:
◦ Reports of Findings after investigations (when required)
Commissioner’s Office
RIGHT OF ACCESS
Governed by rules found in Part 2
Request to access records that contain private information
PROTECTION OF PRIVACY
Governed by rules found in Part 3
Protects private information at all times
Right to Information and Protection of Privacy Act
RIGHT OF ACCESS
Only rules for protection of private information found under Part 2 can be considered in exceptions to disclosure
PROTECTION OF PRIVACY
Rules under Part 3 are applied by public bodies to protect private information on a regular basis – not for requests
Separated but related concepts
Personal information− protected based on unreasonable invasion of privacy
Business information− protected based on may cause harm to business
◦ Both types may still be subject to access (Subsections 21(3) &22(3))− Because disclosure deemed not unreasonable invasion of privacy
nor to cause harm
◦ Example: personal information about an officer or employee of a public body deemed subject to disclosure: job classification salary range benefits employment responsibilities or travel expenses
Interaction between the concepts
If information is protected under another statute, the Act will respect that protection unless there is conflict regarding its disclosure
◦ Example: where third party individual or business consents to release of own private information which is otherwise protected by other statute
Public procurement is a good example of such interaction
Interaction between the Act & other statutes
Public Procurement Process and the Act
Appropriate level of confidentiality of business and personal information while promoting transparency and accountability
Rules ensure that the public obtains access only to
information it is entitled to receive
Where request made to access bid information after tender is awarded, municipality must ask the bidder for consent to release the bid information
See Guide for Municipalities on Public Procurement and the Act
RIGHT OF ACCESS
Grants public a right to request information contained in records held by public bodies
◦ Key words: access to information rather than access to records
Promotes disclosure of the information, subject to limited and specific exceptions
Imposes on public bodies an obligation to respect that right of access - duty to assist
Right of Access
Codified in section 9 of the Act
Places a positive obligation for public body to assist applicant with the request, without delay, fully and in an open and accurate manner
Encourages public body to contact applicant:
◦ Clarifies request where unclear
◦ Identifies exact information sought
◦ Assists in reducing scope of broad request where possible
◦ Ensures applicant receives information to which entitled, satisfactory response
Duty to assist
All information regarding the public business of the public body, its activities and functions
◦Found in its records Example: information found in minutes of
meetings, reports, decisions made, handwritten notes, correspondence, emails of staff and officials, text messages, etc.
Includes information created before the Act came into effect
Which information can be accessed?
Process the request from the perspective that favours disclosure
Response should be meaningful
Right of access can only be restricted with specific and limited exceptions
Time limit to respond is 30 days, unless authorized to extend time limit
Processing access requests
Two types of exceptions:
◦Mandatory: public body has no choice but to withhold the information requested
◦Discretionary: head of the public body must come to a decision whether or not to disclose the information Based on relevant considerations existing at
the time of the request
Exceptions to disclosure
Examples of Mandatory exceptions to disclosure
◦ Information that reveals recommendations to Executive Council
◦ Information provided in confidence to a government
◦ Information from a harassment or personnel investigation
◦ Personal information where head is certain disclosure would be an unreasonable invasion of the individual’s privacy
◦ Business or financial interests of a third party where head is certain disclosure might cause harm
Mandatory exceptions(Division B of Part 2 of the Act)
Examples of Discretionary exceptions to disclosure
◦ Advice or recommendations made to a public body
◦ Solicitor-client privilege information◦ Plans not yet implemented ◦ Confidential evaluations ◦ Information, if released, would be harmful to:
governmental relations legal proceedings an individual public safety
Discretionary exceptions(Division C of Part 2 of the Act)
For any Discretionary exceptions to disclosure, head of the public body:
◦ Must first consider disclosing the information◦ Ask for consent where applicable◦ Must examine any relevant factor regarding the
disclosure (or non disclosure) existing at time of request
◦ Only decide to withhold the information where refusing access can be substantiated
Decision of head is reviewable by Commissioner or the courts
Rules for discretionary exceptions
Time limit for responding can be extended in two ways:
◦ Can self extend up to an additional 30 days if processing request falls within categories described in subsection 11(3)
◦ Can apply to Commissioner for an extension of time Public body must establish reasons why more time is
needed Commissioner will encourage partial responses in
meantime where appropriate
Time limit to respond
An applicant not satisfied with the response has two options:
Refer the matter to the Court of Queen’s Bench for review (legal application, must file within 30 days)
Or
File a complaint with the Office of the Access to Information and Privacy Commissioner within:
60 days of receiving response, or 120 days from making request if did not receive a
response
If the response is not satisfactory?
Commissioner must investigate all complaints
Will first attempt to resolve the matter informally To the satisfaction of both parties In accordance with the Act While providing guidance on application of rules
Have designed interactive complaint resolution process for municipalities
If informal resolution is unsuccessful, formal Report of Findings will be published
May contain recommendations
Access Complaints filed with the Commissioner
When the Report contains recommendations, the public body must:
◦ Comply with the recommendations within 15 days, or
◦ Within 15 days, notify applicant and Commissioner of its decision not to accept the recommendations Will trigger applicant’s right of appeal to the courts
When the Report does not contain any recommendation:
There is no right of appeal and only recourse is judicial review of Commissioner’s decision
Commissioner’s Recommendations
Consider the benefits of making information available to the public on a regular basisExamples:◦ Agendas, ◦ Minutes of meetings, ◦ Travel expenses, Range of salaries,◦ Reports and records on how decisions were made,◦ Etc.
Good practice:Proactive disclosure
Elected officials generate two types of records:
• Records that will be brought to a public body for further action• These records are subject to the Act
• Constituency records – will not be brought to any public body for further action• Not subject • Privacy considerations
Records of elected officials
PROTECTION OF PRIVACY
Public bodies are responsible for protecting the personal information in their possession.
Act establishes rules governing the handling of personal information, including during its ◦ collection, ◦ retention,◦ use, and◦ disclosure.
Protection of Privacy
What are the rules?
Guiding principles to collect, use and share personal information:
ONLY THE MINIMUM AMOUNT NECESSARY
and
LIMITED TO THOSE WHO NEED TO KNOW TO CARRY OUT THE PURPOSE
When personal information (that identifies a person) is:
◦ Lost
◦ Stolen
◦ Collected, used, shared or disposed of in an unauthorized manner or without consent, or
◦ Accessed by an unauthorized person
What is a privacy breach?
Lack of attention, errorsEmail sent to incorrect recipientEnvelope sent to wrong person with same name Incorrect fax number not verified before sending
Loss or theft of the information
Lack of security safeguards USB keys, portable computers - not password protected Not keeping sensitive records in locked cabinets, storage areas
Unauthorized access or disclosure Sharing personal information outside scope of work duties “Snooping” – intentional violation
Most common causes of Privacy breaches
Contain the breach Assess the risk of harm Notify affected persons Notify Commissioner’s Office
◦ Provided guidance and assistance◦ Mandatory for some – health care providers
Implement corrective measures to prevent future occurrences
What to do if breach occurs?
THINK before you speak!
CONSIDER before you write !
PAUSE before you click !
Best safeguards!
How to Contact us
230 - 65 Regent Fredericton, NB E3B 7H8
Tel/Tél: 506.453.5965Toll-free/Sans frais: 1.877.755.2811
Fax/Fac: 506.453.5963
www.info-priv-nb.ca
Email/Courriel: [email protected] accès.info.vieprivé[email protected]