Presentation on theme: "Presentation to the Union of Municipalities of New Brunswick 2013 Annual Conference Fredericton, NB – October 4, 2013."— Presentation transcript:
Presentation to the Union of Municipalities of New Brunswick 2013 Annual Conference Fredericton, NB – October 4, 2013
On September 1, 2010, a new law regarding access to information and protection of privacy came into effect: Right to Information and Protection of Privacy Act ◦ Designed for the public sector ◦ Promotes spirit of openness and transparency ◦ Grants right to request information relating to the public business of a public body ◦ Grants right to request one’s personal information ◦ Obligates public bodies to protect private information at all times ◦ Act “ Came to Town” on September 1, 2012
◦ Also created on September 1, 2010 ◦ Independent of government ◦ Commissioner: Officer of Legislative Assembly ◦ Impartial oversight body to ensure compliance with Right to Information and Protection of Privacy Act ( as well as Personal Health Information Privacy and Access Act )
Interprets the Act Informs the public of its rights Promotes openness and transparency Provides guidance on how best to apply the new rules Ensures compliance with the Act
Receives: ◦ General inquiries about the Act ◦ Complaints regarding responses to requests for access to information ◦ Notification of privacy concerns or breaches of the Act (the handling of personal information found in records during its collection, use, disclosure, retention, or destruction) Investigates and Resolves: ◦ Complaints informally if at all possible Publishes: ◦ Reports of Findings after investigations (when required)
RIGHT OF ACCESS Governed by rules found in Part 2 Request to access records that contain private information PROTECTION OF PRIVACY Governed by rules found in Part 3 Protects private information at all times
RIGHT OF ACCESS Only rules for protection of private information found under Part 2 can be considered in exceptions to disclosure PROTECTION OF PRIVACY Rules under Part 3 are applied by public bodies to protect private information on a regular basis – not for requests
Personal information − protected based on unreasonable invasion of privacy Business information − protected based on may cause harm to business ◦ Both types may still be subject to access (Subsections 21(3) &22(3)) − Because disclosure deemed not unreasonable invasion of privacy nor to cause harm ◦ Example: personal information about an officer or employee of a public body deemed subject to disclosure: job classification salary range benefits employment responsibilities or travel expenses
If information is protected under another statute, the Act will respect that protection unless there is conflict regarding its disclosure ◦ Example: where third party individual or business consents to release of own private information which is otherwise protected by other statute Public procurement is a good example of such interaction
Appropriate level of confidentiality of business and personal information while promoting transparency and accountability Rules ensure that the public obtains access only to information it is entitled to receive Where request made to access bid information after tender is awarded, municipality must ask the bidder for consent to release the bid information See Guide for Municipalities on Public Procurement and the Act
RIGHT OF ACCESS Grants public a right to request information contained in records held by public bodies ◦ Key words: access to information rather than access to records Promotes disclosure of the information, subject to limited and specific exceptions Imposes on public bodies an obligation to respect that right of access - duty to assist
Codified in section 9 of the Act Places a positive obligation for public body to assist applicant with the request, without delay, fully and in an open and accurate manner Encourages public body to contact applicant: ◦ Clarifies request where unclear ◦ Identifies exact information sought ◦ Assists in reducing scope of broad request where possible ◦ Ensures applicant receives information to which entitled, satisfactory response
All information regarding the public business of the public body, its activities and functions ◦ Found in its records Example: information found in minutes of meetings, reports, decisions made, handwritten notes, correspondence, emails of staff and officials, text messages, etc. Includes information created before the Act came into effect
Process the request from the perspective that favours disclosure Response should be meaningful Right of access can only be restricted with specific and limited exceptions Time limit to respond is 30 days, unless authorized to extend time limit
Two types of exceptions: ◦ Mandatory: public body has no choice but to withhold the information requested ◦ Discretionary: head of the public body must come to a decision whether or not to disclose the information Based on relevant considerations existing at the time of the request
Examples of Mandatory exceptions to disclosure ◦ Information that reveals recommendations to Executive Council ◦ Information provided in confidence to a government ◦ Information from a harassment or personnel investigation ◦ Personal information where head is certain disclosure would be an unreasonable invasion of the individual’s privacy ◦ Business or financial interests of a third party where head is certain disclosure might cause harm
Examples of Discretionary exceptions to disclosure ◦ Advice or recommendations made to a public body ◦ Solicitor-client privilege information ◦ Plans not yet implemented ◦ Confidential evaluations ◦ Information, if released, would be harmful to: governmental relations legal proceedings an individual public safety
For any Discretionary exceptions to disclosure, head of the public body: ◦ Must first consider disclosing the information ◦ Ask for consent where applicable ◦ Must examine any relevant factor regarding the disclosure (or non disclosure) existing at time of request ◦ Only decide to withhold the information where refusing access can be substantiated Decision of head is reviewable by Commissioner or the courts
Time limit for responding can be extended in two ways: ◦ Can self extend up to an additional 30 days if processing request falls within categories described in subsection 11(3) ◦ Can apply to Commissioner for an extension of time Public body must establish reasons why more time is needed Commissioner will encourage partial responses in meantime where appropriate
An applicant not satisfied with the response has two options: Refer the matter to the Court of Queen’s Bench for review (legal application, must file within 30 days) Or File a complaint with the Office of the Access to Information and Privacy Commissioner within: 60 days of receiving response, or 120 days from making request if did not receive a response
Commissioner must investigate all complaints Will first attempt to resolve the matter informally To the satisfaction of both parties In accordance with the Act While providing guidance on application of rules Have designed interactive complaint resolution process for municipalities If informal resolution is unsuccessful, formal Report of Findings will be published May contain recommendations
When the Report contains recommendations, the public body must: ◦ Comply with the recommendations within 15 days, or ◦ Within 15 days, notify applicant and Commissioner of its decision not to accept the recommendations Will trigger applicant’s right of appeal to the courts When the Report does not contain any recommendation: There is no right of appeal and only recourse is judicial review of Commissioner’s decision
Consider the benefits of making information available to the public on a regular basis Examples: ◦ Agendas, ◦ Minutes of meetings, ◦ Travel expenses, Range of salaries, ◦ Reports and records on how decisions were made, ◦ Etc.
Elected officials generate two types of records: Records that will be brought to a public body for further action These records are subject to the Act Constituency records – will not be brought to any public body for further action Not subject Privacy considerations
PROTECTION OF PRIVACY Public bodies are responsible for protecting the personal information in their possession. Act establishes rules governing the handling of personal information, including during its ◦ collection, ◦ retention, ◦ use, and ◦ disclosure.
Guiding principles to collect, use and share personal information : ONLY THE MINIMUM AMOUNT NECESSARY and LIMITED TO THOSE WHO NEED TO KNOW TO CARRY OUT THE PURPOSE
When personal information (that identifies a person) is: ◦ Lost ◦ Stolen ◦ Collected, used, shared or disposed of in an unauthorized manner or without consent, or ◦ Accessed by an unauthorized person
Lack of attention, errors Email sent to incorrect recipient Envelope sent to wrong person with same name Incorrect fax number not verified before sending Loss or theft of the information Lack of security safeguards USB keys, portable computers - not password protected Not keeping sensitive records in locked cabinets, storage areas Unauthorized access or disclosure Sharing personal information outside scope of work duties “Snooping” – intentional violation
Contain the breach Assess the risk of harm Notify affected persons Notify Commissioner’s Office ◦ Provided guidance and assistance ◦ Mandatory for some – health care providers Implement corrective measures to prevent future occurrences
THINK before you speak! CONSIDER before you write ! PAUSE before you click !
Your consent to our cookies if you continue to use this website.