Manitoba Freedom of Information and Protection of Privacy (FIPPA)



	Guide for Local Public Bodies Contents Introduction Notes on Using This Guide Fundamental Principles Emergence of Access and Privacy Legislation Purposes and Structure of FIPPA Public Bodies Under FIPPA Key Definitions in FIPPA Personal Information Personal Health Information Third Party Law Enforcement Records that Fall under FIPPA Records that Do Not Fall under FIPPA Records Normally Available to the Public Other Procedures Not Affected by FIPPA Relationship of FIPPA to other Manitoba Legislation Manitoba Government Responsibilities Directories of Records Administration of FIPPA by Local Public Bodies Responsibility to Comply with FIPPA - Head or Access and Privacy Officer Daily Administration and Coordination - Access and Privacy Coordinator Lists of Uses and Disclosures of Personal Information Annual Statistics Protection from Liability Offences and Penalties Access to Information Requests for Access to Information Duty to Assist the Applicant The Application form Processing the Request Severing Responding to a Request Giving Access Access to Electronic Records Creating a Record in the Form Requested Time Limit for Responding and Extending the Time Limit Exceptions to Disclosure Mandatory Exceptions to Disclosure Privacy of a Third Party Business Interests of Third Parties Cabinet Confidences Information Provided in Confidence by Another Government to a Local Public Body Discretionary Exceptions to disclosure Information Affecting Intergovernmental Relations Local Public Body Confidences Advice to a Public Body Disclosure Harmful to Individual Health or Safety or Public Safety Law Enforcement Matters Security of Property Solicitor-Client Privilege Economic and Other Interests of a Public Body Testing Procedures, Tests and Audits Confidential Evaluations Preservation of Heritage Resources and Life Forms Information that Is or Will Be Available to the Public Records Available Without an Application Third Party Intervention Rights Fees Fee Estimates Fee Waivers Protection of Privacy What is Personal Information? Collection of Personal Information Maintaining Accurate Personal Information Right to Correct Personal Information Retention of Personal Information Protection of Personal Information Use of Personal Information Disclosure of Personal Information Consistent Purpose Privacy Assessment Review Process Disclosure of Personal Information for Research Purposes Role of the Ombudsman General Powers and Duties of the Ombudsman Powers of the Ombudsman when Conducting An Investigation Complaints to the Ombudsman Investigation of Complaints Ombudsman's Report About a Complaint Appeals to Court Introduction The Freedom of Information and Protection of Privacy Act of Manitoba, commonly known as FIPPA, was passed in June 1997. It was proclaimed in effect for Manitoba government departments and agencies on 4 May 1998 and for the City of Winnipeg on 31 August 1998. FIPPA was extended to local governments, school divisions, universities, community colleges, regional health authorities and hospitals on April 3, 2000. This Guide is intended to help local public bodies understand FIPPA and their responsibilities under this new legislation. It is a combined procedures manual and overview of the statute and regulation. The FIPPA Resource Manual, a very detailed internal manual for Manitoba government departments and agencies, may be of assistance to larger local public bodies. In complex matters, local public bodies should refer to FIPPA and the Access and Privacy Regulation. For reference, the relevant section numbers are noted at the beginning of each component of the Guide. Notes on Using this Guide In most respects, FIPPA imposes the same obligations and standards on all public bodies. There are, however, some requirements specific to local public bodies or to Manitoba government departments and agencies. This Guide uses the term “public body”, except when discussing a section of the Act which pertains only to local or provincial public bodies. The term “local public body” is also used for when discussing procedures to be followed by local public bodies. Where the term “head” of the public body’ is used in this Guide, it should be understood to include the Access and Privacy Officer who has been officially delegated to act for the head. to top Fundamental Principles Access and privacy legislation is based on two fundamental human rights increasingly recognized in contemporary democracies: the right to access information held by governments and other public bodies, including information about oneself, subject to certain specific exceptions; and · the right of privacy for one's own personal information held by public bodies. To ensure that the legislation is applied fairly, access and privacy legislation usually includes a process for independent review. The right of access to information is based on the principle that governments and other public institutions are accountable to citizens for their policies and actions. Another premise underlying this type of legislation is the desirability of having better informed members of society. The exceptions to access recognize that certain types of decision making and transactions must be conducted in confidence. The practice of severance, which involves removing information that falls within an exception from a copy of the document to be released, provides a means of disclosing as much information as possible while maintaining necessary confidentiality. The right to privacy for personal information is based on the principle that people have the right to know about and control their own personal information and on principles of "fair information practices" governing the collection, correction, management, use and disclosure of personal information. Protection of privacy is a growing concern among Canadians and people in other countries, because so much personal information is now stored in electronic systems and is easily manipulated, matched and traded. to top Emergence of Access and Privacy Legislation Access and privacy legislation has developed in industrialized nations during the last 30 years as a result of the maturing of democratic governments, growing recognition of individual rights and, most recently, rapid development of telecommunications and information technology. In Canada, the federal government adopted the Privacy Act and the Access to Information Act in 1982. Together, these two statutes provided personal information protection and rights of access to government information in the federal sphere. By the mid-1990s, most Canadian provinces had enacted combined access and privacy statutes. Manitoba's Freedom of Information Act, proclaimed in 1988, provided rights of access to provincial government information, subject to certain exemptions, with the Office of the Provincial Ombudsman and the Court of Queen's Bench serving as the review and final decision-making mechanisms. It provided limited protection for personal information by treating third party personal information as an exception to access. However, it lacked a full scheme of protection for all personal information collected, stored, used and disclosed by the government. Moreover, the access and privacy rights in that Act were limited to records held by the Manitoba Government and Crown agencies and did not apply to other public bodies in the province. FIPPA was drafted after public consultation and review of similar legislation in other jurisdictions. During the consultation process, the Minister of Culture, Heritage and Citizenship stated that FIPPA ensures "a common approach and standard for the province, local governments and other public bodies so that Manitobans receive consistent protection and services." to top Purposes and Structure of FIPPA The purposes of the Act are: to give any person a right of access to records in the custody or under the control of public bodies, subject to the exceptions set out in the Act; to give individuals a right of access to records containing personal information about themselves in the custody or under the control of public bodies, subject to the exceptions set out in the Act; to give individuals a right to request corrections to records containing personal information about themselves held by public bodies; to control the manner in which public bodies collect personal information from individuals and to protect individuals against unauthorized use or disclosure of personal information by public bodies; and to provide for an independent review of the decisions of public bodies under FIPPA. FIPPA is structured in the following seven parts: Part 1 Definitions, Purpose, and Scope Part 2 Access to Information Part 3 Protection of Privacy Part 4 General Powers and Duties of the Ombudsman Part 5 Investigation of Complaints by the Ombudsman and Appeals to Court Part 6 General Provisions Part 7 Review of FIPPA, etc. to top Public Bodies Under FIPPA FIPPA applies to Manitoba Government departments, all boards, commissions and agencies whose governing boards are wholly appointed by statute or by the Manitoba Government, and other agencies designated in the Regulation, such as the mandated Child and Family Service Agencies. Each department or agency is a separate public body. FIPPA also covers the following, which are called "local public bodies": the City of Winnipeg; municipalities and local governments; planning districts; conservation districts; community councils under The Northern Affairs Act; public school divisions and districts; community colleges; the University of Manitoba, University of Winnipeg and Brandon University; regional health authorities; hospitals designated under The Health Services Insurance Act; and boards of health and social services districts established under The District Health and Social Services Act. The Manitoba Government may bring other bodies under FIPPA by regulation. to top Key Definitions in FIPPA Section 1 of FIPPA includes a number of important definitions. Some of the more significant definitions are outlined in this section of the Guide. Others are discussed in specific sections; for example, the definition "record" is discussed under "Records That Fall Under FIPPA". to top Personal Information In FIPPA Personal information is defined as "recorded information about an identifiable individual …." To be personal information, the information must be: (i) "recorded" - personal information is limited to information which is recorded or retrievable in some physical form. It does not include oral comments which have not been recorded. (ii) about an "individual" - an "individual" is a natural person, a human being. Information about corporations, businesses, groups or organizations is not personal information. (iii) about an "identifiable" individual - if an individual is named in a record or it is possible to determine his or her identity from the contents of the record, the record is about an "identifiable" individual. The definition of "personal information" in FIPPA lists examples of personal information, but the list is not exhaustive. The examples given include an individual's name, home address and home telephone, facsimile or e-mail number, information about an individual's age, sex, sexual orientation, marital status, family status, ancestry, race, colour, nationality, national origin, ethnic origin, religion or creed, religious belief, religious association or activity, personal health information, blood type, fingerprints, hereditary characteristics, political beliefs, political association or activity, education, employment, educational history, employment history, source of income, financial circumstances, financial activities or history, criminal history and identifying numbers, symbols or other particular assigned to an individual. Personal information also includes an individual's opinions (except if the opinions are about someone else) and any opinions expressed about the individual by someone else. to top Personal Health Information Personal health information is defined as recorded information about an identifiable individual relating to that person’s health or health care history, the provision of health care to the individual, or payment for health care provided to the individual. It includes an individual’s Personal Health Information Number (PHIN) and any identifying information about the individual that is collected in the course of, and is incidental to, providing health care or payment for health care. All public bodies which fall under FIPPA are also covered by PHIA. In addition, PHIA applies to some private health care professionals, facilities and agencies. An individual requesting access to his or her own personal health information must do so under The Personal Health Information Act (PHIA), not under FIPPA. Requests for access to personal health information about someone else must be dealt with under FIPPA (unless the request is made by a person authorized to act on behalf of the person the information is about under section 60 of PHIA). PHIA also sets out rules respecting collection, protection, use and disclosure of personal health information by trustees, including public bodies. The protection of privacy section of FIPPA does not apply to personal health information. For more information about PHIA, see "The Personal Health Information Act: A Brief Summary for Public Bodies" published by Manitoba Health. For the statute, click here. It may be purchased from: Statutory Publications, 200 Vaughan Street, Winnipeg, MB R3C 1T5 Telephone 945 3101, FAX: 945 7172. to top Third Party For the purposes of a request for access under FIPPA, a “third party” is a person, group or organization, who is not the applicant requesting access or a public body. Public bodies hold large quantities of information about individuals, groups, corporations and non profit organizations which, if disclosed to others, might result in harm to them. Sections 33 and 34 of FIPPA contain third party notice and intervention provisions to protect the personal information or business interests of third parties. The phrase “third party” is particularly important in the following provisions: Subsection 12(2) Refusal to confirm or deny existence of record Clauses 15(1)(c) and (d) Extending the time limit for responding Section 17 Privacy of a third party Section 18 Business interests of a third party Subsection 27(2) Third party’s solicitor-client privilege Sections 33 and 34 Third party intervention Subsection 59(2) Complaint to Ombudsman by third party about access Subsection 67(1) Appeal to court by third party about access. to top Law Enforcement “Law enforcement” is defined in FIPPA to mean “any action for the purpose of enforcing an enactment…. ” The term “enactment” means an Act or regulation and an “Act” is a statute passed by the Legislative Assembly of a province or by the Parliament of Canada. Thus, law enforcement means activities undertaken by a public body to enforce compliance with standards, duties and responsibilities set out in a statute or regulation. The definition lists examples of law enforcement, but this is not meant to be a complete list. The examples given are: policing; investigations or inspections that lead or could lead to a penalty or sanction being imposed, or that are otherwise conducted for the purpose of enforcing an enactment; and proceedings that lead or could lead to a penalty or sanction being imposed, or that are otherwise conducted for the purpose of enforcing an enactment. For example, a prosecution under the Criminal Code (Canada), a hearing before the Clean Environment Commission or a hearing before a Human Rights Arbitrator are all law enforcement proceedings. to top RECORDS THAT FALL UNDER FIPPA [SECTION 4; Definition of “record” in SECTION 1] In FIPPA, a record is defined very broadly to mean information recorded “in any form”. In addition to written and printed records, it includes photographs, maps, plans and audio/visual recordings. Information stored and retrieved electronically is also a record under FIPPA. Examples of records are minutes and agenda, letters, memoranda, reports, notes, and financial transaction records. Copies of documents, drafts and other working materials are also records under FIPPA. FIPPA applies to all records "in the custody or under the control of" a public body, except for certain specified records described in the next section. In most cases, “custody” for the purposes of FIPPA means having physical possession of a record. The term “control” usually means the power or authority to make decisions respecting the use or disclosure of a record. Records stored in an off site facility by the public body, or transferred to an archives for permanent preservation, are still under the control of the public body. FIPPA applies to information received by the public body from other governments, organizations or individuals, as well as to records generated by the staff and officials of the public body in the course of their duties. FIPPA applies to records created or received before FIPPA came into effect, as well as to records created or received after it came into effect. to top RECORDS THAT DO NOT FALL UNDER FIPPA [CLAUSES 4(a) TO 4(k); STATUTES WHICH PROVIDE FIPPA DOES NOT APPLY] FIPPA does not apply to the following records, even if these records are in the custody or under the control of a public body: constituency records of elected officials of local public bodies; teaching materials or research information of employees of school divisions or districts, community colleges, or universities; a question that is to be used on an examination or test, now or in the future; information in court records, records of a judge or magistrate, and judicial administration records; a note or draft decision of a person acting in a judicial or quasi judicial capacity; records relating to a prosecution or an inquest under The Fatalities Inquiry Act if all proceedings have not been completed. In addition, FIPPA does not apply to certain records related to the provincial legislature or government, such as records of a Member of the Legislative Assembly, personal or constituency records of a Minister, records of an Officer of the Legislative Assembly, and records of a credit union held by the Credit Union Deposit Guarantee Corporation. Also excluded are records specifically dealt with under the following statutes: The Adoption Act, The Child and Family Services Act, The Mental Health Act, The Personal Health Information Act, The Statistics Act, The Vital Statistics Act, The Workers Compensation Act, and the Young Offenders Act (Canada). to top RECORDS NORMALLY AVAILABLE TO THE PUBLIC [CLAUSE 3(a)] Public bodies have always provided public access to certain information and records in their custody. These traditional procedures may continue as long as they do not violate protection of personal information. For example, minutes of most municipal council and school board meetings should continue to be available. FIPPA does not affect any fees that may be charged for access to these records which are normally available to the public. to top OTHER PROCEDURES NOT AFFECTED BY FIPPA [CLAUSES 3(b), (c) and (d)] The transfer, storage and destruction of records by a public body are not affected by FIPPA, provided that these actions are undertaken in accordance with a statute or regulation of Manitoba or Canada, or a by-law or resolution of a government agency or a local public body. FIPPA does not limit the information otherwise available by law to a party to legal proceedings. Nor does it affect the power of a court or tribunal to compel the production of documents or to require a witness to testify. to top RELATIONSHIP OF FIPPA TO OTHER LEGISLATION [SECTION 5] Commencing May 4, 2001, if any provision in FIPPA is inconsistent or in conflict with a provision of another Manitoba statute or regulation, the provision in FIPPA will prevail unless the other statute or regulation expressly provides that it applies despite FIPPA. The following statutes “expressly provide” that they prevail over FIPPA: The Personal Health Information Act The Adoption Act (section 99) The Child and Family Services Act (section 86.1) The Mental Health Act The Securities Act (section 154.1) The Statistics Act (subsection 9(4)) The Vital Statistics Act (section 49.1) The Workers Compensation Act (section 116) In addition, there are some federal statutes which affect records keeping by public bodies, access to information and personal information protection. Among the most important is the Young Offenders Act which governs the retention and disclosure of records relating to young offenders held by the courts, police, government departments, social agencies, school divisions and other public bodies that deal with young offenders. FIPPA does not apply to these records. There are several statutes applicable to local public bodies, which provide that the local public body must give access to certain documents. For example, section 81.3 of The City of Winnipeg Act states that the City Clerk, on the request of any person, must produce and permit the examination of certain specified records (such as the approved minutes of an open council meeting or an open committee meeting, the latest tax roll, etc.). Local public bodies should review any legislation which applies to them, to determine whether it requires them to provide access to information. FIPPA authorizes the head of a public body to disclose personal information in accordance with an enactment of Manitoba or Canada that authorizes or requires the disclosure. to top MANITOBA GOVERNMENT RESPONSIBILITIES The Minister Responsible for FIPPA is the Minister of Culture, Heritage and Tourism. This minister oversees the central administration of FIPPA and is responsible for the overall performance of public bodies in responding to requests for access and protecting personal information. The Responsible Minister is required to submit an annual report to the Legislative Assembly. Access and Privacy Services of the Provincial Archives of Manitoba undertakes the central administration and coordination of FIPPA. It organizes training courses for staff of public bodies, provides procedural advice, distributes resource materials, compiles and distributes the directories of records, maintains the FIPPA web site, and handles other matters required for effective administration of the legislation. to top DIRECTORIES OF RECORDS [SECTION 75] Under FIPPA, directories of records are compiled to inform the public about the mandates, functions and records of all public bodies, including major holdings of personal information (called personal information banks). Identification of the purpose for collecting the personal information in these banks, the types of personal information included, and any other uses or disclosures of this information, helps people to understand how public bodies are managing the personal information entrusted to them. In most cases, the directories of records are compiled and edited by the Access and Privacy Services. The City of Winnipeg and the universities prepare their own directories. View the directories of the local public bodies here. The directory for the Manitoba government is called the Access and Privacy Directory. to top ADMINISTRATION OF FIPPA BY LOCAL PUBLIC BODIES [SECTIONS 80 and 81, REGULATION SECTION 2] Responsibility for Complying with FIPPA - Head or Access and Privacy Officer Each local public body must designate, either by by-law or by resolution, a person or group of persons as its head for the purposes of FIPPA. The head is formally responsible for all decisions and actions taken under FIPPA on behalf of the local public body. For accountability purposes, it is recommended that the head be the elected head of the local public body or, where there are no elected officials, the senior appointed official. For example, it is suggested that municipalities designate their mayor or reeve as head and that school divisions and regional health authorities designate their respective chairperson. Click here for a sample by-law or resolution designating the head of a local public body. In most public bodies, the head probably will want to delegate his or her responsibilities to a senior staff member called the Access and Privacy Officer. The delegation should be to a position, not to a specific individual, and should be in writing. The Access and Privacy Officer acts for the head in all matters under FIPPA. Click here for a sample delegation form. When this Guide refers to the head of the public body, it should be understood to include either the head or the Access and Privacy Officer. The head of the local public body is responsible for the overall management of access to information and protection of privacy within the organization. This individual will make the final decisions on behalf of the local public body regarding release of information under FIPPA. The head also is responsible for ensuring that the local public body manages personal information in accordance with FIPPA. Should the Ombudsman have to conduct an investigation in response to a complaint, that Office usually will deal with the head of the local public body or the Access and Privacy Officer. to top Daily Administration and Coordination – Access and Privacy Coordinator Each local public body is required, by section 2 of the Access and Privacy Regulation, to appoint an employee as its Access and Privacy Coordinator. This official will be responsible for receiving applications for access and for the daily administration of FIPPA. In very small local public bodies, the Access and Privacy Officer also may serve as the Coordinator. The main duties of the Coordinator are as follows: assist applicants requesting access to records, and potential applicants, by explaining FIPPA, helping them to draw up requests, directing them to other sources of information, etc.; receive applications for access, locate the records requested or, in larger public bodies, coordinate this work; receive requests for correction of personal information and forward them to the appropriate area; ensure time limits and notification requirements are met; contact third parties to determine their position respecting a request for access; prepare any necessary copies of requested records; estimate and collect any applicable fees; recommend how to respond to requests for access to the head of the local public body; maintain documentation on how applications are handled by the local public body, including what information was not disclosed to applicants and the exceptions used; ensure that staff understand the requirements of FIPPA respecting collection, use, protection and disclosure of personal information; and assist the head of the local public body during investigations by the Ombudsman. The Access and Privacy Coordinator also may be responsible for ensuring that the records of the local public body are managed efficiently and in accordance with legislative requirements and policies. Efficient records management will help local public bodies to locate information requested under FIPPA. to top Lists of Uses and Disclosures of Personal Information [Section 75(4)] Each local public body is required to maintain an up-to-date list of the uses and disclosures made of information in the personal information banks and to make this list available to the public. to top Annual Statistics [Section 83] To compile the Annual Report of the Minister Responsible for FIPPA, Access and Privacy Services requires annual statistics on the use of FIPPA from each local public body. The completed Annual Report should be sent to Access and Privacy Services by January 31 of the new year. View the Annual Report Form here. to top Protection from Liability [Section 84] No action may be brought against a public body or its officials for damages resulting from the disclosure or failure to disclose, in good faith, a record or information under FIPPA; any consequences of that disclosure or failure to disclose; or the failure to give a notice required by FIPPA if reasonable care is taken to give the required notice. to top Offences and Penalties [Section 85] It is an offence, subject to a maximum fine of $50,000 for any person to willfully: disclose personal information in contravention of FIPPA; mislead or obstruct the Ombudsman; or destroy a record or erase information in an attempt to evade a request for access to records. to top
	What's New \| Introduction \| How to use FIPPA \| Application and Complaint Forms Where to Send your Application \| Directories of Records \| The Act and Regulations Administrative Forms, Letters and Notices \| Annual Reports \| Training for Public Bodies Manuals for Public Bodies \| Related Sites CHT Home Page \| Archives of Manitoba Home Page