Guide for Local Public Bodies

Introduction

Access to Information

Protection of Privacy

Role of the Ombudsman

Appeals to Court



Contents

Notes on Using This Guide
Fundamental Principles
Emergence of Access and Privacy Legislation
Purposes and Structure of FIPPA
Public Bodies Under FIPPA
Key Definitions in FIPPA
       Personal Information
       Personal Health Information
       Third Party
       Law Enforcement
Records that Fall under FIPPA
Records that Do Not Fall under FIPPA
Records Normally Available to the Public
Other Procedures Not Affected by FIPPA
Relationship of FIPPA to other Manitoba Legislation
Manitoba Government Responsibilities
Administration of FIPPA by Local Public Bodies
       Responsibility to Comply with FIPPA -
              Head or Access and Privacy Officer
       Daily Administration and Coordination -
               Access and Privacy Coordinator
Lists of Uses and Disclosures of Personal Information
Annual Statistics
Protection from Liability
Offences and Penalties

Access to Information

Requests for Access to Information
Duty to Assist the Applicant
The Application form
Processing the Request
Severing
Responding to a Request
       Giving Access
       Access to Electronic Records
       Creating a Record in the Form Requested
Time Limit for Responding and Extending the
       Time Limit
Exceptions to Disclosure
       Mandatory Exceptions to Disclosure
              Privacy of a Third Party
              Business Interests of Third Parties
              Cabinet Confidences
              Information Provided in Confidence by
                     Another Government to a
                            Local Public Body
       Discretionary Exceptions to disclosure
              Information Affecting
                     Intergovernmental Relations
              Local Public Body Confidences
              Advice to a Public Body
              Disclosure Harmful to Individual Health
                     or Safety or Public Safety
              Law Enforcement Matters
              Security of Property
              Solicitor-Client Privilege
              Economic and Other Interests of a
                      Public Body
              Testing Procedures, Tests and Audits
              Confidential Evaluations
              Preservation of Heritage Resources
                     and Life Forms
              Information that Is or Will Be Available
                     to the Public
Records Available Without an Application
Third Party Intervention Rights
Fees
       Fee Estimates
       Fee Waivers

Protection of Privacy

       What is Personal Information?
       Collection of Personal Information
       Maintaining Accurate Personal
              Information
       Right to Correct Personal Information
       Retention of Personal Information
       Protection of Personal Information
       Use of Personal Information
       Disclosure of Personal Information
       Consistent Purpose
       Privacy Assessment Review Process
       Disclosure of Personal Information for
              Research Purposes

Role of the Ombudsman

       General Powers and Duties
              of the Ombudsman
       Powers of the Ombudsman when
              Conducting An Investigation
       Complaints to the Ombudsman
       Investigation of Complaints
       Ombudsman's Report About a Complaint

Appeals to Court

Introduction

The Freedom of Information and Protection of Privacy Act of Manitoba, commonly known as FIPPA, was passed in June 1997.  It was proclaimed in effect for Manitoba government departments and agencies on 4 May 1998 and for the City of Winnipeg on 31 August 1998.  FIPPA was extended to Local Governments, school divisions, universities, community colleges, regional health authorities and hospitals on April 3, 2000. 

 This Guide is intended to help local public bodies understand FIPPA and their responsibilities under this new legislation.  It is a combined procedures manual and overview of the statute and regulation.  The FIPPA Resource Manual,  a very detailed internal manual for Manitoba government departments and agencies, may be of assistance to larger local public bodies.  In complex matters, local public bodies should refer to FIPPA and the Access and Privacy Regulation.  For reference, the relevant section numbers are noted at the beginning of each component of the Guide.

Notes on Using this Guide

In most respects, FIPPA imposes the same obligations and standards on all public bodies.  There are, however, some requirements specific to local public bodies or to Manitoba government departments and agencies.  This Guide uses the term “public body”, except when discussing a section of the Act which pertains only to local or provincial public bodies.  The term “local public body” is also used for when discussing procedures to be followed by local public bodies.

 Where the term “head” of the public body’ is used in this Guide, it should be understood to include the Access and Privacy Officer who has been officially delegated to act for the head. 

 to top

Fundamental Principles

Access and privacy legislation is based on two fundamental human rights increasingly recognized in contemporary democracies: 

  • the right to access information held by governments and other public bodies, including information about oneself, subject to certain specific exceptions; and ·
  • the right of privacy for one's own personal information held by public bodies. 

To ensure that the legislation is applied fairly, access and privacy legislation usually includes a process for independent review. 

The right of access to information is based on the principle that governments and other public institutions are accountable to citizens for their policies and actions. Another premise underlying this type of legislation is the desirability of having better informed members of society. The exceptions to access recognize that certain types of decision making and transactions must be conducted in confidence. The practice of severance, which involves removing information that falls within an exception from a copy of the document to be released, provides a means of disclosing as much information as possible while maintaining necessary confidentiality.

The right to privacy for personal information is based on the principle that people have the right to know about and control their own personal information and on principles of "fair information practices" governing the collection, correction, management, use and disclosure of personal information. Protection of privacy is a growing concern among Canadians and people in other countries, because so much personal information is now stored in electronic systems and is easily manipulated, matched and traded.

to top

Emergence of Access and Privacy Legislation

Access and privacy legislation has developed in industrialized nations during the last 30 years as a result of the maturing of democratic governments, growing recognition of individual rights and, most recently, rapid development of telecommunications and information technology.

 In Canada, the federal government adopted the Privacy Act and the Access to Information Act in 1982. Together, these two statutes provided personal information protection and rights of access to government information in the federal sphere. By the mid-1990s, most Canadian provinces had enacted combined access and privacy statutes. 

Manitoba's Freedom of Information Act, proclaimed in 1988, provided rights of access to provincial government information, subject to certain exemptions, with the Office of the Provincial Ombudsman and the Court of Queen's Bench serving as the review and final decision-making mechanisms. It provided limited protection for personal information by treating third party personal information as an exception to access. However, it lacked a full scheme of protection for all personal information collected, stored, used and disclosed by the government. Moreover, the access and privacy rights in that Act were limited to records held by the Manitoba Government and Crown agencies and did not apply to other public bodies in the province. 

FIPPA was drafted after public consultation and review of similar legislation in other jurisdictions. During the consultation process, the Minister of Culture, Heritage and Citizenship stated that FIPPA ensures "a common approach and standard for the province, Local Governments and other public bodies so that Manitobans receive consistent protection and services."

to top

Purposes and Structure of FIPPA

The purposes of the Act are: 

  • to give any person a right of access to records in the custody or under the control of public bodies, subject to the exceptions set out in the Act; 
  •  to give individuals a right of access to records containing personal information about themselves in the custody or under the control of public bodies, subject to the exceptions set out in the Act; 
  • to give individuals a right to request corrections to records containing personal information about themselves held by public bodies; 
  •  to control the manner in which public bodies collect personal information from individuals and to protect individuals against unauthorized use or disclosure of personal information by public bodies; and 
  • to provide for an independent review of the decisions of public bodies under FIPPA. 

FIPPA is structured in the following seven parts: 

  • Part 1 Definitions, Purpose, and Scope 
  • Part 2 Access to Information 
  • Part 3 Protection of Privacy 
  • Part 4 General Powers and Duties of the Ombudsman 
  • Part 5 Investigation of Complaints by the Ombudsman and Appeals to Court 
  • Part 6 General Provisions 
  • Part 7 Review of FIPPA, etc.

    to top

Public Bodies Under FIPPA

FIPPA applies to Manitoba Government departments, all boards, commissions and agencies whose governing boards are wholly appointed by statute or by the Manitoba Government, and other agencies designated in the Regulation, such as the mandated Child and Family Service Agencies. Each department or agency is a separate public body. FIPPA also covers the following, which are called "local public bodies": 

  • the City of Winnipeg;
  • municipalities and Local Governments; 
  • planning districts; 
  • Watershed Districts; 
  • community councils under The Northern Affairs Act; 
  • public school divisions and districts; 
  • community colleges; 
  • the University of Manitoba, University of Winnipeg and Brandon University; 
  • regional health authorities;
  • hospitals designated under The Health Services Insurance Act; and 
  • boards of health and social services districts established under The District Health and Social Services Act.

 The Manitoba Government may bring other bodies under FIPPA by regulation.

to top

Key Definitions in FIPPA

Section 1 of FIPPA includes a number of important definitions. Some of the more significant definitions are outlined in this section of the Guide. Others are discussed in specific sections; for example, the definition "record" is discussed under "Records That Fall Under FIPPA". 

to top

 Personal Information In FIPPA

Personal information is defined as "recorded information about an identifiable individual …." To be personal information, the information must be:

(i) "recorded" - personal information is limited to information which is recorded or retrievable in some physical form. It does not include oral comments which have not been recorded.

(ii) about an "individual" - an "individual" is a natural person, a human being. Information about corporations, businesses, groups or organizations is not personal information.

(iii) about an "identifiable" individual - if an individual is named in a record or it is possible to determine his or her identity from the contents of the record, the record is about an "identifiable" individual.

The definition of "personal information" in FIPPA lists examples of personal information, but the list is not exhaustive. The examples given include an individual's name, home address and home telephone, facsimile or e-mail number, information about an individual's age, sex, sexual orientation, marital status, family status, ancestry, race, colour, nationality, national origin, ethnic origin, religion or creed, religious belief, religious association or activity, personal health information, blood type, fingerprints, hereditary characteristics, political beliefs, political association or activity, education, employment, educational history, employment history, source of income, financial circumstances, financial activities or history, criminal history and identifying numbers, symbols or other particular assigned to an individual.

Personal information also includes an individual's opinions (except if the opinions are about someone else) and any opinions expressed about the individual by someone else.

to top

Personal Health Information

Personal health information is defined as recorded information about an identifiable individual relating to that person’s health or health care history, the provision of health care to the individual, or payment for health care provided to the individual. It includes an individual’s Personal Health Information Number (PHIN) and any identifying information about the individual that is collected in the course of, and is incidental to, providing health care or payment for health care.

All public bodies which fall under FIPPA are also covered by PHIA. In addition, PHIA applies to some private health care professionals, facilities and agencies.

An individual requesting access to his or her own personal health information must do so under The Personal Health Information Act (PHIA), not under FIPPA.

Requests for access to personal health information about someone else must be dealt with under FIPPA (unless the request is made by a person authorized to act on behalf of the person the information is about under section 60 of PHIA).

PHIA also sets out rules respecting collection, protection, use and disclosure of personal health information by trustees, including public bodies. The protection of privacy section of FIPPA does not apply to personal health information.

For more information about PHIA, see "The Personal Health Information Act: A Brief Summary for Public Bodies" published by Manitoba Health. For the statute, click here.

It may be purchased from:


Queen's Printer,
200 Vaughan Street,
Winnipeg, MB R3C 1T5
Telephone 945 3101,
FAX: 945 7172.

to top

Third Party

For the purposes of a request for access under FIPPA, a “third party” is a person, group or organization, who is not the applicant requesting access or a public body.

Public bodies hold large quantities of information about individuals, groups, corporations and non profit organizations which, if disclosed to others, might result in harm to them. Sections 33 and 34 of FIPPA contain third party notice and intervention provisions to protect the personal information or business interests of third parties.

The phrase “third party” is particularly important in the following provisions:

  • Subsection 12(2) Refusal to confirm or deny existence of record
  • Clauses 15(1)(c) and (d) Extending the time limit for responding
  • Section 17 Privacy of a third party
  • Section 18 Business interests of a third party
  • Subsection 27(2) Third party’s solicitor-client privilege
  • Sections 33 and 34 Third party intervention
  • Subsection 59(2) Complaint to Ombudsman by third party about access
  • Subsection 67(1) Appeal to court by third party about access.

to top

Law Enforcement

“Law enforcement” is defined in FIPPA to mean “any action for the purpose of enforcing an enactment…. ” The term “enactment” means an Act or regulation and an “Act” is a statute passed by the Legislative Assembly of a province or by the Parliament of Canada.

Thus, law enforcement means activities undertaken by a public body to enforce compliance with standards, duties and responsibilities set out in a statute or regulation. The definition lists examples of law enforcement, but this is not meant to be a complete list. The examples given are:

  • policing;
  • investigations or inspections that lead or could lead to a penalty or sanction being imposed, or that are otherwise conducted for the purpose of enforcing an enactment; and
  • proceedings that lead or could lead to a penalty or sanction being imposed, or that are otherwise conducted for the purpose of enforcing an enactment.

For example, a prosecution under the Criminal Code (Canada), a hearing before the Clean Environment Commission or a hearing before a Human Rights Arbitrator are all law enforcement proceedings.

to top


RECORDS THAT FALL UNDER FIPPA



[SECTION 4; Definition of “record” in SECTION 1]

In FIPPA, a record is defined very broadly to mean information recorded “in any form”. In addition to written and printed records, it includes photographs, maps, plans and audio/visual recordings. Information stored and retrieved electronically is also a record under FIPPA.

Examples of records are minutes and agenda, letters, memoranda, reports, notes, and financial transaction records. Copies of documents, drafts and other working materials are also records under FIPPA.

FIPPA applies to all records "in the custody or under the control of" a public body, except for certain specified records described in the next section. In most cases, “custody” for the purposes of FIPPA means having physical possession of a record. The term “control” usually means the power or authority to make decisions respecting the use or disclosure of a record. Records stored in an off site facility by the public body, or transferred to an archives for permanent preservation, are still under the control of the public body.

FIPPA applies to information received by the public body from other governments, organizations or individuals, as well as to records generated by the staff and officials of the public body in the course of their duties.


FIPPA applies to records created or received before FIPPA came into effect, as well as to records created or received after it came into effect.

to top

RECORDS THAT DO NOT FALL UNDER FIPPA



[CLAUSES 4(a) TO 4(k); STATUTES WHICH PROVIDE FIPPA DOES NOT APPLY]

FIPPA does not apply to the following records, even if these records are in the custody or under the control of a public body:
  • constituency records of elected officials of local public bodies;
  • teaching materials or research information of employees of school divisions or districts, community colleges, or universities;
  • a question that is to be used on an examination or test, now or in the future;
  • information in court records, records of a judge or magistrate, and judicial administration records;
  • a note or draft decision of a person acting in a judicial or quasi judicial capacity;
  • records relating to a prosecution or an inquest under The Fatalities Inquiry Act if all proceedings have not been completed.

In addition, FIPPA does not apply to certain records related to the provincial legislature or government, such as records of a Member of the Legislative Assembly, personal or constituency records of a Minister, records of an Officer of the Legislative Assembly, and records of a credit union held by the Credit Union Deposit Guarantee Corporation.

Also excluded are records specifically dealt with under the following statutes: The Adoption Act, The Child and Family Services Act, The Mental Health Act, The Personal
Health Information Act, The Statistics Act, The Vital Statistics Act, The Workers Compensation Act, and the Young Offenders Act (Canada).

to top

RECORDS NORMALLY AVAILABLE TO THE PUBLIC



[CLAUSE 3(a)]

Public bodies have always provided public access to certain information and records in their custody. These traditional procedures may continue as long as they do not violate protection of personal information. For example, minutes of most municipal council and school board meetings should continue to be available.

FIPPA does not affect any fees that may be charged for access to these records which are normally available to the public.

to top


OTHER PROCEDURES NOT AFFECTED BY FIPPA



[CLAUSES 3(b), (c) and (d)]

The transfer, storage and destruction of records by a public body are not affected by FIPPA, provided that these actions are undertaken in accordance with a statute or
regulation of Manitoba or Canada, or a by-law or resolution of a government agency or a local public body.

FIPPA does not limit the information otherwise available by law to a party to legal
proceedings. Nor does it affect the power of a court or tribunal to compel the production of documents or to require a witness to testify.

to top

RELATIONSHIP OF FIPPA TO OTHER LEGISLATION


[SECTION 5]

Commencing May 4, 2001, if any provision in FIPPA is inconsistent or in conflict with a provision of another Manitoba statute or regulation, the provision in FIPPA will prevail unless the other statute or regulation expressly provides that it applies despite FIPPA.

The following statutes “expressly provide” that they prevail over FIPPA:

  • The Personal Health Information Act
  • The Adoption Act (section 99)
  • The Child and Family Services Act (section 86.1)
  • The Mental Health Act
  • The Securities Act (section 154.1)
  • The Statistics Act (subsection 9(4))
  • The Vital Statistics Act (section 49.1)
  • The Workers Compensation Act (section 116)

In addition, there are some federal statutes which affect records keeping by public bodies, access to information and personal information protection. Among the most important is the Young Offenders Act which governs the retention and disclosure of records relating to young offenders held by the courts, police, government departments, social agencies, school divisions and other public bodies that deal with young offenders. FIPPA does not apply to these records.

There are several statutes applicable to local public bodies, which provide that the local public body must give access to certain documents. For example, section 81.3 of The City of Winnipeg Act states that the City Clerk, on the request of any person, must produce and permit the examination of certain specified records (such as the approved minutes of an open council meeting or an open committee meeting, the latest tax roll, etc.).

Local public bodies should review any legislation which applies to them, to determine whether it requires them to provide access to information. FIPPA authorizes the head of a public body to disclose personal information in accordance with an enactment of Manitoba or Canada that authorizes or requires the disclosure.

to top

MANITOBA GOVERNMENT RESPONSIBILITIES



The Minister Responsible for FIPPA is the Minister of Sport, Culture and Heritage. This minister oversees the central administration of FIPPA and is responsible for the overall performance of public bodies in responding to requests for access and protecting personal information. The Responsible Minister is required to submit an annual report to the Legislative Assembly.

Access and Privacy Services of the Provincial Archives of Manitoba undertakes the central administration and coordination of FIPPA. It organizes training courses for staff of public bodies, provides procedural advice, distributes resource materials, compiles and distributes the directories of records, maintains the FIPPA web site, and handles other
matters required for effective administration of the legislation.

to top

ADMINISTRATION OF FIPPA BY LOCAL PUBLIC BODIES


[SECTIONS 80 and 81, REGULATION SECTION 2]


Responsibility for Complying with FIPPA - Head or Access and Privacy Officer


Each local public body must designate, either by by-law or by resolution, a person or group of persons as its head for the purposes of FIPPA. The head is formally responsible for all decisions and actions taken under FIPPA on behalf of the local public body. For accountability purposes, it is recommended that the head be the elected head of the local public body or, where there are no elected officials, the senior appointed official. For example, it is suggested that municipalities designate their mayor or reeve as head and that school divisions and regional health authorities designate their respective chairperson. Click here for a sample by-law or resolution designating the head of a local public body.

In most public bodies, the head probably will want to delegate his or her responsibilities to a senior staff member called the Access and Privacy Officer. The delegation should be to a position, not to a specific individual, and should be in writing. The Access and Privacy Officer acts for the head in all matters under FIPPA. Click here for a sample delegation form.

When this Guide refers to the head of the public body, it should be understood to include either the head or the Access and Privacy Officer.

The head of the local public body is responsible for the overall management of access to information and protection of privacy within the organization. This individual will make the final decisions on behalf of the local public body regarding release of information under FIPPA. The head also is responsible for ensuring that the local public body manages personal information in accordance with FIPPA. Should the Ombudsman have to conduct an investigation in response to a complaint, that Office usually will deal with the head of the local public body or the Access and Privacy Officer.

to top

Daily Administration and Coordination – Access and Privacy Coordinator


Each local public body is required, by section 2 of the Access and Privacy Regulation, to appoint an employee as its Access and Privacy Coordinator. This official will be responsible for receiving applications for access and for the daily administration of FIPPA. In very small local public bodies, the Access and Privacy Officer also may serve as the Coordinator.

The main duties of the Coordinator are as follows:
  • assist applicants requesting access to records, and potential applicants, by explaining FIPPA, helping them to draw up requests, directing them to other sources of information, etc.;
  • receive applications for access, locate the records requested or, in larger public bodies, coordinate this work;
  • receive requests for correction of personal information and forward them to the appropriate area;
  • ensure time limits and notification requirements are met;
  • contact third parties to determine their position respecting a request for access;
  • prepare any necessary copies of requested records;
  • estimate and collect any applicable fees;
  • recommend how to respond to requests for access to the head of the local public body;
  • maintain documentation on how applications are handled by the local public body, including what information was not disclosed to applicants and the exceptions used;
  • ensure that staff understand the requirements of FIPPA respecting collection, use, protection and disclosure of personal information; and
  • assist the head of the local public body during investigations by the Ombudsman.

The Access and Privacy Coordinator also may be responsible for ensuring that the records of the local public body are managed efficiently and in accordance with legislative requirements and policies. Efficient records management will help local public bodies to locate information requested under FIPPA.

to top

Lists of Uses and Disclosures of Personal Information


[Section 75(4)]

Each local public body is required to maintain an up-to-date list of the uses and disclosures made of information in the personal information banks and to make this list
available to the public.

to top

Annual Statistics


[Section 83]

To compile the Annual Report of the Minister Responsible for FIPPA, Access and Privacy Services requires annual statistics on the use of FIPPA from each local public body. The completed Annual Report should be sent to Access and Privacy Services by January 31 of the new year. View the Annual Report Form here.

to top

Protection from Liability


[Section 84]

No action may be brought against a public body or its officials for damages resulting from

  • the disclosure or failure to disclose, in good faith, a record or information under FIPPA;
  • any consequences of that disclosure or failure to disclose; or
  • the failure to give a notice required by FIPPA if reasonable care is taken to give the required notice.

    to top

Offences and Penalties


[Section 85]
It is an offence, subject to a maximum fine of $50,000 for any person to willfully:

  • disclose personal information in contravention of FIPPA;
  • mislead or obstruct the Ombudsman; or
  • destroy a record or erase information in an attempt to evade a request for access to records.

    to top


back to top