Chapter 2: Administration of the FOIP Act

PDF Version (pdf)

Contents

Overview
2.1 Public Body – Roles and Responsibilities
2.2 Delegation of FOIP Responsibilities
2.3 Province-wide Administration of the Act
2.4 Routine Disclosure and Active Dissemination of Information
2.5 Exercise of Individual Rights by Authorized Representatives
2.6 Notice and Manner of Giving Notice
2.7 Directories of Public Bodies
2.8 Accessing Manuals and Guidelines
2.9 Disclosure to the Commissioner by a Public Body Employee
2.10 Liability
2.11 Offences and Penalties

This chapter covers

• the roles and responsibilities of various public body officials;
• the delegation of FOIP responsibilities;
• the roles of the Information and Privacy Commissioner, the responsible Minister, and the Access and Privacy Branch, Alberta Government Services;
• practices of routine disclosure and active dissemination;
• the exercise of individual rights by authorized representatives;
• notices and the manner of giving notice;
• directories of public bodies and personal information banks;
• accessing manuals and guidelines;
• the protection from liability for public bodies and their officials;
• offences and penalties; and
• disclosure to the Commissioner.

Head of a public body

The head of each public body is responsible for all decisions made under the FOIP Act that relate to that public body. If the public body is a department, branch or office of the Government of Alberta, the head is the member of the Executive Council who presides over the public body (section 1(f)((i)).

For other public bodies that are not local public bodies (i.e. agencies, boards, commissions, etc. designated in the FOIP Regulation), the head is the person designated by the member of the Executive Council responsible for that public body. If a head is not so designated, the person who acts as the chief officer and is charged with the administration of the body is the head (section 1(f)(ii)).

The provision for designation of a head by a Minister recognizes that small government agencies may receive support services from a government department. In these cases, the member of Executive Council responsible for the agency can assist them by designating a head for the purposes of the FOIP Act, for example, from within the department.

For local public bodies, the head is the person or group of persons designated by bylaw or other legal instrument to perform the duties of the head for purposes of the Act (sections 1(f)(iii) and 95(a)).

In any other case, the head is the chief officer of the public body (section 1(f)(iv)).

The governing authority of a local public body will normally designate its chief administrative officer, or equivalent, as head. Examples include a president of a post-secondary educational institution, a city or town manager, a head librarian, and a school superintendent. However, the governing authority may decide to appoint a committee to fulfil this role.

FOIP Coordinator

The Minister responsible for the FOIP Act and Regulation requires that each public body establish an office or function that is responsible for FOIP matters and have a key contact person who can carry out this function.

The function is usually performed by a FOIP Coordinator. The FOIP Coordinator is responsible for the overall management of access to information and protection of privacy within a public body. Depending on the size and resources of the public body, the FOIP Coordinator may carry out his or her responsibilities on a full-time or part-time basis, or may be someone appointed from outside the public body to carry out FOIP responsibilities on its behalf. Some FOIP Coordinators provide shared services for several public bodies.

The FOIP Coordinator's office should provide the focal point for access to information and protection of privacy expertise within the public body. Details of the responsibilities of this office throughout this publication represent a typical distribution of responsibilities for a FOIP Coordinator. Public bodies may find that a different distribution of responsibilities is appropriate for them.

The responsibilities include

• implementing policies, guidelines and procedures to manage the public body's compliance with the provisions of the Act;
• providing advisory services to the staff of the public body;
• providing training programs on access to information and privacy protection within the public body and coordinating participation in FOIP courses offered by the Government of Alberta;
• informing the public body's clients, and all those with which it does business or provides services, about the Act;
• advising senior management on information that can be released without a FOIP request;
• managing the FOIP request process for the public body, which may include
  • assisting applicants;
  • assigning requests to program areas;
  • monitoring and tracking the processing of requests;
  • meeting time limits and notification requirements;
  • considering representations from third parties;
  • calculating fee estimates and collecting fees;
  • reviewing preliminary recommendations from program areas, sections or organizations about the release of records and proposals for severing information;
  • making final recommendations on responses to requests; and
  • responding to applicants;
• setting up practices and procedures to ensure that the privacy protection measures in Part 2 of the Act regarding collection, use, disclosure, accuracy, retention and security are implemented and carried out on an ongoing basis;
• coordinating any negotiations, mediations, inquiries, investigations, and audits with the Office of the Information and Privacy Commissioner;
• ensuring that the public body staff are aware of other Acts and regulations that restrict the disclosure of information (section 5) so that they are applied consistently;
• reporting as required to the Ministry responsible for the FOIP Act on the operation of the Act; and
• maintaining and publishing a Directory of Personal Information Banks and coordinating the public body's submission to the Directory of Public Bodies published by the Minister responsible for the FOIP Act.

In the case of public bodies that have affiliated agencies, boards and commissions, responsibilities also include

• maintaining a list of the public body's affiliated agencies, boards and commissions for the purposes of Schedule 1 of the FOIP Regulation; and
• consulting with Access and Privacy Branch, Alberta Government Services, regarding any legislative developments or amendments in other legislation that might relate to the FOIP Act.

Program administrators

In larger or decentralized public bodies, program administrators or department heads have special responsibilities for ensuring effective administration of the FOIP Act.

Normally, they are accountable for

• setting up practices and procedures to ensure that the management and security of records in the custody or under the control of their program area meet the requirements of the legislation, especially the provisions relating to the protection of privacy;
• identifying and providing access to information that can be released without a FOIP request;
• locating and retrieving records in response to FOIP requests; and
• ensuring that the program perspective is considered in any recommendation on a response to a FOIP request.

Public relations or communications

In public bodies with a public relations or communications area, staff in those areas may have a direct role in the access to information and protection of privacy function.

As much as possible, within legislated requirements, release of information in response to an access request should be coordinated with the overall flow of information to the public. Where sensitive issues are involved, public bodies may wish to have a communications strategy in place when release of information takes place in response to a FOIP request.

Routine disclosure of information in response to a routine inquiry or request, active dissemination of information, and publication of information in print and electronic formats should continue to be the normal ways of serving those interested in obtaining information.

Records and information management

Effective records and information management within a public body plays a major part in the effective administration of the FOIP Act. The same is true of the information technology function relating to the management of electronic information systems, databases and other electronic records.

Records and information management and information technology professionals can provide support to the FOIP Coordinator by

• establishing and maintaining an adequate level of information control to ensure that all records can be located and retrieved within the required time limits;
• establishing and maintaining information management systems for the public body that comply with the Act's privacy protection provisions;
• creating a listing of all personal information banks;
• ensuring that records retention and disposition schedules are established, authorized as required, and applied to all information in the custody or under the control of a public body; and
• providing a basis for implementing information security measures for sensitive records and for the reasonable protection of personal information.

Additional guidance on records and information management practices is provided in Chapter 8 of this publication.

Under section 85 of the Act, the head of a public body has the power to delegate to any other person any of the head's duties, powers and functions under the Act, except the power to delegate.

In a very small public body, where the designated head may also be the FOIP Coordinator, there will generally be no need to delegate. In larger public bodies, a delegation instrument will be needed. The FOIP Coordinator normally prepares the delegation instrument and submits it to the head of the public body for approval.

The delegation instrument should identify the position, not the individual, to which the powers are delegated. When delegation is to the position rather than the person, a new delegation is not required when a new appointee assumes the position or when someone is acting in the position. A delegation instrument may also recognize another position to which delegation passes if the occupant of the original position is absent or incapacitated. A delegation instrument may cover a wide variety of duties, powers and functions, including those under the FOIP Act as well as others.

A delegation instrument remains in effect until replaced. It is important to review the instrument periodically for any changes that may be needed, especially if the public body is restructured or part of the public body is transferred to another public body.

There is a substantial difference between delegations relating to access to information and those relating to protection of privacy. In the case of access to information, the delegations relate mostly to the processing of an access request and the decision whether or not to release all or part of a record. Delegated authority empowers certain officials and employees to make decisions or take action. In the case of privacy protection, responsibilities centre on the collection, handling and protection of personal information. This is a much more general area of responsibility and is centred on the program areas or local offices that handle the information on a day-to-day basis. Even in small public bodies, privacy protection responsibilities should be delegated to staff in the program areas responsible for the information.

Not every section of the Act dealing with privacy matters calls for delegation of responsibility in a formal sense. The head of a public body should, however, clearly advise program administrators and managers of their responsibilities, especially with regard to compliance in the collection and disclosure of personal information.

In general, delegation should be considered for all provisions of the Act that state that the head of a public body may or must do something. A Delegation Table that lists all the provisions of the FOIP Act for which delegation should be considered is provided in Appendix 2.1 of this publication. A table listing all the administrative responsibilities that may be assigned (particularly those under Part 2 of the Act) is provided in Appendix 2.2 of this publication. Public bodies need to customize these listings to their actual operations. This includes using the organization's own position titles and providing for delegation to multiple positions where appropriate.

The Delegation Tables make provision for the identification of specific officials by title and office (e.g. the Executive Manager, Personnel) and for generic titles such as “all program managers.”

For example, a public body's lawyer is not authorized to respond to an access request unless the head has delegated that authority to the lawyer under section 85 (see IPC Investigation Report 99-IR-009).

If it is clear that the delegate has directed his or her mind to the making of the decision, the signature on the document that outlines the decision could be that of another public body official, such as the FOIP Coordinator.

For example, in IPC Investigation Report 98-IR-011, it was reported that the Minister of Justice and Attorney General had delegated to the Chief of Police of a police service the authority to disclose information about an individual believed to present a risk of significant harm to the health or safety of persons in that community, in accordance with an approved disclosure protocol. Although the Chief of Police (the delegate) made the decision regarding the disclosure, the information was properly disclosed through a news release issued by the police service.

Job orientation materials for employees should include a statement about FOIP responsibilities for each official or employee taking up a position that includes delegated responsibilities under the Act, and an indication that additional information can be obtained from the FOIP Coordinator.

The nature of actual delegation is very much determined by the structure of the public body and the approach that it wishes to take toward administration of the FOIP Act. Delegation is decided in consultation with elected officials or governing board members and senior management in the public body. In smaller public bodies, for instance, the head may choose to delegate to a single official. In larger public bodies or in decentralized organizations, the head may wish to spread decision-making responsibilities more widely to department heads or below.

If the individual with delegated authority does not actually make the decision that he or she has been authorized to make, the delegation has not been properly exercised. Once a delegate makes a valid determination or decision in the proper exercise of the delegated power, the head of the public body cannot redetermine the matter or substitute his or her decision for that of the delegate.

It is also important not to fetter or restrict the discretion of a delegate. In IPC Investigation Report 98-IR-011, the Commissioner considered it important that the Disclosure Protocol for Chiefs of Police that he reviewed as part of the investigation did not fetter the discretion of the Chief to decide whether to disclose personal information about an individual and how much or what personal information to disclose about the individual.

Minister responsible for the FOIP Act

The Lieutenant Governor in Council designates the Minister responsible for the Act by Order in Council. In March 2001, the Minister of Government Services was given this responsibility. The Minister has overall responsibility for the general administration of the Act across the province, including preparation and submission of amendments to the FOIP Act and FOIP Regulation and providing guidance about access to information and protection of the privacy of personal information generally.

The Minister is required to report annually to the Legislative Assembly on the administration of the Act (section 86). The Minister is also responsible for publishing a Directory of Public Bodies, including the names of all public bodies, and business contact information for their FOIP Coordinators or heads (section 87).

Access and Privacy Branch, Alberta Government Services

The Access and Privacy Branch supports the Minister responsible for the FOIP Act and Regulation in all aspects of the administration of the legislation across all public bodies. The Access and Privacy Branch provides public bodies with the following services and products related to the FOIP program:

• the development of proposals for amendments to the FOIP Act and the FOIP Regulation and development of guidelines and best practices, where appropriate or needed, to assist public bodies in administering the legislation;
• the production of resources to enable FOIP Coordinators and others in public bodies to remain up-to-date on issues and trends in the fields of access to information and the protection of privacy;
• guidance on the interpretation of the Act and Regulation, including a “help desk” to assist public bodies;
• regular distribution of updated FOIP legislation and policies, as well as Orders and Investigation Reports issued by the Information and Privacy Commissioner and other information;
• delivery of regular FOIP training sessions and seminars;
• an electronic tracking system for FOIP requests and statistical reporting which may be used by public bodies; and
• collection of statistical information for the Annual Report and contact information for the Directory of Public Bodies.

Key departments

There are a number of departments that have statutory responsibilities relating to particular local public bodies. These include the provincial ministries of Municipal Affairs, Education, Advanced Education, Health and Wellness, Solicitor General, Aboriginal Affairs and Northern Development, Community Development, Environment, and Agriculture, Food and Rural Development.

Key departments assist local public bodies in resolving implementation and administration issues relating to the Act. Key departments are also partners with the Access and Privacy Branch in answering questions, resolving issues, sponsoring meetings and other training forums, and providing speakers in the area of access to information and protection of privacy.

Information and Privacy Commissioner

The Information and Privacy Commissioner is an officer of the Legislature who is independent of government. The Commissioner is responsible for monitoring how the legislation is administered to ensure that its purposes are achieved. He or she may carry out investigations to ensure compliance with any provision of the Act or compliance with rules relating to the destruction of records. The Commissioner may be asked to provide an independent review of decisions made under the Act. He or she may make an order regarding duties imposed by the Act (e.g. ordering the release of certain records), administrative matters (e.g. reducing a fee assessment) and the collection, use or disclosure of personal information.

The Commissioner reports annually to the Speaker of the Legislative Assembly on the operation of the legislation (section 63). The powers of the Commissioner and the role of the Office of the Commissioner are discussed in Chapter 10 of this publication.

In addition to providing access to records and information using the FOIP request process under Part 1 of the Act (see Chapter 3 of this publication), public bodies may provide access to information and records through two other processes:

• routine disclosure in response to inquiries and requests for information; and
• active dissemination by the public body.

Routine disclosure and active dissemination will likely satisfy many of the information needs of members of the public. Public bodies should bear in mind that the FOIP process is in addition to and does not replace existing procedures for access to information (section 3(a)).

Routine disclosure

The FOIP Act is intended to strengthen informal access rights by encouraging routine disclosure and requiring public bodies to provide access to decision-making manuals (section 89(1)). (See section 2.8 of this chapter for a further discussion of what is meant by decision-making manuals.)

Routine disclosure, in response to a routine inquiry or request, occurs when access to a record can be granted without a request under the FOIP Act.

For example, a public body may have a routine disclosure policy regarding information related to an appeal process, such that an appellant does not need to make a FOIP request to obtain that information. In a case involving this kind of information, the Commissioner found that the public body had properly responded to a request from an appellant for information related to an appeal when it disclosed information in accordance with the public body's routine disclosure policy and not under the FOIP Act (IPC Order 2001-013).

If a request cannot be satisfied entirely through routine disclosure, then the request may be dealt with in part through routine disclosure and in part through the FOIP request process. An example would be a request for all records related to an administrative review rather than just the finished report of the review body.

If there are two processes for obtaining access to information, such that a public body will provide routine disclosure to an individual of information in his or her own file in addition to providing access in response to a FOIP request, then the public body should advise individuals of the two processes. Public bodies should ensure that individuals are aware of both their statutory rights under the Act and the availability of any other method of access.

Where two processes exist, a public body meets its duty to assist an applicant under section 10(1) only if it informs the applicant that such a dual process is in place (see IPC Order 98-002).

Section 88(2) enables a public body to set fees for the provision of information through routine disclosure, unless records can otherwise be accessed without a fee.

Public bodies may consider the appropriateness of routine disclosure in the following situations:

• disclosure is required or permitted by another federal or provincial statute or regulation or by a municipal bylaw;
• section 40 of the FOIP Act permits disclosure and any conditions specified in section 40 apply in the circumstances;
• no exceptions to access would apply if the records were requested under the FOIP Act;
• any exceptions that apply to a class of records are not mandatory exceptions, and the public body, if it received a request for the particular class of records, would not invoke any discretionary exceptions; or
• an exception does apply to a class of records but the sensitive information can easily be severed from the other information and that other information may be routinely disclosed.

There are several ways in which public bodies may make information accessible through routine disclosure.

Answers to particular questions

Public bodies handle a large number of inquiries from members of the public seeking the answer to a question rather than asking for access to records. Occasionally, a person will combine a question with a request for records. To the greatest extent possible, public bodies should continue to deal with these questions without a FOIP request through information offices or the appropriate program area and approval process.

If it becomes clear that the request involves records that cannot be routinely released, such as personal information about a third party, the person should be referred to the FOIP Coordinator's office. That office could either advise the applicant to make a FOIP request under the Act or give advice to the program area on how the records should be severed before being released.

Specifying categories of records for routine release

Section 88(1) of the Act provides that public bodies may specify categories of records in their custody or under their control that will be made available to the public without a request for access under the Act. In this way, public bodies can take a proactive approach by setting up channels for the release of information and identifying records that are available without a FOIP request. This approach promotes more openness and accountability in a public body.

Active dissemination

Active dissemination occurs when information or records are periodically released, without any request, under a program or communications plan.

Active dissemination is best used where there is an anticipated demand for information by the public. Active dissemination projects generally involve some investment by public bodies, and these costs have to be balanced against improved services to the public.

Active dissemination can take many forms. A public body may have an information centre where information can rapidly be gathered and sent to clients, by mail, fax or through electronic networks. Information may also be made available in a library or public reading area.

Much information is available in reports and publications through public body web sites and through various program information offices. These may be made available either free of charge or for a price. To assist their staff and members of the public to access published materials, public bodies may wish to maintain listings of these materials through their communications office, library, information resource centre or the office of the FOIP Coordinator.

In deciding upon the method of active dissemination, public bodies should consider the accessibility of the information to the intended target audience. For example, a document that is intended to provide information to persons who may be visually impaired may not reach that audience if it is placed only on the public body's web site.

Practices for routine disclosure and active dissemination

The following practices will support routine disclosure and active dissemination of information.

Review information holdings

In establishing a system of routine disclosure and active dissemination, public bodies should review their record holdings to determine where the practices may best apply.

Every jurisdiction that has implemented freedom of information legislation has found that there has been considerable ongoing demand for contracts, travel claims, major reports and plans, internal audits, tax and regulatory rulings, decisions of adjudicative tribunals, and inspection records, among other types of information.

In some instances, records may have to be written and prepared in a different way to facilitate access. For example, reports might be written in a more structured way, such that recommendations or personal information can easily be severed and the remainder of the record made public. Where this is necessary, the public body should establish standards for the creation of these types of documents and ensure that its staff are familiar with them.

Establish a coordinating committee

Where a public body is large or decentralized, it may be advantageous to develop a network of contacts in program and administrative areas or in its various locations or facilities. This may be built into a coordinating group that could, in consultation with the FOIP Coordinator, develop and help implement routine disclosure and active dissemination practices. The practices must be guided by and not contravene the FOIP Act. Members of such a group might include

• interested individuals from program areas with records that may well qualify for routine disclosure and active dissemination;
• a communications officer who understands the information needs of clients and the general public;
• a representative of the records and information management practice area in the public body who has a good grasp of the types of records held by the public body;
• a representative from the information technology area who understands how the public body can use new information networks to release and disseminate information;
• a FOIP Coordinator who understands how routine disclosure and active dissemination can assist the public body in dealing with the demands of the FOIP Act; and
• a representative from the legal or legislative services area who understands the obligations under other legislation that may affect the kind of information that can be released.

Review requests for information

The FOIP Coordinator or the committee should review the types of requests for information currently made to the public body to determine whether these can be met through either routine disclosure or active dissemination. The objective should be to respond to as many requests as possible outside the FOIP Act. This should involve an ongoing monitoring and review of FOIP requests to determine whether requests of a particular nature can be handled through routine disclosure.

Delegate authority

The public body may delegate authority for routine disclosure, under an appropriate delegation instrument, to the program area of the organization where the information is collected, compiled or created. The program area or organization should, in accordance with the practices of the public body on routine disclosure, establish mechanisms for the rapid and effective release of the information. For further information on delegation, see section 2.2 of this chapter and Appendix 2 of this publication.

In the case of active dissemination, the program area may be delegated the responsibility for establishing a dissemination mechanism. The FOIP Coordinator should play an advisory role in establishing such mechanisms, monitoring what action has been taken, and obtaining information on how these mechanisms are working. A listing of records subject to routine disclosure and active dissemination should be available to employees of the public body. Employees should receive training on assisting the public when a request is made for a record that falls within these categories and about referring members of the public to the appropriate office when it is not clear whether the information may be released.

Create new records

The FOIP Coordinator should be consulted when there are plans to create new types of records within the public body. This consultation will determine whether any of these new records could be subject to routine disclosure or active dissemination.

Special conditions for personal information

Personal information requires special consideration when making decisions about disclosure through routine channels.

Public bodies may be able to identify categories of records containing personal information that may be made routinely available

• to the individual the information is about, or to the individual's personal representative (section 84(1)); or
• under another enactment.

A public body's legislation does not have to specifically designate categories of personal information for this limited form of routine disclosure.

The public body must, when routinely disclosing personal information,

• verify the identity of the person to whom the information is disclosed; and
• ensure that any person exercising the rights of an individual under section 84 of the Act provides appropriate written evidence of his or her right to exercise that individual's rights under the Act.

Designation of categories of personal information for routine disclosure to the individual the information is about is appropriate where a considerable demand occurs for a particular type of record. Making the process more routine, with fewer processes and approval requirements, can save a public body considerable time, effort and resources. An example of this process is providing a client with routine access to his or her file or an employee with routine access to his or her personnel records.

Section 84 of the Act provides that another person, under specific circumstances, may exercise any right or power under the Act that is conferred on an individual. The specific circumstances in which a person may act for another individual, and the limitations that apply in each case are discussed below.

Deceased individual (Section 84(1)(a))

Proof of the right to act is normally a copy of the signed and attested document naming the representative to act in matters related to the estate. Evidence consisting of an applicant's stated belief in his or her authority, whether by affidavit or otherwise, or evidence that an applicant administered an estate is not sufficient (see IPC Order 98-004). For information related to disclosure to relatives of deceased persons, see Chapter 4.3 and Chapter 7.7 of this publication.

Guardian or trustee (Section 84(1)(b))

If a guardian or trustee has been appointed for the individual under the Dependent Adults Act, the exercise of rights can be undertaken only by the guardian or trustee. The rights or powers must relate to the powers and duties of the guardian or trustee.

The document governing the nature of the guardianship or trusteeship provides the authority for the representative to act. Public bodies should examine that document to ensure that the disclosure relates to the powers and duties set out in the document.

Personal directive (Section 84(1)(c))

If an agent has been designated under the Personal Directives Act, the agent can exercise the individual's rights. The disclosure is limited to the powers given to the agent under the personal directive. Personal directives cannot provide authority over financial matters. Public bodies should examine the directive before disclosure.

Power of attorney (Section 84(1)(d))

A power of attorney is an authority given to one person (called the attorney) to do certain acts in the name of, and personally representing, the person granting the power (called the donor).

A power of attorney can be to perform specific acts on behalf of the donor or can be a general power of attorney to do everything that the donor can do. Donors can revoke some powers of attorney; some are irrevocable. Powers of attorney come into effect in the event of mental incapacity or remain in effect notwithstanding the mental incapacity of the donor, provided they comply with the provisions of the Powers of Attorney Act . The death of a donor normally revokes the power of attorney.

Public bodies should verify the identity of the person holding the power of attorney and ensure that the power of attorney allows for the disclosure requested or any other power or right being invoked. It may also be necessary, depending on the nature of the power of attorney, to verify that the donor is alive or that the donor is not suffering from a mental incapacity.

Minors (Section 84(1)(e))

A guardian of a minor is a person who has care and custody of the minor or is involved in his or her daily care. This definition may not extend to the parents of a child in all circumstances. Other guardians may be a child's grandparent or other relative, the Director of Child Welfare or other individual who has been granted a temporary or permanent guardianship order. If the minor's parents are separated or divorced, a public body should ask to see a copy of any custody order, showing whether the parent claiming to be a guardian has sole or joint custody or only access or visitation rights. A non-custodial parent may have some limited rights to access information about his or her child (e.g. under the School Records Regulation under the School Act) but is not likely to be the child's guardian.

A public body should verify both the authority under which the guardian purports to act and under which he or she is requesting information on behalf of the minor (i.e. ask to see a copy of the guardianship order) and the identity of the guardian (i.e. ask to see some form of valid photo identification, such as a driver's licence).

Public bodies should have policies for dealing with minors based on the statutes and regulations under which they operate. When seeking decisions from individuals under the age of majority, public bodies should take into consideration their own policies and procedures for deciding when these individuals have the ability to understand the matter being decided and to appreciate the consequences of such a decision. The opinions and views of the minor constitute just one of the factors that must be taken into account in making a decision.

For information on the interpretation of section 17 and the tests used to determine whether a disclosure would be an unreasonable invasion of privacy, see Chapter 4.3 of this publication.

Written authorization (Section 84(1)(f))

A written authorization is a document in writing signed by an individual who authorizes another individual to do certain acts in the name of and on behalf of the individual signing the document.

A written authorization should be to perform specific acts (e.g. provide consent, make a FOIP request on behalf of the authorizing individual) or, more generally, to exercise the rights or powers of the individual under the FOIP Act. Before disclosing personal information on the basis of section 84(1)(f), public bodies may, in some circumstances, wish to contact the individual who has granted the authority to confirm that he or she is aware of the amount and type of personal information that will be disclosed.

An example of an Authorization of Representative Form is included in Appendix 5 of this publication.

The Act contains requirements for giving various types of notices to persons. Section 17(2)(b) provides for a notice to be given to a third party when the third party's personal information is being disclosed for compelling health or safety reasons. Sections 30 and 31 deal with notices to be given to third parties and to applicants during the access request process. Section 32(4) provides for notices to be given to a third party and to the Commissioner when personal or confidential business information of a third party is being disclosed in the public interest. Finally, section 80 provides for the Commissioner to notify parties respecting a review. The Model Letters in Appendix 3 provide examples and options for all the notices required under the Act.

Section 83 requires that any notice or document to be given to a person under the Act be given

• by sending it to that person by prepaid mail to the last known address of that person;
• by personal service;
• by substitutional service if so authorized by the Commissioner;
• by facsimile telecommunication; or
• in electronic form other than facsimile telecommunication if the person to whom the notice or document is to be given has consented to accept the notice or document in that form.

Personal service means a method of delivery whereby it can be shown that the person to be served actually received the document.

Substitutional service means the placing of public notices in a trade journal or in other specialized or general media. This is normally intended for situations where a very large number of notices are required or where a third party or other notice recipient cannot be located and the nature of the information would lend itself to this type of public notice.

Service in electronic form means delivery in digital form or in any other intangible form by electronic, magnetic or optical means or by any other means that have similar capabilities for creation, recording, transmission or storage. Whether a person has consented to accepting a notice in electronic form (e.g. by e-mail) is determined in accordance with section 8(2) of the Electronic Transactions Act. Under that provision, consent may be inferred from a person's conduct if there are reasonable grounds to believe that the consent is genuine and relevant to the information.

Third party notices

When the head of a public body is considering giving access to a record that may contain information that affects the interests of a third party under section 16 or the disclosure of which may be an unreasonable invasion of a third party's personal privacy under section 17, the head must give written notice to the third party and to the applicant in accordance with sections 30 and 31 of the Act.

Public bodies should choose a delivery method that ensures that the notice arrives quickly and conveniently for a third party or other person receiving notice but also one that is efficient and cost-effective. Prompt delivery will allow the third party as much time as possible to respond. See Chapter 5 of this publication and FOIP Bulletin No. 10, Third Party Notice, published by Access and Privacy Branch, Alberta Government Services.

Section 84(2)

This provision states that any notice required to be given to an individual under the Act may be given to the person entitled to exercise the individual's rights and powers as provided for in section 84(1).

Section 87(1) sets out the requirements for the Directory of Public Bodies that must be published by the Minister responsible for the Act. The directory must include the name of the public body and business contact information for the FOIP Coordinator or, if the public body has no FOIP Coordinator, business contact information for the head of the public body. The Minister may publish the directory in either print or electronic form.

Access and Privacy Branch, Alberta Government Services is responsible for coordinating revisions to the Directory of Public Bodies.

Directory of personal information banks (Section 87.1)

A personal information bank is defined in section 87.1(5) as a collection of personal information that is organized or retrievable by the name of an individual or by an identifying number, symbol or other particular assigned to an individual.

Personal information banks have the following characteristics:

• they contain one or more types of personal information;
• they contain information about a group or groups of individuals; and
• the information is organized by a personal identifier or capable of being retrieved by a personal identifier.

The listing of personal information banks provides a public registration of all personal information banks in the custody or under the control of a public body. It also provides a public record of the purposes for which this information may be used or disclosed.

The Information and Privacy Commissioner may consider or review a public body's listing of personal information banks if there is a complaint or general investigation relating to the collection, use or disclosure of personal information by a public body.

Further information about personal information banks is available in the Guide to Identifying Personal Information Banks, published by Access and Privacy Branch, Alberta Government Services.

The head of each public body is responsible for maintaining and publishing a directory of its personal information banks which may be in either printed or electronic form. The required content for this directory is the same for all public bodies, including local public bodies. The directory of personal information banks must include

• the title and location of the personal information bank;
• a description of the kind of personal information and the categories of individuals whose personal information is included;
• the authority for collecting the personal information in the personal information bank; and
• the purposes for which the personal information is collected or compiled and the purposes for which it is used or disclosed.

Section 87.1(3) requires a public body to record any use or disclosure of personal information that is different from those listed in the directory. This notation must be either attached to or linked to the personal information in question, and the new purpose(s) must be included in the next update to the directory.

Section 87.1(4) requires the head of a public body to ensure that the directory is kept as current as is practicable.

Section 89(1) of the Act requires that public bodies make available for inspection by the public any manual, handbook or other guideline used in decision-making processes that affect the public. This provision applies to manuals used by employees when administering or carrying out programs or activities. Rules for program administration, formulae or eligibility criteria for grants or other benefits, guidelines for reviewing applications, and procedures for administering a public program are included. The availability of material that guides decision-making allows members of the public to understand how decisions that affect them are made and opens up the decision-making process to public scrutiny (see IPC Order F2002-023).

Section 89(1) does not apply to manuals or handbooks that deal only with internal decision-making, such as internal personnel practices or records management guidelines. There is also no requirement for a public body to provide access to information in a manual that is already available to the public for purchase, as in the case of the Supports for Independence Policy Manual produced by Alberta Human Resources and Employment (IPC Order F2002-023).

Each public body should provide facilities where the public may inspect manuals, handbooks and guidelines used in decision-making, both at its headquarters and, if reasonably practicable, at other offices of the public body. There are a number of ways to accomplish this. One approach may be to designate space in the office areas of the FOIP Coordinator and appropriate regional contacts. Another is to provide access in an existing library or resource centre.

The term “facility” may include a location such as a reception area, a work station, an office or any other area used for the purpose of providing access to manuals and guidelines. In all cases, however, the location should be clearly indicated so that the public may easily find it. In addition to providing a facility where the public may inspect manuals, handbooks and guidelines used in decision-making processes, some public bodies are providing access to these records through a web site.

Ministries that are responsible for Schedule 1 public bodies should ensure that new bodies that are being designated as Schedule 1 public bodies are made aware of their obligations under section 89(1) as early as possible.

Section 89(2) provides that manuals, handbooks and guidelines may be reviewed by the public body before being made available for public examination. Any information that would not be disclosed in accordance with the exceptions set out in the Act may be severed.

Access to manuals and guidelines and the establishment of facilities for the public to consult these documents are discussed in FOIP Bulletin No. 3, Manuals and Reading Rooms, published by the Access and Privacy Branch, Alberta Government Services.

Section 82(1) of the Act provides that an employee of a public body may disclose to the Commissioner any information which that employee is required, whether under oath or by agreement, to keep confidential, if the employee, acting in good faith, believes that the information

• ought to be disclosed by the head of the public body under the public interest provisions of section 32; or
• is being collected, used or disclosed in violation of the privacy provisions contained in Part 2 of the Act.

The intent of section 82 is to give balanced and adequate protection to employees. The provision encourages employees to come forward when they honestly believe that the public body for which they work is either ignoring an important public interest by failing to disclose particular information or failing to meet the obligations to protect personal privacy imposed by the provisions of Part 2 of the FOIP Act.

The Commissioner will seek proof that the employee is acting in good faith. This means that the employee has an honesty of intention or honestly believes that he or she is following a lawful path. If the Commissioner is satisfied that the complaint is in good faith, there must be an investigation of the alleged failure to comply with the Act or the need to disclose certain information. The investigator may use all the powers vested in the Office of the Commissioner to investigate the matter (section 82(2) and (7)).

The Commissioner must not divulge the identity of the employee except with the individual employee's consent (section 82(3)).

Disclosure can occur through written communication with the Commissioner or through a meeting between the employee and the Commissioner or one of the Commissioner's staff who is delegated to undertake the case.

If an employee acted in good faith, he or she is protected from prosecution under any Act for

• copying a record or disclosing it to the Commissioner; or
• disclosing information to the Commissioner (section 82(4)).

An employee acting in bad faith would not be protected from prosecution. Acting in bad faith means acting with mischievous, harmful or false intent.

A public body or any person acting on behalf of a public body is prevented from taking any adverse employment action against an employee acting in good faith who

• has disclosed information to the Commissioner under this section; or
• has exercised or may exercise a right under this section (section 82(5)).

Any person who contravenes section 82(5) is guilty of an offence and liable to a fine of not more than $10,000 (section 82(6)).

Protection from liability

Under section 90 of the Act, a public body and all the officials involved in the administration of the Act are protected from liability for damages for

• disclosing or withholding information, or for the consequences of disclosing or withholding information, where a public official has acted in good faith; or
• failing to give a required notice where the public official took reasonable care in giving notice.

Offences and penalties

Section 91 protects an employee of a public body from adverse employment action as a result of properly disclosing information in accordance with the Act. Anyone who contravenes section 91 is guilty of an offence and liable to a fine of not more than $10,000.

Section 92 of the Act requires public bodies to cooperate with the Information and Privacy Commissioner or another person performing duties of the Commissioner.

It is an offence under the Act to

• collect, use or disclose personal information in contravention of Part 2 of the Act;
• attempt to gain or gain access to personal information in contravention of the Act;
• make a false statement to, or mislead or attempt to mislead, the Commissioner or another person in the performance of the duties, powers or functions of the Commissioner or another person under the Act;
• obstruct the Commissioner or another person in the performance of the duties, powers or functions of the Commissioner or other person under the Act;
• alter, falsify or conceal any record, or direct any person to do so, with the intent of evading a request for access under the Act;
• fail to comply with an order made by the Commissioner under section 72 or by the adjudicator under section 81(2); or
• destroy any records subject to the Act, or direct any person to do so, with the intent to evade a request for access to the records.

Public bodies should note that it is an offence to wilfully reveal or wilfully attempt to gain access to the identity of an applicant in contravention of the Act, whether or not the attempt is successful (see IPC Order 2000-023).

Although it is an offence to destroy any records subject to the Act with the intent to evade a FOIP request, there is no duty or requirement as to how a public body should structure or maintain its record retention system (see IPC Order 2000-030).

In IPC Order F2002-006, the Commissioner commented that the practice of sending a record to outside parties for the purpose of avoiding the requirements of the Act was contrary to the spirit of the Act. It appeared that the public body came “dangerously close” to breaching section 92(1)(e).

Failure to comply with a duty imposed by the legislation or otherwise acting in contravention of the Act is not an offence unless it is covered under section 92(1).

The Commissioner may find grounds for believing that an offence under section 92(1) has occurred in the course of

• a review requested by an applicant or other individual under the Act;
• an investigation under section 53; or
• a disclosure to the Commissioner under section 82 regarding possible failure to disclose in the public interest or regarding a possible violation of Part 2 of the Act.

Any other failure to comply with the legislation that is not an offence under section 92(1) is dealt with by the Commissioner under the normal review and complaints process set out in Part 5 of the Act or in an investigation under section 53.

Any person who commits an offence under section 92(1) or section 91(1) is liable, upon conviction, to a fine of up to $10,000 under sections 92(2) and 91(2) respectively. The Commissioner does not impose the fine. The court, under the Provincial Offences Procedures Act, will determine whether or not an offence has been committed and impose any fine (see IPC Order 99-012).

In order to support charges under the offence provisions in the Act, the Commissioner would have to be satisfied, on reasonable and probable grounds, that an offence had been committed. The Commissioner would then swear an Information in Provincial Court to that effect and the charge would be heard in that Court (see IPC Investigation Report 2001-IR-010).