Privacy and the Role of the OIPC

1
Privacy and the Role of the OIPC

• A Brief Summary
• Valerie Kupsch and
• Mary Golab
• Office of the Information and
• Privacy Commissioner of Alberta

2
Topics of Discussion

• General overview of privacy legislation
• Responsibility and role of the OIPC
• Questions

3
History of Privacy Legislation

• OECD Principles
• From the Guidelines on the Protection of Privacy
  and Transborder Flows of Personal Data, OECD,
  Paris, 1980
• Fair Information Practices
• Basis privacy legislation across Canada

4
Fundamentals of Privacy Legislation

• Specific jurisdiction
• Cover right of access
• Deal with the collection, use and disclosure
  practices of specified groups
• Provides an opportunity for recourse if an
  individual believes their information has been
  dealt with inappropriately

5
FOIP

• The Freedom of Information and Protection of
  Privacy (FOIP) Act was passed in June 1994
• The Act came into effect in October 1995
• The Act covers all public bodies government
  departments, boards, agencies, municipalities,
  universities, schools and hospitals

6
HIA

• Albertas Health Information Act (HIA)
• The Act came into effect in April 2001
• The Act covers records generated as a result of
  treatments provided in the publicly-funded health
  system and governs collection, use and disclosure
  practices of health record custodians.

7
PIPA

• Governs collection, use disclosure of personal
  information by private sector organizations in a
  matter that recognizes both
• Rights of individuals, and
• Needs of organizations to collect, use disclose
  personal information for reasonable purposes
• PIPA provides a right of access to ones own
  personal information

8
Federal Jurisdiction

• The Privacy Act of Canada - 1982
• The Access to Information Act - 1983
• The Personal Information Protection and
  Electronic Documents Act (PIPEDA) 2001-2004

9
What Is "Personal Information?"

• Personal information is defined as recorded
  information about an identifiable individual.
• Examples
• Individuals name, home or business address,race,
  national and ethnic origin, religion, age, sex,
  marital status, fingerprints, blood type, health
  information, health care history, educational,
  financial, employment or criminal history, anyone
  elses opinion about the individual etc.

10
Purpose of Collection of Information

• No personal information may be collected by or
  for a public body unless
• The collection is expressly authorized by an
  provincial or federal enactment, or
• That information is collected for the purposes of
  law enforcement, or
• That the information relates directly to and is
  necessary for an operating program or activity of
  the public body.

11
Manner of Collection of Information

• A public body must collect personal information
  directly from the individual the information is
  about
• A public body must inform the individual of
• The purpose of the collection
• The specific legal authority for the collection,
  and
• Who can answer questions about the collection

12
Use and Disclosure of Personal Information by
Public Bodies

• A public body may use personal information only
• For the intended purpose.
• If the individual has identified the information
  and consented to the use or
• For a purpose for which that information may be
  disclosed to that public body under other
  sections of the Act

13
Personal Privacy

• What should records professionals know?
• Right to know vs. nice to know
• Good records management good privacy practices
• Basic privacy principles

14
Responsibility and Role of the OIPC

• The Information and Privacy Commissioner is the
  regulatory body identified within the following
  three pieces of legislation
• The Freedom of Information and Protection of
  Privacy Act (FOIP Act)
• The Health Information Act (HIA)
• The Personal Information Protection Act (PIPA)

15
Commissioners Authority

• The Commissioner is an officer of the
  legislature.
• The Commissioner may review any decision, act or
  failure to act by a public body or custodian
  relating to an access request.
• The Commissioner may investigate complaints that
  personal information has been collected, used or
  disclosed in violation of FOIP, HIA PIPA.

16
Structure of the OIPC

• Commissioner
• Assistant Commissioner - Access
• FOIP, HIA, PIPA (Calgary) Teams
• Directors
• Investigators/mediators
• Intake Team
• 3 FOIP, HIA PIPA
• Adjudication Unit
• Director
• Adjudicators
• Legal Counsel
• Corporate Services
• Human Resources, IT, Finance, Records, General
  Administration

17
Reviews and Complaints
A person may ask the Commissioner to review any
decision, act or failure to act of the head of a
public body that relates to a request. A person
who believes that the person's own personal
information has been collected, used or disclosed
in violation of Part 2 may also ask the
Commissioner to investigate that matter.
18
How to Ask for a Review and/or an Investigation
A written request must be delivered to the
Commissioner. The Office of the Information and
Privacy Commissioner receives requests such as

• Request for review of
• Public bodys decision to withhold information
  under part 1, division 2
• Public bodys decision to charge for services.
• Public bodys refusal to correct factual
  information

• Complaint (investigation)
• Complaints about unauthorized collection, use
  and/or disclosure of personal information

19
What Is an Inquiry?

• The FOIP Act requires that the Commissioner
  conduct an inquiry if the matter is not settled
  by mediation.
• An inquiry is the ultimate conclusion to a
  review. This formal proceeding allows the
  Commissioner to hear from everyone involved in
  the matter, and then to make a decision. The
  Commissioners decision is final.

20
General Comments

• Records are at the heart of all three pieces of
  legislation
• Training is available
• GAPS FOIP PIPA
• 780-427-5848
• HIA help desk 427-8089

21
QUESTIONS??? Office of the Information and
Privacy Commissioner - Edmonton 410, 9925-109
Street Edmonton, Alberta T5K 2J8 Phone
780-422-6860 www.oipc.ab.ca ______________________
____________ Calgary Office AMEC Place 2460 801
6th Avenue SW Calgary, Alberta T2P 3W2 Phone
(403) 297-2728