Chapter 1: Principles, History & Purposes of FIPPA


Overview

This Chapter deals with

  • the principles of access to information and information privacy legislation;
  • the history of Manitoba's Freedom of Information and Protection of Privacy Act (FIPPA), including the amendments to FIPPA; and
  • the purposes in section 2 of FIPPA.

Principles of Access and Privacy Legislation

Manitoba's Freedom of Information and Protection of Privacy Act (FIPPA) is both:

  • an access to information statute (Part 2 - Access to Information); and
  • an information privacy statute (Part 3 - Protection of Privacy).

Access to Information Legislation

Part 2 of FIPPA - Access to Information - is access to information legislation.

The Supreme Court of Canada has described the purpose of access to information legislation as follows:

  • The overarching purpose of access to information legislation, then, is to facilitate democracy. It does so in two related ways. It helps to ensure first, that citizens have the information required to participate meaningfully in the democratic process, and secondly, that politicians and bureaucrats remain accountable to the citizenry.2

The Supreme Court of Canada has also recognized that the right of access to information held by public institutions must be subject to limits:

  • Access to information in the hands of public institutions can increase transparency in government, and enhance an open and democratic society. Some information in the hands of those institutions is, however, entitled to protection in order to prevent the impairment of those very principles and promote good governance.3

The balance between openness and confidentiality is achieved by excepting certain categories of records4 from access. The practice of severing information, which involves removing information that falls within an exception to disclosure from a copy of the record to be released, provides a means of disclosing as much information as possible while maintaining necessary confidentiality.

To ensure that public institutions respect the right of access to information, access legislation provides for the independent review of decisions about access.


Information Privacy Legislation

Part 3 of FIPPA - Protection of Privacy - is information privacy legislation.

The protection of privacy is a fundamental value in modern, democratic states. 'Information privacy' deals with a particular aspect of privacy - privacy in relation to information about an individual. It recognizes that personal information about an individual is, in a fundamental way, the individual's own, and that he or she should have some right to control this information - to determine when, how and to what extent it is communicated to others.

As the Supreme Court of Canada has stated:

  • Finally, there is privacy in relation to information. This too is based on the notion of the dignity and integrity of the individual. As the Task Force5 put it: "This notion of privacy derives from the assumption that all information about a person is in a fundamental way his own, for him to communicate or retain for himself as he sees fit".6

'Information privacy' legislation:

  1. sets out rules governing the collection, use, disclosure, retention and destruction of personal information;
    In setting out these rules, the legislation must balance the right of individuals to privacy of and control over their personal information and the legitimate need of government institutions and other organizations to collect, use and disclose personal information (for example, to provide services or health care to the individual, to protect the public, enforce laws, etc.).
  2. provides individuals with a right of access to, and the right to request correction of, their personal information; and
  3. provides for independent review of the decisions of government institutions and organizations about personal information.

The privacy principles in information privacy legislation flow from the eight international 'fair information practices' issued in the 1980's by the International Organization for Economic Cooperation and Development (known as the OECD Privacy Guidelines).7 These eight privacy principles are: collection limitation; data quality; purpose specification; use limitation; security safeguards; openness; individual participation; and accountability.

In November 2006, a 'Global Privacy Standard' - a harmonization of privacy principles into a single set of fair information practices - was adopted at the International Data Protection Commissioners Conference. Canadian information privacy legislation - including Manitoba's FIPPA and Manitoba's Personal Health Information Act8 - reflects, and is organized around, these ten privacy principles:

  1. Consent;
  2. Accountability;
  3. Identifying Purposes;
  4. Collection Limitation;
  5. Use, Retention and Disclosure Limitation;
  6. Accuracy;
  7. Security;
  8. Openness;
  9. Access to and Correcting One's Own Personal Information; and
  10. Compliance.9

History of FIPPA


Manitoba's Freedom of Information Act

Manitoba has had access to government information legislation since The Freedom of Information Act was proclaimed in 1988.10 That Act provided for access by members of the public to records held by the Manitoba Government and government agencies, subject to certain exemptions. The Manitoba Ombudsman and the Court of Queen's Bench served as the review and appeal mechanisms for access to information decisions.

The Freedom of Information Act provided limited protection for personal information by treating third party personal information as an exemption to disclosure. But, it lacked a full scheme protecting all personal information collected, used and disclosed by the government. That is, The Freedom of Information Act was an access to information statute only; it was not an information privacy statute. Also, the access rights in that Act were limited to records held by the Manitoba government departments and Crown agencies; it did not apply to other public bodies in the province, such as municipalities, public schools, regional health authorities, etc.


Development and Enactment of FIPPA

The Freedom of Information and Protection of Privacy Act (FIPPA) was drafted after a public consultation process and extensive research on similar legislation in other Canadian jurisdictions and elsewhere. A Discussion Paper titled Access to Information and Privacy Protection for Manitoba was distributed in May 1996, to which the public was invited to respond. Numerous individuals, organizations and government departments made oral and written submissions about new access and privacy legislation.

FIPPA was introduced in the Manitoba Legislature on June 4, 1997 by the Minister of Culture, Heritage and Citizenship and was passed on June 27, 1997. It was proclaimed in effect with respect to Manitoba government departments and government agencies on May 4, 1998, and for the City of Winnipeg on August 31, 1998. FIPPA was extended to other local public bodies (such as school divisions, other municipalities, regional health authorities, etc.) on April 3, 2000.


Statutory Review of and Amendments to FIPPA

Statutory Review of FIPPA

Section 98 of FIPPA required that, within five years of its coming into force, the Minister responsible for FIPPA undertake a comprehensive review of FIPPA involving public representations, and that the Minister submit a report about the review to the Legislative Assembly.

In May 2000, the Minister of Culture, Heritage and Tourism announced the launch of the legislative review of FIPPA. The review of FIPPA was coordinated with the review of The Personal Health Information Act. In 2003, there were preliminary consultations with local public bodies - more than 374 municipalities, school divisions, regional health authorities and other public bodies were contacted and invited to share their experiences and recommendations to improve the legislation.

In February 2004, public consultations commenced. A discussion paper about FIPPA - Tell Us What You Think - was posted on-line and Manitobans could respond with their views. In April and May 2004, public hearings were held in Winnipeg, Brandon and Thompson.

On May 31, 2004, the Minister of Culture, Heritage and Tourism tabled the report on the statutory review in the Legislative Assembly. This report resulted in the amendments to FIPPA discussed below.

Amendments to FIPPA

On May 1, 2008 the Minister of Culture, Heritage and Tourism tabled Bill 31, and The Freedom of Information and Protection of Privacy Amendment Act,11 was passed on October 9, 2008. This Act amends certain provisions of FIPPA and is in effect as of January 1, 2011.

The main changes this amending Act made to FIPPA are as follows.

  1. Information and Privacy Adjudicator [Parts 4.1 and 5]
    • An Information and Privacy Adjudicator is appointed as an officer of the Legislative Assembly. Where a public body has not acted on the recommendations of the Manitoba Ombudsman in an access or privacy complaint, the Ombudsman may refer the matter to the Adjudicator for review. The Adjudicator has the power to make an order against a public body that has not acted on the Ombudsman's recommendations.12
  2. Definitions and Interpretation
    • new or amended definitions: "adjudicator", "complaint", "educational body" (two bodies added), "employee", "information manager" [ss. 1(1)];
    • new interpretation provision: "health" and "health care" [s. 1(2)].
    • language amended to reflect that public bodies provide "services" as well as "programs and activities" [ss. 23(2)(c), 36(1)(b), 45(b)].
  3. Purposes
    • amended to refer to "the resolution of complaints" under FIPPA, to tie in with the changes to the complaint process and the creation of the Information and Privacy Adjudicator [s. 2(e)].
  4. Access to Information - Part 2
    • The right of access in Part 2 does not apply to information available to the public for free or for purchase [ss. 6(2), 32(1), 32(2)].
    • Public bodies are given additional discretion to disregard access requests that are frivolous or vexatious, or that, because of their repetitious or systematic nature, would unreasonably interfere with the public body's operations or amount to an abuse of the right to make access requests [s. 13(1)].
    • Cabinet confidences (an exception to disclosure) - the closure period for these records is reduced from 30 to 20 years. Also, how to request consent to the earlier release of Cabinet confidences is clarified [s. 19(2)].
    • Confidential information that public bodies receive from band councils or organizations performing government functions on behalf of one or more bands is given the same protection from release as confidential information received from another government or from a local public body [ss. 20(1)(c.1), 21(1)(c.1)].
    • Local public body confidences (an exception to disclosure) - the closure period for these records is reduced from 30 to 20 years. (Local public bodies include municipalities, school divisions, regional health authorities, etc.) [s. 22(2)(b)].
    • Advice, etc. to a public body (an exception to disclosure) - the closure period for these records is reduced from 30 to 20 years [s. 23(2)(a)].
    • Public opinion polls - it has been clarified that access to 'public opinion polls' cannot be refused under the 'advice to a public body' exception to disclosure [s. 23(2)(f.1)].
    • The relationship between the exception to disclosure protecting confidential evaluations about individuals and The Personal Investigations Act is clarified [s. 30(2)].
    • The government must make a summary of the total annual travel and other expenses incurred by each government Minister available to the public [s. 76.1].
    • The requirements that public bodies prepare directories of records and that public registries be designated in the regulations under FIPPA have been removed [s. 75, 87(c), 87(l)].
  5. Protection of Privacy - Part 3
    • Limit on use of personal information by employees [s. 42(3)]:
      • Effective January 1, 2011, the provision in FIPPA setting out the principle that use and disclosure of personal information must be limited to those who need to know it was amended to clarify that it applies when employees of a public body are using personal information. Also, in subsection 1(1) of FIPPA, the definition of "employee" has been clarified to include a person who performs services for a public body under a contract or agency relationship.
    • Disclosure of personal information permitted:
      • to another public body where disclosure is necessary to deliver a common or integrated service, program or activity [s. 44(1)(f.1)];
      • to evaluate or monitor a service, program or activity of the public body or the government, or to carry out research and planning relating to them [s. 44(1)(j.1)];
      • where the information disclosed is limited to 'business contact information' [s. 44(1)(x.1)];
      • about alumni by universities and colleges for fundraising purposes. Disclosure is limited to specified contact information and a written agreement with the fundraiser is required that, amongst other things, requires that individuals be given an opportunity to 'opt out' [ss. 44(1)(dd), 44(1.1)];
    • Information managers
      • New requirements are added to protect personal information where a public body contracts with an information manager [ss. 1, 44(1)(aa), 44(2), 44.1, 85(1)(e)];
    • The provisions for approving bulk disclosures and data linkages that are not otherwise authorized under FIPPA have been removed. Rights under existing agreements made under this provision are preserved [ss. 46, 1, 43(c), 44(1)(cc), 47(2), 47(3), 47(4)(a), 77, 83(2)(d), 87(i), 87(k), 97.1].
  6. Ombudsman
    • The term "complaint" has been defined to clarify it includes a complaint made by the Ombudsman [s. 1(1)].
    • The Ombudsman may decide not to investigate a complaint that is an abuse of process [s. 63(1)(b)].
    • The Ombudsman must make recommendations resulting from investigations about access and privacy available to the public [s.66(7)].
    • As of January 1, 2011, FIPPA was amended to set out how, and in what circumstances, the Ombudsman may ask the Information and Privacy Adjudicator to review an access or privacy complaint.13
  7. Other Provisions
    • The head of a public body may delegate any duty or power under FIPPA to any person, not just to a person on the staff of the public body [s. 81].
    • Any access or privacy complaint made to the Ombudsman before the Adjudicator was appointed must be dealt with under the former provisions of FIPPA, not under the amended provisions [transitional - in the amending Act (s. 41), not FIPPA].
    • The Minister responsible for FIPPA must undertake a comprehensive review of the operation of FIPPA, which involves public representations, within 5 years after the Information and Privacy Adjudicator is appointed.

The amending Act - The Freedom of Information and Protection of Privacy Amendment Act - can be found at:
https://web2.gov.mb.ca/laws/statutes/2008/c04008e.php

Information about these amendments can be found on the FIPPA website at:
https://www.gov.mb.ca/fippa/public_bodies/


Purposes of FIPPA

The purposes of FIPPA are set out in section 2 of FIPPA.

Section 2 of FIPPA sets out five purposes:

  1. Right of Access to Records [Clause 2(a)]

    Part 2 of FIPPA - Access to Information - sets out the general right of access by any person to records in the custody or under the control of public bodies. The limited and specific exclusions and exceptions to disclosure set out in FIPPA, and a small number of other statutes that state they prevail over FIPPA, provide the only basis for refusing access to records.

    The exceptions to disclosure in FIPPA are "limited and focused" and should be interpreted so as to give as much access as possible to records that are requested.

    Part 2 of FIPPA is discussed in Chapters 4 and 5 of this Manual. Statutes that prevail over FIPPA are discussed in Chapter 2, under Relationship of FIPPA to Other Legislation.

  2. Right of Access to Records Containing One's Own Personal Information [Clause 2(b)]

    Under Part 2 of FIPPA - Access to Information - an individual also has a right to obtain access to records in the custody or under the control of public bodies that contain personal information about himself or herself. This important `information privacy' right is subject to the limited and specific exclusions and exceptions in FIPPA, and to a small number of provisions of other statutes that prevail over FIPPA.

    The exceptions and exclusions to access in FIPPA are "limited and focused" and should be interpreted so as to give the individual as much access to his or her personal information as possible.

    Part 2 of FIPPA is discussed in Chapters 4 and 5 of this Manual. Statutes that prevail over FIPPA are discussed in Chapter 2, under Relationship of FIPPA to Other Legislation.

  3. Right to Request Correction of One's Own Personal Information [Clause 2(c)]

    Section 39 of FIPPA contains another important `information privacy' right - the right of individuals to request corrections to records containing information about themselves that are held by public bodies.

    Section 39 of FIPPA is discussed in Chapter 6 of this Manual, under Requests to Correct Personal Information.

  4. Protection of Privacy [Clause 2(d)]

    Part 3 of FIPPA - Protection of Privacy - controls the manner in which public bodies collect personal information, and protects individuals against unauthorized use or disclosure of their personal information by setting out requirements respecting use, protection, accuracy, retention and disclosure of personal information by public bodies.

    Part 3 of FIPPA is discussed in Chapter 6 of this Manual.

  5. Independent Review of Access and Privacy Decisions [Clause 2(e)]

    Part 4 and Part 5 of FIPPA deal with the independent review of the decisions of public bodies about access to information and privacy, and the resolution of access and privacy complaints.

    The roles of the Manitoba Ombudsman, the Information and Privacy Adjudicator and the courts in the independent review of decisions and in complaint resolution under FIPPA are discussed in Chapters 7 and 8 of this Manual.