Chapter 3: Administration of FIPPA

OVERVIEW

This Chapter deals with:

• the roles and responsibilities of various public body officials;
• the role and responsibilities of the Minister responsible for FIPPA;
• proactive disclosure and routine disclosure of information;
• who can exercise rights under FIPPA on behalf of another [section 79];
• the manner in which notices are to be given under FIPPA [section 78];
• protection from liability for public bodies and their officials [section 84];
• protection when disclosing information to the Ombudsman and the Information and Privacy Adjudicator [section 86]; and
• offences and penalties under FIPPA [section 85].

ROLES AND RESPONSIBILITIES OF PUBLIC BODY OFFICIALS

Note: Under FIPPA, each Manitoba government department is a separate public body.

The Head of a Public Body

The head of a public body is responsible for all decisions and actions about access to information and protection of privacy made under FIPPA that relate to the public body.

Who is the head of a public body?

The definition of "head" in subsection 1(1) of FIPPA sets out who is the "head" of a "public body".

The head of a public body that is a government department is the Cabinet Minister who has been appointed to preside over it by an Order in Council under The Executive Government Organization Act. ² (“Department” means a department, branch, or office of the executive government.) ³

The head of a public body that is an incorporated government agency is the agency's chief executive officer. An example of an incorporated government agency is Manitoba Hydro.

The head of a   that is an unincorporated government agency is:

• the minister who is assigned responsibility, by an Order in Council under The Executive Government Organization Act, for the administration of the statute under which the agency is established; or
• the minister who is otherwise responsible for the agency.

The Manitoba Labour Board is an example of an unincorporated government agency.

The head of a local public body is the person or group of persons designated as its head by a by-law or resolution of that body.

If the local public body does not designate a head, the government can designate a head for it by regulation.

 

Delegation by the head

The head of a public body may delegate any of his or her duties and powers under FIPPA to any
person. This person no longer has to be a member of the staff of the public body.

It is not necessary for a minister, as the head of a department, to formally delegate powers under FIPPA to his or her deputy minister, as the deputy has authority to act on behalf of the minister.

In general, delegation should be considered for all provisions in FIPPA where the head of a public
body must (shall) or may do something.

There is a practical difference between the delegation of powers and duties relating to access to
information and the delegation of powers and duties relating to protection of privacy under FIPPA.
In the case of access to information, the head's powers and duties relate mostly to decisions about
access requests. In the case of protection of privacy, duties centre on ensuring that the public
body complies with the requirements respecting collection, retention, correction, accuracy,
protection, use and disclosure of personal information in FIPPA.

The effect of a delegation is to authorize the identified official to make decisions and take
action. If authority to make a decision has been delegated to an official, but that official does
not actually make the decision, it has not been properly made.

A delegation under FIPPA should be in writing. A sample delegation document for departments is
included in the Public Body Roles and Responsibilities, on the FIPPA website at:
http://www.gov.mb.ca/chc/fippa/public_bodies/delegation_designation.html.

It is recommended that:

• The delegation document should identify the position to which the powers and duties are delegated, not a named individual.



For example, the "Executive Director of Administration and Finance", not to "John Brown".




When delegation is to a position, rather than to an individual, a new delegation document is not required every time a new appointment is made or someone is acting in the position.

• The delegation document should be reviewed regularly to ensure it is upto- date, as it remains in effect until it is replaced. Also, the delegation should be reviewed whenever there is a restructuring or reorganization of the public body.


• For administrative purposes, a copy of the delegation should be sent to:
• the Information and Privacy Policy Secretariat of the Department of Sport, Culture and Heritage; and
• the Ombudsman's Office.

Access and Privacy Officers

An Access and Privacy Officer is "any employee of a public body to whom the head has delegated a duty or power under section 81 of the Act".

A department or government agency may have more than one Access and Privacy Officer.

The Access and Privacy Officer is responsible for overall direction of access to information and protection of privacy matters within the department or government agency.

As noted above, there is a practical difference between powers and duties relating to access to information and those relating to protection of privacy. In the case of access to information, the powers and duties in FIPPA relate mostly to decisions about access requests. Duties relating to protection of privacy centre on ensuring compliance by the public body with the requirements in FIPPA respecting collection, correction, accuracy, retention, destruction, protection, use and disclosure of personal information - a very broad responsibility.

With respect to privacy matters, an Access and Privacy Officer will usually need to take a collaborative approach, involving individuals with expertise in program management, information technology, records and information management, and privacy (including legal counsel with expertise in privacy law).

It is strongly recommended that the Access and Privacy Officer for a government department be at the assistant deputy minister or executive director level, as he or she will be making access to information and privacy decisions on behalf of the minister.

While the specific responsibilities of Access and Privacy Officers will vary, the following are some of the usual responsibilities.

 

Access to information matters

• Usually, the Access and Privacy Officer will be responsible for developing and implementing procedures to ensure the public body's compliance with the access to information requirements of FIPPA.

http://web2.gov.mb.ca/laws/regs/pdf/f175-064.98.pdf.

• The Access and Privacy Officer will be delegated responsibility to make the final decision on the release of recordsto an applicant for access under Part 2 of FIPPA, and will sign the required letter notifying the applicant of this decision.
• The Access and Privacy Officer will also be responsible for providing formal notice under section 33 of FIPPA to third parties whose privacy or business interests may be affected by an access decision, for hearing representations from those third parties and for making decisions about access to information affecting third parties under section 34 of FIPPA.
• The Access and Privacy Officer may also be responsible for signing Estimate of Costs forms.
• He or she will be responsible for ensuring legal counsel is consulted with respect to access requests requiring legal interpretation and advice.
• The Access and Privacy Officer will deal with the Ombudsman's Office on access matters - for example, investigations of access complaints, audits and other investigations, etc.

Privacy protection matters

• The Access and Privacy Officer is responsible for ensuring that the officers and employees of the department or government agency are complying with the requirements in FIPPA respecting collection, correction, accuracy, retention, destruction, protection, use and disclosure of personal information. This can include responsibility for developing and implementing policies, guidelines and procedures to manage the public body's compliance with the protection of privacy requirements of FIPPA.

• The Access and Privacy Officer is responsible for ensuring that privacy impact assessments are carried out by the public body, where appropriate. The Officer also needs to be aware of key findings resulting from privacy impact assessments, so that informed decisions can be made about handling and protecting personal information. To assist with this, the Information and Privacy Policy Secretariat of the Department of Sport, Culture and Heritage has developed a corporate Privacy Impact Assessment process. Privacy impact assessments, and this process, are discussed in Chapter 6, under Privacy Impact Assessments.
• The Access and Privacy Officer is responsible for ensuring that appropriate procedures are in place to deal with privacy breaches. Responding to a privacy breach is discussed in Chapter 6, under What To Do if a Privacy Breach Occurs.
• The Access and Privacy Officer will also usually make decisions respecting requests for correction of personal information under section 39 of FIPPA.
• He or she is responsible for consulting with legal counsel on privacy matters requiring legal interpretation and advice.
• The Access and Privacy Officer will deal with the Ombudsman's Office on privacy matters - for example, investigations, including investigations of privacy complaints, privacy audits, etc.

The Access and Privacy Coordinator

Each public body is required, by section 2 of the Access and Privacy Regulation under FIPPA, to appoint an employee as an Access and Privacy Coordinator. A public body may appoint more than one Access and Privacy Coordinator.

The Access and Privacy Coordinator is "responsible for receiving applications for access to records and for the day-to-day administration of the Act".

More specifically, the Access and Privacy Coordinator will be responsible for:

• managing access requests under Part 2 of FIPPA; and
• assisting all areas of the public body in complying with the requirements of Part 3 of FIPPA respecting collection, correction, accuracy, retention, destruction, use, protection and disclosure of personal information.

The Coordinator is the focal point of access to information and protection of privacy expertise within the public body.

In large public bodies that receive many freedom of information requests or that maintain large amounts of personal information, the Access and Privacy Coordinator position will be a full-time one.

As the Coordinator will work closely with the Access and Privacy Officer, it is recommended that there be a direct reporting relationship between these two positions.

In some organizations, it may be appropriate to combine the functions of Access and Privacy Coordinator with that of records Officer.

While the responsibilities of Access and Privacy Coordinators will vary somewhat, depending on the degree of centralization of the access to information and protection of privacy responsibilities within a public body, the following are some of the basic duties of this position.

Access to information duties

The Access and Privacy Coordinator's access to information duties may include:

• acting as the focal point of access to information expertise within the public body;
• awareness of other statutes and regulations that may affect access to information held by the public body;
• managing the access request process for the public body. This may include:
  • assisting and dealing with applicants and potential applicants for access, including explaining FIPPA to them, helping them to narrow their requests, directing them to other sources of information;
  • assigning access requests to affected program areas, and assisting them to deal with requests in accordance with FIPPA;
  • monitoring and tracking the processing of access requests;
  • ensuring time limits and notice requirements are met;
  • contacting third parties whose privacy or business interests may be affected by the release of information, to determine their positions;
  • estimating, calculating and collecting fees and, where this function is delegated to the Coordinator by the head, completing and signing the Estimate of Costs form;
  • reviewing preliminary access recommendations from program directors and managers;
  • consulting with legal counsel, as required;
  • recommending to the Access and Privacy Officer how to respond to requests;
  • coordinating the public body's dealings with the Ombudsman during investigations, including complaint investigations, audits, etc., and consulting with legal counsel as required;
  • providing copies of access requests received by the public body (with all identifying information removed) to the Information and Privacy Policy Secretariat of the Department of Sport, Culture and Heritage: and
  • preparing statistical reports for the Information and Privacy Policy Secretariat, Department of Sport, Culture and Heritage.

Privacy protection duties

The Access and Privacy Coordinator will usually have the following duties:

• acting as the focal point of protection of privacy expertise within the public body;
• awareness of other statutes and regulations that may affect protection of privacy in the public body;
• awareness of other privacy statutes and regulations that may govern organizations the public body deals with;



For example, a public body may not be able to collect personal information from an organization that falls under the Personal Information Protection and Electronic Documents Act (Canada), if that organization is not authorized to disclose the personal information by the federal Act.

• ensuring that program directors understand the requirements of FIPPA respecting collection, accuracy, correction, retention, destruction, protection, use and disclosure of personal information;
• assisting staff carrying out a privacy impact assessment, by participating on the privacy impact assessment team, or by acting as a resource to team members. Privacy impact assessments are discussed in Chapter 6, under Privacy Impact Assessments;
• assisting staff in responding to privacy breaches. Responding to a privacy breach is discussed in Chapter 6, under What To Do if a Privacy Breach Occurs;
• consulting with legal counsel, as required;
• receiving requests for correction of personal information and forwarding them to the appropriate program area.

Training responsibilities

• identifying training needs of the staff (in some cases, the contractors) of the public body, for handling access requests and privacy protection;
• liaising with the Information and Privacy Policy Secretariat of the Department of Sport, Culture and Heritage, regarding training requirements and appropriate ways to meet these requirements.

The records Officer

Each government department and government agency requires a recordsOfficer to ensure that records and information held by it are managed efficiently, effectively and in accordance with statutory requirements and policies.

The records Officer must keep abreast of all records-related issues in the department or government agency, including those involving electronic information systems.

The records Officer is the central administrator of the recordsmanagement program of the department or government agency; he or she functions as a point of accountability for record keeping and information-handling practices and provides assistance to program areas.

Where there is a request for access to recordsunder Part 2 of FIPPA - Access to Information - the records Officer will be required to assist the Access and Privacy Coordinator to identify and locate the requested records. To do this, the records Officer should be familiar with the records management practices throughout the department or government agency and must maintain a full set of approved recordsschedules as required under The Archives and recordkeeping Act and of records Transfer Box Lists for the department or government agency.

A description of the typical duties of a records Officer is available from the Government records Office, Manitoba Sport, Culture and Heritage.

Program Directors and Managers

Normally, a program director or manager will be responsible for the following:

• with respect to access to information requests:
  • locating and retrieving recordsin response to access requests, and
  • ensuring that the program perspective is considered in any recommendation about a response to an access request;
• with respect to protection of privacy, implementing policies, practices and procedures for recordsin the custody or under the control of his or her program area to ensure that they meet the protection of privacy requirements in FIPPA.

THE MINISTER RESPONSIBLE FOR FIPPA

The Lieutenant Governor in Council designates the government Minister responsible for the administration of FIPPA. This is done in an Order in Council made under The Executive Government Organization Act that sets out the statutory responsibilities of the various government Ministers.

The Responsible Minister

The Responsible Minister is accountable for the province-wide administration of FIPPA, including the overall performance of public bodies in responding to requests for access and in protecting personal information.

The Responsible Minister for FIPPA is the Minister of Sport, Culture and Heritage. The Department of Sport, Culture and Heritage and specifically the Information and Privacy Policy Secretariat of the department, is responsible for central administration and coordination of FIPPA.

The Responsible Minister is required to submit an annual report to the Legislative Assembly about the activities of public bodies in both access to information and protection of privacy that includes:

• the number of requests for access that have been made, granted or denied;
• the specific provisions of FIPPA on which refusals of access have been based;
• the number of applications to correct personal information that have been made; and
• the fees charged for access to records.

The Responsible Minister must undertake a comprehensive review of the operation of FIPPA, which includes public representations, within five years after an Information and Privacy Adjudicator is first appointed under FIPPA. The Responsible Minister must submit a report on the review to the Legislative Assembly within one year after the review is undertaken, or within such further time as the Assembly may allow.

Note: The head of a public body, not the Responsible Minister, is accountable for the handling of access requests and personal information by that public body.

The Information and Privacy Policy Secretariat

The Information and Privacy Policy Secretariat of the Department of Sport, Culture and Heritage provides leadership and expertise to the Manitoba Government on access to information, confidentiality and privacy policy matters under FIPPA, as well as support services to public bodies that fall under FIPPA.

The Secretariat provides:

• legislative and policy analysis relating to FIPPA and public sector best practices in access to information and privacy;
• consulting, coordination and support services to departments, government agencies and local public bodies;
• support to departments and government agencies through the 'corporate' Privacy Impact Assessment process. Privacy impact assessments, and this process, are discussed in Chapter 6, under Privacy Impact Assessments;
• support in responding to privacy breaches. Responding to a privacy breach is discussed in Chapter 6, under What To Do if a Privacy Breach Occurs;
• a corporate communications program about access to information and privacy protection;
• development and updating, in collaboration with Civil Legal Services, Manitoba Justice, of resource materials such as the FIPPA Resource Manual for Provincial Government Departments;
• information sessions for Access and Privacy Coordinators, in collaboration with Civil Legal Services, Manitoba Justice;
• development and delivery of training for staff of public bodies;
• help desk services for the public; and
• collection of statistics on FIPPA.

The Information and Privacy Policy Secretariat works closely with the Manitoba Archives and the Government records Office.

The functions of the Manitoba Archives respecting FIPPA are directly related to its responsibility to administer the records management program of the Manitoba Government under The Archives and record keeping Act. The Archivist of Manitoba establishes policies, standards and guidelines for government record keeping and approves departmental and agency records schedules'. (A `records schedule' is the formal, written plan that identifies government records, establishes their retention periods and provides for their disposition.)

A NOTE ABOUT PROACTIVE DISCLOSURE AND ROUTINE DISCLOSURE OF INFORMATION

Clause 3(a) of FIPPA states that FIPPA is "in addition to" and "does not replace" existing procedures for access to records or information normally available to the public - including any requirement to pay fees. In other words, not all requests for information or records need to be made under FIPPA, and FIPPA should not be applied to prevent or reduce access to information (other than personal information) that is available by custom or practice.

Government departments and government agencies have always provided public access to certain information and records in their custody or control by 'proactive disclosure' or by 'routine disclosure'. Proactive disclosure and routine disclosure of information can satisfy many of the information needs of members of the public.

Proactive disclosure of information occurs when information or records are periodically released, without any request, under a communications plan or practice. It often occurs when there is an anticipated demand for information by the public. It can take many forms - for example, publishing information on a departmental website, etc.

Specific examples of 'proactive disclosure' of information include:

1. publication by the government of ministerial expenses;
   
   Section 76.1 of FIPPA requires the government to "make available to the public a summary of the total annual expenses incurred" by each Minister for
   
   (a) transportation and travel;
   (b) accommodation and meals;>
   (c) promotion and hospitality; and
   (d) cell phone and personal electronic communications devices.
2. publication by the Department of Tourism, Culture, Heritage, Sport and Consumer Protection of the access requests received by government departments (with all identifying information removed);
3. publication by the government of Orders in Council (that is, Orders made by the Lieutenant Governor in Council).

Links to these and to other examples of proactive disclosure are found at: http://www.gov.mb.ca/chc/fippa/disclosure.html.

Routine disclosure occurs when access to a record is given without a formal request under Part 2 of FIPPA. For example:

• Section 76 of FIPPA provides that the head of a public body may specify records or categories of records that are available to members of the public without making a formal application under FIPPA. A fee may be charged for a copy of these records.
• Manitoba Conservation and Water Stewardship has traditionally provided members of the public with access to land surveyor's field books. A copying fee may be charged.
• Under The Corporations Act, members of the public may search specified information in the Companies Office Registry, for a fee; etc.

Personal information requires special consideration when making decisions about proactive disclosure or routine disclosure. For example,

• public bodies need to review their practices and procedures for releasing information to ensure that personal information is protected as required by Part 3 of FIPPA;
• when routinely disclosing personal information to the individual the information is about, a public body must
  • verify the identity of the individual to whom the information is disclosed, and
  • ensure that disclosure of personal information about other individuals does not occur.

In some instances, records may have to be written and prepared in a different way to allow for release by way of proactive disclosure or routine disclosure. For example, in some Canadian jurisdictions, quasi-judicial tribunals are exploring ways to release their decisions widely through the Internet, while protecting the privacy of the individuals who appear before them. Restructuring decisions so that personal information and personal health information can more easily be located and severed out may be one way to achieve the desired balance between openness and privacy.

GIVING NOTICE UNDER FIPPA - [SECTION 78]

A variety of notices and documents are required to be given under FIPPA - for example:

• a "fee estimate" under subsection 82(2);
• notice of an extension of time for responding to an access request under subsection 15(2);
• notice of a decision of the head of a public body about access under subsection 11(1);
• notice by the head of a public body to a third party whose privacy or business interests may be affected by an access decision, under section 33; etc.

Section 78 of FIPPA provides that when notice or a document is to be given to a person under FIPPA, it is to be given in one of the following ways:

• by sending it to that person by prepaid mail to the person's last known address;
• by personal service;
  • "Personal service" means delivering the notice or document in such a way that it can be shown that the intended recipient actually received the notice or document.
• by substitutional service, if authorized by the Ombudsman or the Information and Privacy Adjudicator;
  • "Substitutional service" will usually be in the form of a public notice provided through the media - for example, a notice in a newspaper with general circulation in Manitoba, or in a specialty trade journal or publication, depending on who is the intended recipient. Substitutional service is most often authorized when the intended recipient cannot be located, or a very large number of people need to be served, and the nature of the information would lend itself to this type of service. Substitutional service can only be used with the permission of the Ombudsman, or the Information and Privacy Adjudicator (in the case of a review of a complaint by the Adjudicator).
• by electronic transmission or telephone transmission of a facsimile of a copy of the notice or document.
  • A public body relying on service by electronic transmission or by fax will, amongst other things, need to keep in mind its obligation to take reasonable steps to protect personal information from unauthorized access and disclosure under Part 3 of FIPPA.

Except where substitutional service or an appeal or application to court is involved, the choice of how to give notice or send a document under FIPPA is usually up to the public body and will depend on the circumstances. Normally, notices or documents will be sent by mail or by fax. A public body should assess the circumstances and choose the most effective and economical means of giving notice or providing a document, while keeping in mind its obligation to take reasonable steps to protect personal information from unauthorized access and disclosure under Part 3 of FIPPA.

EXERCISING RIGHTS ON BEHALF OF ANOTHER - [SECTION 79]

Section 79 of FIPPA states that any right or power that an individual has under FIPPA may be exercised on his or her behalf by another person, under specific circumstances.

The rights or powers under FIPPA that may be exercised by another on behalf of an individual include:

• the right to make a request for access to a record under Part 2;
• the right to make a request for access to personal information in a record under Part 2;
• the right to authorize indirect collection of personal information under clause 37(1)(a),
• the right to consent to use of personal information under clause 43(b),
• the right to consent to disclosure of personal information under clause 44(1)(b), etc.

It is important to ensure that a person claiming authority to act on behalf of another is legally entitled to do so, particularly if personal information or privacy is involved. Where there are any questions or doubts about the existence, or the extent, of such authority, legal counsel should be contacted.

1       Clause 79(a) - Written authorization from the individual

An 'authorization' under clause 79(a) of FIPPA is a document in which an individual authorizes someone else to do certain things in his or her name and on his or her behalf. The authorization must be in writing and signed, should be dated and should clearly set out what the other person is being authorized to do.

Before disclosing personal information on the basis of a written authorization, a public body may, in some circumstances, want to contact the individual who has granted the authority to confirm that he or she is aware of the amount and type of personal information that will be disclosed.

A written authorization provides the recipient with the authority to act. A public body needs to examine such a document carefully to ensure that the right being exercised under FIPPA is within the scope of the authorization. If there are any questions about the validity or scope of an authorization, legal counsel should be contacted.

2       Clause 79(b) - Committee or substitute decision maker

A committee appointed for an individual under The Mental Health Act can only exercise a right or power on behalf of the individual under FIPPA if it relates to the powers and duties given to the committee by the court order appointing him or her, or by The Mental Health Act.

Similarly, a substitute decision maker appointed under The Vulnerable Persons Living with a Mental Disability Act can only exercise a right or power under FIPPA if it relates to the powers and duties given to the substitute decision maker by the order of the Vulnerable Persons Commissioner that appoints him or her.

The order appointing the committee or substitute decision maker provides him or her with the authority to act. A public body needs to examine the order carefully to ensure that the right being exercised under FIPPA is within the scope of the powers and duties set out in it. If there are any questions about the validity or scope of an order appointing a committee or a substitute decision maker, legal counsel should be contacted.

3       Clause 79(c) - Attorney under a power of attorney

A power of attorney is a document in which authority is given to one person (called the attorney) to do certain things in the name of the person granting the power (called the donor).

A power of attorney can authorize the 'attorney' to perform specific acts on behalf of the donor, or it can be a general power of attorney. The power of attorney document will set the limits on the authority that has been granted. The attorney may only exercise a right or power under FIPPA if it relates to the powers and duties that have been given to him or her by the power of attorney document.

A public body needs to examine a power of attorney carefully to ensure that the right being exercised under FIPPA is within the scope of the powers given by it. If there are any questions about the validity or scope of a power of attorney, legal counsel should be contacted.

4       Clause 79(d) - Parent or guardian of a minor

A parent or legal guardian of a "minor" (an individual under 18 years of age) does not automatically have authority to exercise rights or powers on behalf of his or her minor child or ward under FIPPA.

The head of the public body concerned must be satisfied that the exercise of the right or power by the parent or guardian would not constitute an unreasonable invasion of the minor's privacy. This leaves discretion in the hands of the public body to ensure the minor's privacy rights are protected in appropriate circumstances.

If there is any question as to whether an individual is the 'legal guardian' of a minor, legal counsel should be contacted.

5       Clause 79(e) - Personal representative of a deceased individual

The personal representative referred to in clause 79(e) of FIPPA is the executor named in the will of the deceased individual or, where there is no will, the administrator appointed by a court to administer the estate of the deceased individual.

The right or power being exercised under FIPPA must relate to the administration of the deceased individual's estate.

If there are any questions as to whether a person is a "personal representative" authorized to act on behalf of a deceased person under FIPPA, contact legal counsel.

PROTECTION FROM LIABILITY - [SECTION 84]

Section 84 of FIPPA states that no action or proceeding may be brought against the Government of Manitoba, a public body, the head of a public body, an elected official of a local public body or any person acting for or under the direction of the head of a public body for damages resulting from:

• 1. the disclosure in good faith, of all or part of a record or information under FIPPA, or for any consequences of that disclosure;
  2. the failure to disclose, in good faith, all or part of a record or information under FIPPA, or for any consequences of that failure to disclose ; or
  3. the failure to give a notice required by FIPPA, if reasonable care is taken to give the required notice.

"Damages" means civil liability to pay compensation or make reparation to someone who has suffered harm or a loss.

"Good faith" includes honest belief and absence of malice.

"Reasonable care" in this context means taking steps that are suitable in the circumstances.

PROTECTION WHEN DISCLOSING INFORMATION TO THE Ombudsman OR THE Adjudicator - [SECTION 86]

Public bodies and their officers and employees have a duty under FIPPA to co-operate with the Ombudsman, and with the Information and Privacy Adjudicator.

Subsection 86(1) of FIPPA states that no person is guilty of an offence under any other statute or regulation when he or she complies with a request or requirement under FIPPA to produce a record or provide information or evidence to the Ombudsman or the Information and Privacy Adjudicator, or a person acting for or under the direction of the Ombudsman or the Adjudicator.

Subsection 86(2) states that no adverse employment action shall be taken by a public body against an employee because the employee has complied with a request or requirement under FIPPA to produce a record or provide information or evidence to the Ombudsman or the Information and Privacy Adjudicator, or a person acting for or under the direction of the Ombudsman or the Adjudicator.

OFFENCES AND PENALTIES - [SECTION 85]

Subsection 85(1) sets out the offences under FIPPA and the penalty that a criminal court can impose if the court finds a person to be guilty of an offence.

It is an offence under FIPPA to "wilfully":

• 1. disclose personal information in contravention of Part 3 of FIPPA - Protection of Privacy;
  2. make a false statement to, or mislead or attempt to mislead, the Ombudsman or another person in performing duties or exercising powers under FIPPA;
  3. obstruct the Ombudsman or another person in performing duties or exercising powers under FIPPA;
  4. destroy a record or erase information in a record that is subject to FIPPA with the intent to evade a request for access to records; or
  5. fail to comply with section 44.1(4) (obligations of an information manager).

"Wilfully" means intentionally or deliberately.

Where a criminal court finds a person to be guilty of an offence listed above, the court may impose a fine of not more than $50,000.

Subsection 85(2) of FIPPA states that a prosecution under FIPPA may be commenced not later than two years after the commission of the alleged offence.

The offences set out in subsection 85(1) of FIPPA are 'regulatory offences' that are prosecuted in the criminal courts under The Summary Convictions Act of Manitoba. The court, not the Ombudsman or the Information and Privacy Adjudicator, determines whether the offence has been committed and what fine to impose.