Chapter 4: Access to Records

Overview

This Chapter outlines how a public body is to handle and respond to a request for access to records made by an applicant under Part 2 of FIPPA - Access to Information.

This Chapter covers:

• the right of access to records;
• the duty to assist an access applicant;
• the duty to protect personal information about an access applicant;
• making an access request;
• what to do when an access request is received;
• transferring an access request to another public body;
• the time limit for responding to an access request, and extending the time limit;
• the limited authority of a public body to disregard certain access requests;
• the steps in processing an access request;
• the response to an access applicant;
• refusal to confirm or deny the existence of a record;
• the manner in which access is given;
• fees, fee estimates and fee waivers;
• third party notices and intervention.

Part 2 of FIPPA - Access to Information - is 'access to information' legislation, and reflects two of the stated purposes in section 2 of FIPPA:

1. to allow any person a right of access to records in the custody or under the control of public bodies, subject to the limited and specific exceptions set out in FIPPA;
2. to allow individuals a right of access to records containing personal information about themselves in the custody or under the control of public bodies, subject to the limited and specific exceptions set out in FIPPA.

Specifically, subsection 7(1) of FIPPA states that any person has a right of access to a record, or part of a record, in the custody or under the control of a public body, including a record containing personal information about the person requesting access (the applicant).

This right of access does not extend to:

1. the limited types of records excluded from FIPPA by clauses 4(a) to 4(k);
2. information that is available to the public free of charge or for purchase [subsection 6(2)];
3. records or information specifically excluded from the access to information provisions of FIPPA by another Act or regulation;   or
4. information in a record that falls within an exception to disclosure in sections 17 to 32 of FIPPA [subsection 7(2)].

The right of access includes an applicant's right of access to a record containing personal information, other than personal health information, about himself or herself [subsection 7(1)].

An individual seeking access to a record containing his or her own personal health information must request access under   **The Personal Health Information Act**, not under Part 2 of FIPPA [subsection 6(1)].

An individual's right of access under Part 2 of FIPPA can be exercised by another person authorized to act on his or her behalf, under specific circumstances.

The right of access is subject to the payment of fees as required by the Access and Privacy Regulation.

Any person" has a right of access under Part 2 of FIPPA. The term "person", when used in legislation such as FIPPA, means an individual (that is, a human being) and also "includes a corporation and the heirs, executors, administrators or other legal representatives of a person". That is, the right of access under FIPPA is not restricted by residency or citizenship, and applies to corporations, businesses and other organizations, as well as to individuals.

THE DUTY TO ASSIST AN ACCESS APPLICANT - [SECTION 9]

FIPPA requires public bodies to make "every reasonable effort":

• to assist an applicant for access; and
• to respond to the access request quickly, openly, accurately, and fully.

The duty to assist the applicant is an important requirement in FIPPA. The duty applies throughout the access request process, but it is particularly important during the applicant's initial contact with the public body.

 

The public body, through its Access and Privacy Coordinator, should attempt to develop a cooperative working relationship with the **applicant** in order to better understand the applicant's wishes or needs, and to ensure that he or she understands the access to information process under FIPPA. Both the applicant and the public body will benefit from a cooperative, respectful relationship.

 

THE DUTY TO PROTECT THE PRIVACY OF AN ACCESS APPLICANT - [SECTIONS 41 AND 42]

Section 41 in Part 3 of FIPPA - Protection of Privacy - requires that a public body protect all personal information in its custody or under its control by "making reasonable security arrangements against such risks as unauthorized access, use, disclosure or destruction."

 

Section 42 requires that a public body:

1. limit use and disclosure of personal information to the minimum amount of information necessary to accomplish the purpose for which it is used or disclosed;
2. limit use of personal information to those of its employees - its officers, staff, contractors and agents - who need to know the information to carry out the purpose for which the information was collected or received, or for a purpose authorized under section 43 of FIPPA.

These duties apply to any personal information about an individual who is making an access request under Part 2 that the public body obtains or collects in the course of receiving and responding to the request.

 

For example, the name, home address, home phone number, and other personal information provided by an individual making an access request is personal information that the public body must protect and deal with in accordance with Part 3 of FIPPA.

 

This means that:

1. When Sharing information about the access request with other officers and staff in the public body:
   • the identity and other personal information about the access applicant must only be shared with those who need to know it to process, respond to, or make a decision about the access request; and
   • Any sharing of the identity of, and other personal information about, the access applicant must be limited to the minimum amount necessary to process, respond to, or make a decision about the access request.
2. The identity and other personal information about the access applicant must not be disclosed to an affected third party or to another public body (for example, in the context of consultations about the access request) unless:
   • The disclosure is necessary to process, respond to, or make a decision about the access request; and
   • The disclosure is limited to the minimum amount of personal information necessary to process, respond to, or make a decision about the access request.

But, when a public body transfers an access request to another public body under section 16 of FIPPA - because, for example, the other public body has custody or control of the records requested - it is appropriate to transfer the whole access request, including the name and contact information and other personal information provided by the access applicant to the other public body. This disclosure of personal information is appropriate, as this is information the other public body needs to process, respond to and make decisions about the access request.

MAKING AN ACCESS REQUEST - [SUBSECTIONS 8(1) AND 8(2); ACCESS AND PRIVACY REGULATION: SECTION 3]

How to Apply for Access

To apply for access to a record under Part 2 of FIPPA, a person must make a request to the public body that the person believes has custody or control of the record [subsection 8(1)].

An access request must be made by completing the "prescribed" application form - that is, Form 1 of Schedule A of the Access and Privacy Regulation [subsection 8(2) of FIPPA; subsection 3(1) of the Regulation].

 

An access request must be made by completing the "prescribed" application form - that is, Form 1 of Schedule A of the Access and Privacy Regulation [subsection 8(2) of FIPPA; subsection 3(1) of the Regulation].

The Application Form includes instructions and can be found on the FIPPA website at: http://www.gov.mb.ca/chc/fippa/pdfs/fippa appform apr2011.pdf

The applicant must provide enough detail to enable an experienced officer or employee of the public body to identify the record [subsection   8(2)].

The applicant must submit the Application for Access to the public body that the applicant believes has custody or control of the record being requested [subsection 8(1)]. Where practicable, the applicant must submit the Application to that public body's Access and Privacy Coordinator at the location of the public body identified   at: http://www.gov.mb.ca/chc/fippa/public bodies/list public bodies.html [subsection 3(2) of the Regulation].

In the case of a public body that is a government department or government agency, if an applicant sends an Application for Access to another office of the department or government agency, including to the Minister's office, it should be accepted, date stamped and forwarded immediately to the Access and Privacy Coordinator. If possible, it should be faxed to the Coordinator right away and then sent by mail.

 

Application forms should be available from all public offices and from the public body's Access and Privacy Coordinator. The Application for Access form is available on the FIPPA website   at: http://www.gov.mb.ca/chc/fippa/pdfs/fippa appform apr2011.pdf

If a person sends a letter requesting access, instead of using the required Application for Access form, the Coordinator should immediately fax or mail an application form to the person. Depending on the situation, the Coordinator may decide to begin processing the request at once in order to assist the applicant. This would be in keeping with the duty in section 9 of FIPPA to assist applicants.

 

Where a Request for Access Includes Personal Health Information

Every public body that falls under FIPPA is also a trustee of personal health information under The Personal Health Information Act.

If a public body receives an Application for Access from an applicant seeking access to a record that includes both information that falls under FIPPA   and personal health information about the applicant, the personal health information in the record must be dealt with under The Personal Health Information Act, not under FIPPA [section 6].

But, as The Personal Health Information Act does not require that a request for access be in writing, the Coordinator may decide to treat the FIPPA application as a request under both FIPPA and The Personal Health Information Act. This would also be in keeping with the duty in section 9 of FIPPA and in subsection 6(2) of The Personal Health Information Act to assist   applicants.

The time limit in The Personal Health Information Act for responding to a request by an individual for access to his or her   own personal health information is 30 days, with no extensions.

The only reasons for refusing an individual access to his or her personal health information are those set out in section 11 of The Personal Health Information Act.

When Oral Requests Are Permitted - [Subsection 8(3)]

FIPPA allows an applicant to make an oral request for access to a record if he or she:

1. has a limited ability to read or write English or French; or
2. has a disability or condition that impairs his or her ability to make a written request.

In this situation, a senior staff member should fill out the Application for Access form as directed by the individual and have the individual sign the form, if possible. The staff member should then date stamp the Application and send it immediately to the Access and Privacy Coordinator for the public body.

 

WHAT TO DO WHEN AN ACCESS REQUEST IS RECEIVED - INITIAL STEPS

Date Stamp Is Required

Subsection 3(3) of the Access and Privacy Regulation requires that, an Application for Access be date stamped "on the day it is received".

This means that the officer or staff member of the public body who first receives an Application for Access must date stamp the application on the day he or she received it - whether or not he or she is the Access and Privacy Coordinator.

 

If an officer or staff member other than the Access and Privacy Coordinator is the first to receive the Application for Access, after date stamping the request, he or she should immediately forward it to the Coordinator, as the time limit for responding to the access request runs from the date it is received by the public body.

On receiving an Application for Access, the Access and Privacy Coordinator should record the application and the date it was received by   the public body in an access request tracking log.

A Note about Documentation

The handling of an access request, and decisions related to it, need to be well documented. Thorough documentation will be important:

1. for discussions with legal counsel;
2. in the final decision-making stages;
3. in explaining decisions to the Ombudsman if a complaint is made;
4. in preparing affidavit evidence for court in the event of an appeal respecting a refusal of access;
5. if the Ombudsman undertakes an audit of the public body's access to information practices, etc.;

The public body should record receipt of the access request and open a file for it. The file should include:

1. the Application for Access, with date stamp;
2. all internal and external correspondence (including e-mail, etc.);
3. a record of discussions with the applicant;
4. details relating to the search for responsive (relevant) records, including staff time spent locating, retrieving, copying and reviewing the records, copies of relevant records schedules, file lists, etc. and a summary of locations searched;
5. a record of consultations within the public body, and with third parties, other public bodies and legal counsel;
6. a record of all decisions respecting the access request, including:
• if fees are being charged, a record of how they were calculated, a copy of the Estimate of Costs, etc.;
• if the time for responding to the access request is being extended under subsection 15(1) of FIPPA, the basis for the extension;
• the exceptions to disclosure to be relied on, actions to be taken, reasons for each decision, and recommendations for responding to the access request (see the discussion later in this Chapter under Line-by-Line Review);

an unmarked copy of the responsive records, and a copy of the severed documents released to the applicant. A third copy of the records, to be used as a working copy, is also useful; etc.

Initial Review of the Access Request

On the day it is received, or as soon after as possible, the Access and Privacy Coordinator should review the access request to determine:

• whether the application is understandable and complete;
• whether it has been sent to the appropriate public body;
• whether a formal application under FIPPA is necessary in order for the applicant to obtain the information; and
• whether consultation with third parties or another public body may be required.

1. The request is unclear, provides insufficient information, or is overly broad.

An access request must be in the required form and "must provide enough detail to enable an experienced officer or employee of the public body to identify the record" requested [subsection   8(2)].

If the request is unclear, provides insufficient information, or is overly broad, the Access and Privacy Coordinator should contact the applicant as quickly as   possible to clarify his or her information needs. Vague or overly general applications are usually the result of a lack of understanding of the functions of the public body, its records or how to   best state the request.

Under clause 15(1)(a) of FIPPA, the head of the public body may extend the time for responding to an access request for up to an additional 30 days, or longer if the Ombudsman agrees, if "the applicant does not give enough detail   to enable the public body to identify a requested record".

 
2. The request should have been sent to another public body.

Where an Application for Access has been sent to the wrong public body, the Access and Privacy Coordinator should transfer the application as soon as possible, and no later than 7 days after receipt, to the appropriate public body [section 16]. Section 16, and transferring access requests, is discussed later in this Chapter, under Transferring an Access Request to Another Public Body.

 
3. The information is available outside the FIPPA process

A public body may be able to satisfy an applicant's information needs by providing records that are already publicly available, or that can be made available through the process of routine disclosure.

The Access and Privacy Coordinator should notify the applicant right away and advise him or her of the process for obtaining the information.

In many cases, the public body will simply provide the information, subject to any copying charges. In some instances, the applicant may be required to fill out a different application form. For example, if the applicant wants access to records governed by The Vital Statistics Act, he or she will have to complete the appropriate form of the Vital Statistics Agency and submit the required fee. The Coordinator should ensure that the applicant understands what is required or who to contact for further information and should then confirm that the applicant wishes to withdraw the Application for Access under FIPPA.

 

Blanket Requests

A 'blanket' request occurs when an applicant has sent the same, or substantially the same, request for access to two or more government departments, at the same time or nearly the same time.

 

For information about procedures to follow when handling blanket requests, contact the Information and Privacy Policy Secretariat of the Department of Sport, Culture and Heritage.

Transferring AN Access Request to Another Public Body - [Section 16]

Subsection 16(1) states that the head of a public body may transfer a request for access to a record to another public body in three situations:

 

1. if the record was produced by or for the other public body, or
2. if the other public body was the first to obtain the record, or
3. the record is in the custody or control of the other public body.

The transfer must take place within seven days after the public body received the access request.

Before an access request is transferred, the Access and Privacy Coordinator must confirm that the second public body has custody or control of the requested record and that it agrees to the transfer.

Clause 16(2)(a) of FIPPA requires that, if an access request is transferred to another public body, the head of the public body that transfers the application must notify the applicant of the transfer in writing as soon as possible. A sample letter notifying an applicant that his or her access request has been transferred can be found in the Model Response Letters and Forms, on the FIPPA website at:   http://www.gov.mb.ca/chc/fippa/public_bodies/resources_public_bodies.html

Clause 16(2)(b) requires that the public body to which the access request is transferred make every reasonable effort to respond to the request within 30 days after receiving it, unless the time limit is extended under section 15(5) or notice is given to an affected third party under section 33 of FIPPA.

TIME LIMIT FOR RESPONDING TO AN ACCESS REQUEST - [SECTIONS 11 AND 15]

Time Limit for Responding - [Section 11]

Subsection 11(1) requires a public body to make every reasonable effort to respond to a request for access in writing within 30 days after receiving it, unless:

1. the time limit is extended under section 15 of FIPPA; or
2. the request has been transferred to another public body under section 16 of FIPPA.

The time limit for responding to a request by an individual for access to his or her own personal health information under The Personal Health Information Act is also 30 days, but unlike FIPPA, this time limit cannot be extended. When dealing with a request for access to a record that contains   personal health information about the applicant as well as other information, a public body must be aware of the difference in the time limits between the two Acts. Also, the only grounds for refusing an individual access to his or her own personal health information are those set out in subsection 11(1) of The Personal Health Information Act.

The 30-day time limit is based on **calendar days**, not working days. The 30 days start to run on the day after the date that the Application for Access is received by any officer or employee of the **public body**.²⁴   For this reason, it is essential that the Access and Privacy Coordinator have a back-up person to take over FIPPA responsibilities when the Coordinator is on leave.

 

If the 30-day period ends on a Sunday or other statutory holiday, the time for responding is extended to the next day that is not a Sunday or a statutory holiday.²⁵   Subsection 23(1) of The Interpretation Act of Manitoba states that the following days are 'statutory' holidays:

• Sundays,
• New Year's Day,
• the third Monday in February to be known as "Louis Riel Day",
• Good Friday,
• Victoria Day,
• Canada Day,
• Labour Day,
• Thanksgiving Day,
• Remembrance Day,
• Christmas Day,
• the day after Christmas known as "Boxing Day", and
• any day declared a holiday by proclamation of the Governor-General of Canada or the Lieutenant Governor of Manitoba.

Under subsection 23(2) of The Interpretation Act, when a holiday other than Sunday or Remembrance Day falls on a Sunday, the next day is a holiday, and when Christmas Day falls on a Sunday, December 27th is a holiday.

If you have any questions about when the time limit for responding to an access request begins or ends, contact legal counsel.

If an access request is incomplete and further information is required from the applicant, the Access and Privacy Coordinator should seek this information right away. The date on which the access request was received by the public body cannot be changed. But, the need to obtain more information may be grounds for extending the time limit under subsection 15(1) of FIPPA (discussed next).

Extending the Time Limit for Responding - [Section 15]

The head of a public body may extend the 30 day time period for responding to an access request for up to an additional 30 days only if:

1. the access applicant does not give enough detail to enable the public body to identify the requested records;

   Where the public body has, despite reasonable efforts, been unable to obtain the necessary details or clarification during the initial 30 day time limit, this extension may apply to give the public body more time to do so.

2. a large number of records is requested or must be searched, and responding within the time period set out in section 11 would interfere unreasonably with the operations of the public body;
   

   There are two requirements that must be met before clause 15(1)(b) can be relied on to extend the 30 day time limit:

   • a large number of records has been requested or must be searched; and
   • responding within the 30 day time limit would unreasonably interfere with the operations of the public body.
3. time is needed to consult with a third party or another public body before deciding whether or not to grant access to a record;
   

   Where the public body has, despite reasonable efforts, been unable to complete the necessary consultations within the initial 30 day time limit, clause 15(1)(c) may apply to give the public body more time to do so. Note that clause 15(1)(c) applies to consultations with other public bodies or with third parties; it does not apply to consultations amongst the officers and staff of the public body itself. Other public bodies that are consulted about an access request should respond as quickly as possible.

4. a third party makes a complaint under subsection 59(2).
   

   A third party who has been given notice by the head of a public body under section 34 of FIPPA of the head's decision to give access to a record containing information affecting the third party's privacy interests under section 17 or its business interests under section 18 may complain to the Ombudsman about the decision to give access.

Note: A public body cannot claim a time extension for the time it spends reviewing records or consulting within its own ranks.

Under clause 15(1), the head of the public body, or the head's delegate, may extend the time period for responding to an access request for up to an additional 30 days, or for a longer period if the Ombudsman agrees. An extension of time must take place within the initial 30 day response period.

If a public body requires an extension of longer than 30 days, it should follow the procedures in Ombudsman Practice Note: Making a Submission to the Ombudsman for an Extension Longer than 30 Days.²⁸

If the time for responding is extended under subsection 15(1), the head of the public body, or his or her delegate, must send a written notice to the applicant setting out:

• the reason for the extension of time, which must be one of the 4 reasons set out in subsection 15(1);
• when a response to the access request can be expected; and
• that the applicant may complain to the Ombudsman about the extension of time [subsection 15(2)].²⁹

A sample letter notifying an applicant of an extension of the time period for responding to an access request can be found in the Model Response Letters and Notices, on the FIPPA website at:   http://www.gov.mb.ca/chc/fippa/public bodies/resources public bodies.html.

Time for Responding Suspended If Fee Estimate Given - [Subsection 82(4)]

If a public body gives a written estimate of fees to an applicant under subsection 82(2) of FIPPA, the time within which the public body is required to respond to the access request under subsection 11(1) is suspended until the applicant notifies the public body that he or she wishes to proceed with the access application [subsection 82(4)].

If the applicant does not notify the public body that he or she wishes to proceed within 30 days from the date the fee estimate is given, the public body may consider the application to have been abandoned [subsection 82(3)].

Failure to Respond in Time is a Deemed Refusal of Access - [Subsection 11(1)]