Finance and Economic Development Committee
Comité
des finances et du développement économique
and Council / et au Conseil
March 26, 2012 / le 26 mars 2012
Submitted by/Soumis par : M. Rick O'Connor,
City Clerk and Solicitor / Greffier et Chef du contentieux
Contact Person/Personne ressource : Catherine Bergeron, Manager, Elections
& MFIPPA
City
Clerk and Solicitor/Greffier et Chef du contentieux
(613)
580-2424 x 44127, catherine.bergeron@ottawa.ca
|
Ref N°: ACS2012-CMR-CCB-0014 |
SUBJECT:
|
|
|
|
|
OBJET :
|
RAPPORT
DE FIN D'ANNÉE SUR L'APPLICATION DE LA LAIMPVP - SOMMAIRE 2011 |
That the Finance and Economic Development Committee recommend Council receive this report for information.
Que le Comité des finances et
du développement économique recommande que le Conseil municipal prenne
connaissance de ce rapport à titre d'information.
The Municipal Freedom of Information and Protection of Privacy Act, 1990 (MFIPPA) applies to all local government ”institutions”, including municipalities, school boards, public utilities, transit, commissions, police services boards, public library boards, conservation authorities, boards of health, and other local boards.
MFIPPA sets out the rules and regulations that municipal institutions must abide by to protect the privacy of an individual’s personal information contained within government records. This includes the collection, use, disclosure and disposal of personal information in the custody and control of the municipal institution. MFIPPA also gives individuals the right to access municipal government information, including most general records, and records containing their own personal information, subject to very specific and limited exemptions.
Each institution as defined under MFIPPA is required to appoint a Head of Institution that is responsible for overseeing the administration of and for decisions made under the legislation. For the City of Ottawa, the City Clerk and Solicitor has been designated by Council to be the Head of Institution for these purposes.
As indicated in the 2010 year end MFIPPA report (ACS 2011-CMR-CCB-0088), some of the responsibilities that are delegated to the Head of Institution include:
· Responding to formal access requests submitted under MFIPPA;
· Evaluating and providing direction to all City departments regarding informal (routine disclosure) requests to enhance public access while ensuring confidentiality provisions are adhered to;
· Ensuring personal information held by the City is only exchanged with, collected from or disclosed to authorized individuals and/or other institutions in accordance with MFIPPA;
· Evaluating and undertaking periodic review of the City’s programs and technologies to ensure they continue to meet statutory requirements;
· Designing and delivering training programs and presentations on MFIPPA to City employees to ensure compliance with all requirements; and
· Submitting an annual report to the Information and Privacy Commissioner that includes numerous statistics and factors contributing to the City’s performance on managing access requests.
In addition to the responsibilities delegated under MFIPPA, the City Clerk and Solicitor also administers access requests related to the Personal Health Information Protection Act, 2004 (PHIPA). PHIPA establishes rules for the collection, use and disclosure of personal health information for Health Information Custodians operating with the province of Ontario. At the City of Ottawa, the following are Health Information Custodians:
· Ottawa Paramedic Service;
· Medical Officer of Health and Public Health Branch;
· Employee Assistance Program; and the
· City’s four long-term care homes:
- Garry J. Armstrong,
- Carleton Lodge,
- Centre d’accueil Champlain, and
- Peter D. Clark Centre.
The purpose of this annual report is to advise Council of the City’s achievements for the year 2011 as well as a summary of the operations of the City’s Access to Information and Privacy (ATIP) Office. In order to provide some comparative context and to illustrate the steady increase in the number of access requests, data is being provided for 2009, 2010 as well as 2011.
Also provided in this report is a brief outline of the initiation of Routine Disclosure Guidelines the ATIP Office will be commencing in 2012 to provide a more customer-friendly way of providing information to the public, directly by departments without the necessity of a formal access process.
Access to Information
Requests for access to general and personal information are undertaken pursuant to the Municipal Freedom of Information and Protection of Privacy Act, 1990 (MFIPPA). As outlined above, requests filed under Part I of MFIPPA are for access to municipal government information, including most general records and records containing an individual’s own personal information and are subject to specific and limited exemptions. Part II of MFIPPA relates to the protection of individual privacy, including rules governing the collection, use, retention and disclosure of personal information. These privacy rules apply to all personal information in the custody or control of institutions regardless of whether an access request has been made, with the exception of public records and certain labour relations records.
Part V of PHIPA prescribes the rules governing the right of access to an individual’s own personal health information that is in the custody or under the control of a Health Information Custodian (HIC). As mentioned above, the City of Ottawa has four such HICs who have custody and control of personal health information.
The following briefly outlines the steps taken in order to respond to an access request:
1. Day 1 - Completed request for access to information is received in the ATIP Office, the legislated calendar or “clock” commences.
2. A retrieval e-mail is issued immediately to the relevant department.
3. The department must either provide the requested information to the ATIP Office within 5-7 calendar days, OR, if it will take over three hours to search for the records, advise the ATIP Office of the number of search hours and the estimated number of pages.
4. If the ATIP Office is advised that it will take more than three hours to search for the records and there are a large number of estimated pages, the requester is notified and asked to pay one-half of the estimated costs.
5. The legislated clock stops until the requester pays the 50% deposit.
6. If the deposit is not paid within 30 days the access request is abandoned.
7. If the deposit is paid, the “clock” re-commences and the department is advised to immediately provide the records to the ATIP Office.
8. Records are then reviewed to ascertain if they contain any information that should be exempted as per MFIPPA. If so, those records are severed to protect personal or confidential information.
9. No later than Day 30 - Decision letter prepared and issued by the City Clerk and Solicitor.
In general, MFIPPA and PHIPA prescribe a 30 calendar day time limit in which an institution must provide the requested information and/or decision regarding the request. An institution may ask for an extension if the request is for an extensive number of records and/or if outside consultation is required. A request for an extension must give the requester both the reason for and length of the extension. The requester has the right to ask the provincial Information and Privacy Commissioner to review the request for an extension.
There are numerous types of access to information requests received in the ATIP Office. Examples of these include By-law reports for property standards, fire and ambulance reports, Health Department inspection reports, expenses for Members of Council, Requests for Proposals, and claims for damages.
The charts below provide a comparison and show a definite increase in the number of requests received and completed from 2009 to 2011.
In 2011, the City received 680 access requests, which represents an increase of 18 % over 2010. This results in an overall increase of approximately 26% in access requests from 2009. In total, the ATIP Office reviewed 37,949 pages of records, an increase of 74% over 2010 (21,831 pages), with 29,087 pages of those records released, an increase of 115% in the number of pages released in 2011 (13,498 pages were released in 2010).
In early
2012, several access requests were received that specifically included PIN to
PIN communications. As a result of these
requests, a review of the scope and nature of records to be retrieved and
reviewed as part of the processing of access requests was undertaken. Staff confirmed that PIN to PIN
communications are subject to access requests made under the Act if the subject
of such communications pertained to City business and are therefore records
over which the City has either custody or control. As with all other records that may be
responsive to an access request, PIN to PIN communications will be retrieved
and reviewed in accordance with the requirements of the Act and a decision on
their disclosure will be taken on a case-by-case basis. The inclusion of PIN to PIN communications
will therefore be highlighted in all internal retrieval and processing steps
for access requests received under the Act on a go-forward basis if appropriate
and relevant to the access request in question.
Compliance Rate
For the 2011 reporting year, 84% of the requests completed were responded to within the 30 day timeline, which is an increase of three percentage points over 2010.
Where
extensions on time limits were applied under Subsection 20(1) of the Act, due
to either the requirement for external consultation or the complexity of the
request, the compliance rate was approximately 96%. While the City was not 100% compliant for
these requests, largely due to the amount of work that must be undertaken by
departments as well as the analysts in the ATIP Office, this is a seven
percentage point increase from the 2010 compliance rate.
|
Requests for Access to General Records |
|||
|
|
2011 |
2010 |
2009 |
|
Number of new formal requests received |
680 |
576 |
541 |
|
Number of formal requests completed |
641 |
553 |
533 |
|
Number of formal requests completed within 30 days |
539 |
450 |
469 |
|
Number of formal requests completed within statutory time limit provided for extensions |
613 |
494 |
479 |
|
% of formal requests completed within 30 days |
84% |
81% |
88% |
|
% of formal requests completed within statutory time limit provided for extensions |
96% |
89% |
90% |
|
Requests for Access to Own Personal Information |
|||
|
|
2011 |
2010 |
2009 |
|
Number of formal requests received |
29 |
33 |
30 |
|
Number of formal requests completed |
29 |
30 |
29 |
|
Number of formal requests completed within 30 days |
20 |
24 |
29 |
|
Number of formal requests completed within statutory time limit provided for extensions |
24 |
28 |
29 |
|
% of formal requests completed within 30 days |
69% |
80% |
100% |
|
% of formal requests completed within statutory time limit provided for extensions |
83% |
93% |
100% |
|
PHIPA Requests |
|||
|
|
2011 |
2010 |
2009 |
|
Number of formal requests received |
19 |
29 |
15 |
|
Number of formal requests completed |
19 |
29 |
15 |
|
Number of formal requests completed within 30 days |
19 |
29 |
15 |
|
Number of formal requests completed within statutory time limit provided for extensions |
19 |
29 |
15 |
|
% of formal requests completed within 30 days |
100% |
100% |
100% |
|
% of formal requests completed within statutory time limit provided for extensions |
n/a |
n/a |
n/a |
IPC Appeals
Intake Process and Mediation
A person who has made a request under MFIPPA or PHIPA may, within 30 days after the institution has issued its decision, appeal to the Information and Privacy Commissioner of Ontario (IPC). The appellant (person who is appealing) begins the process by submitting a notice of appeal in writing to the IPC. The IPC screens all appeals received and may dismiss an appeal which is not within its jurisdiction or which, in its view, does not warrant further action. Where an appeal is not dismissed, the IPC notifies the institution and any other person who may be affected by the appeal.
The IPC is committed to mediation as the preferred method of dispute resolution. It notifies an institution that an appeal has been filed by issuing a “Notice of Mediation”. The notice advises the institution of the name of the appellant, the IPC’s appeal number and the name of the mediator assigned to the case. The institution is also advised that if it wishes to claim discretionary exemptions in addition to those set out in its decision letter, it must do so within 35 days. A mediator is authorized to investigate the circumstances of any appeal and to try to effect a settlement in the matter. In a mediated settlement, all parties reach an agreement about the matter under appeal. If the appeal is not resolved through mediation, it may proceed to inquiry.
Appeals
|
Appeals to Access to General Records |
|||
|
|
2011 |
2010 |
2009 |
|
Number of Appeals |
6 |
6 |
9 |
|
Average number of days to complete Appeals |
198 |
249 |
82 |
|
Appeals to Access to Own Personal
Information |
|||
|
|
2011 |
2010 |
2009 |
|
Number of Appeals |
0 |
0 |
1 |
|
Average number of days to complete Appeals |
n/a |
n/a |
72 |
|
Appeals to Access to PHIPA Requests |
|||
|
|
2011 |
2010 |
2009 |
|
Number of Appeals |
0 |
0 |
0 |
|
Average number of days to complete Appeals |
n/a |
n/a |
n/a |
Inquiry
If an appeal is not resolved through the mediation stage, it proceeds to the Inquiry Stage and an adjudicator is assigned to the process. MFIPPA provides that parties involved in an inquiry are entitled to make representations to the IPC. The parties are invited to submit their representations in writing.
Once the representations are received, they are considered by the adjudicator and an Order is issued to resolve the outstanding issues. Both parties are advised that, should representations not be received, a decision (or order) may be issued in the absence of any representations.
Issuance of an Order
After receiving submissions from all parties, the adjudicator assigned to the matter issues a binding Order that is not subject to appeal. This Order is published on the IPC website. An order may provide a statement requiring the institution to disclose the records referred to in the Order within a specified timeframe.
There were four Orders issued by the IPC to the City of Ottawa in 2011. Of these decisions, two Orders upheld the City’s actions and two upheld the City’s decisions only in part. The four Orders and outcomes are summarized below:
· Order MO-2591, dated January 27, 2011: Order upheld City decision in part. Issue was denial of access to records that affect interests of a third party, ordering that one page continue to be withheld from disclosure but that another page be disclosed to the appellant http://www.ipc.on.ca/images/Findings/MO-2591_1.pdf
· Order MO-2597, dated February 10, 2011: Order upheld City’s fee estimate and denial of appellant’s fee waiver request http://www.ipc.on.ca/images/Findings/MO-2597.pdf
· Order MO-2621, dated May 11, 2011: Order upheld City decision to deny access a confidential Community and Protective Service Committee Report that was considered in-camera. http://www.ipc.on.ca/images/Findings/MO-2621.pdf
· Order MO-2666 dated, October 31, 2011: Order upheld the City decision in part. Order upheld City decision in respect of records that were subject to solicitor-client privilege but ordered that portions of other records that the City argued affected its economic and other interests be disclosed to the Appellant. http://www.ipc.on.ca/images/Findings/MO-2666.pdf
Third Party Summary
Institutions under MFIPPA often acquire information about activities of third parties, often being private sector companies or organizations. Some of this information may represent a valuable asset to the City and disclosure of the information could impair its ability to compete effectively. Subsection 10(1) of MFIPPA provides a mandatory exemption from disclosure for certain third party information where disclosure could reasonably be expected to cause certain harms. This exemption is not limited to commercial third parties, but may also apply to any supplier of information which meets the third party harms tests as outlined below.
Section 21 of MFIPPA provides, that before access is granted to a record that might contain information referred to in Subsection 10(1) of MFIPPA (third party interest), that party must be notified and given the opportunity to make representations to the City before a final access decision is made. The burden of establishing that the record falls within this section, as outlined above, rests with the third party.
To successfully qualify for a third party exemption
under Section 10 of the Act, each all
of the following three tests must be met:
1.
The information must fit within one of the specified
categories of third party information; trade secret or scientific, technical,
commercial, financial or labour related information; and
2.
The information must have been implicitly or
explicitly supplied in confidence by the
company; and
3.
That disclosure of this information could reasonably
be expected to cause one of the harms indicated below:
·
prejudice the competitive position or interfere with
any contractual rights possessed; or
·
result in the company no longer supplying this or
similar information to the City of Ottawa; or
·
result in undue loss or gain to any person, business
or organization.
To meet the third part of the test, the
affected party must provide “detailed and convincing” evidence to establish a
“reasonable expectation of harm”. Case
law from the IPC has determined that evidence amounting to speculation of
possible harm is not sufficient.
|
Access to General Records |
|||
|
|
2011 |
2010 |
2009 |
|
Number of Requests affecting interests of a 3rd party |
40 |
32 |
14 |
Routine Disclosure Guidelines
During the past four
years, formal requests for access to information at the City through MFIPPA
have steadily increased. Upon an internal review, it has been determined that various
requests held no requirement to access confidential or proprietary information
and therefore the records could have been provided directly from the responsive
program area, to the requester. It
appears possible that some City staff are hesitant to release information due
to a lack of understanding precisely what information is protected under MFIPPA
and what is considered a routine disclosure or “business as usual”.
MFIPPA provides that an
institution may establish a routine disclosure program, when there is nothing
in MFIPPA to prevent the institution from giving access to the
information. A routine disclosure
guideline will establish an open and transparent way of providing information
to the public, directly from departments, without the requirement of a formal
access request. It is anticipated that such initiative may reduce the overall
number of formal requests made under the Act as well as the time and resources
expended to meet the City’s statutory obligations. The proposed approach to
such a routine disclosure is detailed more fully in Document 1 to this report.
Privacy
– Being Proactive
The ATIP Office continued
to address privacy issues as they arose in 2011 and provided recommendations to
various departments and branches on how to both prevent and to mitigate privacy
breaches as well as to improve staff awareness of MFIPPA. The Office also played an integral role in
assisting with the Privacy Impact Assessment for the new Service Ottawa website
and Citizen Centric Service initiatives.
Throughout 2011, forty training sessions on access and privacy
legislation were provided to various program areas. In 2012, regular access and privacy training
sessions will be made available in conjunction with the Learning Centre.
There are no rural implications.
This is an internal information report and no consultation was required.
LEGAL
IMPLICATIONS
There are no legal implications to receiving this report.
There are no risk management implications to receiving this report.
This report aligns with Council’s Strategic Priority entitled “Governance, Planning and Decision Making.” This Strategic Priority aims to “Achieve measurable improvement to residents’ level of trust in how the City is being governed and managed, ensure that decisions will result in sustainable measures over the long term and create a governance model that compares well to those used by best-in-class cities around the world”
Specifically, this report supports and compliments Strategic Objective GP1: “Improve the public’s confidence in and satisfaction with the way Council works.” This objective is described as follows: “Put into place business practices that are democratic, engaging and visible by encouraging citizens to participate in decision-making and community life, by informing them in a timely manner of decisions that affect them, and by providing reasons for decisions.”
There are no financial implications associated with this report.
There are no accessibility implications with this report.
Technology Implications
There are no technology implications with this report.
The City Clerk and Solicitor Department will implement any decisions made by Council in relation to this report as well as further refine and implement the Routine Disclosure Guidelines.
Document 1: Routine Disclosure
Guidelines Initiative
The Access to
Information and Privacy Office has commenced the drafting of routine disclosure
guidelines and will involve every department with its implementation. This implementation plan will target each
department and branch in the City. One
of the key principles of the Municipal
Freedom of Information and Protection of Privacy Act is that “information should be available to the
public”. While MFIPPA provides for
the right to formal access to records through filing an access request it also
provides that the City may establish routine disclosure of some of its records,
when there is nothing in MFIPPA to prevent the City from giving access to the
information. Using MFIPPA as a framework,
the ATIP Office will create a guideline and will also assist departmental staff
with the determination of what records/material can be released under a
“business as usual” or routine disclosure process. The objective is to enhance
access to municipal government records and to provide City staff with the
appropriate tools on the types of information that can be routinely
disclosed. Routine disclosure is a
cost-effective and client-friendly way of providing access to information to
the public, directly by program areas, without the requirement of a formal
access request. Processing requests and
appeals within the legislative parameters of MFIPPA is more expensive and time
consuming than having access to pre-identified categories of records. It is anticipated that, once fully
implemented, this initiative should result in a reduction of the overall number
of formal requests that must be processed in accordance with MFIPPA as well as
a corresponding reduction in staff time and resources in addressing same.
Commencing in 2012, ATIP Office
staff will be contacting each department seeking the name of a departmental
representative for this initiative. The
representative should be capable of providing a general framework of records
currently held by the department. ATIP Office staff will then review the
information, apply the legislation and provide each department with a guideline
on which records can be routinely disclosed to the public.
In keeping with this
initiative, the ATIP Office will also be identifying records for active
dissemination by posting the information on Ottawa.ca. The City already does this by posting minutes
of Council and Committee meetings, by-laws, etc. With the use of Open Data, large amounts of
statistical information that has been gathered as a result of an access to
information request can be posted and made available to the public.
In 2010 Dr. Ann Cavoukian,
the Information and Privacy Commissioner of Ontario introduced a concept that
encourages public institutions to take a proactive approach to releasing
information by making the disclosure of government-held information an
automatic process where possible. This
concept, called Access by Design,
establishes seven principles that may be applied to almost all types of
government-held information. However, the emphasis is on information that
allows citizens to hold their government accountable. The seven principles are:
1.
to be proactive not reactive;
2.
ensure access is embedded into design;
3.
openness and transparency (accountability);
4.
fostering collaboration;
5.
enhancing efficient government;
6.
making access truly accessible; and
7.
increasing the quality of the information.
Keeping these seven
principles in mind, the ATIP Office would provide an expanded access to the
results of access requests by posting the information on the city’s Open Data
page 30 days after release to the requester.
Opportunities for posting the information would be identified on a
case-by-case basis and would continue to uphold the protection of personal and
proprietary information.