3.       2010 Year END MFIPPA REPORT

 

RAPPORT DE FIN D’ANNÉE SUR L’APPLICATION DE LA LAIMPVP – Sommaire 2010

 

 

COMMITTEE RECOMMENDATION

 

That Council receive this report for information.

 

Recommandation du ComitÉ

 

Que le Conseil municipal prenne connaissance de ce rapport à titre d’information.

 

 

 

DOCUMENTATION

 

1.      City Clerk and Solicitor’s report dated 22 February 2011 (ACS2011-CMR-CCB-0026).

 

 

 

 

 


Report to/Rapport au :

 

Finance and Economic Development Committee

Comité des finances et du développement économique

 

and Council / et au Conseil

 

22 February 2011 / le 22 février 2011

 

Submitted by/Soumis par : M. Rick O'Connor,
City Clerk and Solicitor / Greffier et Chef du contentieux

 

Contact Person/Personne ressource : Catherine Bergeron / Manager, Elections & MFIPPA / Gestionnaire, Élections et LAIMPVP

(613) 580-2424  x44127, catherine.bergeron@ottawa.ca

 

 

Ref N°: ACS2011-CMR-CCB-0026

 

 

SUBJECT:

2010 year end mfippa report - Summary

 

 

OBJET :

RAPPORT DE FIN D’ANNÉE SUR L’APPLICATION DE LA LAIMPVP – Sommaire 2010

 

REPORT RECOMMENDATION

 

That the Finance and Economic Development Committee recommend Council receive this report for information.

 

 

RECOMMANDATION DU RAPPORT

 

Que le Comité des finances et du développement économique recommande que le Conseil municipal prenne connaissance de ce rapport à titre d’information. 

 

 

BACKGROUND

 

The Municipal Freedom of Information and Protection of Privacy Act, 1990 (MFIPPA) applies to all local government organizations, including municipalities, school boards, public utilities, transit and police commissions, public library boards, conservation authorities and boards of health as well as other local boards.

 

MFIPPA sets out rules and regulations municipal institutions must abide by to protect the privacy of an individual's personal information in government records. It includes rules regarding the collection, use, disclosure and disposal of personal information in the custody and control of a municipal institution. It also gives individuals the right to access municipal government information, including most general records and records containing their own personal information, subject to very specific and limited exemptions.

 

Each municipal organization is required to appoint a Head of Institution that is responsible for overseeing the administration of the legislation within the institution and for decisions made under the legislation. At the City of Ottawa, the City Clerk and Solicitor is the Head of Institution for the purposes of MFIPPA.

 

The responsibilities delegated to the City Clerk and Solicitor, as Head of Institution, under the Municipal Freedom of Information and Protection of Privacy Act include:

·         Responding to formal requests submitted under MFIPPA;

·         Evaluating and providing direction to all City departments regarding informal ("business as usual") requests to enhance public access while ensuring that the confidentiality provisions of the Act are met;

·         Ensuring personal information held by the City is only exchanged with, collected from or disclosed to authorized individuals and/or institutions in accordance with the Act and its Regulations;

·         Evaluating and undertaking periodic reviews of the City's programs and technologies to ensure that they meet statutory requirements;

·         Designing and delivering training programs and presentations on MFIPPA to City employees to ensure that employees are informed about the requirements of the Act;

·         Ensuring that processes are in place for efficient and prompt disposal of information;

·         Providing ongoing updates on decisions of the Information and Privacy Commissioner/Ontario (IPC) and how such decisions affect the corporation;

·         Reviewing the development of forms, surveys and questionnaires to ensure that they include statutory authority for the collection of the personal information, the purpose for which the information will be used and a contact for the client; and

·         Submitting an annual report to the Information and Privacy Commissioner that includes numerous statistics and factors contributed to the City’s performance on managing access and privacy requests.

 

In addition to MFIPPA, the City Clerk and Solicitor also administers information requests related to the Personal Health Information Protection Act, 2004 (PHIPA).  PHIPA sets out rules for the collection, use and disclosure of personal health information for Health Information Custodians operating within the province of Ontario, and also allows individuals to request access to their own personal health information held by these Custodians.

 

In keeping with the general principles outlined in the City’s Accountability and Transparency Policy that, “every new delegation of power authority will have a corresponding accountability mechanism,” the purpose of this report is to provide a summary to the Finance and Economic Development Committee and Council on the City’s achievements for the year 2010 as well as a summary of the operations of the City’s Access to Information and Privacy Office (ATIP). This report is provided on an annual basis. In effort to provide some comparative context, staff have provided data for 2009 as well as 2010.

DISCUSSION

 

Access and Privacy Requests relate to requests under the Municipal Freedom of Information and Protection of Privacy Act. As outlined above, Access Requests relate to access to municipal government information, including most general records and records containing an individual’s own personal information, subject to very specific and limited exemptions. Privacy principles are outlined in Part II of MFIPPA.  These principles reflect internationally accepted fair information practices, and are based on two beliefs:

·       that an individual has the right to control his or her own personal information; and

·       that the privacy rules governing the collection, use, disclosure, retention and disposal of personal information are necessary.

 

These privacy rules apply to all personal information in the custody or control of institutions regardless of whether an access request has been made, with the exception of public records and certain labour relations records.

 

Also as outlined above, PHIPA requests relate to the collection, use and disclosure of personal health information for Health Information Custodians operating within the province of Ontario, and the ability for individuals to request access to their own personal health information held by these Custodians.

 

MFIPPA and PHIPA legislation stipulates that an institution must provide the requester with the information and/or a decision regarding their request within 30 calendar days from the date a complete request is received. An institution may ask for an extension if the request is for an extensive number of records and/or if outside consultation is required.

 

Pursuant to MFIPPA, the Head of the Institution may extend the prescribed time limit for a period of time that is reasonable in the circumstances, if

a)      the request is for a large number of records or necessitates a search through a large number of records and meeting the time limit would unreasonably interfere with the operations of the institution; or

b)      consultations with a person outside the institution are necessary to comply with the request and cannot reasonably be completed within the time limit.

 

The Head must give the requester written notice of the extension setting out the length of the extension, the reason for the extension; and that the individual may ask the IPC to review the extension.


There are numerous types of access to information requests received in the ATIP office.  Examples of the typical requests received are:  fire and ambulance reports; house and specific commercial plans; complaint-driven requests such as noise, fence and property standards; expenses for Members of Council; human resources matters; OC Transpo (ranging from times of buses to surveys to employee absenteeism and overtime); garbage and recycling issues.

In 2010, the City received 576 access requests which represent an increase of almost 9% over 2009.  In total, the Access to Information and Privacy Office reviewed 21,831 pages of records, an increase of 36% over 2009, with 13,498 pages of those records disclosed.

 

For the 2010 reporting year, approximately 81% of requests received were responded to within the legislative 30 day timeline, which is comparable to the rate achieved by the City of Toronto (Note: the City of Toronto is the City of Ottawa’s only true comparator in Ontario.  Toronto has not yet completed their 2010 information.  In 2009 Toronto received 1657 access requests and 447 personal information requests of which 81% and 67% respectively, were responded to within the 30 day timeline.)

 

Where extensions on time limits were applied for under Section 20(1) of MFIPPA due to the complexity of the request, the compliance rate was approximately 89%. The City was not 100% compliant for these requests largely due to the amount of work that must be undertaken by Departments and then by the MFIPPA analysts to address complex requests.  Workload is also a factor. Again, the City of Ottawa’s compliance rate for these requests is similar to that of Toronto.

 

Compliance Rate

 

Access Requests

2010

2009

Number of formal requests received

576

541

Number of formal requests completed

553[1]

533

Number of formal requests completed within 30 days

450

469

Number of formal requests completed within statutory time limit

494

479

% of formal requests completed within 30 days

81%

88%

% of formal requests completed within statutory time limit provided for extensions

89%

90%

 

Personal Information Requests

2010

2009

Number of formal requests received

33

30

Number of formal requests completed

30[1]

29

Number of formal requests completed within 30 days

24

29

Number of formal requests completed within statutory time limit

28

29

% of formal requests completed within 30 days

80%

100%

% of formal requests completed within statutory time limit provided for extensions

93%

100%

  

 

 

 

PHIPA Requests

2010

2009

Number of formal requests received

29

15

Number of formal requests completed

29

15

Number of formal requests completed within 30 days

29

15

Number of formal requests completed within statutory time limit

29

15

% of formal requests completed within 30 days

100%

100%

% of formal requests completed within statutory time limit provided for extensions

N/A

N/A

 

Appeals
 
Notice of Appeal by a Requester

 

As part of the MFIPPA/PHIPA process, a person who has been notified of a decision by an institution has 30 calendar days to appeal the decision to the Office of the Information and Privacy Commissioner of Ontario.  The appellant (the person who is appealing) begins an appeal by submitting a request for an appeal (notice of appeal) in writing to the Commissioner.

 

If an appellant is appealing a decision by an institution that the requested records do not exist, the Commissioner may dismiss the appeal if the notice of appeal submitted by the appellant does not present a reasonable basis for concluding that the record ought to exist.

 

Upon receiving a notice of appeal, the Commissioner notifies the institution's Freedom of Information and Privacy Office that an appeal has been filed. The Commissioner must also notify any other person who, in the Commissioner's opinion, is "affected" by the appeal.

 

Confirmation of Appeal by the Information and Privacy Commissioner

 

The IPC notifies an institution that an appeal has been filed by sending out a "Confirmation of Appeal" letter. It advises the institution of the name of the requester, the IPC's appeal number and the name of the Appeals Officer assigned to the case. It also advises the ATIP Office to notify the Appeals Officer if the responsive records are voluminous (500 pages or more and 3 exemptions or more).

 

The institution is further notified that if it wants to claim any discretionary exemptions additional to those appearing in its decision letter, it must do so within 35 days. Reasons for launching an appeal are not always provided by an appellant. Institutions may find it helpful to contact the Appeals Officer to see whether grounds for appeal have been identified. The IPC may also be able to provide additional information that will help the institution to deal with the appeal promptly and efficiently.

 

Mediation

 

The Commissioner may authorize a mediator (i.e. an Appeals Officer) to investigate the circumstances of any appeal and to try to effect a settlement of the matter. The Appeals Officer will review the relevant records or circumstances under appeal and verify the institution's position. Acting as a “go-between”, he/she will also try to settle the appeal or simplify the issues, based on discussions with the appellant and the institution. In a mediated settlement all parties reach an agreement about the matter under appeal.

 

The Commissioner will attempt to settle the issues at appeal before resorting to an order. The general time period allotted for mediation is two months. This time period may be shortened if it is apparent that no agreement can be reached. The appeal will then proceed to an inquiry.

 

Appeal Process

 

Access Requests

2010

2009

Number of Appeals

6

9

Average Days taken to complete Appeals

249

82

 

Personal Information Requests

2010

2009

Number of Appeals

0

1

Average Days taken to complete Appeals

n/a

72

 

PHIPA Requests

2010

2009

Number of Appeals

0

0

Average Days taken to complete Appeals

n/a

n/a

  

Notice of Inquiry and the Appeals Officer's Report

 

Where mediation is unsuccessful, the Commissioner may conduct an inquiry to review the Head's decision.  At this stage, the appellant and the institution receive a "Notice of Inquiry" (NOI) letter from the IPC.

  

The Effect of a Commissioner's Order

 After receiving submissions from the interested parties, the Commissioner will issue a binding order that is not subject to appeal. An order may conclude with a statement requiring the institution to disclose the records referred to in the order within 35 days following the date of the order and not earlier than the 30th day following the date of the order. Day one is the first day after the date of the Order. Therefore, if the Order were dated May 1, the counting starts on May 2 and the first release date would be May 31. The institution may release the document on any of the 5 days following May 31st.

 

Where there are no affected third parties, the Order will usually conclude with a statement requiring the institution to disclose the records within 15 days of the date of the order.

 

There were two appeals in 2010 that may be of particular interest to Members of Council.

 

In a decision issued December 13th, 2010, the Divisional Court, in City of Ottawa v. Ontario, 2010, ruled that an employee's personal emails sent and received at work could not be considered to be in the "custody or under the control" of the City where they were wholly unrelated to the business of the municipality and were not relied upon for any purpose. This case concerned a staff member working for the City of Ottawa who was on the Board of [a named organization]. The staff member did some Board work on his own time and on occasion used a corporate computer to create/store emails and files. An Access request was made to the City of Ottawa for [a named organization]’s related emails. The City refused access on the basis that they did not have care and custody of these records, even though they were on a corporate computer, and because the emails were personal. The requestor appealed to the Office of the Information and Privacy Commissioner of Ontario (IPC). The IPC ruled that the emails were in the care and custody of the City and should be released under the Access request. The City of Ottawa appealed the IPC's ruling and won. The ruling was that personal employee emails are not in the care and custody of the institution anymore than personal paper files are when they are stored in an office.  

 

The IPC whose initial decision against the City was overturned by the Divisional Court, has advised that it is seeking leave to appeal the decision to the Ontario Court of Appeal.  The process of seeking leave occurs on the basis of a motion by the IPC and will likely be considered by the Court within the first half of 2011.  If leave is granted by the Court of Appeal then the hearing of the IPC’s appeal will probably occur either by the end of this year or in early 2012.

 

On January 27, 2011, the Information and Privacy Commissioner of Ontario (IPC) released Order MO-2591.  At appeal the City of Ottawa and [a named daycare] took the position that a breakdown of net daycare expenses and a Memorandum of Understanding (MOU) for [a named daycare] to use church space be withheld from disclosure. Sections 10(1)(a),(b), and (c) of MFIPPA were applied and the City/Daycare argument was that to disclose this information would be to reveal financial information of [a named daycare] that was implicitly/explicitly supplied to the City in confidence and that disclosure of the information could reasonably be expected to cause certain harms to [the named daycare]. The IPC upheld the position of [the named daycare] and the City that the MOU was exempt from disclosure but found that disclosure of the budget breakdown information could not reasonably be expected to cause any harm/prejudice to [the named daycare]. 

 

The City has been directed to release the budget breakdown information by March 3, 2011,but not before February 25, 2011.

 

Third Party Summary

 

Access Requests

2010

2009

Number of 3rd Party Requests

32

14

 

Institutions subject to the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) often acquire information about the activities of private sector organizations. Some of this information may constitute a valuable asset to the organization, and disclosure would impair its ability to compete effectively. Subsection 10(1) of MFIPPA provides a mandatory exemption from disclosure for certain third party information where disclosure could reasonably be expected to cause certain harms. This exemption is not limited to commercial third parties, but may also apply to any supplier of information which meets the tests specified below, including another institution.

 

Section 21 of MFIPPA provides that before access is granted to a record that might contain information referred to in Subsection 10 (1) of MFIPPA affecting the interests of a third party, that party must be notified and given the opportunity to make representations before a final access decision is made. If a third party claims in its representations that the record is exempt, the burden of establishing that the record falls within this section rests with that third party. Similarly, where an institution asserts that this provision applies, the burden of proof is on the institution.

 

Privacy Compliance and Other Matters

 

A critical component of privacy compliance work is the investigation and response to privacy breaches and complaints.  The ATIP Office continued to address these situations as they arose and to work cooperatively with the IPC on investigations.  The ATIP Office provided recommendations to various divisions on how to mitigate privacy breaches and to improve staff awareness of their privacy responsibilities.  Training on privacy legislation was provided to several areas of the organization and to newly elected Members of Council and their staff.

 

 

CONSULTATION

 

This is an internal report and no consultation was required.

 

 

LEGAL/RISK MANAGEMENT IMPLICATIONS

 

There are no legal/risk management implications to receiving this report.

 

 

FINANCIALIMPLICATIONS

There are no financial implications associated with this report.

 

 

DISPOSITION

 

The City Clerk and Solicitor Department will implement any decisions made by Council in relation to this report.



[1] In addition to the five hundred and fifty-three (553) completed access requests, sixteen (16) requests were transferred out to other institutions and forty-four (44) requests were carried over to 2011.

 

[1] In addition to the thirty (30) completed personal information requests, two (2) requests were transferred out to other institutions and three (3) requests were carried over to 2011.