3.       2011 YEAR END MFIPPA REPORT - SUMMARY

 

RAPPORT DE FIN D'ANNÉE SUR L'APPLICATION DE LA LAIMPVP - SOMMAIRE 2011

 

 

COMMITTEE RECOMMENDATION

 

That Council receive this report for information.

 

 

RECOMMANDATION DU COMITÉ

 

Que le Conseil prenne connaissance de ce rapport à titre d’information.

 

 

DOCUMENTATION

 

1.      City Clerk and Solicitor report dated 26 March 2012 (ACS2012-CMR-CCB-0014).

 

 


 

Report to/Rapport au :

 

Finance and Economic Development Committee

Comité des finances et du développement économique

and Council / et au Conseil

 

March 26, 2012 / le 26 mars 2012

 

Submitted by/Soumis par : M. Rick O'Connor,

City Clerk and Solicitor / Greffier et Chef du contentieux

 

Contact Person/Personne ressource : Catherine Bergeron, Manager, Elections & MFIPPA

City Clerk and Solicitor/Greffier et Chef du contentieux

(613) 580-2424 x 44127, catherine.bergeron@ottawa.ca

 

City Wide/à l'échelle de la Ville

Ref N°: ACS2012-CMR-CCB-0014

 

 

SUBJECT:

2011 YEAR END MFIPPA REPORT - SUMMARY

 

 

OBJET :

RAPPORT DE FIN D'ANNÉE SUR L'APPLICATION DE LA LAIMPVP - SOMMAIRE 2011

 

 

REPORT RECOMMENDATION

 

That the Finance and Economic Development Committee recommend Council receive this report for information.

 

 

RECOMMANDATION DU RAPPORT

 

Que le Comité des finances et du développement économique recommande que le Conseil municipal prenne connaissance de ce rapport à titre d'information.

 

 

BACKGROUND

 

The Municipal Freedom of Information and Protection of Privacy Act, 1990 (MFIPPA) applies to all local government ”institutions”, including municipalities, school boards, public utilities, transit, commissions, police services boards, public library boards, conservation authorities, boards of health, and other local boards.

 

MFIPPA sets out the rules and regulations that municipal institutions must abide by to protect the privacy of an individual’s personal information contained within government records.  This includes the collection, use, disclosure and disposal of personal information in the custody and control of the municipal institution.  MFIPPA also gives individuals the right to access municipal government information, including most general records, and records containing their own personal information, subject to very specific and limited exemptions.

 

Each institution as defined under MFIPPA is required to appoint a Head of Institution that is responsible for overseeing the administration of and for decisions made under the legislation.  For the City of Ottawa, the City Clerk and Solicitor has been designated by Council to be the Head of Institution for these purposes.

 

As indicated in the 2010 year end MFIPPA report (ACS 2011-CMR-CCB-0088), some of the responsibilities that are delegated to the Head of Institution include:

·         Responding to formal access requests submitted under MFIPPA;

·         Evaluating and providing direction to all City departments regarding informal (routine disclosure) requests to enhance public access while ensuring confidentiality provisions are adhered to;

·         Ensuring personal information held by the City is only exchanged with, collected from or disclosed to authorized individuals and/or other institutions in accordance with MFIPPA;

·         Evaluating and undertaking periodic review of the City’s programs and technologies to ensure they continue to meet statutory requirements;

·         Designing and delivering training programs and presentations on MFIPPA to City employees to ensure compliance with all requirements; and

·         Submitting an annual report to the Information and Privacy Commissioner that includes numerous statistics and factors contributing to the City’s performance on managing access requests.

 

In addition to the responsibilities delegated under MFIPPA, the City Clerk and Solicitor also administers access requests related to the Personal Health Information Protection Act, 2004 (PHIPA).  PHIPA establishes rules for the collection, use and disclosure of personal health information for Health Information Custodians operating with the province of Ontario.  At the City of Ottawa, the following are Health Information Custodians:

 

·         Ottawa Paramedic Service;

·         Medical Officer of Health and Public Health Branch;

·         Employee Assistance Program; and the

·         City’s four long-term care homes:

-          Garry J. Armstrong,

-          Carleton Lodge,

-          Centre d’accueil Champlain, and

-          Peter D. Clark Centre.

 

The purpose of this annual report is to advise Council of the City’s achievements for the year 2011 as well as a summary of the operations of the City’s Access to Information and Privacy (ATIP) Office.  In order to provide some comparative context and to illustrate the steady increase in the number of access requests, data is being provided for 2009, 2010 as well as 2011. 

 

Also provided in this report is a brief outline of the initiation of Routine Disclosure Guidelines the ATIP Office will be commencing in 2012 to provide a more customer-friendly way of providing information to the public, directly by departments without the necessity of a formal access process.

 

 

DISCUSSION

 

Access to Information

 

Requests for access to general and personal information are undertaken pursuant to the Municipal Freedom of Information and Protection of Privacy Act, 1990 (MFIPPA).  As outlined above, requests filed under Part I of MFIPPA are for access to municipal government information, including most general records and records containing an individual’s own personal information and are subject to specific and limited exemptions.  Part II of MFIPPA relates to the protection of individual privacy, including rules governing the collection, use, retention and disclosure of personal information.  These privacy rules apply to all personal information in the custody or control of institutions regardless of whether an access request has been made, with the exception of public records and certain labour relations records.

 

Part V of PHIPA prescribes the rules governing the right of access to an individual’s own personal health information that is in the custody or under the control of a Health Information Custodian (HIC).  As mentioned above, the City of Ottawa has four such HICs who have custody and control of personal health information.

 

The following briefly outlines the steps taken in order to respond to an access request:

 

1.      Day 1 - Completed request for access to information is received in the ATIP Office, the legislated calendar or “clock” commences. 

2.      A retrieval e-mail is issued immediately to the relevant department. 

3.      The department must either provide the requested information to the ATIP Office within 5-7 calendar days, OR, if it will take over three hours to search for the records, advise the ATIP Office of the number of search hours and the estimated number of pages.

4.      If the ATIP Office is advised that it will take more than three hours to search for the records and there are a large number of estimated pages, the requester is notified and asked to pay one-half of the estimated costs. 

5.      The legislated clock stops until the requester pays the 50% deposit. 

6.      If the deposit is not paid within 30 days the access request is abandoned. 

7.      If the deposit is paid, the “clock” re-commences and the department is advised to immediately provide the records to the ATIP Office.

8.      Records are then reviewed to ascertain if they contain any information that should be exempted as per MFIPPA.  If so, those records are severed to protect personal or confidential information.

9.      No later than Day 30 - Decision letter prepared and issued by the City Clerk and Solicitor.

 

In general, MFIPPA and PHIPA prescribe a 30 calendar day time limit in which an institution must provide the requested information and/or decision regarding the request.  An institution may ask for an extension if the request is for an extensive number of records and/or if outside consultation is required.  A request for an extension must give the requester both the reason for and length of the extension. The requester has the right to ask the provincial Information and Privacy Commissioner to review the request for an extension.

 

There are numerous types of access to information requests received in the ATIP Office.  Examples of these include By-law reports for property standards, fire and ambulance reports, Health Department inspection reports, expenses for Members of Council, Requests for Proposals, and claims for damages.

 

The charts below provide a comparison and show a definite increase in the number of requests received and completed from 2009 to 2011. 

 

In 2011, the City received 680 access requests, which represents an increase of 18 % over 2010.  This results in an overall increase of approximately 26% in access requests from 2009.  In total, the ATIP Office reviewed 37,949 pages of records, an increase of 74% over 2010 (21,831 pages), with 29,087 pages of those records released, an increase of 115% in the number of pages released in 2011 (13,498 pages were released in 2010).   

 

In early 2012, several access requests were received that specifically included PIN to PIN communications.  As a result of these requests, a review of the scope and nature of records to be retrieved and reviewed as part of the processing of access requests was undertaken.  Staff confirmed that PIN to PIN communications are subject to access requests made under the Act if the subject of such communications pertained to City business and are therefore records over which the City has either custody or control.  As with all other records that may be responsive to an access request, PIN to PIN communications will be retrieved and reviewed in accordance with the requirements of the Act and a decision on their disclosure will be taken on a case-by-case basis.  The inclusion of PIN to PIN communications will therefore be highlighted in all internal retrieval and processing steps for access requests received under the Act on a go-forward basis if appropriate and relevant to the access request in question.

 

Compliance Rate

 

For the 2011 reporting year, 84% of the requests completed were responded to within the 30 day timeline, which is an increase of three percentage points over 2010. 

 

Where extensions on time limits were applied under Subsection 20(1) of the Act, due to either the requirement for external consultation or the complexity of the request, the compliance rate was approximately 96%.  While the City was not 100% compliant for these requests, largely due to the amount of work that must be undertaken by departments as well as the analysts in the ATIP Office, this is a seven percentage point increase from the 2010 compliance rate.


 

 

Requests for Access to General Records

 

2011

2010

2009

Number of new formal requests received

680

576

541

Number of formal requests completed

641

553

533

Number of formal requests completed within 30 days

539

450

469

Number of formal requests completed within statutory time limit provided for extensions

613

494

479

% of formal requests completed within 30 days

84%

81%

88%

% of formal requests completed within statutory time limit provided for extensions

96%

89%

90%

 

Requests for Access to Own Personal Information

 

2011

2010

2009

Number of formal requests received

29

33

30

Number of formal requests completed

29

30

29

Number of formal requests completed within 30 days

20

24

29

Number of formal requests completed within statutory time limit provided for extensions

24

28

29

% of formal requests completed within 30 days

69%

80%

100%

% of formal requests completed within statutory time limit provided for extensions

83%

93%

100%

 

PHIPA Requests

 

2011

2010

2009

Number of formal requests received

19

29

15

Number of formal requests completed

19

29

15

Number of formal requests completed within 30 days

19

29

15

Number of formal requests completed within statutory time limit provided for extensions

19

29

15

% of formal requests completed within 30 days

100%

100%

100%

% of formal requests completed within statutory time limit provided for extensions

n/a

n/a

n/a

 

IPC Appeals

 

Intake Process and Mediation

 

A person who has made a request under MFIPPA or PHIPA may, within 30 days after the institution has issued its decision, appeal to the Information and Privacy Commissioner of Ontario (IPC).  The appellant (person who is appealing) begins the process by submitting a notice of appeal in writing to the IPC. The IPC screens all appeals received and may dismiss an appeal which is not within its jurisdiction or which, in its view, does not warrant further action. Where an appeal is not dismissed, the IPC notifies the institution and any other person who may be affected by the appeal.

 

The IPC is committed to mediation as the preferred method of dispute resolution.  It notifies an institution that an appeal has been filed by issuing a “Notice of Mediation”.  The notice advises the institution of the name of the appellant, the IPC’s appeal number and the name of the mediator assigned to the case.  The institution is also advised that if it wishes to claim discretionary exemptions in addition to those set out in its decision letter, it must do so within 35 days. A mediator is authorized to investigate the circumstances of any appeal and to try to effect a settlement in the matter.  In a mediated settlement, all parties reach an agreement about the matter under appeal.  If the appeal is not resolved through mediation, it may proceed to inquiry. 

 

Appeals

 

Appeals to Access to General Records

 

2011

2010

2009

Number of Appeals

6

6

9

Average number of days to complete Appeals

198

249

82

 

Appeals to Access to Own Personal Information

 

2011

2010

2009

Number of Appeals

0

0

1

Average number of days to complete Appeals

n/a

n/a

72

 

Appeals to Access to PHIPA Requests

 

2011

2010

2009

Number of Appeals

0

0

0

Average number of days to complete Appeals

n/a

n/a

n/a

 

Inquiry

 

If an appeal is not resolved through the mediation stage, it proceeds to the Inquiry Stage and an adjudicator is assigned to the process.  MFIPPA provides that parties involved in an inquiry are entitled to make representations to the IPC.  The parties are invited to submit their representations in writing.

 

Once the representations are received, they are considered by the adjudicator and an Order is issued to resolve the outstanding issues.  Both parties are advised that, should representations not be received, a decision (or order) may be issued in the absence of any representations.

 

Issuance of an Order

 

After receiving submissions from all parties, the adjudicator assigned to the matter issues a binding Order that is not subject to appeal.  This Order is published on the IPC website.  An order may provide a statement requiring the institution to disclose the records referred to in the Order within a specified timeframe. 

 

There were four Orders issued by the IPC to the City of Ottawa in 2011. Of these decisions, two Orders upheld the City’s actions and two upheld the City’s decisions only in part. The four Orders and outcomes are summarized below:

 

·         Order MO-2591, dated January 27, 2011: Order upheld City decision in part. Issue was denial of access to records that affect interests of a third party, ordering that one page continue to be withheld from disclosure but that another page be disclosed to the appellant http://www.ipc.on.ca/images/Findings/MO-2591_1.pdf

 

·         Order MO-2597, dated February 10, 2011: Order upheld City’s fee estimate and denial of appellant’s fee waiver request http://www.ipc.on.ca/images/Findings/MO-2597.pdf

 

·         Order MO-2621, dated May 11, 2011: Order upheld City decision to deny access a confidential Community and Protective Service Committee Report that was considered in-camera. http://www.ipc.on.ca/images/Findings/MO-2621.pdf

 

·         Order MO-2666 dated, October 31, 2011: Order upheld the City decision in part. Order upheld City decision in respect of records that were subject to solicitor-client privilege but ordered that portions of other records that the City argued affected its economic and other interests be disclosed to the Appellant. http://www.ipc.on.ca/images/Findings/MO-2666.pdf

 

Third Party Summary

 

Institutions under MFIPPA often acquire information about activities of third parties, often being private sector companies or organizations.  Some of this information may represent a valuable asset to the City and disclosure of the information could impair its ability to compete effectively.  Subsection 10(1) of MFIPPA provides a mandatory exemption from disclosure for certain third party information where disclosure could reasonably be expected to cause certain harms.  This exemption is not limited to commercial third parties, but may also apply to any supplier of information which meets the third party harms tests as outlined below.

 

Section 21 of MFIPPA provides, that before access is granted to a record that might contain information referred to in Subsection 10(1) of MFIPPA (third party interest), that party must be notified and given the opportunity to make representations to the City before a final access decision is made.  The burden of establishing that the record falls within this section, as outlined above, rests with the third party. 

To successfully qualify for a third party exemption under Section 10 of the Act, each all of the following three tests must be met:

1.      The information must fit within one of the specified categories of third party information; trade secret or scientific, technical, commercial, financial or labour related information; and

2.      The information must have been implicitly or explicitly supplied in confidence by the  company; and

3.      That disclosure of this information could reasonably be expected to cause one of the harms indicated below:

·         prejudice the competitive position or interfere with any contractual rights possessed;  or

·         result in the company no longer supplying this or similar information to the City of Ottawa; or

·         result in undue loss or gain to any person, business or organization.

To meet the third part of the test, the affected party must provide “detailed and convincing” evidence to establish a “reasonable expectation of harm”.  Case law from the IPC has determined that evidence amounting to speculation of possible harm is not sufficient.

 

Access to General Records

 

2011

2010

2009

Number of Requests affecting interests of a 3rd party

40

32

14

 

Routine Disclosure Guidelines

 

During the past four years, formal requests for access to information at the City through MFIPPA have steadily increased. Upon an internal review, it has been determined that various requests held no requirement to access confidential or proprietary information and therefore the records could have been provided directly from the responsive program area, to the requester.  It appears possible that some City staff are hesitant to release information due to a lack of understanding precisely what information is protected under MFIPPA and what is considered a routine disclosure or “business as usual”. 

 

MFIPPA provides that an institution may establish a routine disclosure program, when there is nothing in MFIPPA to prevent the institution from giving access to the information.  A routine disclosure guideline will establish an open and transparent way of providing information to the public, directly from departments, without the requirement of a formal access request. It is anticipated that such initiative may reduce the overall number of formal requests made under the Act as well as the time and resources expended to meet the City’s statutory obligations. The proposed approach to such a routine disclosure is detailed more fully in Document 1 to this report.

 

Privacy – Being Proactive

 

The ATIP Office continued to address privacy issues as they arose in 2011 and provided recommendations to various departments and branches on how to both prevent and to mitigate privacy breaches as well as to improve staff awareness of MFIPPA.  The Office also played an integral role in assisting with the Privacy Impact Assessment for the new Service Ottawa website and Citizen Centric Service initiatives.  Throughout 2011, forty training sessions on access and privacy legislation were provided to various program areas.  In 2012, regular access and privacy training sessions will be made available in conjunction with the Learning Centre.  

 

RURAL IMPLICATIONS

 

There are no rural implications.  

 

 

CONSULTATION

 

This is an internal information report and no consultation was required.

 

 

LEGAL IMPLICATIONS

 

There are no legal implications to receiving this report.

 

 

RISK MANAGEMENT IMPLICATIONS

 

There are no risk management implications to receiving this report.

 

 

CITY STRATEGIC PLAN

 

This report aligns with Council’s Strategic Priority entitled “Governance, Planning and Decision Making.”  This Strategic Priority aims to “Achieve measurable improvement to residents’ level of trust in how the City is being governed and managed, ensure that decisions will result in sustainable measures over the long term and create a governance model that compares well to those used by best-in-class cities around the world”

 

Specifically, this report supports and compliments Strategic Objective GP1:  “Improve the public’s confidence in and satisfaction with the way Council works.”  This objective is described as follows:  “Put into place business practices that are democratic, engaging and visible by encouraging citizens to participate in decision-making and community life, by informing them in a timely manner of decisions that affect them, and by providing reasons for decisions.”

 

 

FINANCIAL IMPLICATIONS

 

There are no financial implications associated with this report.

 

 

ACCESSIBILITY IMPACTS

 

There are no accessibility implications with this report.

 

 


 

Technology Implications

 

There are no technology implications with this report.

 

 

DISPOSITION

 

The City Clerk and Solicitor Department will implement any decisions made by Council in relation to this report as well as further refine and implement the Routine Disclosure Guidelines.

 


 

Document 1: Routine Disclosure Guidelines Initiative

 

The Access to Information and Privacy Office has commenced the drafting of routine disclosure guidelines and will involve every department with its implementation.  This implementation plan will target each department and branch in the City.  One of the key principles of the Municipal Freedom of Information and Protection of Privacy Act is that “information should be available to the public”. While MFIPPA provides for the right to formal access to records through filing an access request it also provides that the City may establish routine disclosure of some of its records, when there is nothing in MFIPPA to prevent the City from giving access to the information.  Using MFIPPA as a framework, the ATIP Office will create a guideline and will also assist departmental staff with the determination of what records/material can be released under a “business as usual” or routine disclosure process. The objective is to enhance access to municipal government records and to provide City staff with the appropriate tools on the types of information that can be routinely disclosed.  Routine disclosure is a cost-effective and client-friendly way of providing access to information to the public, directly by program areas, without the requirement of a formal access request.  Processing requests and appeals within the legislative parameters of MFIPPA is more expensive and time consuming than having access to pre-identified categories of records.  It is anticipated that, once fully implemented, this initiative should result in a reduction of the overall number of formal requests that must be processed in accordance with MFIPPA as well as a corresponding reduction in staff time and resources in addressing same.

 

Commencing in 2012, ATIP Office staff will be contacting each department seeking the name of a departmental representative for this initiative.  The representative should be capable of providing a general framework of records currently held by the department. ATIP Office staff will then review the information, apply the legislation and provide each department with a guideline on which records can be routinely disclosed to the public.

 

In keeping with this initiative, the ATIP Office will also be identifying records for active dissemination by posting the information on Ottawa.ca.  The City already does this by posting minutes of Council and Committee meetings, by-laws, etc.  With the use of Open Data, large amounts of statistical information that has been gathered as a result of an access to information request can be posted and made available to the public. 

 

In 2010 Dr. Ann Cavoukian, the Information and Privacy Commissioner of Ontario introduced a concept that encourages public institutions to take a proactive approach to releasing information by making the disclosure of government-held information an automatic process where possible.  This concept, called Access by Design, establishes seven principles that may be applied to almost all types of government-held information. However, the emphasis is on information that allows citizens to hold their government accountable.  The seven principles are: 

 

1.      to be proactive not reactive;

2.      ensure access is embedded into design;

3.      openness and transparency (accountability);

4.      fostering collaboration;

5.      enhancing efficient government;

6.      making access truly accessible; and

7.      increasing the quality of the information.

 

Keeping these seven principles in mind, the ATIP Office would provide an expanded access to the results of access requests by posting the information on the city’s Open Data page 30 days after release to the requester.   Opportunities for posting the information would be identified on a case-by-case basis and would continue to uphold the protection of personal and proprietary information.