Chapter 7: Protection of Privacy

PDF Version (pdf)

Contents

Overview
7.1 Collection of Personal Information
7.2 Manner of Collection
7.3 Accuracy and Retention
7.4 Correction of Personal Information
7.5 Protection of Personal Information
7.6 Use of Personal Information
7.7 Disclosure of Personal Information
7.8 Consistent Purposes
7.9 Disclosure for Research or Statistical Purposes
7.10 Disclosure of Information in Archives
7.11 Record of Purposes

This chapter covers

• the obligations of public bodies regarding the collection, use and disclosure of personal information;
• the obligations of public bodies regarding the accuracy of personal information;
• the obligations of public bodies regarding the retention of personal information;
• the obligations of public bodies regarding the protection of personal information; and
• the obligations of public bodies regarding the right of an individual to request a correction of his or her personal information.

Part 1

Part 1 of the FOIP Act provides individuals with a right of access to information, including information about themselves, from public bodies, subject to limited and specific exceptions. One of those exceptions, section 17, sets out a balancing test to determine when disclosure of personal information would be an unreasonable invasion of a third party's privacy. The test comes into play whenever someone other than the individual the information is about, or the individual's authorized representative, makes a request for access to a record containing personal information about a third party.

Personal information, as defined in section 1(n), means recorded information about an identifiable individual. An individual may be identified by their name, where they live, what they do, or as a result of some other contextual information that points to one person specifically, or perhaps only a very few people in total (see, for example, IPC Investigation Report F2004-IR-001). The definition of personal information does not include information about a sole proprietorship, partnership, unincorporated association or corporation (see IPC Order F2002-006) .

Information about an individual that is collected in identifiable form must be collected, used, disclosed, secured, and retained only in accordance with the provisions in Part 2, unless the information is outside the scope of the Act (see Chapter 1.5 regarding excluded records and Chapter 1.6 regarding the effect of paramountcy).

Part 2 requirements are based on internationally accepted fair information practices or principles adopted by the Organization for Economic Cooperation and Development (OECD) in 1982. This set of principles collectively works to establish what is commonly referred to as privacy protection. An individual's privacy is protected when they are able to decide who to give their information to and when they know, and preferably consent to, the uses and subsequent disclosures that will occur to the information. Some uses and disclosures may be established in law and are broadly known.

Privacy is protected in the FOIP Act by

• giving individuals a right of access to their own personal information and the opportunity to request corrections to it;
• requiring public bodies to establish the authority to collect personal information;
• requiring public bodies to collect personal information directly from the individual the information is about, unless the individual, another Act or a regulation under another Act, the Commissioner, or section 34(1)(b) to (o) of the FOIP Act authorizes collection from someone else;
• requiring public bodies to provide individuals with notice of the authority for the collection, the purposes for which the information is collected and contact information for a person who can explain the collection process in more detail, if required;
• requiring public bodies to ensure that information they have collected is accurate and complete before they make decisions affecting an individual;
• requiring public bodies to retain information used to make decisions affecting an individual for at least one year (unless the public body and the individual agree otherwise) to allow adequate time for the individual to exercise their right of access or correction, if they choose to;
• requiring public bodies to take reasonable security precautions against such risks as unauthorized access, collection, use, disclosure or destruction;
• limiting a public body's use and disclosure of personal information to the purpose for which it was collected, a consistent purpose, another purpose with consent or a purpose set out in the Act;
• further limiting a public body's use and disclosure of personal information to the amount and type necessary to enable the public body to carry out its purpose in a reasonable manner;
• enabling individuals to make complaints to the Information and Privacy Commissioner, and empowering the Commissioner to investigate complaints regarding possible collection, use or disclosures in contravention of Part 2;
• enabling employees of a public body to disclose to the Commissioner, in good faith, circumstances in which they believe that personal information is being collected, used or disclosed in contravention of Part 2 (see Chapter 2.9 of this publication);
• requiring each public body to publish a directory of its personal information banks (repositories of personal information that can be searched or retrieved by name or identifier); and
• providing for fines for individuals of up to $10,000 if they wilfully collect, use or disclose personal information in contravention of Part 2, or gain, or attempt to gain, access to personal information in contravention of the Act (among other offences).

FOIP Coordinators are advised to take a comprehensive and collaborative view of privacy protection within their public bodies and involve individuals with responsibility for program management, information technology, records and information management, security, human resources and, at times, their legal counsel.

Under the Act, public bodies are accountable for adhering to the privacy protection rules established in Part 2 even if other persons, groups or organizations acting on behalf of the public body are at fault. It is in the public body's best interest to ensure that their obligations and requirements under the Act are clearly passed on to, and are understood and assumed by, any contractor or agent via a contractual agreement.

For further information on the application of the Act to the contracting process, see the FOIP Contract Manager's Guide, published by Access and Privacy Branch, Alberta Government Services.

Authority for collection of personal information

Section 33 of the Act provides that no personal information may be collected by or for a public body unless

• the collection of personal information is expressly authorized by or under an enactment of Alberta or Canada;
• the personal information is collected for the purposes of law enforcement; or
• the personal information relates directly to and is necessary for an operating program or activity of the public body.

Collection occurs when a public body gathers, acquires, receives or obtains personal information. It includes the gathering of information through interviews, questionnaires, surveys, polling, forms, and video surveillance. There is no restriction on how the information is collected. The means of collection may be writing, audio or videotaping, electronic data entry or other means.

Section 33 of the Act states that collection can take place by or for a public body. A public body is bound by the requirements of the Act whether it conducts its own collection activities or authorizes an outside agent to carry out the collection. This authorization may be either under contract or through an agreement or arrangement with another public body or private organization.

Examples of organizations and individuals that might collect personal information on behalf of a public body include non-profit support groups such as the John Howard Society, school counsellors and various contracted firms or agencies.

Authorized by an enactment (Section 33(a))

Section 33(a) provides that collection may be expressly authorized by an enactment of Alberta or Canada. This means that collection may find its authority in either a provincial or federal statute or in a provincial or federal regulation.

In some Acts, there are provisions for the collection of certain specific types of personal information. In these cases, the statute both authorizes collection and identifies the personal information that can be collected (e.g. section 65 of the Post-secondary Learning Act). More commonly, an Act will authorize a program or activity, and a regulation under that Act will provide detailed authority for collection and sometimes the format in which the information is to be collected. An example of this form of authorization for collection is the School Act and the Student Record Regulation. Another model for collection authority is where an Act states that collection of personal information must be in the form prescribed by a regulation under that Act.

A municipal bylaw passed under the authority of the Municipal Government Act may also be considered an enactment for the purposes of section 33(a). In IPC Investigation Report F2002-IR-009, the Investigator found that a municipal bylaw expressly authorized the City to collect criminal record information from applicants for taxi licences.

If an enactment authorizes a program or activity, but there is no specific authorization for the collection of information for the purposes of the program or activity, a public body cannot rely on the enactment as authority for collection of the information.

For the purposes of law enforcement (Section 33(b))

Section 33(b) permits the collection of personal information for the purposes of law enforcement. Law enforcement is defined in section 1(h) of the Act and is discussed in Chapter 4.6 of this publication. Any collection of personal information for purposes of law enforcement must meet this definition.

In IPC Investigation Report F2003-IR-005, the Commissioner reviewed a Privacy Impact Assessment submitted by a police service regarding video surveillance it intended to use in an area of the city during two periods of highest crime risk. The Commissioner agreed that the police service could collect and use personal information on video for this policing activity, which included the detection and prevention of crime.

If a public body is authorized to collect personal information under this provision, it is also authorized to collect the information indirectly under section 34(1)(g).

For more information on collection for the purposes of law enforcement and about the definition of law enforcement, see FOIP Bulletin No.7, Law Enforcement, published by Access and Privacy Branch, Alberta Government Services.

Relates directly to and is necessary for an operating program or activity (Section 33(c))

Section 33(c) permits a public body to collect personal information when that information relates directly to, and is necessary for, an operating program or activity of the public body.

Relates directly to means that the personal information must have a direct bearing on the program or activity.

Necessary for means that the public body must have a demonstrable need for the information.

An operating program is a series of functions designed to carry out all or part of a public body's operations. An activity is an individual action designed to assist in carrying out an operating program.

Most often, legislation will give authority for a particular program or activity, without authorizing the collection of specific personal information. Public bodies must then determine the exact elements of personal information which they need to administer a particular program and design collection instruments to obtain this information and no more (i.e. the public body must have a “need to know”). Collection is authorized by section 33(c) of the Act.

The FOIP Act does not permit collection of personal information “just in case” it may have value in the future, the program may be expanded in the future or someone in the public body may ask for the information at some point in the future.

The word and in section 33(c) (relates directly to and is necessary) is restrictive. The collection must meet both parts of the two-part test in order for the public body to use section 33(c) as authority to collect personal information.

For example, if a program provides a particular benefit or service, information will be needed to ensure that an individual is eligible or qualified for that benefit or service. Personal information not related to decision criteria for the particular benefit or service is not required and should not be collected, even though it may be potentially useful to another program in the same public body.

In IPC Order 98-002, the Commissioner determined that the case manager making a decision about an individual's claim for compensation had the right to decide what medical information was relevant and necessary to collect but was bound by the Workers' Compensation Act in establishing that necessity and relevance. Obtaining an applicant's entire patient file was found to be an improper collection.

In IPC Investigation Report 99-IR-007, the Commissioner found that a municipality did not have the authority to collect its Sport Centre's members' home or business telephone numbers or dates of birth since this information was not required for an operating program or activity of the municipality.

In IPC Investigation Report F2002-IR-010, the Investigator found that using one questionnaire to collect personal information for both health services programs and human resources operations meant risking the collection of more personal information than was relevant and necessary from individuals who did not become employees.

A public body must establish a reasonable basis for deciding that the collection of personal information is necessary and relevant. Although the amount of personal information collected by the Alberta Gaming and Liquor Commission was extensive, the Investigator found that there were reasonable grounds for the collection because of the legitimate concerns regarding the potential for criminal elements infiltrating the gaming industry (see IPC Investigation Report F2002-IR-008).

A determination about what personal information is related directly to and necessary to collect should only be overturned if it is was patently unreasonable (see IPC Investigation Report F2002-IR-012).

Review of collection practices

If a public body does not have specific authority to collect unsolicited information that includes personal information and it is not necessary for an operating program or activity of that public body, it is not an authorized collection. The public body should adopt a policy of either keeping such information separate from the necessary information so that it will not be improperly used or disclosed or of returning unsolicited information (see IPC Order 98-002 and IPC Investigation Report 2000-IR-002). Public bodies may also redirect the unsolicited information in appropriate circumstances or destroy it in accordance with a transitory records schedule.

Public bodies should regularly review their collection practices to ensure that any collection of personal information is authorized by section 33. Such a review should

• verify that there is authority for the collection of personal information;
• discontinue the collection of personal information that does not meet the criteria set out in section 33 and amend collection instruments, contracts and agreements, and policies and procedures that require the collection of this personal information;
• confirm that a process is in place to ensure that all new or modified collections of personal information meet the criteria set out in section 33 and ensure that the minimum personal information necessary to meet program needs is collected;
• ensure that information that is needed only for subsets of clients is collected only from the clients that fit the subset criteria (see IPC Investigation Report 98-IR-003);
• verify that procedures are in place to ensure that any irrelevant personal information that is sent to a public body is placed in a separate file so that it is not improperly used, and that it is destroyed, redirected or returned to the originator at an appropriate time after completion of the process during which the information was inadvertently collected (see IPC Order 98-002); and
• ensure that personal information in the custody or under the control of the public body is scheduled for retention (if the information is still needed) or for deletion or destruction and deactivation of retrieval mechanisms (if the information is no longer needed).

This review could be carried out by the program areas having custody or exercising control over personal information, with the advice of the FOIP Coordinator.

Administrative controls can be established in privacy standards, which should be included in the policy governing the overall collection activities of a public body. New collection activities and instruments should be reviewed by the FOIP Coordinator's office. The review may be carried out in conjunction with reviews of information management practices and systems, which are discussed in Chapter 9 of this publication.

Direct collection

Section 34(1) states that, subject to some limited exceptions, a public body must collect personal information directly from the individual the information is about. This establishes direct collection as the primary method for obtaining personal information. This is an important principle for fair information practices. It helps to ensure that an individual is aware of the type of personal information being used to make a decision concerning him or her. It also allows the individual to challenge the need for the information or refuse to provide the information or participate in the program or activity.

A public body must not seek or passively receive the information from another source even though it may have the capability of doing so, unless collection from that indirect source or for that purpose is authorized in the exceptions listed under section 34(1).

Exceptions to direct collection

Another method of collection is authorized (Section 34(1)(a))

This provision allows a public body to collect personal information about an individual from another public body, or other individual or organization under one of the specified conditions.

By the individual. When an individual authorizes the collection of his or her personal information from another source, as in the case of a student requesting a reference from a professor, this authorization should be in writing. This may take the form of a signed authorization on an application form or a letter giving authorization. If an individual provides authorization orally over the telephone, the public body should document the conversation and, whenever possible, send a letter to the individual concerned setting out what he or she has authorized.

When asked to authorize indirect collection of personal information under section 34(1)(a)(i), the person should be informed of

• the nature of the personal information to be collected (i.e. how much of what type of information is being collected);
• the purpose of the indirect collection (i.e. what the information will be used for);
• the reasons for making the collection indirectly;
• the identity of the recipient, the expiry date of the authorization, etc.; and
• the consequences of refusing to authorize the indirect collection.

If an individual authorizes a public body to collect personal information from another public body or from a custodian under the Health Information Act, the written authorization for the collection will usually become the authority for the other body/custodian to disclose the necessary information to the first public body. As a result, the authorization format should take into consideration the disclosure (and potentially the consent) requirements of the FOIP Act and the Health Information Act if the disclosing public body is a custodian under that Act.

By another Act or a regulation under another Act. Sometimes another Act or regulation under another Act specifically authorizes indirect collection of personal information. For example, the Workers' Compensation Act authorizes collection of medical information from a physician about an individual who was involved in a work-related accident.

Another example is the Student Record Regulation, which authorizes public schools to collect teachers' notes about students and other personal information in records from a student's previous private school (see IPC Order 2001-034 and IPC Investigation Report F2002-IR-007).

Information may be disclosed under Division 2 of Part 2 of the Act (Section 34(1)(b))

This provision permits a public body to collect personal information from a second public body, rather than from the individual the personal information is about, where the second body is authorized to disclose the information under sections 39 to 42 of the Act.

Part 2 of the Act is structured in such a way that if a public body is authorized to disclose certain personal information to another public body, the receiving public body is, in turn, authorized to collect the information and to use it for the purpose for which it was disclosed.

This provision recognizes the legitimate sharing of personal information between public bodies in limited and controlled circumstances, and the fact that more than one public body may need exactly the same personal information.

Information is collected in a health or safety emergency (Section 34(1)(c))

This provision allows emergency services personnel, as well as other employees of a public body, to collect information needed to deal with an emergency situation.

This can happen when

• the individual is not able to provide the information directly; or
• direct collection could reasonably be expected to endanger the mental or physical health or safety of the individual or another person.

Examples of such emergency situations include cases were an injured person is not able to respond to questions about medication or an accident or fire situation when a delay in collecting information about a person's actions could result in death or severe complications.

Under this provision, a public body can collect indirectly only the information required to deal with the emergency.

Information is about a designated emergency contact (Section 34(1)(d))

This provision allows for the collection of contact information such as a name, relationship, address and telephone number(s). The individual may be a family member or a friend. While this is technically the personal information of the contact, this information would be collected from an individual who is required to provide an emergency contact.

Information is collected to determine suitability for an honour or award (Section 34(1)(e))

This provision allows a public body to seek references and other relevant personal information about someone being considered for an honour or award. This includes honorary degrees, scholarships, prizes, and bursaries.

The nature of some awards is such that the potential recipients do not have to apply for the award and may not be aware that they are being considered. Scholarships and bursaries are often awarded on the basis of academic achievement and recommendations by faculty members. Honorary degrees are usually awarded in recognition of a person's contribution to a community or sector of society. Prizes may be awarded on the basis of athletic or scholastic achievements.

Any information collected should be directly related to the criteria for granting the honour or award. As a best practice, public bodies should develop criteria for an award in advance of the collection of personal information about award nominees and make those criteria generally available. Once the individual has been informed about the honour or award, he or she should be asked to consent to any future disclosure of personal information collected in connection with the honour or award.

Information is collected from published or other public sources for fund-raising (Section 34(1)(f))

This provision allows for limited collection of publicly available personal information without the authorization or knowledge of an individual. The information collected can be used only for fund-raising purposes. Public bodies should keep such information segregated in their records and allow access by only those employees engaged in fund-raising and fund development activities.

Published sources are those that are normally available in print form or in some other generally accessible form such as audiotape, videotape or in a document on a web site. Examples include newspaper reports, clipping files, corporate reports of public companies, and articles in periodicals. Most of this information would be readily available in a public or specialized library.

Other public sources include information that is generally available to the public, either free or for a fee, but is not necessarily published in a commercial format or as a matter of course. Examples include information in reports of charitable organizations, announcements of honours or awards granted by or through a public body in Alberta, copies of speeches or speaking notes when the speeches are given at a public event, and information available on the Internet. Care should be taken when using personal information that is available on the Internet bearing in mind that this personal information would be accessible to the individual if he or she made an access request. The reliability of the source of the information should be verified.

Information is collected for the purpose of law enforcement (Section 34(1)(g))

This provision allows the indirect collection for law enforcement activities as defined in section 1(h) of the Act, including policing and investigations.

It should be noted that the authority to collect personal information under section 34(1)(g) is limited. Under the definition of law enforcement in section 1(h), as interpreted by the Commissioner, the law enforcement body must ensure that there is a specific authority to investigate and that the investigation could lead to a penalty or sanction being imposed under a statute or regulation. See Chapter 4.6 of this publication for information on the definition of law enforcement.

Much personal information about a person who is under investigation is collected from other sources. Reasons for this include the fact that investigators may not wish to alert the individual concerned that an investigation is taking place, the individual would not provide accurate information, or the individual might alter or destroy evidence.

Law enforcement bodies should not collect excessive amounts of personal information. One of the situations where this is likely to occur is in the use of surveillance. The Commissioner considered the use of video surveillance for law enforcement purposes in IPC Investigation Report F2003-IR-005.

Information is collected for the purpose of collecting a fine or debt (Section 34(1)(h))

When public bodies face the problem of not being able to locate those owing money, or when they believe they would not obtain accurate information needed to collect the debt from the individual debtor, they are permitted to collect personal information from other sources.

This provision allows a representative of either the provincial government, as a whole, or any individual public body to contact any person or organization or to use publicly available information (e.g. on the Internet) that may be able to help in the collection of money owed to the public body or the government. This may include finding the home or work location or telephone number of the individual who owes money.

A debt is something that is owed, usually money, where the individual has an obligation to pay and the creditor has the right to receive and enforce payment.

A fine is a monetary punishment imposed on a person who has committed an offence, including an offence under a bylaw.

Information concerns the history, release or supervision of an individual under the control of a correctional authority (Section 34(1)(i))

This provision permits correctional and parole authorities to seek out information from a variety of sources about individuals under their control or supervision. The individual may be in a correctional institution or may be under supervision in the community.

History here means information about the person's background, including employment record, medical condition and behaviour.

Release includes both permanent and temporary release from a correctional institution.

Supervision includes any community disposition requiring supervision of an offender, including probation, bail supervision, parole, temporary absence, and ordered community service work, as well as supervision of an individual held in a correctional institution.

Information is collected for use in the provision of legal services to the Government of Alberta or a public body (Section 34(1)(j))

This provision recognizes that lawyers representing the provincial government or a public body may have to collect personal information to perform their jobs. The information may be required for day-to-day provision of legal services, or in preparation for a proceeding before a court or tribunal.

It is often not possible to collect the personal information directly because inaccurate information may be given. It may also be desirable that legal enquiries be made in confidence, or it may be that the individual concerned may not be able to provide the required information. In these circumstances the public body's legal representatives, or others providing legal services, can collect information indirectly, or ask an employee to do so on their behalf.

Information is necessary to determine eligibility to participate in a program or receive a benefit, product or service (Section 34(1)(k)(i))

Many programs operated by public bodies have eligibility criteria that must be met in order for an individual to participate in them or receive a benefit or service. This may require the public body to approach several different sources of information besides the individual to determine whether the criteria or qualifications are met. Examples include verification of income for the Alberta Seniors Benefit, low-income housing or other income-tested programs; verification of assets for programs requiring asset testing; and verification of educational prerequisites for a post-secondary program.

The program, benefit, product, or service may be one offered on behalf of the provincial government or may be specific to a particular public body.

Consent from the individual is not necessary if the requirements of section 34(1)(g) are fulfilled.

Information is necessary to verify eligibility to participate in a program or receive a benefit, product or service (Section 34(1)(k)(ii))

This provision is intended to allow for cases where an individual has already qualified for a program, benefit, product, or service and the public body needs to check that the individual is still eligible. In this case, personal information may be collected from a variety of sources other than the individual the information is about, and the individual does not need to be informed that verification is taking place.

For example, a public body may perform random checks on the income and assets of individuals on social assistance or in low-income housing to verify that an individual remains eligible for the program. Such a check may involve an interview with the individual but may also involve collection of personal information about an individual from other sources. Another example would be verification of a student's continued enrolment in a program so that the student may continue to receive student financial assistance or a grant.

As with the previous provision, it is good business practice to inform the individual about whom the information may be collected that verification of continuing eligibility may occur without notice. This is especially the case if the individual could incur any penalty for receiving a benefit for which he or she has become ineligible.

Information is collected by the Public Trustee or the Public Guardian (Section 34(1)(l))

The Public Trustee is the trustee for dependent adults who are unable to administer their own financial affairs because of a mental disability. The Trustee also administers the estates of persons who die intestate if the deceased persons have no adult beneficiaries residing in the province. In addition, the Trustee acts as guardian by protecting the assets and financial interests of missing persons and children under 18 years of age.

The Public Guardian is charged with the responsibility of ensuring that appropriate surrogate decision-making mechanisms, supports and safeguards are available to assist adults who are unable to make personal decisions independently.

Section 34(1)(l) permits the Public Trustee and the Public Guardian to collect personal information about a prospective ward indirectly from relatives, friends and others. This may include information about the individual's mental or physical health, financial information, employment or educational history, and opinions about the individual.

Information is collected for the purpose of enforcing a maintenance order (Section 34(1)(m))

This provision permits Alberta Justice and Attorney General to collect personal information for the purpose of enforcing maintenance orders.

Amendments to section 12 (when proclaimed) and section 13 (in force) of the Maintenance Enforcement Act require government departments, provincial agencies (e.g. post-secondary institutions) as well as business organizations (including municipalities) to provide an expanded number of types of personal information (e.g. financial information, an identification number issued by a province) to the Director of Maintenance Enforcement for the purpose of enforcing a maintenance order. Only the requested information that is listed in that Act should be disclosed by a public body and collected by the Director.

Information is collected to manage or administer personnel of the public body (Section 34(1)(n))

This provision recognizes the Government of Alberta as the employer for all provincial government departments. It allows government departments to collect personal information about an employee or prospective employee from other provincial government departments for the purpose of managing or administering personnel of the Government of Alberta.

Management of personnel refers to aspects of the management of human resources of a public body that relate to the duties and responsibilities of employees (see IPC Investigation Report 2001-IR-006). This includes staffing requirements, job classification or compensation, recruitment and selection, salary, benefits, hours and conditions of work, leave management, performance review, training and development, occupational health and safety, and separation and layoff. For the Government of Alberta, the term includes the government-wide network managed through the Personnel Administration Office. It does not, however, include the management of consultant, professional or independent contractor contracts.

Administration of personnel comprises all aspects of a public body's internal management, other than personnel management, necessary to support the delivery of programs and services. Administration includes business planning, financial, materiel, contracts, property, information, and risk management (see IPC Investigation Report 2001-IR-006).

Section 34(1)(n) also allows public bodies to collect information about employees or prospective employees from third parties. Any collection under this provision must have, as its purpose, the management or administration of the personnel of the public body collecting the information.

Employees should be informed in a general way as to how personnel information about them is collected and from what sources they can expect this information to be derived. They should also be aware of the purposes for which various types of information are used and of their rights under the Act.

Examples of such collection include the collection of references for prospective employees, determination of qualifications and performance for secondment and training opportunities, and the provision of pay and benefit services by one public body for other public bodies.

The indirect collection authorized in section 34(1)(n) does not apply to other internal activities of public bodies, such as Corporate Challenge events and United Way campaigns. Personal information of employees should be collected directly from the individuals and the notification provisions in section 34(2) need to be complied with.

Information is collected to assist in researching or validating the claims, disputes or grievances of aboriginal people (Section 34(1)(o))

This provision permits a public body to collect personal information indirectly in order to research the background and expedite the settlement of wider rights of aboriginal people.

Validating means confirming rights that have been contended by the parties to a claim, dispute or grievance.

The term claims, disputes and grievances is interpreted broadly to include all manner of controversies, debates and differences of opinion regarding issues in contention and is not restricted to differences over land claims.

Aboriginal people means individuals whose racial origins are indigenous to Canada, including Indian, Métis and Inuit people.

Notification (Section 34(2))

Section 34(2) sets out rules that a public body must follow when it is required to collect personal information directly from an individual. The notification requirement recognizes the individual's right to know the purpose of the collection of personal information and how the information will be used. It also allows the person to make an informed decision as to whether to give personal information when there is no statutory requirement to do so, and any consequences that may result from not doing so, including any limitations on services that the public body may provide in the absence of the information.

A public body must inform the individual of

• the purpose for which the information is collected;
• the specific legal authority for the collection; and
• the title, business address and business telephone number of an officer or employee of the public body who can answer the individual's questions about the collection.

The legal authority for collection may be a specific provision in an enactment of Alberta or Canada that expressly authorizes collection of the personal information, or section 33(c) of the FOIP Act, which authorizes collection of personal information that is directly related to and necessary for an operating program of a public body.

If a public body relies on section 33(c) of the FOIP Act, it is important to also provide the authority for the program for which the personal information is being collected. The program itself may be authorized by an Alberta or federal Act or a regulation under an Act, or a bylaw or legal resolution of a public body establishing a program that falls within its mandate under an Act.

Identifying someone to answer the individual's questions about the collection is intended to provide the individual with a knowledgeable source of information. The person cited should be familiar with the program, and be able to explain why the personal information is being collected and how it will be used, retained, and disclosed to other bodies.

Examples of cases where collection of personal information requires notification under this provision include collection of personal information for enrolment in a program, to receive a service or to apply for a benefit, collection of personal information on a client survey and collection of individually identifying information on a course evaluation form.

Notification may be given in many ways. It may be

• printed on a collection form;
• contained on a separate sheet or in a brochure accompanying a form;
• presented in a pop-up window linked to an online form;
• published in a calendar of a post-secondary institution or an information brochure about a program that is provided to all applicants;
• displayed on a notice hung on the wall or placed on a service counter; or
• given verbally, for example, during a phone call.

Regardless of the manner in which notification is provided, all three parts of the notice must be provided to the individual (see IPC Investigation Report 2000-IR-004).

The notice should be given at the time that the personal information is being collected. In IPC Investigation Report 2000-IR-007, the Commissioner found that a school should have provided students or parents with a notification statement when school photographs were being taken rather than during the registration process since the collection of student photographs was not part of registration.

When a notification is given verbally, either in person or over the telephone, it is a good practice to refer the individual to a written copy of the notice or to provide a printed copy either at the counter or later by mail, and to retain a record that the notice was given.

When individuals are applying for and participating in extensive and complementary programs, it may be convenient and effective to place a notice explaining all collections of personal information relating to the programs in a publication about the programs, or explain orally.

Public bodies should undertake a regular review of their collection instruments to determine which ones require the inclusion of collection notices. Collection notices should be included on all print and electronic forms used to collect personal information directly. This should be done in conjunction with the review discussed in section 7.1 of this chapter and any privacy compliance audit or forms review process, as discussed in Chapter 9 of this publication.

Exception to notification

Section 34(3) provides that the requirements of section 34(1) and (2) may be set aside if, in the opinion of the head of the public body, compliance with these provisions could reasonably be expected to result in the collection of inaccurate information.

Inaccurate information is incorrect, incomplete or misleading information, or information which does not reflect the truth.

This provision recognizes that in certain limited circumstances, such as the conduct of some surveys seeking opinions and in some psychological testing, there may be difficulty in getting accurate information if individuals are informed in advance of the reasons for the collection. In some cases, notifying individuals of the purpose of a survey would lead to responses that would distort the results.

Section 35 of the Act provides that, if a public body uses an individual's personal information to make a decision that directly affects the individual, the public body must

• make every reasonable effort to ensure that the information is accurate and complete; and
• retain the personal information for at least one year after using it so that the individual has an opportunity to obtain access to it.

A decision that directly affects the individual is one that has an impact on an individual's life or affects his or her rights. The meaning of the term is interpreted broadly and includes decision-making processes that are internal to a public body and those which involve a more direct relationship with the public.

Examples of decisions that directly affect an individual include a determination as to whether or not someone is entitled to income assistance or a student loan, a decision on hiring an individual or on admission to a course or program, and a determination regarding eligibility for subsidized housing or library services.

Section 35 does not apply if no decision, adverse or otherwise, will be or has been made about an individual. Examples include raw survey data where personal information is collected but the results are rendered anonymous, telephone messages, and unsolicited résumés that are never considered in relation to a position.

Accuracy and completeness (Section 35(a))

Section 35(a) requires the public body to make every reasonable effort to ensure that personal information is accurate and complete.

A public body makes every reasonable effort when it is thorough and comprehensive in identifying practicable means to assure that personal information used to make a particular decision affecting the individual is accurate and complete.

Accurate means careful, precise, lacking errors.

Complete means including every item or element; without omissions or deficiencies; not lacking in any element or particular. Information is complete when all the information necessary to make the decision, and only the information that will be used for that purpose, is collected.

Generally, if a public body collects personal information directly, it is likely to meet the requirement of making every reasonable effort to ensure that information is accurate and complete. This is especially so if the individual has signed a statement indicating that the information is accurate and complete. However, the burden of making every reasonable effort is higher when the consequences of a decision are greater.

Public bodies should have adequate procedures in place to properly verify the accuracy and completeness of any personal information crucial to an application, transaction or action at the time the information is provided (see IPC Orders 98-002 and 2001-004).

It is a good business practice for programs that use large personal information systems for delivery of programs or services to have systematic processes for updating personal information that is used on a regular or continuous basis.

Maintaining ongoing accuracy will be more challenging for programs that involve a lengthy review or approval process or an ongoing relationship with an individual. The accuracy requirements of the Act should be considered in the management of programs of this kind.

The Information and Privacy Commissioner has said that ensuring accuracy includes making certain that handwritten information used to make decisions, such as clinical notes, is legible (see IPC Order 98-002).

In IPC Order F2003-008, the Commissioner determined that section 35(a) did not apply to employment reference information given by a former employee of a public body after leaving the employment of the public body.

Retention (Section 35(b))

This provision requires public bodies to retain personal information for at least one year after using it to make a decision that affects an individual, so that the individual has a reasonable opportunity to obtain access to it.

This retention requirement is intended to permit individuals to review and, if necessary, to request correction of information about them that has been used by public bodies, and to do so before disposition of that information takes place. It is not necessary to retain personal information when no decision will be or has been made about the individual.

Retain means to maintain custody or control of the personal information.

Section 35(b) does not prevent public bodies from storing personal information in another location, such as the Alberta Records Centre, if the public body can retrieve the personal information in response to a request for access to it.

Section 35(b) does not include personal information in transitory records if the information is transferred to a different format. This may be the case with records such as counselling notes or notes of an interview panel member that are consolidated into a final document, if it is the policy of the public body to treat these notes as transitory records. (See Chapter 8.5 of this publication for further discussion of transitory records.)

An exception to this requirement is allowed when a public body and the individual the information is about both agree in writing to a shorter retention period. In the case of government departments and agencies subject to the Records Management Regulation, a decision not to retain the personal information requires additional approval from the Alberta Records Management Committee. This provision might be used, for example, to permit destruction of a person's application for counselling or addiction treatment when the applicant withdraws the application and does not seek the treatment.

If the Information and Privacy Commissioner conducts a review of the response to an access request that contains personal information, the information must be retained for a year from the date that the public body complies with an order by the Commissioner to disclose the personal information.

Public bodies may keep personal information longer than one year, depending on their operational needs and on legal requirements. Personal information can also be rendered non-identifying or anonymous and then retained longer for statistical purposes. However, keeping personal information longer than necessary increases the risk of a security breach and of “function creep” (i.e. using the information for purposes that were not originally contemplated). Also, if the information was collected for a certain purpose and the purpose is finished, the finality principle of fair information practices suggests that the public body should then destroy it.

To help ensure that out-of-date and incomplete personal information is not incorrectly used in a decision affecting an individual, personal information should be scheduled for retention and disposition in accordance with the appropriate authorities for the management of recorded information.

Right to request correction of personal information

An error is mistaken or wrong information or information that does not reflect the true state of affairs. An omission is information that is incomplete or missing or that has been overlooked.

Information is personal information if it meets the definition of personal information in section 1(n) of the Act, regardless of whether the public body created or gathered the information directly or obtained it from someone else (see IPC Order 98-001). A public body has custody of a record when the record is in the possession of the public body. A record is under the control of a public body when the public body has the authority to manage the record, including restricting, regulating and administering its use, disclosure or disposition. See Chapter 1.4 of this publication for a detailed discussion of custody and control.

In order to request a correction of personal information, an individual does not have to first make a request for access to his or her personal information. For example, a public body may refer to information contained in a record and the individual may challenge the accuracy of that record without having seen it.

Requests for a correction may be generated as a result of an adverse administrative decision (e.g. a denial of a claim or benefit), but the public body that made the decision does not have to revisit the decision as a result of the request.

The Act gives individuals the right to request a correction of personal information, not a right to have a correction made. The public body may either correct the information, by changing it or adding new information, or may refuse to correct the information, subject to other provisions discussed below.

When considering requests for correction of personal information, it is important to distinguish between the two types of information addressed by section 36 :

• factual information about the applicant, such as age, date of birth, income information or qualifications (section 36(1)); and
• opinions about the applicant, such as subjective assessments or evaluations of an individual's condition, abilities or performance (section 36(2)).

The individual must provide proof in support of the request for correction of factual information. The proof should be of the same nature and at least the same quality as the personal information required when the original collection took place. Examples of documents that might be required to prove facts include a birth or baptismal certificate to prove age, or a notice of assessment from the Canada Customs and Revenue Agency to prove income.

Although a public body cannot correct an opinion, it may, in some circumstances, seek or accept another opinion about the applicant and reconsider any decision based on the original opinion. However, the question of what information is used by a public body to make a decision about an individual is outside the scope of the Act and outside the jurisdiction of the Commissioner (see IPC Order 2001-004).

How a request is made

In many cases, an individual will ask for personal information to be corrected and supply proof of correction without doing this in a formal way. Public bodies can, and most often will, make corrections without a request under the Act if this is practical and expedites public business.

Where, in the opinion of the individual, an error or omission exists, a request for correction can be made to the public body in the form of a letter or on a Request to Correct Personal Information Form, a sample of which is included in Appendix 5 of this publication.

Requests for correction are subject to the same rules as requests for access under the Act. This includes time limits. It also includes a duty on the part of the public body to seek clarification of a correction request, if necessary (see IPC Order 98-010). The Commissioner has the power to review the actions of a public body with respect to requests for correction of personal information.

When a correction is made

When a public body decides to correct an error, all records containing the personal information must be corrected. This includes records in all information systems – paper, electronic and microform. Similarly, when a public body decides to add omitted information, all systems must be updated. The record should be annotated with the date of the correction. A linking mechanism, as described below, may have to be employed when personal information is stored on a medium such as microform, which may be more difficult to update.

To annotate personal information means to add the requested correction to the record, close to the information under challenge by the applicant. An annotation should be signed and dated. When designing electronic forms and databases, care should be given to allow for annotations. (For a discussion of annotation, see IPC Order 97-020.)

To link a record means to attach, join or connect the record to the requested correction. This may consist of a letter or statement from the applicant, or a copy of the Request to Correct Personal Information Form.

When a correction is refused (Section 36(3))

Relevant and material means that there is a direct connection between the correction requested and the use that has been or may be made of the personal information and that the correction is substantive. The correction should be both pertinent to the subject matter and significant in its content.

A public body may refuse or be unable to make a correction that an applicant requests. This may be because the information is not personal information, the applicant has not submitted adequate proof in support of the requested correction, or the information consists of an opinion rather than fact (see IPC Orders 98-010 and 2000-007).

In the case of factual information, when the public body is not satisfied with the proof presented, the public body does not change the information but rather annotates it or links the presented information to the original information.

In the case of an opinion, a public body may describe the information in dispute and place this description, along with a statement that the applicant does not agree with the opinion or interpretation, on the record. If practicable, the applicant's request for correction may be attached (see IPC Order 97-020).

A public body is required to note only that part of the requested correction which is relevant to the record being annotated or to which the link is being made. Public bodies are under no obligation to place the applicant's entire request on the record if it contains material that is not germane to the use made of the record.

Annotating a request for correction

A model Annotation to Personal Information Form is provided in Appendix 5 of this publication. A public body may use this form to set out an annotation relating to a correction that was requested but not made. This form clearly indicates to users that the information has been linked to a correction request and not corrected. It is filed with, or linked to, the information for which a correction was sought.

In IPC Investigation Report 2000-IR-006, the Commissioner recommended that a municipality put a system in place that would ensure that a corrected copy of a record of personal information is sent to the individual within 30 days of a correction being made to the individual's personal information.

When a public body makes an annotation or linkage regarding a request for correction that has been refused or regarding a request for correction that has been agreed upon, it must ensure that the new information is stored with the original information and will be retrieved whenever the information in question is used for an administrative purpose directly affecting the individual involved. Annotations must be made available to all users of the file or the information, including the individual, should he or she request access to his or her personal information.

In IPC Order 2001-009, the Commissioner found that the public body had not correctly annotated a request for correction of a videotape. Although the public body had placed the Annotation to Personal Information Form (see Appendix 5 of this publication) on the individual's claim file, it was also required to note on the videotape label that a correction request was on the individual's file.

In IPC Order F2003-019, the Commissioner determined that a proper linkage was not formed when the public body simply placed the request for correction in the individual's file that contained a large number of records. The public body was required to link the request for correction to the records in question in such a manner that it would be readily apparent that a request for correction had been made for those specific records.

Notification of other public bodies and third parties (Section 36(4))

Section 36(4) obliges public bodies to inform other public bodies, groups of persons, persons, or organizations that have received an individual's personal information of the request for correction or annotation of that information. Notification is required if the personal information has been shared in the year prior to the request for correction.

The notification process ensures that other parties have accurate and complete information for their own decision-making processes. In order to fulfil the notification requirements of section 36, and to be able to deal with privacy complaints concerning the disclosure of personal information, public bodies should establish administrative practices for the notation of disclosures on a transactional basis when the disclosure is not a routine disclosure for that type of personal information.

Section 36(5) provides that such notification is not necessary if

• the correction, annotation or linkage is not material; and
• the individual who requested the correction is advised and agrees in writing that notification is not necessary.

This provision recognizes that individuals may request correction of errors in a record that are not significant for the use of the record. Public bodies may dispense with third party or public body notification if the correction requested is not required for their decision-making, provided the individual agrees with this option.

Section 36(6) provides that other public bodies, once notified, must make any correction, annotation or linkage to the relevant personal information disclosed to them and which is in their custody or under their control. This helps ensure that all personal information shared between public bodies is accurate and complete.

Time limits (Section 36(7))

Section 36(7) provides that a public body must, within 30 days of receiving the request, give written notice to the individual that either the correction has been made or an annotation or linkage has been made. It is good practice to ensure that other public bodies or third parties are also notified within the 30-day time period.

A public body may extend the time limit to deal with a request for correction for up to 30 days or, with the permission of the Information and Privacy Commissioner, for a longer period.

Section 14 of the Act governs these extensions and the most likely to apply in correction situations is

• the applicant does not give enough detail to enable the public body to identify a requested record (section 14(1)(a)); or
• a large number of records is requested or must be searched and responding within the time limit would unreasonably interfere with the operations of the public body (section 14(1)(b)).

Model letters S, T and U in Appendix 3 of this publication deal with the correction process. Guidance on making corrections and annotations, as well as copies of the Request to Correct Personal Information Form and the Annotation to Personal Information Form are included in Appendix 5 of this publication.

Transfer of requests for correction (Section 37)

Section 37 provides authority for a public body to transfer a request for correction of personal information to another public body. This can occur when

• the other public body originally collected the personal information; or
• the other public body created the record containing the personal information.

If a request is transferred under this section, the public body transferring the request must notify the individual of the transfer as soon as possible. The public body receiving the transferred request has 30 days from the date of the transfer to respond to the request, and can extend this time limit as outlined above.

Section 38 of the Act requires a public body to protect personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or destruction.

Making reasonable security arrangements means approving and implementing a security policy for use within a public body .

In IPC Investigation Report F2003-IR-003, the Investigator found that a school jurisdiction had failed to make reasonable security arrangements to protect personal information against unauthorized access. Most staff members had full access to the electronic Student Information Record System and the system had no way to track who was accessing student information, when, or for what purpose. The limited access controls that did exist had not been employed, and no policies, procedures or training were in place regarding access and privacy.

Government departments and offices must also adhere to certain security policies produced by the Office of the Corporate Chief Information Officer, such as the Government Security Policy for Disk Wiping Surplus Computers and the Policy for Maintaining the Security of Government Data Stored on Electronic Data Storage Devices.

For other public bodies, disposal of personal information should occur only in accordance with policies and procedures approved by the governing body. Generally, these will be included in the bylaw, resolution or other legal instrument that approves the storage, transfer or destruction of a public body's records (section 3(e)).

Public bodies should document the transfer of records containing personal information to the Provincial Archives or other archives. Public bodies should also document the destruction of records containing personal information, except for transitory records.

Public bodies are responsible for ensuring that personal information is protected during the time it is in storage, waiting to be picked up, and in the process of being transferred to archives or destroyed.

For further information on conducting a threat and risk assessment and developing a security policy, see Chapter 9 of this publication.

Section 39 of the Act lists the only circumstances under which a public body may use personal information. A public body may use personal information only

• for the purpose for which the information was collected or compiled or for a use consistent with that purpose (section 39(1)(a));
• if the individual the information is about has identified the information and consented, in the prescribed manner, to the use (section 39(1)(b));
• for a purpose for which that information may be disclosed to that public body under sections 40, 42 or 43 (section 39(1)(c)); or
• if the information is in alumni records, for the purpose of a post-secondary educational body's own fund-raising activities (section 39(2)).

Use of personal information means employing it to accomplish the public body's purposes, for example, to administer a program or activity, to provide a service or to determine eligibility for a benefit. Public bodies may use personal information only under the following circumstances.

For the original or a consistent purpose (Section 39(1)(a))

In this section, the purpose is the object to be attained by the collection of the information or the thing intended to be done with it. This includes the administration of a particular program, the delivery of a service and other directly related activities.

The purpose must conform to section 33 of the Act, which limits the purposes for which information may be collected. The authority for collection of personal information (section 33) is discussed in section 7.1 of this chapter.

The purpose of collection is described in the collection statement provided to the individual when the information is collected directly. When the information is not collected directly, or when it is compiled from several sources, the purpose should be stated in the written policy or procedure dealing with the program.

Compiled refers to a process by which certain information is created and becomes tied to or associated with an identifiable individual. For example, a public body creates or assigns a student ID number for each student. This information becomes the personal information of the student but the information was compiled by the public body, not collected from the student (see IPC Order 2001-038).

A public body may make use of personal information it has gathered, created or manipulated for the specific purposes for which it is permitted to obtain it.

Section 39(1)(a) also says that a public body may use personal information for a use that is consistent with the original purpose.

Consistent use is defined in section 41 of the Act as a use that has a reasonable and direct connection to the original purpose of collection and that is necessary for performing the statutory duties of the public body.

In IPC Order 2001-038, the Commissioner found that a school board's use and disclosure of a child's gender information for advertising, marketing and revenue generation purposes were not consistent with the original purpose for collection – namely, to register the child in school. However, use and disclosure of other personal information for the purpose of setting up and administering a student e-mail system was a consistent purpose.

For personal information held in personal information banks, public bodies must keep a record of all the purposes for which the personal information was collected or compiled and the purposes for which it is used or disclosed (section 87.1(2)(d)).

With the consent of the individual (Section 39(1)(b))

A public body may use personal information if the individual the information is about has identified the information and has consented, in the prescribed manner, to its use.

Consenting in the prescribed manner means that the public body has followed the procedures for obtaining consent set out in section 6 of the FOIP Regulation. This states that consent

• must be in writing; and
• must specify to whom the personal information may be disclosed and how the personal information may be used beyond the original purpose for which the personal information was collected or compiled.

A public body may wish to seek consent for an emerging new use of personal information. If the public body is not collecting additional personal information for the new use but merely using personal information that it has previously collected, then an individual who has identified the personal information related to the new use may consent, in writing, to the new use. The collection notice required under section 34(2) should be revised to indicate the new use, and to state that the use of personal information collected from individuals after that time will be in accordance with the revised purpose.

Consent to a different use by the individual concerned serves as an indication that the person knows the consequences of the use of his or her personal information and has been provided with enough facts to make an informed decision about whether or not to consent to the use. When the person concerned has not indicated whether or not consent is given to a different use of personal information, public bodies cannot assume the individual has consented.

Public bodies cannot penalize individuals for refusing to give consent for use for an additional purpose by denying them any benefit or service provided through the original collection. Individuals may, however, find they are denied a benefit or service that might have been made available if the individual had consented to use of his or her personal information for that different purpose.

Chapter 2.5 of this publication deals with those classes of persons who may act for minors, incompetent persons, and other individuals in giving or withholding consent.

For a purpose for which the information may be disclosed to a public body under sections 40, 42 or 43 (Section 39(1)(c))

This provision permits a public body to use personal information that has been disclosed to it by another public body under sections 40, 42 or 43 of the Act.

For example, the Students Finance Board may disclose to a housing management body financial information that a student provided to it on the student's loan application in order to verify that the amount of rent being paid by the student is as stated on the application (section 40(1)(l)). The housing management body can use the financial information disclosed by the Students Finance Board in order to verify the rental amount. The housing management body cannot use the personal information for any other purpose unless that use for the other purpose is authorized under another provision of section 39.

Section 39(1)(c) also allows a public body to use personal information disclosed to it for research purposes by another public body under section 42 or by the Provincial Archives or the archives of another public body under section 43.

Information in alumni records of a post-secondary educational body for fund-raising (Section 39(2) and (3))

The use of this personal information is qualified by section 39(3). This requires the public body to discontinue using an individual's personal information for fund-raising purposes when requested to do so by that individual.

Post-secondary educational bodies should take reasonable steps to inform their alumni of this provision. This might consist of placing a notice in a prominent place in the institution's alumni newsletter to give individuals a chance to request cessation of the activity, or providing alumni with an opportunity to request cessation of the activity when mailing lists are updated, or mailing a notice to all alumni. For more information on this topic, see FOIP Bulletin No. 5, Fund-Raising, published by Access and Privacy Branch, Alberta Government Services.

Limit on use of personal information (Section 39(4))

Section 39(4) sets some limits on the extent to which a public body can use the personal information in its custody or control.

A public body can use information only to the extent necessary to carry out its purpose in a reasonable manner. This limitation applies both to the amount and type of personal information being used.

This provision is intended to ensure that public bodies to which personal information is disclosed only use the minimum amount of information necessary to achieve their purpose.

For example, employees in a particular program area who have access to personal information in an electronic database should be provided with access to only those data elements they require to do their job, not to the whole database. Employees could be given access to certain views or screens in a database, rather than access to the entire database.

Limiting the use of personal information can also be done by anonymizing the information (e.g. by stripping identifiers) so that many employees can manipulate and analyze the data. In this model, only a few authorized staff have access to the individually identifying information that is initially collected. A unique identification number is assigned to the information or to the data subjects. The non-identifying data can then be used for various analytical or reporting purposes within the organization.

In a reasonable manner means in such a way that a public body is not required to implement overly restrictive procedures on the use of personal information when the information is not of a sensitive nature or when the use by others in the organization would not be harmful to personal privacy.

This statement mirrors the statement covering disclosure of personal information in section 40(4).

Section 40 of the Act lists the only circumstances under which public bodies may disclose personal information. Section 40 provides for a response to an access request under Part 1, and for disclosure in the course of various administrative processes and in response to informal access requests.

Disclosure of personal information may occur only in the specific circumstances outlined in section 40. If section 40 does not provide authority for a disclosure, the public body cannot disclose the information.

In IPC Investigation Report 2001-IR-002, the Investigator found that personal information about an investigation that was discussed at an in camera council meeting should not have been disclosed to a journalist since the disclosure was not authorized by any of the disclosure provisions of the Act.

Section 40 does not authorize disclosure of personal information on the basis that a third party may obtain access to that information through other means (see IPC Investigation Report F2002-IR-005).

Section 40 enables disclosure; it does not require disclosure. This is indicated by the word may in the introduction to the section. Public bodies should look at the circumstances surrounding each request and the privacy protection objectives of the Act when deciding whether to disclose personal information.

Section 40(4) states that a public body may disclose personal information only to the extent necessary to enable it to carry out the purposes described in sections 40(1), (2) and (3). These purposes are described in the following pages. Disclosure has to be carried out in a reasonable manner.

Public bodies should be careful to disclose only limited amounts of personal information.

For example, when a school division issued a letter to staff, students and parents regarding the death of a student, it should have simply notified them about the death and advised parents and staff of resources available to help the students. The school division should not have provided details about the death (see IPC Investigation Report F2003-IR-002). In IPC Investigation Report F2004-IR-002, a school district was found to have disclosed too much information when reports sent to parents about their children's alleged misbehaviour contained information about other students involved in separate incidents. (See also IPC Order F2004-010.)

Disclose means to release, transmit, reveal, expose, show, provide copies of, tell the contents of, or intentionally or unintentionally give personal information by any means to someone.

Although the Act applies to recorded information, section 40 is not limited to the disclosure of records. Disclosure includes oral transmission of recorded information by telephone or in person; provision of personal information on paper, by facsimile copy or in another format; and electronic transmission through electronic mail, data transfer or the Internet.

Section 40 provides for disclosure

• to the person whose information it is, either in response to a routine request for information or in response to a request under Part 1;
• to an individual's personal representative who is entitled to exercise the rights of that individual under section 84 of the Act;
• to any other person in response to an access request; as a disclosure in the public interest (section 32); when the disclosure would not be an unreasonable invasion of privacy (section 40(1)(b)), or when section 40 of the Act specifically allows the disclosure; or
• to other public bodies, to legislative, legal and judicial officers, to other levels of government, or to non-government organizations; the disclosure may take place to support the activities of either the public body disclosing the information or the party to which it is disclosed.

Section 40 does not prevent the routine disclosure of an individual's personal information to that individual if the public body has adopted a policy of disclosing a particular category of personal information. In these circumstances, the public body will provide the personal information without a FOIP request.

Public bodies must keep a record of the purposes for which personal information held in any personal information banks may be disclosed (section 87.1(2)(d)) (see section 7.11 of this chapter).

Public bodies must also keep a record of any disclosures of personal information made under section 40 for a purpose not included in the Directory of Personal Information Banks (section 87.1(3)). This may consist of a note on a file or a flag in an electronic system that refers to a paper record or another data file.

As a best practice, a record of a disclosure may include

• the name of the individual whose personal information is requested;
• the nature of the requested information and the purposes for which it will be used;
• the authority for the disclosure;
• the title, business address and business telephone number of the contact person in the requesting public body or agency; and
• the name and signature of the officer or employee of the public body who authorizes the use or disclosure.

Public bodies should regularly review their disclosure policies and practices to ensure that they meet the requirements of the Act. Where it is found that disclosures are not authorized, practices should be altered to meet legal requirements or discontinued. A review may be carried out in conjunction with a review of information practices and systems as discussed in Chapter 9 of this publication.

Public bodies may disclose personal information only for the following purposes. Each permitted disclosure is outlined and discussed.

Disclosure in accordance with Part 1 of the Act (Section 40(1)(a))

This provision permits disclosure to respond to access requests and to comply with the public interest disclosure provisions of the Act. Under this provision, a disclosure may take place when

• an applicant has requested access to his or her own personal information, subject to the exceptions in sections 16 to 29 and to the paramountcy provision in
  section 5;
• an applicant has requested access to records containing personal information about another individual and disclosure of the personal information does not constitute an unreasonable invasion of the privacy of the other individual under section 17, subject to other exceptions and to third party notification requirements; or
• section 32 applies.

Disclosure that would not be an unreasonable invasion of a third party's privacy under section 17 (Section 40(1)(b))

This provision permits disclosure in the clearest of cases after a complete analysis has been carried out under section 17 and a determination made that the personal information would not be excepted under section 17 in response to an access request. If there is any doubt as to whether the disclosure would be considered an unreasonable invasion of personal privacy, the public body should have the person who asked for the information submit an access request under Part 1 of the Act.

When another provision of section 40 permits disclosure, the disclosure should be made under the other specific provision. Examples are: disclosure with the consent of the individual, disclosure required or authorized by an Act of Alberta or Canada, and disclosure for research purposes.

This provision gives public bodies flexibility in responding to requests for personal information that clearly would be provided if a FOIP request were made. It allows for a more helpful and timely response to such requests.

In some circumstances, public bodies will be able to establish policies and practices for routine disclosure in response to requests for particular classes of personal information or as a result of active dissemination of personal information without a request. In establishing such policies, public bodies should determine whether any of the other exceptions outlined in Part 1 of the Act might apply to the information (see Chapter 2.4 of this publication for a discussion of providing routine access to records or information).

Examples of classes of personal information for which a policy might be appropriate include

• information about employee classification, salary range, employment responsibilities and discretionary benefits (