Government Services  Contact Us
 Search 		Government of Alberta
Location: Alberta Government Home > FOIP Home > Resources > Publications > Contractor's Guide to the FOIP Act Brochure
Legislation Resources FAQs Training for Public Bodies Directory of Public Bodies Commissioner Decisions
home | about | what's new | links
Annual Reports
Directory of Personal Information Banks (PIBs)
FOIP Newsletter
Forms
Guidelines and Practices
Presentations
Publications A - Z
Statistics
Topic Listing
 Print Version

Contractor's Guide to the FOIP Act Brochure

Revised June 2008

PDF Version (pdf)

How does the FOIP Act affect a contractor providing services to the public sector?

The Freedom of Information and Protection of Privacy Act, or the FOIP Act as it’s commonly known, applies to information about services provided by or on behalf of “public bodies.” Public bodies include government departments, as well as “local public bodies,” such as municipalities, universities, colleges, school boards and others.

The Act requires public bodies to ensure that contractors providing services on their behalf follow the rules for collecting, using and disclosing personal information that a public body would have to follow. Public bodies cannot “contract out” of their obligations under the FOIP Act.

Contractors must meet strict standards for protecting personal information. This is especially true when a contractor manages sensitive personal information, such as health or financial information of Albertans.

The FOIP Act also requires a contractor to be able to produce records that a member of the public may request from the public body. The contractor must be able to retrieve records and provide them to the public body within a few days. These would be records about the services provided to the public, not about the contractor’s own operations.

The FOIP Act, not the Personal Information Protection Act (PIPA), applies to the records relating to the contract. The FOIP Act does not apply to the contractor’s own business information, such as the contractor’s employee records.

The contractor’s obligations should be clearly set out in the contract.

What should a contractor expect in a contract with a public body?

The amount of detail in the contract will depend on the complexity and the duration of the business arrangement. However, there are some key points that are normally covered if they are applicable. The responsibility for costs should be clear in all cases.

Records management

  • What records the contractor will have to create, maintain or store
  • Any special conditions governing the way records are managed
  • Requirements about the return or disposal of records (such as maintaining a disposal log or ensuring that confidential records are shredded)

Protection of privacy

  • The contractor’s responsibility for the actions of its employees, agents and subcontractors
  • Limits on the collection of personal information, and requirements to notify individuals about the purpose of any collection of personal information
  • Limits on the collection of personal information from a source other than the individual
  • Limits on the use and disclosure of personal information
  • Requirements respecting storage of personal information (normally only within Canada)
  • Security standards (technological, physical, administrative)
  • What must be done if there is a demand for disclosure of personal information
  • What must be done if there is a breach of privacy

Access to information

  • Which records are considered to be under the control of the public body and can be requested under the FOIP Act
  • What the contractor must do if there is a FOIP request for records in its possession (such as searching for the records, providing original records or copies, meeting time limits for responding)

General clauses

A contract may also include clauses that affect the contractor’s operations or costs. These clauses may:

  • Provide for inspections or audits to monitor compliance with the contract
  • Limit assignment of the contract and subcontracting (for example, approval may be required in each case)
  • Require a contractor to conduct security checks on its employees (for example, if individuals will be collecting personal information from children)
What else should a contractor be aware of?
  • The public has a right to request access to information about publicly funded contracts. If information about a contract is requested under the FOIP Act, the information must be disclosed unless it can be shown that the contractor had a reasonable expectation of confidentiality and that disclosing the information would be harmful to the contractor’s business interests.
  • A contractor has the right to challenge a decision to disclose its business information.
  • The FOIP Act includes offences and substantial penalties for intentional contravention of the Act.
What should a prospective contractor consider when bidding on a contract with a public body?

The prospective contractor should:

  • Assess what records management considerations are likely to arise in the project. For example, a requirement to segregate records relating to the contract may add costs for the contract.
  • Assess what privacy considerations are likely to arise in the project. For example, a contract to develop a course may not require consideration of privacy protection, whereas a contract to deliver training may require protection of the personal information of trainees.
  • If the project will require a Privacy Impact Assessment, determine whether the expertise is available to conduct the Assessment and how this will affect any critical time lines.
  • Identify any costs associated with meeting privacy requirements, such as training staff and providing appropriate safeguards.
  • Consider the likelihood of requests for access to information for records relating to the project and the likely cost of retrieving information needed by the public body to respond to requests. Requests are most common for projects that are controversial or attract media attention. It may be helpful to seek advice from the program area.
  • Identify any sensitive commercial or financial information in a bid and request that it be kept confidential. Confidentiality cannot be guaranteed, but a selective request for confidentiality may be persuasive in the event of an access request.

For further information about the implications of the FOIP Act on an existing or proposed contractual arrangement, contact the person responsible for the FOIP Act in the public-sector agency (called a “public body” in the FOIP Act). Contact information is available in the directory of public bodies at foip.alberta.ca/pbdirectory. Alternatively, contact:

Access and Privacy
Service Alberta
3rd Floor, 10155 - 102 Street NW
Edmonton, Alberta T5J 4L4
Phone: 780-427-5848
E-mail: foiphelpdesk@gov.ab.ca
Website: foip.alberta.ca