AP 564: Freedom Of Information And Privacy Protection
Business & Finance
Background
The Freedom of Information and Protection of Privacy (FOIP) Act controls the manner in which a local public body collects, uses, discloses and disposes of personal information. The Division provides the public with access to information while protecting individual (personal) information.
Definitions
a) Personal Information: means recorded information about an identifiable individual, including:
a. An individual’s name, home or business address, or home or business telephone number;
b. An individual’s race, national or ethnic origin, colour or religious or political beliefs or associations;
c. An individual’s age, sex, marital status, or family status;
d. An identifying number, symbol, or other particular assigned to the individual;
e. An individual’s fingerprints, blood type or inheritable characteristics;
f. Information about the individual’s health and health care history including information about a physical or mental health.
g. Information about the individual’s educational, financial, employment, or criminal history, including criminal records where a pardon has been given;
h. The opinion of anyone else about the individual, and
i. An individual’s personal views or opinions, except if they are about someone else.
b) Privacy Breach: refers to a loss of, unauthorized access to, or unauthorized disclosure of personal or individually identifying information.
c) Record: means a record of information in any form and includes books, documents, maps, drawings, photographs, letters, vouchers and papers and any other information that is written, photographed, recorded or stored in any manner, but does not include software or any mechanism that produces records.
d) Transitory record: refers to records in any format that are of short-term value, with no further use beyond an immediate transaction and have no permanent value for the Division.
Procedures
1. The FOIP Act primarily intends to:
1.1. Allow any person a right of access to the records in the custody or under the control of a public body subject to limited and specific exceptions as set out in the FOIP Act;
1.2. Control the manner in which a public body may collect, use or disclose personal information.
1.3. Allow individuals, subject to limited and specific exceptions, the right of access to personal information about themselves that is held by a public body;
1.4. Allow individuals the right to request corrections to personal information about themselves that is held by a public body; and
1.5. Provide for independent reviews of decisions made by a public body under the FOIP Act and the resolution of complaints under the FOIP Act.
2. The Associate Superintendent of Corporate Supports and Services shall be the Head of the Privacy for the Division as delegated by the Superintendent.
3. The Executive Assistant of the Associate Superintendent, Corporate Supports and Services shall act in the capacity of FOIP Coordinator for the Division.
4. Site Supervisors, including the Principal of each school shall be the “Site Coordinator” for the purposes of the FOIP Act. Site coordinators are responsible to ensure the protection of personal information at their schools or business units and are to direct inquiries about disclosure of information to the FOIP Coordinator.
With respect to collection, disclosure and access to information:
5. No personal information may be collected unless collection is specifically authorized by the School Act or the information relates directly to and is necessary for an operating program or activity of the Division.
6. The Division may use or disclose personal information:
6.1. Only for the purpose for which it was collected or compiled;
6.2. For a use consistent with that purpose;
6.3. If the individual the information is about has identified the information and has consented to the use of the information, or
6.4. For purposes specifically provided for in the FOIP Act.
7. The following personal information can be used or disclosed, without obtaining consent, for educational and safety purposes:
7.1. Student records, report cards, attendance lists, absenteeism verification, and student identification cards;
7.2. Classroom educational activities and field trips;
7.3. Digital and online student accounts;
7.4. School newsletters and yearbooks and internal websites and publications;
7.5. Transportation services, including school buses;
7.6. Honour roll, academic or athletic awards, graduation ceremonies, and scholarships;
7.7. Emergency response, including law enforcement and security; and
7.8. Eligibility determinations for provincial and federal funding and information sharing with Alberta Education.
8. The Division has a duty to maintain accurate and complete personal information that is used to make decisions about the individual.
8.1. Under the FOIP Act an individual has the right to request a correction when the applicant believes an error or omission has been made.
9. The Division provides access to Division publications.
9.1. All publications, following release, will be available in the Division Office, for review by members of the public.
10. Persons requesting information shall first contact either the school or Division Office, whichever is responsible for creating or maintaining the information in question. The records management system may be reviewed to assist in locating readily available accessible information, documents or contact persons.
11. Access to information through the FOIP Act is intended as a last resort and may be considered if other attempts to acquire information have failed.
12. If the requested information is not available from the school, then the person requesting the information may apply to the designated FOIP Coordinator with their request.
12.1. In a request, the applicant may ask for a copy of the record or to examine the record.
12.2. A request shall be in writing by completing a FOIP Request Form – AP 564 Appendix A and shall provide enough detail to enable the Division to identify the record.
With respect to privacy breach
13. In the event of a privacy breach, the Division shall contain the breach, evaluate the risks associated with the breach, notify the affected parties and may report the breach to the Information and Privacy Commissioner of Alberta.
14. Division staff members are required to fill out the Privacy Breach Form which can be accessed at http://www.psd.ca/download/373269 and submit the completed form to the FOIP Coordinator.
With respect to records management
15. Transitory records:
15.1. Are only required for a limited period of time in order to complete a routine action;
15.2. Are produced or received in the preparation of other records which supersede them;
15.3. Are not needed as evidence of a business activity, as such, can be normally routinely disposed of;
15.4. Are not filed in official records systems; and
15.5. Are not required to meet legislative or regulatory obligations.
16. Examples of transitory records include but are not limited to: advertising materials, junk email, notices of social events, duplicate documents used for convenience, email notices on meetings, holidays, boardroom reservations, photocopies of departmental publications, and draft documents.
17. Transitory records shall be destroyed securely when they are no longer required.
18. If a FOIP request is received, the ability to routinely destroy transitory records is suspended until the FOIP request has been completed.
