Welcome to the new NAIT.ca! We encourage you to explore the site and provide your feedback.

General

What changed on September 1, 1999?

Post-Secondary institutions became subject to the Freedom of Information and Protection of Privacy Act. The FOIP Act provides Albertans with the right to request access to information held by post-secondary institutions: it provides protection of the privacy of personal information: and it allows individuals the right to request correction of personal information.

What post-secondary institutions are covered by the FOIP Act?

The Act defines an educational body in section 1(d). The definition includes universities, technical institutes, public colleges and the Banff Centre.

What records of post-secondary institutions are subject to the FOIP Act?

All records that are in the custody or under the control of the post-secondary institution are subject to the FOIP Act (section 4(1)) unless a specific exclusion applies. Custody is the possession of the record by the Institute, including situations where the records of a third party are stored on the premises of the public body. A record is under the control of an Institute when it has the authority to manage the record, including restricting, regulating and administering its use, disclosure and disposition.

Is a FOIP Request the only way that individuals can access information about the Institute or about themselves?

No. A formal request under the FOIP Act should be seen as a last resort for accessing information from the Institute. The Act does not replace existing procedures for accessing personal or other information that would normally be make available to the public or to an individual on request.

Can records that have been traditionally accessible before the FOIP Act came into effect become inaccessible?

Yes, for the most part. However, before the Institute provides records or information in response to an informal request, it must determine whether or not the records or information can continue to be provided outside the FOIP Act.

What is not considered to be an "unreasonable invasion of privacy under the FOIP Act?

It is not considered to be an unreasonable invasion of personal privacy if: the individual consents; an enactment authorized disclosure; the information is about classification, salary range, discretionary benefits or employment responsibilities at the institute; the information provides details of contracts (including financial) for the supply of goods and services to the institute; or the information provides details of discretionary benefits or grants. It is also not considered to be an unreasonable invasion of personal privacy if: the disclosure is not contrary to the public interest and reveals only information about the enrolment of an individual in the Institute or in a program of the Institute; about the individual’s attendance at or participation in a public event or activity related to the Institution (e.g. graduation ceremony, sporting or cultural event); or about the individual receiving an honour or award granted by the Institution. However, the disclosures above would be considered an unreasonable invasion of the individual’s personal privacy if he/she requested that the information not be disclosed.

Can photographs be taken at the Institute?

Yes. At public events there is an expectation that the public may take photographs and this is not an unreasonable invasion of privacy. It’s also expected that photos will be taken for preparing ID cards. Photos can be taken by anyone who gives their consent.

Can information that has been provided to the Institute by a third party be released in response to a FOIP request?

Any information in the custody or control of the Institute is accessible under the FOIP Act even when it is provided by a third party. The information must be examined carefully to determine whether disclosure would be harmful to the business interests of the third party [Section 15], harmful to personal privacy if it contains personal information [Section 16] or if it meets one of the other mandatory exceptions in the Act. If you believe it falls into either of the above two categories, it may be necessary to notify the third party about the request and allow for representations to be made about disclosure [Section 29]. The FOIP Coordinator carries out this action.

When does the Institute notify third parties about FOIP requests?

Section 29 sets out when the Institute must give notification to a third party. If the Institute is considering giving an applicant access to a record containing the third parties personal or business information, then notice must be given. The third party has 20 days to consent to disclosure or provide reasons why the record should not be disclosed. If access to the record is not going to be provided, notification is not required but is recommended as a courtesy unless it would be onerous.

Should FOIP requests from the media be treated in a particular manner?

No. However, because the results of the application are likely to be published, the Institute’s Communications or Public Affairs Department and the Office of the President may need to be informed of what is being released, why material is being withheld and when the release is taking place. This will allow them to be prepared for questions from the media or the public.

What would the consequences be for an employee of the Institute who destroyed a record subject to a request with the intent to evade the request?

Destroying any record subject to the Act with the intent to evade a request for access is an offense and the individual is liable to a maximum fine of $10,000. [Section 86(2)]

What are the consequences to the Institute if it does not comply with the FOIP legislation?

Apart from the embarrassment for a major public institution in refusing to comply with provincial government mandated legislation and any resulting adverse publicity, the Information and Privacy Commissioner has the right to order compliance. In addition, the Act allows for fines up to $10,000 for individuals who:

  • willfully collect, use or disclose personal information in violation of the privacy protection part of the Act,
  • make a false statement to, or mislead the Commissioner, or his officers or any other person under the Act,
  • obstruct the Commissioner or other person in the performance of the Commissioner’s or another person’s duties, powers or functions under the Act,
  • fail to comply with a Commissioner’s order,
  • alter, falsify or conceal any record, or direct another person to do so, with the intent to evade a FOIP request, or
  • destroy records subject to the Act with the intent to evade a request for access to the records [Section 86(1)]

The FOIP Office will assist in ensuring that the Institute’s collection, use and disclosure of information complies with the legislation.

Can a researcher use the Institute's records?

Yes, but only in accordance with Section 40 of the Act and the Institute’s policy on research and data sharing. When records contain personal information that can identify individuals, they must be stripped of any personal identifiers or the researcher has to apply to the Institute for permission to use the records. The researcher will have to show that the research purpose cannot reasonably be accomplished unless the information is provided in individually identifiable form; that the record linkage will not be harmful to the individuals the information is about, and that the benefits to be gained are clearly in the public interest. The researcher will then have to sign a research agreement. A research agreement is also required under Section 41(2) when information, including personal information is being disclosed from the archives of an Institution for research purposes.

In response to a FOIP request, is the Institute required to create a record in a different form than that which it currently has (i.e. information contained in several databases rather than as one record)?

Yes, in some circumstances. When there is a formal FOIP request, Section 9(2) requires a public body to create a record when it can readily do so using existing hardware and software and technical expertise. This requirement is further limited by the requirement that fulfilling this obligation should not unduly interfere with the operations of the Institute.