The following is a list of some of the most recent postings on the website, including Orders, Investigation Reports, news releases and resources. The dates below correspond to the date that each item was posted on the website.
The OIPC has received questions from organizations in all sectors about how to manage records or personal information when transitioning staff to work from home. To assist, the OIPC provided some points to consider.
In response to some confusion about whether the Commissioner can relax requirements to submit PIAs during a public health emergency, the OIPC issued this notice.
An applicant made four separate access requests to Alberta Health. Each request was for any documentation containing the applicant’s name, held by a specific Alberta Health employee. A different employee was named by the applicant in each request, and a different time period was specified for each request. Alberta Health provided one response to all four requests. It withheld some information citing sections pertaining to disclosure harmful to personal privacy (section 17), confidential evaluations (section 19) and advice from officials (section 24). The applicant requested an inquiry into Alberta Health's decision to continue to withhold information under section 17(1) for one record. The Adjudicator found that section 17(1) did not apply to some of the information Alberta Health had withheld and ordered Alberta Health to disclose this information to the applicant.
An individual complained that her former psychiatrist, Dr. Gendemann, accessed her health information on Netcare after he had ceased being her doctor. The Adjudicator applied the principles set out in a certain Alberta Court of Appeal decision to the use of health information for providing health services (section 27(1)(a)). The Adjudicator determined that using health information to provide a health service includes using that information to defend the provision of the health service in a subsequent proceeding. The Adjudicator determined that Dr. Gendemann had authority to access the complainant’s health information in Netcare under section 27(1)(a).
The OIPC provided some information in the event that records responsive to an access request cannot be accessed or processed due to a disaster or pandemic, such as COVID-19.
The OIPC has updated its guidance for privacy in a pandemic, which is meant to help public bodies, health custodians and private sector organizations know how personal or health information may be shared during a pandemic or emergency situation. Privacy laws are not a barrier to appropriate information sharing in these circumstances.
An individual provided Netcare logs showing access to her health information at a Shoppers Drug Mart location. At the time, the licensee of the pharmacy and custodian of the information for that location was Somayeh Pharmacy Ltd. One of the individuals accessing the health information was an employee and affiliate of the custodian. In the companion order, H2020-01, the Adjudicator found that the access by this individual had been done without authority. The Adjudicator found that at the time the information was accessed, Somayeh Pharmacy Ltd. was in compliance with its duty to protect health information as required by section 60(1) of HIA, as well as with its duty to establish policies and procedures to facilitate the implementation of the HIA as required by section 63(1).
An individual made a request to Alberta Justice and Solicitor General (JSG) for records relating to the 2013 floods and more specifically, information relating to the berms that were constructed. The inquiry was divided into two parts. The first part of the inquiry resulted in Order F2018-27, which addressed JSG's claim of solicitor-client privilege. This order addressed JSG's application of sections pertaining to records to which the FOIP Act does not apply (section 4(1)(a)), disclosure harmful to personal privacy (section 17(1)) and advice from officials (section 24(1)). The Adjudicator made several determinations, including that some of the information withheld under section 17(1) was not personal information, and that some information (such as hourly rates of contractors) is information to which disclosure harmful to business interests of a third party (section 16(1)) might apply, rather than section 17(1).
An individual provided Netcare logs showing access to her health information by pharmacist Saeed Sattari. Mr. Sattari responded that he did not access the health information but it must have been done by someone else using his password. He did not provide any evidence or suggestions as to how this could have happened. The Adjudicator found on a balance of probabilities that Mr. Sattari had accessed the health information without authority, and ordered him to stop doing so.
Peace River School Division No. 10 issued a Trespass Notice against the applicant. The applicant made an access request seeking records that would identify the individuals responsible for it. In response to the access request, the school division provided copies of three of its policies, and one email previously sent to it from the applicant. The remainder of the responsive records consist of four email chains and their attachments. The emails were collectively withheld under sections pertaining to disclosure harmful to business interests of a third party (section 16(1)), disclosure harmful to individual or public safety (section 18) and privileged information (section 27(1)(a)). The Adjudicator made several determinations regarding the withheld information. The applicant also sought review of the school division's duty to assist applicants (section 10(1)). The Adjudicator ordered the school division to respond to the access request as required by section 10(1).
Copyright 2020 OIPC. All rights reserved.