Presentation to the Association of Municipal Administrators of New Brunswick 2013 Annual Conference Shediac, NB – June 14, 2013

 On September 1, 2010, a new law regarding access to information and protection of privacy came into effect: Right to Information and Protection of Privacy Act ◦ Designed for the public sector ◦ Promotes spirit of openness and transparency ◦ Grants right to request information relating to the public business of a public body ◦ Grants right to request one’s personal information ◦ Obligates public bodies to protect private information at all times ◦ Act “ Came to Town” on September 1, 2012

◦ Also created on September 1, 2010 ◦ Independent of government ◦ Commissioner: Officer of Legislative Assembly ◦ Impartial oversight body to ensure compliance with Right to Information and Protection of Privacy Act ( as well as Personal Health Information Privacy and Access Act )

 Interpret the Act  Inform the public of its rights  Promote openness and transparency  Provide guidance on how best to apply the new rules  Ensure compliance with the Act

 Receives: ◦ General inquiries about the Act ◦ Complaints regarding responses to requests for access to information ◦ Notification of privacy concerns or breaches of the Act (the handling of personal information found in records during its collection, use, disclosure, retention, or destruction)  Investigates and Resolves: ◦ Complaints informally if at all possible  Publishes: ◦ Reports of Findings after investigations (when required)  Currently Developing: ◦ An “interactive” complaint investigation and resolution process specifically for municipalities

RIGHT OF ACCESS  Grants public a right to request information contained in records held by public bodies ◦ Key words: access to information rather than access to records  Promotes disclosure of the information, subject to limited and specific exceptions  Imposes on public bodies an obligation to respect that right of access - duty to assist

 All information regarding the public business of the public body, its activities and functions ◦ Found in its records  Example: information found in minutes of meetings, reports, decisions made, handwritten notes, correspondence, s, text messages, etc. Includes information created before the Act came into effect

 Time limit to respond is 30 days, unless authorized to extend time limit  Search for relevant records must be thorough  Response should be meaningful  Processing of request remains confidential for applicants and third parties

 Two types of exceptions: ◦ Mandatory: public body has no choice but to withhold the information requested ◦ Discretionary: head of the public body must come to a decision whether or not to disclose the information  Based on relevant considerations existing at the time of the request

An applicant who is not satisfied with the response has two options:  Refer the matter to the Court of Queen’s Bench for review (legal application, must file within 30 days) Or  File a complaint with the Office of the Access to Information and Privacy Commissioner within:  60 days of receiving response, or  120 days from making request if did not receive a response

 Commissioner must investigate all complaints  Will first attempt to resolve the matter informally  To the satisfaction of both parties, and  In accordance with the Act  Meanwhile guidance on application of rules is provided  If informal resolution is unsuccessful, formal Report of Findings will be published  May contain recommendations

PROTECTION OF PRIVACY  Privacy breach occurs when personal information is: ◦ Lost or stolen, handled or accessed in an unauthorized manner or without consent If breach occurs, must reduce possible harm caused by:  Containing it  Assessing the risk of harm  Notifying the Commissioner and those persons affected  Implementing corrective measures to prevent recurrence

 Access to information Governed by rules found in Part 2 of the Act Request to access private information Only rules for protection of private information found under Part 2 can be considered in exceptions to disclosure  Protection of privacy Governed by rules found in Part 3 of the Act Protects private information at all times Rules under Part 3 are applied by public bodies to protect private information on a regular basis – not for requests

 Personal information − protected based on unreasonable invasion of privacy  Business information − protected based on may cause harm to business ◦ Both types may still be subject to access (Subsections 21(3) &22(3)) − Because disclosure deemed not unreasonable invasion of privacy nor to cause harm ◦ Example: personal information about an officer or employee of a public body deemed subject to disclosure:  job classification  salary range  benefits  employment responsibilities or  travel expenses

 If information is protected under another statute, the Act will respect that protection unless there is conflict regarding its disclosure ◦ Example: where third party individual or business consents to release of own private information which is otherwise protected by other statute  Public procurement is a good example of such interaction

 Appropriate level of confidentiality of business and personal information while promoting transparency and accountability  Rules ensure that the public obtains access only to information it is entitled to receive  Where request made to access bid information after tender is awarded, municipality must ask the bidder for consent to release the bid information  See Guide for Municipalities on Public Procurement and the Act

Use video surveillance only to:  Ensure safety of the public  Enforce the law  Supplement less intrusive forms of surveillance Cannot use video surveillance to:  View inside private dwellings  View areas of greater privacy  Capture images of those citizens not targeted by stated purpose of surveillance  Simply observe

TRANSPARENCY ◦ Advise the public as to purpose of the surveillance ◦ Inform the public to ensure that the surveillance is considered acceptable ◦ Keep the public informed of the surveillance, and any changes made to it ◦ Post signs indicating where video surveillance camera is located ◦ Ensure cameras cannot be manipulated or adjusted to change viewing area unless authorized

SECURITY ◦ Protect information collected by video surveillance ◦ Ensure that video feed is encrypted to reduce the risk of unauthorized access ◦ Limit those authorized to access the recorded information ◦ Train staff on importance of security and protection of privacy of the recorded information ◦ Conduct annual audits

 Protect personal information and business information at all times, including during retention, storage and destruction  Implement proper and secure handling practices when retaining, storing and destroying the information  Adopt and follow reasonable retention schedules and inform the public of same  Securely store records in locked or controlled-access areas  Destroy records securely and under supervision (shredding, disk wiping, etc.)

Regent Fredericton, NB E3B 7H8 Tel/Tél: Toll-free/Sans frais: Fax/Fac: /Courriel: