Privacy Policy
1.0 Purpose
The County of Elgin is committed to public transparency and accountability in compliance with the terms of the Municipal Freedom of Information and Protection of Privacy Act (“MFIPPA”). The purpose of this policy is to provide guidelines and procedures regarding public access to information governed by MFIPPA.
2.0 Scope
This policy pertains to all records retained in the custody or under the control of the County of Elgin.
3.0 DEFINITIONS
For the purpose of this Policy:
- “Act” shall mean the Municipal Freedom of Information and Protection of Privacy Act R.S.O. 1990, c. M. 56, as may be amended or replaced.
- “County” shall mean the Corporation of the County of Elgin.
- “Record” shall have the same meaning as it is defined in section 2 of the Act, as amended from time to time.
- “Personal Health Information” shall have the same meaning as it is defined in section 4 of the Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A, as amended from time to time.
- “Personal Information” shall have the same meaning as it is defined in section 2 of the Act, as amended from time to time.
- “Routine Disclosure” shall mean the routine or automatic release of certain types of administrative and operational records in response to requests made informally.
4.0 Procedures
4.1 MFIPPA establishes a general right of access to records created and maintained by the County under the following guiding principles:
- The public has the right to information held by the County;
- Information should be made available to the public;
- Any person can make a request for information held by the County under the Act;
- Exemptions from the right of access to information should be limited and specific;
- The protection of personal information held by the County under the Act is a right of the Individual; and
- Decisions relating to disclosure of information can be reviewed by an independent body: the Information and Privacy Commissioner of Ontario.
4.2 Authority to Collect Personal Information – Personal information shall only be collected by the County where the collection is:
- Expressly authorized by statute;
- Used for the purposes of law enforcement; or
- Necessary to the proper administration of a lawfully authorized activity.
County forms that collect personal information must include a Notice of Collection under MFIPPA.
4.3 Routine Disclosure – Wherever possible, records will be made available and/or released on a routine basis and without the need to file a formal request. All information discussed in an open forum, such as County Council meetings, is open to the public and can be routinely disclosed.
4.4 Exemptions under the Act – Records shall not be disclosed, or shall be severed and only disclosed in part, where exemptions under the Act apply. The County therefore may not make disclosures including, but not limited to, records or portions of records that:
- are draft by-laws and reports;
- are advice or recommendations;
- might interfere with a law enforcement matter;
- were received in confidence from another government entity;
- were received in confidence from an Aboriginal community, or that may prejudice the conduct of relations between an Aboriginal community and the County;
- contain third-party information, including technical, commercial, scientific, or labour relations that were supplied in confidence and the release of which could reasonably be expected to be prejudicial;contain information, the release of which could prejudice economic or competitive interests;
- are protected by solicitor-client privilege;
- contain information, the release of which might pose a danger to safety or health;
- contain the personal information of an individual(s), except where such disclosure is in accordance with the various exceptions contained within the Act that do permit such disclosure.
- have been previously destroyed according to the County’s Classification and Retention Schedule.
4.5 Personal Health Information – Requests for information or correction received related to Personal Health Information are subject to the Personal Health and Information Protection Act (“PHIPA”) and shall be dealt with in accordance with PHIPA and the County’s Health Information Privacy Policy.
4.6 Audio and Video Surveillance – Audio / video surveillance systems are in use at facilities owned or leased by the County of Elgin to promote the safety and security of residents and the general public and to protect the County’s assets and property. Information obtained from these systems shall be governed by the County’s Audio / Video Surveillance Policy under the terms of MFIPPA.
4.7 Shared Responsibility – The management and safekeeping of information is the responsibility of each employee, councillor, agent or representative of the County. Confidentiality must be protected by any individual who is authorized to have access to information in order to perform his or her duties.
4.8 Delegation of Duties Under the Act – The Warden is designated as Head of the County for the purposes of the Act. The Warden’s duties as Head are delegated to the County Clerk. The Director of Community and Cultural Services acts as the Privacy Coordinator on behalf of the Clerk. Staff, members of County Council and agents or representatives of the County should consult the Privacy Coordinator for clarification on how to proceed where an access request is received and it is not immediately apparent that the information is within the public domain. Individuals may also consult the Privacy Coordinator where information is not easily available.
4.9 Eligibility to File a Request – Every person has a right of access to a record or a part of a record in the custody or under the control of the County, except where the record or the part of the record falls within one of the exemptions under MFIPPA. The identity of persons making requests shall not be disclosed except to those who need to know in order to administer the request and/or the Act. The following procedure shall be followed to access County records:
- Using the attached request form, a person requesting access to a record shall submit a request in writing that states the specific request for access to
information in sufficient detail to enable the Coordinator to identify the requested record(s). - Except where routine disclosure applies, a person requesting access to a record shall attach to the request form payment or proof of payment of a fee of $5.00. This fee must be collected before the individual request will be processed. The request and proof of payment shall be forwarded to:
Privacy Coordinator
Elgin County Administration Building
450 Sunset Drive
St. Thomas, Ontario
N5R 5V1. - The request shall be date stamped and, in compliance with MFIPPA, the request shall be completed within a 30-day period. Eligible extensions to this response period shall be communicated in writing to the requester and shall state the reason(s) for the extension under MFIPPA and the consequential timelines.
4.10 Fees – Fees and charges levied to the requester are prescribed under the Act and its associated regulations as follows:
- Photocopy Cost – $0.20 per page
- Search Time – $7.50 per ¼ hour to search and to retrieve
- Computer Costs for developing a program or other method of producing a record from machine readable data – $15.00 per ¼ hour
- Record Preparation – $7.50 per ¼ hour to prepare records for release
- Data Storage Disks – $10.00 per disk
- Costs incurred to locate, retrieve, process, and copying the record, where those costs are specified in an invoice received by the County – Variable
For access to personal information about the individual making the request for access, “Search Time” and “Record Preparation” fees will not be charged. Fee estimates will be given if anticipated fees are $25.00 or more. If the estimate is over $100.00, a 50% deposit is required prior to processing the request any further. A person who is required to pay a fee listed above may ask the Commissioner to review the amount of the fee.
This policy shall be considered amended should any fee changes resulting from legislative or regulatory amendments occur. If there is any conflict between this policy and the County’s Fees and Charges By-Law, the Fees and Charges By-Law shall prevail, except that where the Fees and Charges By-Law is silent on a fee set out in this policy, it shall not be considered a conflict.
4.11 Right of Appeal – The requestor has the right of appeal regarding any decision on release of information, the process taken and/or associated timelines with the Information and Privacy Commissioner of Ontario (IPC). Notice on the right of appeal shall be provided on all responses to the requestor.
4.12 County Councillor Records – The Privacy Coordinator will determine whether the Act applies to a Councillor’s records. Councillors’ records are generally subject to release only where they are in the custody or control of the County and where they were produced outside of Council’s decision-making process and within the course of the Councillor’s duties as an officer or employee of the County. Generally, records related to a Councillor’s role as an individual constituent representative are not subject to MFIPPA.
5.0 PRIVACY BREACH PROTOCOL
The County is committed to ensuring that appropriate and secure safeguards exist for the management and protection of personal information. In the event that a breach of personal information does occur, the following actions shall be taken:
- Upon learning of a privacy breach or potential privacy breach, staff shall immediately notify the Chief Administrative Officer, the Privacy Coordinator, and the Director of Legal Services, who will act as a control group responsible for investigating the breach pursuant to guidelines set out by the IPC.
- The Privacy Officer will immediately provide notification to IPC if the breach is deemed significant.
- The control group will immediately provide notice to the County’s insurer if the breach is deemed significant.
- The control group will lead efforts to identify the scope of the breach and to implement the necessary steps to contain it.
- The control group will provide notice to those impacted by the breach. The notice will outline the extent of the breach, its identifiable impacts, and support(s) available to the affected party. Such notice may be provided by formal (such as registered mail) or informal (such as e-mail or regular mail) means, depending on the severity of the breach.
- The control group will lead an investigation into the causes of the breach and will implement remedial efforts to prevent reoccurrence.
Further Information:
Privacy Coordinator
County of Elgin
519-631-1460 x138
privacy@elgin.ca