This Chapter outlines how a public body is to handle and respond to a request for access to records made by an applicant under Part 2 of FIPPA - Access to Information.
This Chapter covers:
7(1) Subject to this Act, an applicant has a right of access to any record in the custody or under the control of a public body, including a record containing personal information about the applicant.
7(2) The right of access to a record does not extend to information that is excepted from disclosure under Division 3 or 4 of this Part, but if that information can reasonably be severed from the record, an applicant has a right of access to the remainder of the record.
7(3) The right of access to a record is subject to the payment of any fees required by the regulations.
Part 2 of FIPPA - Access to Information - is 'access to information' legislation, and reflects two of the stated purposes in section 2 of FIPPA:
Specifically, subsection 7(1) of FIPPA states that any person has a right of access to a record, or part of a record, in the custody or under the control of a public body, including a record containing personal information about the person requesting access (the applicant).
This right of access does not extend to:
The right of access includes an applicant's right of access to a record containing personal information, other than personal health information, about himself or herself [subsection 7(1)].
An individual seeking access to a record containing his or her own personal health information must request access under **The Personal Health Information Act**, not under Part 2 of FIPPA [subsection 6(1)].
An individual's right of access under Part 2 of FIPPA can be exercised by another person authorized to act on his or her behalf, under specific circumstances.
The right of access is subject to the payment of fees as required by the Access and Privacy Regulation.
Any person" has a right of access under Part 2 of FIPPA. The term "person", when used in legislation such as FIPPA, means an individual (that is, a human being) and also "includes a corporation and the heirs, executors, administrators or other legal representatives of a person". That is, the right of access under FIPPA is not restricted by residency or citizenship, and applies to corporations, businesses and other organizations, as well as to individuals.
9 The head of a public body shall make every reasonable effort to assist an applicant and to respond without delay, openly, accurately and completely.
FIPPA requires public bodies to make "every reasonable effort":
The duty to assist the applicant is an important requirement in FIPPA. The duty applies throughout the access request process, but it is particularly important during the applicant's initial contact with the public body.
The public body, through its Access and Privacy Coordinator, should attempt to develop a cooperative working relationship with the **applicant** in order to better understand the applicant's wishes or needs, and to ensure that he or she understands the access to information process under FIPPA. Both the applicant and the public body will benefit from a cooperative, respectful relationship.
Also see Ombudsman Practice Note: The Duty to Assist under FIPPA and PHIA.
Section 41 in Part 3 of FIPPA - Protection of Privacy - requires that a public body protect all personal information in its custody or under its control by "making reasonable security arrangements against such risks as unauthorized access, use, disclosure or destruction."
Section 42 requires that a public body:
These duties apply to any personal information about an individual who is making an access request under Part 2 that the public body obtains or collects in the course of receiving and responding to the request.
For example, the name, home address, home phone number, and other personal information provided by an individual making an access request is personal information that the public body must protect and deal with in accordance with Part 3 of FIPPA.
This means that:
But, when a public body transfers an access request to another public body under section 16 of FIPPA - because, for example, the other public body has custody or control of the records requested - it is appropriate to transfer the whole access request, including the name and contact information and other personal information provided by the access applicant to the other public body. This disclosure of personal information is appropriate, as this is information the other public body needs to process, respond to and make decisions about the access request.
Also see Ombudsman Practice Note: Protecting the Privacy of Access Requesters.
1(1) "Applicant" means a person who makes a request for access to a record under section 8;
8(1) To obtain access to a record, a person must make a request to the public body that the person believes has custody or control of the record.
8(2) Form Requirements: A request must be in the prescribed form and must provide enough detail to enable an experienced officer or employee of the public body to identify the record.
8(3) Eligibility for Oral Requests: An applicant may make an oral request for access to a record if the applicant:
3(1) A person requesting access to a record shall complete an application in Form 1 of Schedule A.
3(2) Where practicable, the application must be submitted to the access and privacy coordinator at the location of the public body identified on the FIPPA website at https://www.gov.mb.ca/chc/fippa/wheretosend/index.html.
3(3) An application shall be date stamped on the day it is received.
3(4) If the public body considers that verification of the applicant's identity or that of a third party is necessary in order to respond to the application, the public body may at any time require the applicant to provide suitable identification.
To apply for access to a record under Part 2 of FIPPA, a person must make a request to the public body that the person believes has custody or control of the record [subsection 8(1)].
An access request must be made by completing the "prescribed" application form - that is, Form 1 of Schedule A of the Access and Privacy Regulation [subsection 8(2) of FIPPA; subsection 3(1) of the Regulation].
An access request must be made by completing the "prescribed" application form - that is, Form 1 of Schedule A of the Access and Privacy Regulation [subsection 8(2) of FIPPA; subsection 3(1) of the Regulation].
The Application Form includes instructions and can be found on the FIPPA website at: https://www.gov.mb.ca/chc/fippa/pdfs/fippa appform apr2011.pdf
The applicant must provide enough detail to enable an experienced officer or employee of the public body to identify the record [subsection 8(2)].
The applicant must submit the Application for Access to the public body that the applicant believes has custody or control of the record being requested [subsection 8(1)]. Where practicable, the applicant must submit the Application to that public body's Access and Privacy Coordinator at the location of the public body identified at: https://www.gov.mb.ca/chc/fippa/public bodies/list public bodies.html [subsection 3(2) of the Regulation].
In the case of a public body that is a government department or government agency, if an applicant sends an Application for Access to another office of the department or government agency, including to the Minister's office, it should be accepted, date stamped and forwarded immediately to the Access and Privacy Coordinator. If possible, it should be faxed to the Coordinator right away and then sent by mail.
Application forms should be available from all public offices and from the public body's Access and Privacy Coordinator. The Application for Access form is available on the FIPPA website at: https://www.gov.mb.ca/chc/fippa/pdfs/fippa appform apr2011.pdf
If a person sends a letter requesting access, instead of using the required Application for Access form, the Coordinator should immediately fax or mail an application form to the person. Depending on the situation, the Coordinator may decide to begin processing the request at once in order to assist the applicant. This would be in keeping with the duty in section 9 of FIPPA to assist applicants.
Every public body that falls under FIPPA is also a trustee of personal health information under The Personal Health Information Act.
If a public body receives an Application for Access from an applicant seeking access to a record that includes both information that falls under FIPPA and personal health information about the applicant, the personal health information in the record must be dealt with under The Personal Health Information Act, not under FIPPA [section 6].
But, as The Personal Health Information Act does not require that a request for access be in writing, the Coordinator may decide to treat the FIPPA application as a request under both FIPPA and The Personal Health Information Act. This would also be in keeping with the duty in section 9 of FIPPA and in subsection 6(2) of The Personal Health Information Act to assist applicants.
The time limit in The Personal Health Information Act for responding to a request by an individual for access to his or her own personal health information is 30 days, with no extensions.
The only reasons for refusing an individual access to his or her personal health information are those set out in section 11 of The Personal Health Information Act.
FIPPA allows an applicant to make an oral request for access to a record if he or she:
In this situation, a senior staff member should fill out the Application for Access form as directed by the individual and have the individual sign the form, if possible. The staff member should then date stamp the Application and send it immediately to the Access and Privacy Coordinator for the public body.
Subsection 3(3) of the Access and Privacy Regulation requires that, an Application for Access be date stamped "on the day it is received".
This means that the officer or staff member of the public body who first receives an Application for Access must date stamp the application on the day he or she received it - whether or not he or she is the Access and Privacy Coordinator.
If an officer or staff member other than the Access and Privacy Coordinator is the first to receive the Application for Access, after date stamping the request, he or she should immediately forward it to the Coordinator, as the time limit for responding to the access request runs from the date it is received by the public body.
On receiving an Application for Access, the Access and Privacy Coordinator should record the application and the date it was received by the public body in an access request tracking log.
The handling of an access request, and decisions related to it, need to be well documented. Thorough documentation will be important:
The public body should record receipt of the access request and open a file for it. The file should include:
Also see Ombudsman Practice Note: Documenting Access Decisions under The Freedom of Information and Protection of Privacy Act and The Personal Health Information Act.
On the day it is received, or as soon after as possible, the Access and Privacy Coordinator should review the access request to determine:
An access request must be in the required form and "must provide enough detail to enable an experienced officer or employee of the public body to identify the record" requested [subsection 8(2)].
If the request is unclear, provides insufficient information, or is overly broad, the Access and Privacy Coordinator should contact the applicant as quickly as possible to clarify his or her information needs. Vague or overly general applications are usually the result of a lack of understanding of the functions of the public body, its records or how to best state the request.
Under clause 15(1)(a) of FIPPA, the head of the public body may extend the time for responding to an access request for up to an additional 30 days, or longer if the Ombudsman agrees, if "the applicant does not give enough detail to enable the public body to identify a requested record".
Where an Application for Access has been sent to the wrong public body, the Access and Privacy Coordinator should transfer the application as soon as possible, and no later than 7 days after receipt, to the appropriate public body [section 16]. Section 16, and transferring access requests, is discussed later in this Chapter, under Transferring an Access Request to Another Public Body.
A public body may be able to satisfy an applicant's information needs by providing records that are already publicly available, or that can be made available through the process of routine disclosure.
The Access and Privacy Coordinator should notify the applicant right away and advise him or her of the process for obtaining the information.
In many cases, the public body will simply provide the information, subject to any copying charges. In some instances, the applicant may be required to fill out a different application form. For example, if the applicant wants access to records governed by The Vital Statistics Act, he or she will have to complete the appropriate form of the Vital Statistics Agency and submit the required fee. The Coordinator should ensure that the applicant understands what is required or who to contact for further information and should then confirm that the applicant wishes to withdraw the Application for Access under FIPPA.
A 'blanket' request occurs when an applicant has sent the same, or substantially the same, request for access to two or more government departments, at the same time or nearly the same time.
For information about procedures to follow when handling blanket requests, contact the Information and Privacy Policy Secretariat of the Department of Sport, Culture and Heritage.
16(1) Within seven days after a public body receives a request for access to a record, the head of the public body may transfer it to another public body if
16(2) If a request is transferred under subsection (1),
Subsection 16(1) states that the head of a public body may transfer a request for access to a record to another public body in three situations:
The transfer must take place within seven days after the public body received the access request.
Before an access request is transferred, the Access and Privacy Coordinator must confirm that the second public body has custody or control of the requested record and that it agrees to the transfer.
Clause 16(2)(a) of FIPPA requires that, if an access request is transferred to another public body, the head of the public body that transfers the application must notify the applicant of the transfer in writing as soon as possible. A sample letter notifying an applicant that his or her access request has been transferred can be found in the Model Response Letters and Forms, on the FIPPA website at: https://www.gov.mb.ca/chc/fippa/public_bodies/resources_public_bodies.html
Clause 16(2)(b) requires that the public body to which the access request is transferred make every reasonable effort to respond to the request within 30 days after receiving it, unless the time limit is extended under section 15(5) or notice is given to an affected third party under section 33 of FIPPA.
Time limit for responding
11(1) The head of a public body shall make every reasonable effort to respond to a request in writing within 30 days after receiving it unless
Failure to respond
11(2) The failure of the head of a public body to respond to a request within the 30 day period or any extended period is to be treated as a decision to refuse access to the record.
Subsection 11(1) requires a public body to make every reasonable effort to respond to a request for access in writing within 30 days after receiving it, unless:
The time limit for responding to a request by an individual for access to his or her own personal health information under The Personal Health Information Act is also 30 days, but unlike FIPPA, this time limit cannot be extended. When dealing with a request for access to a record that contains personal health information about the applicant as well as other information, a public body must be aware of the difference in the time limits between the two Acts. Also, the only grounds for refusing an individual access to his or her own personal health information are those set out in subsection 11(1) of The Personal Health Information Act.
The 30-day time limit is based on **calendar days**, not working days. The 30 days start to run on the day after the date that the Application for Access is received by any officer or employee of the **public body**.24 For this reason, it is essential that the Access and Privacy Coordinator have a back-up person to take over FIPPA responsibilities when the Coordinator is on leave.
If the 30-day period ends on a Sunday or other statutory holiday, the time for responding is extended to the next day that is not a Sunday or a statutory holiday.25 Subsection 23(1) of The Interpretation Act of Manitoba states that the following days are 'statutory' holidays:
Under subsection 23(2) of The Interpretation Act, when a holiday other than Sunday or Remembrance Day falls on a Sunday, the next day is a holiday, and when Christmas Day falls on a Sunday, December 27th is a holiday.
Note:
Saturday is not a statutory holiday. But, subsection 24(2) of The Interpretation Act of Manitoba states that where the time limit for doing anything under a statute or regulation falls on a day on which the office in which it is to be done is closed "during its regular hours of business", the time limit is extended to the next day on which the office is open.
If you have any questions about when the time limit for responding to an access request begins or ends, contact legal counsel.
If an access request is incomplete and further information is required from the applicant, the Access and Privacy Coordinator should seek this information right away. The date on which the access request was received by the public body cannot be changed. But, the need to obtain more information may be grounds for extending the time limit under subsection 15(1) of FIPPA (discussed next).
Note:
Public bodies should try to respond to requests as quickly as possible, and before the end of the 30 day time limit whenever possible. Section 9 of FIPPA requires that the head of a public body make every reasonable effort to respond to an applicant "without delay".
Extending the time limit for responding
15(1) The head of a public body may extend the time for responding to a request for up to an additional 30 days, or for a longer period if the Ombudsman agrees, if
Notice of extension to applicant
15(2) If the time is extended under subsection (1), the head of the public body shall send a written notice to the applicant setting out
The head of a public body may extend the 30 day time period for responding to an access request for up to an additional 30 days only if:
Where the public body has, despite reasonable efforts, been unable to obtain the necessary details or clarification during the initial 30 day time limit, this extension may apply to give the public body more time to do so.
There are two requirements that must be met before clause 15(1)(b) can be relied on to extend the 30 day time limit:
Where the public body has, despite reasonable efforts, been unable to complete the necessary consultations within the initial 30 day time limit, clause 15(1)(c) may apply to give the public body more time to do so. Note that clause 15(1)(c) applies to consultations with other public bodies or with third parties; it does not apply to consultations amongst the officers and staff of the public body itself. Other public bodies that are consulted about an access request should respond as quickly as possible.
A third party who has been given notice by the head of a public body under section 34 of FIPPA of the head's decision to give access to a record containing information affecting the third party's privacy interests under section 17 or its business interests under section 18 may complain to the Ombudsman about the decision to give access.
Note: A public body cannot claim a time extension for the time it spends reviewing records or consulting within its own ranks.
Under clause 15(1), the head of the public body, or the head's delegate, may extend the time period for responding to an access request for up to an additional 30 days, or for a longer period if the Ombudsman agrees. An extension of time must take place within the initial 30 day response period.
If a public body requires an extension of longer than 30 days, it should follow the procedures in Ombudsman Practice Note: Making a Submission to the Ombudsman for an Extension Longer than 30 Days.28
If the time for responding is extended under subsection 15(1), the head of the public body, or his or her delegate, must send a written notice to the applicant setting out:
A sample letter notifying an applicant of an extension of the time period for responding to an access request can be found in the Model Response Letters and Notices, on the FIPPA website at: https://www.gov.mb.ca/chc/fippa/public bodies/resources public bodies.html.
Also see the following Ombudsman Practices Notes:
Effect of estimate on time limits
82(4) When an estimate is given to an applicant under this section, the time within which the head is required to respond under subsection 11(1) is suspended until the applicant notifies the head that the applicant wishes to proceed with the application.
If a public body gives a written estimate of fees to an applicant under subsection 82(2) of FIPPA, the time within which the public body is required to respond to the access request under subsection 11(1) is suspended until the applicant notifies the public body that he or she wishes to proceed with the access application [subsection 82(4)].
If the applicant does not notify the public body that he or she wishes to proceed within 30 days from the date the fee estimate is given, the public body may consider the application to have been abandoned [subsection 82(3)].
Failure to respond
11(2) The failure of the head of a public body to respond to a request within the 30 day period or any extended period is to be treated as a decision to refuse access to the record.