Continuing a series of blog posts that I’m calling “A Conversation with…“, I’m pleased to post the following conversation with my fellow Manitoban and our Provincial Ombudsman, Irene Hamilton.
Irene Hamilton, and her team of professionals at the Office of the Manitoba Ombudsman (the Ombudsman’s Office”), provides excellent service to Manitobans. Thanks to Irene Hamilton’s leadership, the Ombudsman’s Office has made a number of improvements to its operations over the years. I’m looking forward to seeing the changes to the Ombudsman’s Office website referenced below.
Thanks to Irene Hamilton for agreeing to engage in this online Q & A conversation. If you’d like to learn more about Irene Hamilton, the Ombudsman’s Office, or the issues raised in this conversation, I’d encourage you to visit the Ombudsman’s Office website.
Q. In most other provinces, privacy oversight is performed by an Information and Privacy Commissioner. How does the role of the Ombudsman compare to these positions?
A. In Manitoba, the Ombudsman is the Information and Privacy Commissioner as well. The role and function of the Ombudsman is similar to 10 of the 15 federal, provincial and territorial jurisdictions in Canada that have access to information and protection of privacy laws. In these 10 jurisdictions, the Information and Privacy Commissioner has “ombudsman” powers – that is, the power to comment proactively, investigate complaints and make recommendations to public bodies, but not the power to issue orders. In Prince Edward Island, Quebec, Ontario, Alberta and British Columbia, the Commissioners can issue orders in relation to access to information and protection of privacy.
There are other differences among the jurisdictions as well. With The Personal Health Information Act or “PHIA”, Manitoba had the first information privacy statute in North America dealing specifically with personal health information (as opposed to Manitoba’s Freedom of Information and Protection of Privacy Act, or “FIPPA”, that concerns access to and privacy of other kinds of information). Four other Canadian provinces have enacted similar legislation to PHIA since 1998, when PHIA first came into force here.
Q. The Freedom of Information and Protection of Privacy Act (“FIPPA”) includes, as its title suggests, both access to information and privacy mechanisms. On the face of it, these two terms seem inconsistent. How do we bring them together?
A. The application of the provisions of FIPPA do not create the inconsistency that one might infer from the title.
FIPPA has a set of rules concerning access to information and a set of rules concerning privacy of personal information. These two sets of rules are contained in two distinct parts of the Act and are administered separately.
There is a set of rules on how an individual can formally request access to a particular record under the control of provincial and municipal governments and other public bodies and how the public body is to respond. The general rule is that an individual has the right to see or receive a copy of the requested record, but specific exceptions can apply. One of those exceptions relates to protecting the privacy of information about another individual. The idea is to provide as much of the requested information as possible. This particular set of rules is triggered only when a person makes a formal FIPPA request for information.
The other set of rules in FIPPA is always in operation. These rules set out how provincial and municipal governments and other public bodies are to handle records containing personal information that are in their control while conducting their duties. These rules describe in what situations a public body can collect, use or share personal information and the basic rule is that the most limited amount of personal information necessary is to be handled for a particular situation. While an individual can expect certain privacy, there are specific situations where records about them can be collected, used or shared without their consent — for example for safety, public policy and specific operational reasons.
Q. Your office supports the “Right to Know” initiative. What is “Right to Know” about and why do you support it?
A. “Right to Know” is an international celebration observed annually in late September, to remind people that governments have legislation allowing people to obtain information held by government and other public bodies. The right of access, when used by individuals or organizations like media, helps to improve knowledge about government, scrutinize government and address public issues. “Right to Know”, with its public events and media focus, reinforces the commitment to a culture and spirit of openness, and promotes public awareness of access to information principles and the resources that assist in adherence to the legislation.
Q. Manitoba, like other provincial governments, has introduced Enhanced Identification Cards (“EIC”) to respond to increased security demands at U.S. border crossings. What role has your office played in the development and rollout of EICs?
A. Together with my Privacy Commissioner colleagues, I am of the view that the Enhanced Identification Card or “EIC” — a voluntary identity document for entry into the U.S. by road or water — raises privacy implications. I am pleased to say that my office was consulted early in the development of the Manitoba Enhanced Identification Card and we continued to be involved as the Manitoba Enhanced Drivers License was introduced as well. Through our participation we wanted to accomplish two main goals: 1. to fulfill our oversight role in relation to new government programs or initiatives by providing our comments to ensure the protection of personal information to the extent possible; and, 2. to bring the perspective of the public to the process by asking questions that people might have. In the process, we have promoted providing detailed information to the public so that they can determine if the EIC or EDL is the right card for them. We have also produced a “privacy awareness fact sheet” for persons considering obtaining an EIC or EDL. This is on our web site, at www.ombudsman.mb.ca.
Q. Your office releases summaries of selected access and privacy cases on its website. What is the most common area you investigate and report on?
A. One of our goals for this year is to redesign our website and include regular postings of our reports online for the reference of information privacy professionals as well as the public that will provide a better understanding of how we interpret various sections of the acts, and the basis upon which we come to our conclusions. Having said that, since June 2005 our office has produced dozens of “practice notes” about interpreting and administering various sections and principles of FIPPA and PHIA, probably of greater interest to information privacy professionals than to the public. These, too, are on our Manitoba Ombudsman web site.
We find that the greatest number of complaints that we receive are refusals of access to information under FIPPA. This includes not only responses by public bodies refusing access, but also failures to respond to the applicant. Unfortunately, we also receive numerous complaints about privacy breaches under PHIA.
Q. Looking forward, what kind of privacy developments should we watch for in 2010?
A. The file that will be most time consuming for us will be privacy protection of personal health information in the electronic health record that has been under development in Manitoba and across Canada for some time. Significant funds have been made available to Departments of Health throughout the country to build electronic systems that will connect to provide instantaneous access to health records. The system is designed to promote better care and eliminate administrative repetitiveness. Our view is that the public needs to understand what the electronic health record or “EHR” is, its scope and how their personal health information will be used and shared within that system.