by Gary Dickson, Q.C.

LawNow August / September 2001

Private or Public: A Non-Profit's Records

Non-profit agencies and charitable organizations in Alberta deliver an amazing array of useful and important services to citizens.

Agencies operate half-way houses for offenders, shelters for domestic violence victims, and offer all kinds of services to new Canadians. They work to assist seniors, children and to promote the prevention of a wide range of diseases. Increasingly the non-profit sector is left to fill in gaps left by shrinking government services. These non-profit agencies all too often manage with slim budgets. Many of them rely on a small but extremely committed group of full time staff, supplemented by many more volunteers.

Since October 1, 1995, the Freedom of Information and Protection of Privacy Act (FOIP Act) has guaranteed Albertans a new set of privacy and information rights. So far this new law has been focused on provincial and municipal governments and public entities such as regional health authorities, schools, universities and colleges. This law implemented the 1993 report from the Premier's Panel on Access to Information and the Protection of Privacy. That panel had considered the inclusion of non-profit agencies but ultimately recommended that such a law should focus on provincial and municipal government. The panel did recommend that "not-for-profit groups and charities receiving public monies should be considered for inclusion during the proposed 3 year review of the legislation." In fact, when that review was undertaken in 1999, there was no recommendation to amend the FOIP Act to expand the scope to non-profit agencies. Nonetheless, non-profit agencies may be indirectly affected by the FOIP Act if they do work under contract for a provincial government agency or department, a municipal government, a school board, a university or college, a regional health authority, or any other public body described in section 1(1)(p) of the FOIP Act.

Such non-profit agencies will be affected since the FOIP Act applies to all records in the custody or under the control of a public body. For illustrative purposes, imagine an agency that provides support services to Albertans with a particular disability. Let's assume the agency receives some funding from the Department of Health and Wellness under a contract to deliver those services. Many of the records created by the agency and kept in the file cabinets or on the computer hard drive of that agency will likely be under the control of the Department and therefore subject to the FOIP Act. It is customary for the department to address this question in the contract with the agency. The contract will typically require the agency to maintain certain kinds of records. This obligation may extend for a time after the contract term expires. It may require the agency to submit certain documents to the Department.

If you believe your agency may be affected by the FOIP Act, there are at least four actions you ought to consider. A good starting point is to read a useful guide produced by the Information Management and Privacy Branch of the Department of Government Services: A Contract Manager's Guide to Freedom of Information, Protection of Privacy and records Management in the Government of Alberta. Next, you should carefully review the contract between your agency and the government department. If you have questions or require clarification you can contact the FOIP Coordinator for the department. You can obtain contact information about FOIP Coordinators from www.gov.ab.ca/foip.

A further step may be to review your internal filing system. In my experience, many non-profit organizations do not attach a particularly high value to information management systems. Resources tend to be focused on the delivery of front-line services. Yet, to be FOIP ready, you will have to know exactly what documents you have, where they are located, and how to access them quickly. You should also ensure there is at least one person in your organization (ideally several), who is familiar with the FOIP Act. You can download the Act from the government website. A hard copy of the Act can be found in your neighborhood library. In addition to the Act which is somewhat dense and challenging to read, there are a number of more reader-friendly materials you can access through the government FOIP website noted above.

What is the effect of an agency keeping records that may be under the control of a public body like the Department of Health and Wellness?The short answer is that the rights and obligations spelled out in the FOIP Act will apply to and bind the agency in respect to those records. There are four parts to the FOIP Act. The parts that will likely be of most concern to a non-profit agency will be Part 1 and Part 2. Part 1 deals with access to records in the care or under the control of a public body. Part 2 outlines the rules with respect to the protection of privacy. Let us consider those provisions in more detail.

You should keep in mind that with a couple of exceptions, the FOIP Act is focused on records and not information. The latter may be something in the knowledge of an employee or volunteer, but if it isn't written down in some way, then it is generally not accessible. Record is defined very broadly and includes maps, drawings, photographs, draft documents, and things like meeting minutes. It also includes information that is in electronic form whether in a computer hard drive or on a computer disk. It could be a napkin from the local diner if an agency employee has made notes on the back of that napkin. It may be a desk calendar with some scribbled marginal notes.

What are the rules in the FOIP Act with respect to access to records?

Anyone can apply for access to a record by submitting a written request and paying the prescribed fee. The access request would go to the Department not to your non-profit agency. The Department then has 30 days to respond to that request. There is provision for extending the 30 day limit in particular circumstances. The Department would normally contact the agency and require the production of records which are related to the access request. This does not mean that any and all records of the agency would be caught by the FOIP Act. It would be only those documents that are both under the control of the Department in question and responsive to the specific access request. Once the agency forwards the appropriate documents to the Department, the FOIP Coordinator for that department must carefully review them to determine if any mandatory or discretionary exceptions apply. The FOIP Act identifies three mandatory exceptions that absolutely forbid disclosure. There are another 11 exceptions that require the head of the public body to exercise discretion to either withhold or disclose a record. For example, if the documents reveal personal information about a third party, then that information would be cut from the record before it is released to the applicant. If the documents related to an active lawsuit, the legal privilege exception would likely be raised to deny any access to the document. These kinds of decisions will be made by the public body and are not the responsibility of the non-profit agency. You must recognize that even though you and your agency may be treating certain documents as confidential, they may be disclosed under the FOIP Act if they are relevant and not covered by an exception.

If there is some question about whether the records produced by the non-profit agency should be disclosed, then you will be afforded a chance to argue that disclosure could harm your agency's interests. This takes the form of a 20 day window to provide written objection to release.

What other obligations does your non-profit agency have by virtue of the FOIP Act?

You should familiarize yourself with the list of offences in section 86. It is an offence to destroy records to evade an access request.

It is also an offence to collect, use or disclose personal information in violation of the Act. If you collect or use personal information, you should carefully review Part 2 of the FOIP Act. If the information is used to make a decision that directly affects the individual, every reasonable effort must be taken to ensure the information is accurate and complete. Personal information collected by the agency under contract to a department can only be used for the purposes identified in the contract. If your agency has a contract to deliver service to disabled Albertans, you are not free to use the personal information you gather from that contract work for your research project, for example. You would first need written permission from the department you contracted with. In addition that personal information must be retained for at least one year to allow the individual to apply for access.

Even though non-profit organizations are not directly subject to the FOIP Act, it is very likely that at some future date they will be covered. Given the continuing trend to more transparency in governance and stronger privacy protection, it makes sense to test your agency practices against fair information practices also known as the OECD Guidelines. These include the need for limits to collection of personal data that require it be obtained by lawful means and, where appropriate, with the knowledge or consent of the subject. Personal data should be relevant to purposes for which it is used and should be accurate, complete, and current. Personal data should not be disclosed or used for purposes other than the original purpose without consent or the authority of law. Such data should be protected by reasonable security safeguards. There should be a general policy of openness about data practices and policies. Finally there should be some authority responsible for enforcing these measures.

Return to LawNow's Not-for-Profit "Reprints"