Privacy or Access to Information for Public Complaints (5:IV)
|This information applies to British Columbia, Canada. Last reviewed for legal accuracy by the Law Students' Legal Advice Program on June 30, 2021.|
Although the right to privacy is fundamental to the healthy exercise of democratic rights, recognition and practical enforcement of this right by legislators and the courts has been slow. This problem has many sources, but underlying it is the enormous difficulty jurists have found in coming to an understanding of what is meant and entailed by this right.
The right to privacy is often balanced against the right to access information since these rights frequently collide (e.g., when an employer wishes to obtain information about an employee from a government agency). In some cases, a right of access to information may determine whether or not an individual’s privacy has been violated. Legislation regulating access to government information is designed to ensure an informed citizenry; when someone seeks information that may injure the privacy interests of a third party, mechanisms exist to weigh privacy interests of the individual against the public interest in disclosure. The following provides a quick survey of the relevant privacy or access to information laws.
B. At Common Law
At common law, the torts of trespass, nuisance, defamation, and invasion of privacy may discourage some of the more blatant forms of invasion of privacy. However, these civil actions retroactively provide compensation for the breach of privacy rather than ensure privacy.
C. Wiretap Legislation and Lawful Access
Individuals interested in information on wiretapping and lawful access to information should contact the BC Civil Liberties Association, who specialize in dealing in these areas. The case law in this area is very complicated, and an experienced criminal lawyer should be consulted if issues regarding a wiretap arise.
D. Federal Privacy Act, Federal Access to Information Act
The federal Access to Information Act, RSC 1985, c A-1, and the federal Privacy Act, RSC 1985, c P-21, both deal with freedom of information. The Access to Information Act allows for access to information in records under the control of federal government institutions. The Privacy Act protects the confidentiality of information about an individual held by federal government institutions, and provides individuals with a right of access to information about themselves held by such institutions. What follows is only a brief outline of the main provisions of these Acts. Individuals should consult the Acts if they have a problem in this area.
2. Privacy Act
If an individual wants to obtain information relating to themselves, they should make an application under the federal Privacy Act, and should make their application directly to the agency that has the information.
The Privacy Act, RSC 1985, c P-21, sets out the conditions under which a government institution may collect, maintain, and use personal information about individuals. The Act requires that:
- the information collected must relate directly to an operating program or activity of the institution (s 4);
- information used in a decision-making process that directly affects the individual should be, wherever possible, collected directly from the individual to whom it relates, or with their consent, and the institution shall inform the individual of the purpose for which the information is being collected (s 5);
- the institution shall ensure that information used to make a decision about an individual is accurate, up-to-date and as complete as possible, that it is retained long enough for the individual to have a reasonable opportunity to obtain access to it, and that it is disposed of in accordance with the relevant regulations and ministry directives or guidelines (s 6); and
- the information shall not, without the consent of the individual, be used for any purpose except that for which it was obtained, for a use consistent with that purpose, or for other purposes specified in the Act (s 7).
The Privacy Commissioner is authorized to oversee compliance by federal government institutions with the provisions of the Privacy Act. The Commissioner receives and investigates complaints from individuals, audits institutions’ storage and use of information, makes recommendations to institutions and the Treasury Board regarding privacy issues, and presents an annual report to Parliament.
NOTE: Per amendments made to the Access to Information Act and the Privacy Act, a ministerial advisor and a member of a ministerial staff are excluded from the definition of “personal information”.
The Commissioner cannot make orders requiring bodies to comply with the Act but may investigate and make reports. Individuals who are refused access to their own personal information may, after the Commissioner has investigated and reported, apply to the Federal Court for an order requiring access to this information. The Privacy Commissioner may also take enforcement proceedings in Federal Court in relation to a refusal to give an individual access to their own personal information. For further information, contact:
BC Freedom of Information and Privacy Association
Any complaints regarding your Privacy Act request should be submitted in writing to:
Office of the Privacy Commissioner of Canada
3. Access to Information Act
This Act gives Canadian citizens, permanent residents and any individual present or corporation in Canada the right to access any record under the control of a federal government institution.
NOTE: If you are seeking to obtain information about an individual person, see section IV.D.2 on the application of the Privacy Act.
Certain classes of information are exempt from the Act. These include confidential inter-governmental communications, information pertaining to law enforcement and investigations, trade secrets, personal information, and generally anything likely to be harmful to Canada’s national security interest.
On June 21, 2019, an Act to amend the Access to Information Act and the Privacy Act received Royal Assent. Under the amended Act, a federal institution may decline to act on a request to access to a record for various reasons if approved by the Information Commissioner. In addition to this change, the amended Act clarifies the power of the Information Commissioner regarding the authority to refuse or cease to investigate and to examine disclosure subjected to solicitor-client privilege or professional secrecy
NOTE: In the Supreme Court of Canada decision in Ontario (Public Safety and Security) v Criminal Lawyers’ Association, 2010 SCC 23, the Court held that the guarantee of freedom of expression under subsection 2(b) of the Charter does not guarantee access to all documents in government hands. In that case, the Court adopted the test for whether freedom of expression was infringed found in Irwin Toy Ltd v Quebec (Attorney General),  1 SCR 927, and determined that freedom of expression was not infringed by the Freedom of Information and Protection of Privacy Act, RSO 1990, c F.31. See both of these cases for more detailed information.
The procedure for obtaining a government record is as follows:
- Go to http://canada.justice.gc.ca/eng/trans/atip-aiprp for the Access to Information and Privacy website, which offers a brochure about using the Act, online access to Info Source, and online forms. Alternatively, any public library provides the same information. Info Source is a directory that describes each federal government institution and the information it holds, as well as the title and address of the appropriate officer to whom requests should be sent.
- Formally request the records by sending in the online or printed request forms, or by sending a letter. These options are available under “Options for Submitting an ATIP Request”. Be as specific as possible citing subject, dates, events, and individuals. Enclose a $5.00 payment, but ask that this and any other fees be waived on the grounds that the release of records would be of “general public benefit” or that similar information has been released in the past. Note: Requests for information under the Privacy Act do not require a fee.
- Once the institution receives a request, it has 30 days to give notice of whether access will be given. Senior officials can extend this time limit if they give notice of extension. If third parties are involved, the time limit is 80 days. If access is refused, they must inform the person making the request of the right to make a complaint to the Information Commissioner.
- NOTE: It can take up to one year to receive records to which access is given. There is no meaningful redress for delays of this nature.
- NOTE: The federal government has introduced changes to the Access to Information Act which will strengthen the powers of the Information Commissioner to make binding orders to government institutions.
- Complaints should be sent in writing to:
Office of the Information Commissioner
A complaint must be made within 60 days from the date that you received a response to your request.
The Information Commissioner investigates complaints in private, and each party has the right to make representations. Similar to an Ombudsperson, the Commissioner can only make recommendations, and cannot directly compel the release of information. However, they can take the institution to Federal Court to compel the release of the information. The Commissioner is not obligated to take on a case, and if they refuse to do so, there is no right to appeal this refusal.
- NOTE: It is helpful to check to see if the organization you are requesting information about has a form of its own. It would cut down on time for the form to go directly to the organization.
- There is, however, a right to appeal the original denial of access; this appeal must be made to the Federal Court within 30 days of the decision of the Information Commissioner (s 41(1)). In court, the burden of proof is on the government to show that the information must be withheld.
E. Federal Personal Information Protection and Electronic Documents Act
The federal Personal Information Protection and Electronic Documents Act, SC 2000, c 5 [PIPEDA], is intended to remedy some of the problems encountered by consumers and by businesses when information relating to consumer habits is collected to be used internally or externally by private sector organizations. PIPEDA is a federal law governing:
- the collection, protection, and disclosure of personal information; and
- the use of electronic versions of official documents on paper, in the public and private sphere.
While PIPEDA is a federal act, the legislation claims to have jurisdiction over the provincially regulated private sector as well as the federal sector. However, subsection 26(2) of the Act gives the Governor-in-Council the power to exempt an organization where substantially similar provincial legislation exists. Almost all provinces have enacted their own version of the Act. In October 2003, BC passed the Personal Information Protection Act, SBC 2003, c 63 [PIPA], which has been declared substantially similar legislation.
For more information on PIPEDA, please see:
Stephanie Perrin, Heather Black & David Flaherty, The Personal Information Protection and Electronic Documents Act: An Annotated Guide (Toronto: Irwin Law, 2001).
F. BC Personal Information Protection Act
The BC PIPA is an attempt by the province to maintain jurisdiction over the regulation of private business, historically under the Province's control. The purpose of this Act is to govern the collection, use, and disclosure of personal information by private organizations. The Act has been in force since 2004 and has been declared substantially similar by the Governor-in-Council, thereby exempting PIPA-applicable organizations in British Columbia from the application of the federal PIPEDA.
G. BC Freedom of Information and Protection of Privacy Act
The Freedom of Information and Protection of Privacy Act, RSBC 1996, c 165 [FIPPA], is similar in some respects to the federal access and privacy legislation relating to public organizations. As a result of this provincial legislation, there is a consistent policy regarding access and privacy for BC government ministries and agencies. The Act is significant for two reasons:
- it has standardized decision-making criteria in regards to access and privacy; and
- it has established a uniform appeal process.
This Act is amended from time to time. It is advisable to consult the Act for certainty. Further information about the Act can be obtained from the following organization:
The BC Civil Liberties Association has also published a handbook on privacy that provides detailed information about various aspects of the law relating to privacy. It can be found online at http://bccla.org/privacy-handbook.
2. Scope of Freedom of Information Rights
Section 3 of the FIPPA provides that the Act applies to all records in the custody or control of a “public body”, with notable exceptions in sections 3(1)(a) to (k). In addition to the entities defined as public bodies in Schedule 1, including BC government ministries, municipalities, hospitals, and universities and colleges, Schedule 2 lists specific organizations that are covered by the Act, including BC Hydro, ICBC, Legal Services Society, Mental Health Act Assessment Committees, and the Workers’ Compensation Board.
In July 1993, an amendment to the FIPPA expanded the scope of the legislation to include governing bodies of various professions within the scope of the Act. These professions include lawyers, accountants, engineers, teachers, doctors, and nurses (see Schedule 3).
Sections 12 to 22.1 restrict the disclosure of information. The following may not need to be disclosed:
- cabinet and local public body confidences (s 12);
- policy-oriented information (s 13);
- legal advice (s 14);
- information harmful to law enforcement (s 15);
- information harmful to intergovernmental relations or negotiations (s 16);
- financially sensitive data (s 17);
- information harmful to heritage sites or endangered species (s 18)
- information harmful to public safety (s 19);
- information harmful to a third party's business interest (s 21);
- information harmful to a third party’s personal privacy (s 22); and
- information relating to abortion services (s 22.1).
It is worth noting that some of the exceptions are mandatory (ss 21 and 22 on third-party business) and others discretionary (ss 13 to 19). There is also public-interest override in s 25, which requires disclosure of information about risk of significant harm to the environment, or public health or safety, or in other circumstances where disclosure is clearly in the public interest.
NOTE: In Re South Coast BC Transportation Authority,  BCIPCD No 20, it was decided that Translink was a public body. Thus, public disclosure of employment records for Translink employees would not be an unreasonable invasion of third party privacy. However, this was based on a rebuttal of the presumption that a disclosure of personal information is an unreasonable invasion of a third party’s personal privacy if the personal information describes the third party's finances, income, etc. A change of circumstances could change the outcome. In Greater Vancouver Transportation Authority v Canadian Federation of Students – British Columbia Component, 2 SCR 295, Translink was found to be a government entity under section 32 of the Charter of Rights and Freedoms [Charter], and thus subject to Charter scrutiny.
3. Scope of Privacy Rights
Apart from allowing for access to information, FIPPA also has provisions restricting the collection, protection, and retention of personal information.
“Personal information” is defined in Schedule 1 of the Act as all recorded information about an identifiable individual other than contact information. The recorded information includes the individual’s name, race, colour, religious or political beliefs, age, sex, sexual orientation, marital status, fingerprints, blood type, health care history, educational, financial, criminal or employment history, anyone’s opinion about the individual, and the individual’s personal views or opinions, except if they are about someone else.
Public bodies can collect personal information only when authorized by legislation, for law enforcement purposes, or when necessary to the operation of a program administered by the public body (s 26).
In general, a public body must collect personal information directly from the individual (s 27). Notable exceptions include: when an alternative method is authorized by the individual, by the Privacy Commissioner, or under another statute; and when the information is used for the purpose of collecting a debt or fine or making a payment. Except where the information is collected for law enforcement purposes, the public body must also tell the individual from whom it collects personal information the purpose and the legal authority for collecting it.
The public body has a duty to ensure the information it collects is accurate and complete (s 28). An individual has the right to request correction if they believe there is an omission or error in the personal information (s 29).
Heads of public bodies must protect personal information by requiring reasonable security arrangements against unauthorized access, collection, use, disclosure, or disposal (s 30). Public bodies must ensure that information in their custody is stored only in Canada and accessed only in Canada unless the individual consents otherwise, or the disclosure is allowed under the Act (s 30.1).
Employees of a public body must notify the minister when a foreign demand for disclosure is requested (s 30.2). Section 30.3 provides whistle-blower legislation to protect employees fulfilling this obligation.
Public bodies that use an individual’s personal information to make decisions that directly affect the individual must retain that information for at least one year after using it, so that the individual has an opportunity to obtain it (s 31). Further, a public body can only use personal information for the purpose for which that information was obtained, or for a use consistent with that purpose (s 32).
Sections 33 to 36 deal with disclosure of personal information by a public body. These sections empower a public body to disclose personal information only under certain circumstances, such as where there is the consent of the individual; where the information is used for a consistent purpose or for the purpose of complying with another enactment; where the information is used for collecting a debt, payment, or fine owed by the individual to the provincial government or a public body; where the information is used in an audit; and where the information is used by a public body or a law enforcement agency to assist in an investigation in which a law enforcement proceeding is intended or likely to result.
4. Process of Making a Disclosure Request
Step One: Requesting Disclosure or Correction
An individual can send a letter to a public body asking for disclosure of information pertaining to that individual or for a correction of information. If the request is for access to information, the head of the public body then has 30 days to respond (this time limit can be extended under section 10) (s 7(1)). Section 8(1) requires that any response must either (a) to (b) inform the individual of where, when, and how the record will be disclosed, or (c) detail the reasons the request was denied.
If the request is for a correction of information held by the public body, the head of the public body must either correct the record (s 29(1)), or annotate the information with the correction that was requested (s 29(2)). The head of the public body must next notify all other parties to whom the information in question has been disclosed within the past year (s 29(3)).
Always check with the organization itself to see if it has its own forms for requests; this makes the process much faster.
To obtain a copy of a police report, complete the form provided by the “Information and Privacy” section of the police department from which you are requesting the records (for the VPD, you will find the form here: https://vpd.ca/wp-content/uploads/2021/06/vpd-form-foi-request.pdf). Include a copy of the person’s driver’s licence if possible and a cover letter explaining the details of the report you are looking for. If you are asking to receive documents on someone’s behalf you will also need them to sign an authorization or release. Typically there is no charge if you are requesting documents that relate to an interaction you had with police.
If a person has been a victim of property crime, their insurance company might require them to obtain a copy of the police report. Sometimes the insurer will make the request for you. To obtain this record, fill out the Request for Property Report Form, or send in a written request with the following information: police file number, full name, current address, telephone number, location of incident, type of incident, and any other helpful details. There is a fee for this service, and the letter and payment ($55.00 including applicable taxes) should be placed in an envelope and mailed to the following address:
- ATTENTION: Correspondence Unit
- Vancouver Police Department
- 3585 Graveley St.
- Vancouver, BC V5K 5J5.
See here for full details: https://vpd.ca/contact-us/request-a-copy-of-a-police-report/
For further information on the process of making a disclosure request, contact:
Office of the Information and Privacy Commissioner for British Columbia
NOTE: The public body to which a request is made may charge to provide a copy of the record and its shipping and handling, and for the time spent locating the record and preparing it for disclosure (FIPPA, s 75(1)). They cannot charge, however, for the first 3 hours spent locating and retrieving a record and time spent severing information (s 75(2)). Likewise, these fees do not apply to a request for the applicant’s own personal information (s 75(3)). If a request for payment is made, send a letter explaining that the fee should be waived because (1) you cannot afford payment (s 75(5)(a)); (2) it is fair to excuse payment (s 75(5)(a)), or; (3) the record relates to a matter of public interest (e.g., the environment, public health and safety, etc.) (s 75(5)(b)).
Step Two: Filing a Complaint with the Information and Privacy Commissioner
If the public body refuses to disclose the information or make the requested correction, the next step is to file a complaint with the Information and Privacy Commissioner. Under section 42, the Commissioner oversees the administration of the Act. An individual can ask the Commissioner to review any decision pertaining to access or correction within 30 days of notification of the decision (s 53(2)(a)) (although section 53(2)(b) allows the Commissioner to extend this limitation period). Please refer to the FIPPA and its regulations for a detailed description of the review process.
The Commissioner has significant power to enforce a judgment (much more so than the equivalent federal official). Generally, the burden is on the public body to justify its refusal to disclose information (although there are notable exceptions pertaining to third-party interests (see s 57). The head of a public body must comply with an order of the Commissioner unless an application for judicial review is brought within 30 days (s 59). A person other than the head of a public body who is dissatisfied with a decision of the Commissioner may seek judicial review pursuant to the Judicial Review Procedure Act.
H. The BC Privacy Act
BC Privacy Act, RSBC 1996, c 373, makes it a “tort, actionable without proof of damages, for a person, wilfully and without claim of right, to violate the privacy of another” (s 1). Subsection 1(2) of the Act entitles a person to the nature and degree of privacy that is “reasonable in the circumstances”, but the Act itself gives limited guidance to the courts on what particular circumstances are deemed to be an unreasonable invasion of privacy. However, section 2 does set out a number of exceptions.
Most of the reported cases brought under the Act have been unsuccessful, largely because the courts have been reluctant to accept a broad view of what type of expectations of privacy are reasonable. One difficulty with the Act is that a person offended by an invasion of privacy is unlikely to seek redress through a public process that will have the effect of further airing the private matter.
Actions under the Privacy Act must be brought in the BC Supreme Court (s 4).
I. Police Information Checks (Criminal Record Checks)
Police information checks, also known as criminal record checks, consist of information which may be required by a potential employer or volunteer organization, in the later stage of their hiring process. Police information checks are conducted and provided by individual local police departments and the RCMP, who are supposed to play a neutral role in the hiring process.
Employment or volunteer candidates who are asked by their potential employer or volunteer organization to provide a police information check should be aware that potential employers and volunteer organizations may only use relevant information to determine the suitability of a candidate. In particular, the BC Human Rights Code, RSBC 1996, c 210, section 13 makes it illegal for employers to discriminate based on having been convicted of a criminal or summary conviction offence that is unrelated to the employment or to the intended employment of a person.
The British Columbia Provincial Policing Model Policy Guidelines operate to ensure that policies and practices align among police agencies in British Columbia so that citizens, employers, and volunteer organizations receive consistent Criminal and Police Information Checks. The following is a summary of the Guidelines.
If working with vulnerable persons, employment or volunteer candidates may be asked by their potential employer or volunteer organization to provide a vulnerable sector check. Vulnerable persons are individuals who, because of their age, disability, or other circumstances, whether temporary or permanent, are (a) in a position of dependence on others or (b) are otherwise at a greater risk than the general population of being harmed by a person in a position of authority or trust relative to them, as defined by the Criminal Records Act, RSC 1985, c C-47, s 6.3(1).
Vulnerable sector checks consist of screening designed to protect vulnerable persons from dangerous offenders by uncovering the existence of a criminal record, adverse police contact, and/or pardoned (or record suspension) sexual offence conviction. This level of screening is restricted to applicants seeking employment and/or volunteering with vulnerable persons.
The Guidelines stipulate that the board, chief constable, chief officer, or commissioner should ensure that:
Job applicants who work with the vulnerable sector will, at the request of their employer, receive a check that:
- includes a search of, at a minimum, Canadian Police Information Centre (CPIC), Police Information Portal (PIP), Justice Information (JUSTIN), and Police Records Information Management Environment (PRIME) records;
- discloses to the applicant all warrants, outstanding charges, convictions and adverse contact;
- does not include the disclosure of apprehensions under section 28 of the Mental Health Act;
- does include adverse contact involving the threat or actual use of violence directed at other individuals, regardless of, but without disclosing, mental health status;
- does not include youth offences unless provided for under the Youth Criminal Justice Act;
- does include information on a sexual offence conviction where a pardon or record suspension has been granted;
Those who are not working with vulnerable persons may be asked instead to provide a non-vulnerable sector check. The Guidelines stipulate that applicants who are not working with the vulnerable sector will, at the request of their employer, receive a check that:
- includes a search of, at a minimum, CPIC, PIP, JUSTIN, and PRIME records;
- discloses to the applicant all warrants, outstanding charges, and convictions;
- does not disclose adverse contact;
- does not include the disclosure of apprehensions under section 28 of the Mental Health Act;
- does not include youth offences unless provided for under the Youth Criminal Justice Act;
In cases where non-disclosable information indicates a significant threat to public safety, police agencies may either refuse to complete the check or take action under their duty to warn responsibilities noted below.
Nothing in the Guidelines prevents a police agency from disclosing information under either a statutory or common law duty to provide warnings where the health, safety or wellbeing of an individual or individuals is at risk of significant harm.
Further information regarding the Guidelines, including a full list of information which should or should not be included in a Police Information Check, may be found at: http://www2.gov.bc.ca/gov/content/justice/criminal-justice/policing-in-bc/publications-statistics-legislation/publications/police-information-checks-guidelines-for-police
Because police information checks are provided by individual police departments or the RCMP, one should consult the website of the particular police department or that of the RCMP to discover specific information, such as that pertaining to fees, accepted forms of identification, and further information on what will or will not be included in the police information check.
The following is a link to information on police information checks conducted by the Vancouver Police Department: https://vpd.ca/contact-us/police-information-checks/
Please consult Chapter 1: Criminal Law, located in the Law Students’ Legal Advice Program’s manual for information explaining the importance of consenting to disclosure, what information third parties may find out, the impact of having a criminal record, elimination of records, and record suspensions: https://www.lslap.bc.ca/manual.html
If an individual disagrees with a decision of the police officer, such as to not provide a police information check or with the information provided on the police information checks, the individual can appeal the decision internally within the police department. The individual can submit a request to the head of the records check department within the police department where they made the initial information check request for a review of the decision. If the individual still disagrees with the appealed decision, then the next avenue of appeal, if one is available, remains unclear. It is possible that an applicant may file for Judicial Review of the police department’s decision (see III.C.1 on Judicial Review). The Privacy Commissioner’s Office may possibly have jurisdiction over these matters, although their current position is that a police information check is different than a request for release of information, and is not covered by their legislation.
|© Copyright 2021, The Greater Vancouver Law Students' Legal Advice Society.|