Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
OBL IGAT I ON S OF N OT-FOR-PROFI T ORGANIZ AT I ON S IN AL BERTA
LAW & GOVERNANCE OF SECONDARY DATA USE
KIR AN P O HAR MANHA S, JD, PHDPOLICYWISE FOR CHILDREN & FAMILIES | UNIVERSITY OF CALGARY
Disclaimer:
This work is for information purposes only, and not intended to be legal advice. For particular legal advice on
your circumstances, the authors recommend that you seek independent legal advice.
This paper would not be possible without the direction and support of a great many people.
First, and foremost, I thank the SAGE (Secondary Analysis to Generate Evidence) leadership
and team at PolicyWise for Children & Families. Jason Lau and Xinjie Cui provided excellent
leadership in requesting this project and guiding its formation. Amanda Lau, Lucie Richard
and Robert Jagodzinski provided important feedback to early drafts of the report. I thank the
numerous external stakeholders who provided thoughtful feedback on a draft version of this
paper amidst their busy schedules. These stakeholders included Chris Stinner (Office of the
Information and Privacy Commissioner of Alberta), Don Fleming (ARECCI/Alberta Innovates),
Katharin Pritchard (Calgary Thrives/Mount Royal University), Geoff Zakaib (Data for Good),
and Robert Perry (CUPS). Although I received important feedback from these individuals, I
take full responsibility for any mistakes or omissions.
I am also very appreciative of the infrastructure and mentorship support I receive from my
postdoctoral team including supervisors Drs. Suzanne Tough and Xinjie Cui, funders including
PolicyWise for Children & Families, and the team including the All Our Families research team.
ACKNOWLEDGEMENTS:
A C K N O W L E D G E M E N T S
E X E C U T I V E S U M M A R Y
1. B A C K G R O U N D
1.1 KE Y T ERMINOLO GY
1. 2 NFP S & DATA OPPORT UNI T IE S
2.0 L E G A L P E R S P E C T I V E
TA B L E O F C O N T E N T S
3
7
10
10
12
17
2.1 PRIVAC Y IS SUE S
2. 2 IN T EL L EC T UAL PROPERT Y IS SUE S
2. 3 GOVERNANCE IS SUE S
3.0 C U R R E N T O R B E S T D ATA G O V E R N A N C E P R A C T I C E S
3.1 OVERVIE W OF T HE RE SPONSIBL E DATA APPROACH
3. 2 SPECIFIC ORGANIZ AT IONAL APPROACHE S TO DATA GOVERNANCE
17
37
41
48
48
51
C O N C L U S I O N S
R E F E R E N C E S
TA B L E S
114
111
59
7POLICYWISE
The data-driven nature of society today involves the collection of significant, if not copious, amounts of
information with the aims to share and re-use that data beyond the original purposes at collection. Not-
for-profit organizations and registered charities (collectively, “NFPs”) are beginning to recognize the value
of, and opportunities within, data especially in the social services sector. This paper presents the legal and
governance issues for, and obligations of, NFPs when trying to harness a particular data-focused opportu-
nity: the sharing and re-use of information beyond the service delivery directing collection.
When personal information or personal health information is collected, handled, used or disclosed, priva-
cy concerns arise and privacy legislation could be invoked. In Alberta, the three privacy-related statutes
are PIPA, the Health Information Act (HIA), and the Freedom of Information and Protection of Privacy
Act (FOIP). This paper details when each of these laws could apply for a NFP, as well as the best practices
dictated by these laws. Those best practices centre around ensuring reasonableness in the purposes for
identifying information collection, use and disclosure; exacting minimalist standards on information use
and disclosure; and ensuring the connection, unless legally exempt, between purposes and consent from
the individuals whom the information is about. The legal interpretations of reasonableness, use and dis-
closure are key to understanding privacy expectations of NFPs. This paper analyzes these interpretations
from the Office of the Information and Privacy Commissioner of Alberta orders from 2012-2017.
With respect to secondary use of data, intellectual property laws especially copyright and governance ex-
pectations around research-related secondary use are considered as they apply to NFPs. Copyright licens-
es represent one potential, but not always applicable, forum. Copyright protects the expression of an idea,
not the raw facts or data in that idea: so when sharing information at the variable-level copyright may
not apply outside of the data layout. Nonetheless, in theory and in practice by one NFP, open or managed
licensing agreements offer a mode of clarifying rights and obligations while making information available
for secondary use. Research ethics board are a critical legal tool in the secondary use of health information
in Alberta. They also act as an important safeguard for NFPs when attempting to manage access to data, as
demonstrated by the Medicins Sans Frontiere data sharing policy.
EXECUTIVE SUMMARY
8 LAW & GOVERNANCE OF SECONDARY DATA USE
NFPs currently fall into several legislative gaps with respect to secondary use of data including identifying
information. For example, privacy laws do not apply to duly incorporated NFPs carrying out non-commer-
cial activities, and research ethics boards are not obliged to review the planned secondary uses of data by
NFPs if there is neither university affiliation nor health information involved. Nevertheless, best practices
around data governance and privacy protection abound. Societal expectations, ethical practices, and con-
servative business approaches all demand that NFPs approach the secondary use of data from a legal and
governance perspective. Such a perspective demands the development of a data and privacy policy. Such a
policy should be formatted to include a vision statement that clearly links to recognized legal requirements
and international Fair Information principles, and which details the NFP’s expectations around the goals
of data sharing and the tensions to balance. The content of the policy should then describe the safeguards
in place, the access processes required for secondary use, and the monitoring processes for compliance.
Prioritization of consent, “need to know” directives, and reasonableness would promote compliance with
privacy laws. Roles and tasks could be enumerated to promote effective implementation.
9POLICYWISE
“The value of data lies in their use” [1]. The data-driven nature of society today confirms the extensive
implementation of this adage. Often this entails the collection of significant, if not copious, amounts of
information with the aims to share and re-use that data beyond the original purposes at collection. The
Government of Alberta has recognized the importance of information as “the lifeblood of social-based, cli-
ent service delivery, planning and policy” [2]. Not-for-profit organizations and registered charities (collec-
tively, “NFPs”) are also beginning to recognize the value of, and opportunities within, data especially in the
social services sector [3-6]. This paper will present the legal and governance issues for, and obligations of,
NFPs when trying to harness a particular data-focused opportunity: the sharing and re-use of information
beyond the service delivery directing collection. The parties involved in these data-focused opportunities
could include the original NFP, other NFPs, researchers, and data repositories.
This paper consists of four sections. First, the background defines key terminology and delineates the gen-
eral views for and against NFPs collecting, storing and using information. Second, the legal perspectives
section considers the legal issues, obligations and limits that arise for NFPs in Alberta, Canada when they
collect, use, and disclose information. Third, industry current or best practices will be discussed to inform
how other NFPs have approached data governance. These current or best practices move beyond what is
addressed by the law when NFPs collect, use and disclose information. This governance perspective builds
on industry standards and best practices in Canada, and abroad, to demonstrate governance tactics and
experiences that are approved or lauded by the community. Finally, the paper concludes by summarizing
key recommendations for NFPs in Alberta, Canada that aim to maximize data-driven opportunities around
the collection, use and disclosure of information by NFPs amongst themselves.
10 LAW & GOVERNANCE OF SECONDARY DATA USE
1 . BACKGROUND
Before discussing the nuances of data-driven opportunities for NFPs, several key terms should be clari-
fied: particularly, NFPs, data and the facets of data-driven opportunities at the centre of this paper.
1.1 K E Y T E R M I N O L O G Y
NFPs include the following, as defined by relevant Alberta legislation:
• Nonprofit organizations are formed to promote art, science, religion, charity or other similar endeav
ours, or they may be formed solely for the purpose of promoting recreation for their members. They
are defined by, and governed under, the Companies Act [7]. This type of NFP can include business-like,
or business, activities in its operations.
• A society is an incorporated group of five or more people who share a common recreational, cultural,
scientific, or charitable interest. They are defined and regulated by the Societies Act [8]. This is the most
common, simplest and least-costly way to establish an NFP in Alberta. This type of NFP cannot engage in
any type of one-off, or ongoing, business activities.
• A charitable organization, whether incorporated or unincorporated, (i) is formed for a charitable pur-
pose; (ii) uses a fund-raising business; (iii) intends to or has in fact raise(d) more than $25000 in gross
contributions from solicitations to individuals in Alberta; and thus (iv) is required to be registered under
the Charitable Fund-raising Act [9].
For all of these entities, the common thread is that people cannot form or use them to make personal fi-
nancial gain.
Data represents another key term that can be interpreted differently depending on context and stakehold-
ers. Some define data as simply “any type of information” [10]. In the research realm, the UK’s Medical Re-
search Council defined data as “qualitative or quantitative information created or collected in the course
of research. Sources may include experimental measurements, clinical measurements, observations and
11POLICYWISE
information obtained via survey questionnaires, interviews, non-research documents (for example, let-
ters) or focus groups [11].” In the NFP realm, data and information have been particularly distinguished:
data is considered “raw values or facts… [which] can be qualitative or quantitative and can come in a va-
riety of forms”, while information is “made up of data… [which] has been processed or analyzed within a
context to make it useful” [12].
The Nonprofit Technology Network has surveyed NFPs regarding their relationship with data, or metrics
as they called it [3]. The data types discussed included (a) financial and internal operations data (e.g. ex-
penses, income and cash-on-hand, volunteer hours, staff training); (b) marketing, communications and
fundraising data (e.g. number of people added to NFP mailing list; number of new donors; number of
website visitors, Facebook comments and email opens); (c) tracking programs and outcomes (e.g. actual
financials vs. budget; attendance data; client demographics and geography; program participation; client/
constituent outcomes; client/constituent satisfaction surveys; client recidivism; longitudinal research);
and (d) external data (e.g. open government data that touches on the NFPs’ or their clients’ interests or
needs; government data about their specific clients (if possible given limitations); aggregate data from
other NFPs in the same or similar areas; individual-level data from other NFPs in the same or similar ar-
eas) [3].
Ultimately, data comes in various forms including text, images, video, sound or maps. Metadata represents
the “ ‘data about data’, [by] providing concise information about the content, quality, condition and other
characteristics of datasets [11].” When all data from or about a defined group or study are collated, including
data derived from the originally-collected data and metadata about the collection, governance and inter-
pretation of those data, then that is termed the dataset [11].
Personal data or information represents a critically distinct subset of data, which is recognized as legally,
ethically and practically sensitive. Alberta’s Personal Information Protection Act (PIPA) defines “person-
al information” as “information about an identifiable individual” [13]. Similarly recognized as sensitive is
“personal health information”, which is similarly enumerated in the provincial Health Information Act
(HIA) and the federal Personal Information Protection and Electronic Documents Act (PIPEDA); PIPEDA
12 LAW & GOVERNANCE OF SECONDARY DATA USE
defines “personal health information” succinctly as relating to an individual, whether living or deceased,
and includes:
(a) information concerning the physical or mental health of the individual;
(b) information concerning any health service provided to the individual;
(c) information concerning the donation by the individual of any body part or any bodily
substance of the individual or information derived from the testing or examination of a body
part or bodily substance of the individual;
(d) information that is collected in the course of providing health services to the individual; or
(e) information that is collected incidentally to the provision of health services to the individual [14].
Another categorization of data relates to level of availability: private, shared and open [12]. Private data
is “currently held in the private domain, [and] … is not publicly available or shared” [12]. Shared data is
“shared in a limited way, often to researchers or partners through data sharing agreements” [12]. Reposito-
ries represent centralized platforms wherein datasets are deposited and data sharing is managed. Open
data is “a resource that is made available to anyone with the skills and desire to use it” [12]. To meet the
principles of openness, data must be “available under an open license; available in a convenient and mod-
ifiable form; machine-readable; accessible as a whole, with little or no cost associated with its use” [12].
Similarly, open data must not include individually-identifying information [5]. This specific categorization
of data correlates directly with the types of opportunities data present.
1.2 N F P S & D ATA O P P O R T U N I T I E S
The Internet has altered the perceptions and use of information: it has facilitated the availability of a vast
amount of information, the speed at which it can be accessed, and the machine-readiness of the informa-
tion given its digital format [5]. Internet and novel technologies have made it possible, and desirable, to
re-use and re-purpose data collected for one purpose for a different, secondary purpose. Government,
research funders and institutions, researchers, corporations, and NFPs are now all considering the avail-
“
”
13POLICYWISE
ability and opportunity of data. Secondary use of data is the term used to describe the reuse of data for
purposes outside of the original purpose at collection, as such it includes open data and data sharing
initiatives.
The secondary use of data, whether internal or external to the organization, could promote innovation
in the NFP sector by particularly advancing decision-making [5]. A study of 12 NFPs demonstrated that
high-impact, successful organizations, amongst other things, used information to modify their tactics to
increase their success [15]. Data enables the measurement of financial and operational health of an organi-
zation, identifies problems, and measures organizational impact [3]. Three effective ways to mobilize the
secondary use of data include understanding needs or issues better, improving operational effectiveness
(e.g. in service delivery or support functions), and improving understanding of results and impact [16].
Two major trends noted for Canadian NFPs in 2016 include (a) novel technologies and data management
tactics to help NFPs maximize their impact and promote efficiency, and (b) greater reliance on shared
platforms and administrative outsourcing to weather a challenging economy [4].
There are challenges for NFPs to harness the data for secondary use, both internal and external to their
organization. NFPs generally “lack a capacity for numeracy” [5]. Canadian researchers are far behind other
countries’ researchers regarding the study and improvement of domestic NFP sectors [5]. Many are calling
on NFPs that produce their own data to collect and publish data in ways that facilitate reuse, with data
published in easier-to-use formats, in non-aggregated or non-summary form, with explicit permission for
reuse [3-6, 12]. There are noted supply and demand issues that impede many NFPs from getting the most out
of their, or others’, data [16]. Supply issues include various barriers to access of sensitive data: legal barriers
(e.g. the data is identifying); technical barriers (e.g. structure of databases and location of data); attitu-
dinal barriers (e.g. resistance to sharing data with NFPs or concerns regarding misuse overriding desire
to share); and resource-based barriers (e.g. lack of time, skills, and funds to create the requisite systems
and processes). Demand-related issues include lack of awareness of available data; lack of capacity or re-
sources to invest in data reuse; lack of capability to analyze data or understand results; lack of desire for
fear of potentially negative or disruptive results; and lack of incentives to overcome barriers to accessing
and using data [16]. The circumstances for NFPs, in the UK and likely Canada, have been described as be-
14 LAW & GOVERNANCE OF SECONDARY DATA USE
ing disincentives: “[t]he current environment – reduced funding, fierce competition for resources, more
results-related payments, and a readiness to criticize charities – creates an even greater aversion to risk,
which in turn is a disincentive to data use [16].”
15POLICYWISE
2. LEGAL PERSPECTIVES
To harness the opportunities in the secondary use of data, NFPs must consider the applicable legal ob-
ligations and rights, as laid out in legislation and case law. Secondary data use confers two crucial legal
perspectives: first, that of the data producer who originally collects information from data sources, and
second, that of the data accessor who aims to reuse information for a different, secondary purpose. With
both perspectives in mind, the driving legal question then becomes: how can NFPs participate in the sec-
ondary use of data that they collect? Three categories of legal issues address this question: (1) privacy
issues; and (2) intellectual property issues; and (3) governance issues.
2.1 P R I VA C Y I S S U E S
When personal information or personal health information is collected, handled, used or disclosed, priva-
cy concerns arise and privacy legislation could be invoked. Privacy has been defined as the “right to be let
alone” and the “entitle[ment] to decide whether that which is his shall be given to the public” [17]. Activities
potentially harmful to privacy relate to information collection (including surveillance and interrogation),
information processing (including aggregation, identification, insecurity, secondary use, and exclusion),
information dissemination (including breach of confidentiality, disclosure, exposure accessibility, black-
mail, appropriation, and distortion), and invasion (including intrusion and decisional interference) [18].
Provincial and federal privacy legislation, as well as case law interpreting such legislation, has been devel-
oped to recognize privacy-related rights and to discourage and sanction activities harmful to privacy. In
Alberta, the three privacy-related statutes are PIPA, the Health Information Act (HIA), and the Freedom of
Information and Protection of Privacy Act (FOIP) [13, 19, 20]. Very generally, privacy and access issues in
Alberta’s private sector are covered by PIPA, those in Alberta’s public sector are covered by FOIP, and any
privacy and access issues relating to personal health information in Alberta is governed by the HIA. There
may be times when an organization attracts more than one piece of privacy legislation. Although highly
similar, there are distinctions between the three privacy statutes in Alberta. A general aide in determining
which privacy law to consider first, one must consider first the information: if it is personal health infor-
16 LAW & GOVERNANCE OF SECONDARY DATA USE
mation, HIA applies. FOIP was formed to begin where HIA ends; so the second consideration is whether a
public body or its contractor is involved: if a public body is involved, examine FOIP to determine whether
that the public body role triggers FOIP provisions. If personal information is at issue, then look to PIPA
third to determine if any remaining activities have not been discussed or targeted by HIA or FOIP. That
said, in the following, I will first discuss the role of PIPA for NFPs as this would be the most common first
step in determining legal liability of provincial private sector organizations, including NFPs. I will then
turn to discussing HIA and FOIP provisions and applicability, which could be triggered based on the type
of professional employees or governmental contracts some NFPs may be involved with.
Canada’s PIPEDA is the federal legislation that governs the collection, use and disclosure of personal in-
formation by private sector organizations in all provinces except those with substantially similar privacy
legislation [14]. Alberta’s PIPA has been deemed substantially similar to PIPEDA, so PIPA would govern all
applicable private organizations within Alberta [21, 22]. However, once a private organization transfers per-
sonal information into or out of Alberta, whether during collection, use or disclosure, that organization
may become subject to PIPEDA for the cross-border transfer of information [21, 22]. As will be discussed in
more detail below, when the structure or activity of an NFP triggers PIPA applicability, then where those
same structures or activities cross provincial borders out of Alberta, the information collected, used or
disclosed in those activities will be governed by PIPEDA [21, 22]. Most critically, the exemption from PIPEDA
applies to Part 1, not Part 2 which pertains to electronic documents. Also, in practice, the key difference
for Alberta private organizations governed by PIPA is that if they act across boundaries to trigger PIPEDA,
then complaints and privacy breaches must be addressed or disclosed to, respectively, the Office of the
Privacy Commissioner of Canada not the Office of the Information and Privacy Commissioner of Alberta.
If the privacy-related issues relate to both provincial and cross-provincial activities, then both Commis-
sioners may be involved; with each dealing with the matter in their purview. Currently, the federal Privacy
Commissioner does not possess the same power to make orders, particularly fines, as the Alberta Privacy
Commissioner. Also, as will be discussed in detail below, PIPA contains exemptions for NFPs as long as ap-
propriately incorporated and for all non-commercial activities, but PIPEDA applies to every organization
that collects, uses or discloses personal information in the course of commercial activities. Commercial
17POLICYWISE
activity is thus the threshold for all federal privacy law scrutiny. Private organizations otherwise subject
to provincial law are not subject to PIPEDA’s protection of employee personal information, which only
applies to employee personal information of federal works and undertakings.
These privacy statutes have all been guided by the Fair Information Principles, originally espoused by
the Organization for Economic Co-operation and Development (OECD) in 1980 [23]. These eight principles
call for the necessity of consent to lawfully collect, use and disclose personal information; for accuracy,
completeness and currency to characterize personal data collected; for purposes to direct personal data
consent, collection, use and disclosure; for appropriate security measures to safeguard the personal data
from risks; for transparency to permit individuals to see and correct the information collected about them;
and, for openness and accountability around fair data use by the data controllers [21, 23].
Importantly, neither privacy legislation nor its incumbent obligations apply when the personal informa-
tion is no longer identifying or potentially-identifying, or when the individual about whom the informa-
tion is about consents to the activity in question. For example, Service Alberta specifically states that PIPA
“… does not apply to general information used to operate the business of the organization or to the use of
non-identifiable or aggregate information such as statistical information about groups of individuals” [21].
Historically, individuals and organizations have looked to anonymization and de-identification techniques
to circumvent the requirements of privacy legislation [24]. With advances in technology, some commenta-
tors question whether any information is truly unidentifiable as to avoid privacy laws [24]. Other commen-
tators argue that de-identification is a valid tool that preserves both privacy and utility and that meets the
reasonableness objectives in privacy legislation that call for privacy protection and the ability of organi-
Privacy legislation does not apply when the personal information is no longer identifying or potentially-identifying.
18 LAW & GOVERNANCE OF SECONDARY DATA USE
zations to utilize the data they collect for reasonable purposes [25, 26]. In either case, privacy, identifiability
and consent interrelate and will be discussed together.
Alberta’s PIPA governs the collection, use and disclosure of personal information and personal employee
information by private sector organizations in Alberta [13, 22]. Personal information, as defined earlier, in-
cludes name, address, telephone number, email address, picture, as well as other information about the
person, their life and livelihood [13, 22]. Personal employee information refers to personal information about
a potential, current or former employee of an organization, that is “… reasonably required by the organi-
zation for the purposes of (i) establishing, managing, or terminating an employment or volunteer-work
relationship, or (ii) managing a post-employment or post-volunteer-work relationship between the orga-
nization and the individual” [13]. Every private organization within Alberta is subject to PIPA regarding all
personal information, unless exempted by PIPA itself [13].
2.1.1 P I PA A P P L I C A B I L I T Y TO N F P S
An NFP is not automatically subject to PIPA, but rather becomes subject based on two key factors: the
method of incorporation and the activities conducted by the NFP [13, 22].
Section 56 of PIPA particularly deals with the privacy legislation’s approach to non-profit organizations.
PIPA does not apply to any ‘non-profit organization’ (as defined by s. 56(1)(b) of PIPA), or personal infor-
mation in its custody and control, unless that non-profit organization is carrying out a commercial activity
[13, 22]. A ‘non-profit organization’ has a narrow definition under PIPA to mean an organization that is (a) in-
corporated under the Societies Act, (b) incorporated under the Agricultural Societies Act, or (c) registered
under Part 9 of the Companies Act (s. 56(1)(b)) [13, 22]. An NFP that is not so duly incorporated is subject to
PIPA for the entirety of its activities.
An NFP that meets the PIPA non-profit incorporation exceptions could become subject to PIPA for the
personal information that is collected, used or disclosed by the organization in connection with “any com-
mercial activity” carried out by the NFP (s. 56(3)) [13, 22]. Personal information of employees or volunteers
of an NFP are not subject to PIPA [13, 21]. Any activities not commercial in nature would not be subject to
19POLICYWISE
PIPA for a ‘non-profit organization.’
Section 56(1) of PIPA contains the following definition of “commercial activity”:
(i) Any transaction, act or conduct, or
(ii) Any regular course of conduct,
That is of a commercial character and, without restricting the generality of the foregoing, include the fol-
lowing:
(iii) the selling, bartering or leasing of membership lists or of donor or other fund-raising lists;
(iv) the operation of a private school or an early childhood services program as defined in the
School Act;
(v) the operation of a private college as defined by the Post-Secondary Learning Act [13];
A 2013 decision of the OIPC proffers the most guidance around whether an NFP is conducting “commer-
cial activities” to trigger the responsibilities of PIPA [22, 27]. In this case, the Applicant requested access to
his personal information held by the Legal Aid Society of Alberta (LASA) and considered their response
incomplete [27]. The Applicant then complained to OIPC. The Adjudicator first considered whether PIPA ap-
plied to LASA. First, the Adjudicator recognized that the determination of whether a commercial activity
occurred will be on a case-by-case basis. Second, the mere exchange of a service for a fee does not in itself
indicate a commercial activity, rather PIPA intends to include trade or business-like activity. The Adjudi-
cator noted that “… PIPA is meant to apply to non-profit organizations that are carrying out activities as
though they are a business.” LASA could not be distinguished “from an operational or service standpoint”
from a private law practice when LASA assessed individuals for legal aid coverage, arranged for legal ser-
vices to be provided, and provided legal services (para. 33) [27]. As such, LASA’s collection of personal in-
formation for these purposes was subject to PIPA.
For completeness, the following are a few further discussions in OIPC decisions related to the applicability
20 LAW & GOVERNANCE OF SECONDARY DATA USE
of PIPA to NFPs and the commercial nature of the impugned activities. First, in the Lindsay Park Sports
Society case, the activity at issue was the placement of security cameras in the men’s locker rooms of the
Talisman Centre to address an increasing number of thefts and property damage in that location [22, 28].
The organization was incorporated under the Societies Act and thus deemed a “non-profit organization”
under PIPA, but it was found to collect personal information in connection to a commercial activity thus
triggering PIPA scrutiny. The factors that turned this determination included the charge of an admission
fee, and the primary motivation for the security cameras (and information collection) was for business
reasons (i.e. to decrease theft and property damage to maintain business) [22, 28].
Second, in the Canadian Skin Cancer Foundation case, the activity at issue was that information from a
Patient History form during a doctor’s visit led to solicitations from her doctor, the Canadian Skin Cancer
Foundation, and another entity that all shared a mailing list database despite the Complainant having opt-
ed out of the mailing list [22, 29]. The OIPC Adjudicator found that the Foundation was a non-profit organiza-
tion appropriately incorporated under the Societies Act [22, 29]. The OIPC Adjudicator considered whether
marketing and soliciting for fundraising was a commercial activity [22, 29]. The OIPC Adjudicator deemed
that commercial activity could be a single act or a course of conduct that is of commercial character. The
Foundation’s fundraising was done to raise funds for charitable purposes and not for regular operations
or non-charitable purposes, and was distinct from the recognized commercial activity of selling member-
ship, donor or fundraising lists [22, 29]. As such, the Foundation was deemed not subject to PIPA. And, finally,
in the Fairways Villas South Homeowners’ Association case, an appropriately incorporated NFP managed
and maintained the Fairways Villas lands for a monthly fee; it also sent emails to the Complainant regard-
ing lawn care and sprinkler testing [22, 30]. Because the maintenance services were provided in exchange for
a monthly fee, the Homeowners’ Association was subject to PIPA for email disclosures as this was in direct
connection to a commercial activity [22, 30].
2.1.2 P I PA G E N E R A L O B L I G AT I O N S
The goal of PIPA is to balance a private sector organization’s needs to collect, use or disclose information
for reasonable purposes against the individual’s right to have their personal information protected [13].
21POLICYWISE
These goals are mirrored in HIA and FOIP. PIPA has delineated the standard of reasonableness to be “what
a reasonable person would consider appropriate in the circumstances” [13]. The legal interpretation of the
terms “collect”, “use”, “disclose”, and “reasonable” are critical and will be discussed more fully below at
section 2.1.3; this section aims to
solely overview the general obli-
gations under PIPA.
PIPA details individuals’ rights and private sector organizations’ obligations including the following:
“identifying the occasions when private sector organizations must obtain consent for the collection, use
and distribution of personal information; how consent must be obtained; how individuals may request ac-
cess to and correction of their personal information; how an organization must respond to an individual’s
request for access to information; how personal information must be protected; and when the Office of the
Information and Privacy Commissioner of Alberta (OIPC) can review complaints” [13, 22]. The details on PI-
PA-mandated procedures and processes for consent and personal information protection will be detailed
below in section 2.1.4 (best practices dictated by PIPA).
PIPA applies to personal information whether the information is recorded or not, but the rights of access
and correction only apply to recorded personal information [13, 21]. PIPA does not apply to general informa-
tion used to operate a business, or to the use of non-identifiable or aggregate information (e.g. statistical
information about groups of individuals). Private-sector organizations subject to PIPA are responsible for
the personal information in their custody (e.g. in their offices, computers, storage devices, etc…) or control
(i.e. can decide how to use, disclose and store the personal information) [13, 21]. With respect to collection,
use and disclosure of personal information, Table 1 broadly presents the key requirements that must be
met by a PIPA-regulated private-sector organization (note: this list is not exhaustive of all PIPA obliga-
tions).
Consent remains a crucial component to privacy protection laws: it provides a means for organizations
and individuals to agree amongst themselves about the appropriate collection, use and disclosure of per-
sonal information, especially when it may move beyond the general rubric of applicable privacy laws. Un-
Only reasonable purposes and methods of collection can be consented to.
22 LAW & GOVERNANCE OF SECONDARY DATA USE
less PIPA specifically exempts, organizations must get informed consent to collect, use or disclose person-
al information [21]. In gathering consent, organizations must adequately inform individuals of the purpose
for information collection, as well as the proposed and potential uses, disclosures, storage and disposal of
the information [21]. Only reasonable purposes and methods of collection can be consented to; an individ-
ual cannot consent to unreasonable collection of personal information, including any extra information
disclosed that is not needed for the purpose [21].
Consent can be express (written or verbal), implied (information is volunteered in reasonable and clear
circumstances), or opt-out [21]. The features of opt-out consent include that organizations provide individ-
uals with the reasonable purpose of their need for personal information; with easy-to-understand notice
provided that consent will be imputed if they do not opt-out; with a reasonable window and chance to
say no and opt-out; and with assurance that the personal information is not so sensitive that it would be
unreasonable to use an opt-out form [21]. Unless a legal duty or obligation would be hindered, an individual
can change or withdraw consent by giving the organization reasonable notice (s. 9) [13, 21]. Individuals can
place reasonable terms and conditions on their consent, such as limiting the types of uses that would be
permitted under the consent and those that would not [21]. Importantly, s. 8(2.1) of PIPA indicates that if
an individual consents to disclosure of personal information about the individual by one organization to
another organization for a particular purpose, then the individual is deemed to consent to the collection,
use or disclosure of the personal information for the particular purpose by that other organization [13].
Hence, the entirety of the original consent can carry forward to secondary organizations (including repos-
itories or other NFPS, for example) when collected appropriately by the first organization. All organiza-
Entirety of original consent carry forward to secondary organizations.
23POLICYWISE
tions are limited by the particular purpose, the reasonableness of that purpose, and the limit of using the
minimal amount of personal information necessary to reach that purpose. The consequences of altered or
withdrawn consent should be explained to the individual, such as implications to the service or product
delivery provided by the organization or NFP. Conversely, s. 12 of PIPA is clear that an organization cannot
collect personal information about an individual from someone other than that individual without the
individual’s consent, unless that information could have been collected without consent anyways (i.e. fits
under consent exemptions from ss. 13, 15 or 22). This requirement would not apply in cases where the
other individual does not possess the capacity to consent (e.g. children), in which case the person who is
legally able to provide consent can provide the information about them. Consent to collect, use or disclose
personal information cannot be a condition for an organization to supply an individual with a product or
service, if the information at issue is beyond that necessary to supply the product or service.
PIPA delimits the process for access to, and correction of, personal information held by a private-sector or-
ganization [13, 21]. With few exceptions, organizations must facilitate individuals’ access to their own infor-
mation and must respond openly, completely, accurately and in a timely manner. Generally, when personal
information in a record that is in the custody or under the control of an organization, then the individual
has the right to ask for access to it [13, 21]. Personal information is under the control of an organization if
the organization’s decision-making power applies to how to use, disclose and store the information, how
long to keep it, and how to dispose of it [21]. Personal information is in the custody of the organization if
the personal information is kept in the organization’s offices, facilities, file cabinets, computers, etc… [21].
PIPA’s governance of the exercise of an individual’s general right of access to their information is detailed
in Table 2.
When information collected by one organization is sent to another business for processing or storage,
but the information’s use, disclosure and storage remain in the purview of the original, collecting organi-
zation, then the information remains under the control of the first collecting organization [21]. The obliga-
tions under PIPA, including privacy protection and information access facilitation, remain with the first,
originally collecting organization [21]. This introduces an obligation to ensure that the second organization
protects the information in the same way as the law requires and as the original organization should do
24 LAW & GOVERNANCE OF SECONDARY DATA USE
[21]. Service Alberta indicates that “the other [second] business will still be responsible for ensuring its own
compliance with the Act” [21]. With regards to information access requests, the original organization thus
retains their obligation to meet information access requests. The nature of the agreements between these
two parties could elaborate the access request process to include the second other business.
Complaints to OIPC can come from individuals when they think that their personal information has been
inappropriately collected, used or disclosed by a private organization in Alberta (PIPA), by a public body
(FOIP), or a health information custodian (HIA), or when their request for access to information has not
been properly addressed by said applicable entity in Alberta [13, 22]. Investigations and orders around com-
plaints connected to PIPA, HIA, and FOIP are in the purview of the OIPC. Where none of these pieces of
legislation clearly apply but an information or privacy issue is at stake, or where it unclear which or any
of the Albertan privacy legislation applies, it would be prudent to turn to OIPC for a determination of legal
obligations that do apply related to information privacy. If the issue at hand does not relate to information,
data or privacy, then OIPC would not likely have a role. The OIPC website and the Service Alberta web-
site offer guides and pamphlets to assist organizations to understand and comply with PIPA. If a privacy
breach occurs but it involves an organization that is not within the purview of any Canadian privacy laws,
then the party could attempt a private civil lawsuit arguing a breach of privacy, which would require sev-
eral things including proof of harm caused by the data breach and a relationship of responsibility between
the individual and the organization.
Failure to comply with PIPA can lead to a complaint by an individual, which could lead to review, inquiry
and possibly an order by OIPC. Once a final order is pronounced (and there is no further right of appeal),
Obligations under PIPA, remain with the first, originally-collecting organization.
25POLICYWISE
an organization has 50 days to comply (s. 54(1) PIPA) [13]. Beyond the costs of compliance with an order
(and the incurred costs of defending against a complaint), an organization could be liable to the com-
plainant for damages for loss or injury that results from the breach (s. 60(1) PIPA). If an organization
has contravened PIPA and been found guilty of such an infraction, then the organization can be liable for
fines of up to $10000 in the case of an individual, and up to $100000 in the case of a person other than
an individual (e.g. corporation) (s. 59(2) PIPA). Importantly, as stated above, these fines are not currently
available to the Federal Privacy Commissioner to impose. There is also the risk that an OIPC complaint or
order could lead to negative publicity for an NFP and reputational losses in the long-term [22].
2.1.3 P R I VA C Y - R E L AT E D L E G A L I N T E R P R E TAT I O N S O F “ R E A S O N A B L E ”, “ U S E ”
A N D “ D I S C L O S U R E ”
Privacy law encompasses not only the stipulated statutes and regulations, but also the legal interpreta-
tions of those statutes and regulations by judges in courts and by adjudicators at OIPC. This case law and
adjudicative decisions, respectively, provide further information and obligation around the legal rights of
individuals and the legal responsibilities of private-sector organizations.
Three terms used and relied upon heavily in PIPA that require more illumination via legal interpretation
include “reasonable”, “use” and “disclose/disclosure.” These terms set out what activities are permissible
for PIPA-applicable organizations.
Service Alberta has provided a plain language guide for small businesses and organizations around how
to approach and meet the requirements of PIPA [21]. Service Alberta has elaborated the “what is reason-
able” test from PIPA as “what a reasonable person would think is appropriate in the situation” [21]. This
is the question posed when considering the reasonableness of many activities permitted under PIPA. For
example, the reasonableness must be assessed of the purpose in collecting personal information, of any
implied consent, of the development and implementation of organizational privacy policies, and of the use
or disclosure activity involving the personal information.
In the interpretation of “reasonable” in PIPA, there is direction from the highest court in Alberta, the Alber-
26 LAW & GOVERNANCE OF SECONDARY DATA USE
ta Court of Appeal, from the 2011 decision of Leon’s Furniture Ltd. v. OIPC: “PIPA balances two competing
values: the right to protect personal information and the need to use that same information. In balancing
these values, PIPA employs the standard of reasonableness, allowing PIPA to be flexible for small- and
medium- sized businesses. Both of these values must be balanced and neither can be given more weight
than the other, as that may lead to an unreasonable result” [31]. Another legal analysis has suggested that
promoting service and sector efficiency and effectiveness would be a reasonable purpose for a private
sector organization, including NFP [22].
Service Alberta distinguished “use” and “disclosure” as follows:
“Using personal information usually means using it internally to carry out the organization’s pur-
poses. These include providing a product or service or evaluating whether an individual is eligible
for a discount. Normally, an organization or its contractors use information within the organiza-
tion. It would be valid for a shipping department to use customer information that was collected by
the billing department.
Disclosing personal information means showing, sending, telling or giving some other organiza-
tion or individual the personal information in question. Information is disclosed externally when
provided outside the organization. To continue the example above, providing the customer’s name
and address when requested by Canada Revenue Agency would be a valid disclosure of personal
information.” [21]
The Service Alberta guidance would be highly persuasive alone in the legal interpretation of these terms
by a judge or OIPC adjudicator. Importantly, it seems “use” and “disclose” are demarcated by an internal
versus external barrier. It would suggest that an NFP that conducts secondary use of personal information
for purposes and activities that are wholly internal to that NFP or organization would fall under PIPA for
“use”-related provisions and limits. “Use” would seem to cover the activities of contractors external to an
organization, but acting for that organization and the various departments of a multi-departmental orga-
nization. Meanwhile, an NFP or organization that conducts or permits secondary use of personal informa-
tion alongside or by an entity completely external to the NFP or organization would fall under PIPA for
27POLICYWISE
“disclose”-related provisions and delimits. It would be likely that the sharing of NFP data between distinct
NFPs or with an external data repository, without any contractor-style agreement amongst them, would
be considered “disclosure” under OIPC.
Further understanding on the legal interpretation and approach to appropriate “use” and “disclosure”
under Alberta’s privacy legislation (whether PIPA, FOIP or HIA) can be garnered by examining the OIPC
adjudication decisions themselves. The online OIPC adjudicative decisions database was hand-searched
using the following inclusion criteria: (1) decision issued in last five years (2012-2015); (2) issues do not
solely consider complaints around requests for information access or correction; and (3) adjudicator con-
siders issues related to “use” or “disclosure” of information. Table 3 provides a detailed analysis of the 36
included OIPC adjudicative decisions, with an emphasis on determining what is considered appropriate
and allowable “use” and “disclosure”, and what is not.
Several key findings can be surmised from this analysis. First, generally, the legal approach to issues of
“collection” and “use” are determined together, while “disclosure” is interpreted separately while being
highly informed from the legal analysis of “collection” and “use.” Second, with respect to complaints, OIPC
examines collections, uses, and disclosures of personal information very specifically and very broadly. The
findings do not turn on, or consider, the possible negative impact of the disclosure (or collection or use).
Such impact is not a consideration of whether the disclosure was authorized or not. Similarly, personal
information is “used” when it is available for consideration, not in the narrower circumstance of being giv-
en any, little, lots or no weight in a determination; information does not have to be relied upon to be used.
“Disclosure” occurs when someone external to the necessary parties could view the personal information;
whether they actually viewed such information does not impact the “disclosure” analysis.
Third, PIPA and FOIP are distinguishable not only for the entities that they govern. These two Acts have
different purposes and PIPA’s definition of “personal information” is considered much broader than that
of FOIP because PIPA’s definition is simply “information about an identifiable individual.” While PIPA aims
to balance personal privacy with organizational activities, FOIP carries an additional aim to promote the
transparency and accountability of public bodies. FOIP provides a list of types of identifiable information,
28 LAW & GOVERNANCE OF SECONDARY DATA USE
thus information must be listed or be qualitatively similar to the enumerated to be considered identifiable
information. “Personal information” that triggers privacy legislation scrutiny and protection turns on the
term “about”; information that is related to someone is not necessarily about them. “About” is a highly
significant restrictive modifier, while “related” is narrower; information associated with someone or their
activities is connected to them but is not necessarily “about” them under privacy laws. It is important to
remember that as technologies and society evolves, the scope of what constitutes personal information, or
not, is similarly dynamic. The list of
identifiers is continually growing,
and this is recognized in law, by
courts and the OIPC.
Fourth, the three key, interrelated factors that should guide organizations in their collection, use and dis-
closure of information are consent, purpose, and reasonableness. There should be a reasonable purpose
in collecting the information; there should be consent or statutory exemption to consent that is connected
to the reasonable purpose; the information should only be used and disclosed to extent necessary to meet
that reasonable purpose; the connections between purposes and activities should be reasonable and di-
rect. Where an organization has no authority to collect and use particular personal information, then it
necessarily has neither a reasonable purpose for such information collection and use nor the possibility of
collecting or using that information to a reasonable extent. Where use or disclosure of personal informa-
tion is examined relative to the proviso of only to the extent necessary to meet the previously-established
reasonable purpose, the critical term is extent and it should be the minimal extent required to reasonably
meet the reasonable purpose. The minimal amount of personal information should be used or disclosed
(even if authorized to collect more). As will be discussed again below, the HIA dictates that custodians
should only collect, use or disclose “individually identifying health information” after considering whether
aggregate or other non-identifying health information would adequately achieve the intended purpose [32].
This adage appears to be applied by OIPC Adjudicators when considering use and disclosure of personal
information covered by PIPA and FOIP. The parties both internal or external to the organization or the
organization’s impugned activity should be the minimal number and type of parties necessary. Everyone
The three key, interrelated factors:
consent, purpose, and reasonableness.
29POLICYWISE
should be on a “need to know” basis or assessment: Does each party who could view, examine, or interpret
the personal information reasonably need to know that facet of personal information?
Fifth, databases contain a wealth of personal information and should be safeguarded appropriately, from
nefarious, rogue and negligent infringements of privacy protection laws. Access to information in data-
bases, and the reasons for such accesses, should be appropriately logged; and all parties who do, or could,
partake in such accesses should be properly trained in privacy protection requirements and monitored
for compliance.
Sixth, contracted employees of public bodies can be considered employees for the purposes of FOIP and
bring FOIP scrutiny to their activities, especially where they perform functions of, and on behalf of, the
public body.
Finally, privacy protection laws do not aim to limit information exchange with anonymity provisos around
service delivery itself; but do aim to put limits, constraints and safeguards beyond the point of care. This
may translate to NFPs that any initial point of care and service delivery involves information collection as
necessary; but any secondary use of information must involve the highest degree of anonymity possible.
2.1.4 B E S T P R A C T I C E S D I C TAT E D BY P I PA
NFPs engaged in non-commercial activities are not legally bound by PIPA requirements. It is, however,
highly recommended that NFPs should adhere to PIPA’s guidelines and best practices such as instituting
a privacy policy; appointing a privacy officer to ensure compliance with the policy; ensuring consent is
obtained from individuals for the collection, use and disclosure of personal information; ensuring the pur-
poses of information collection, use and disclosure are clear and reasonable; and, ensuring the adequate
security of information collected and stored. It has been argued that adhering to PIPA would not pres-
ent a significant cost to organizations; would avoid the inefficiency of carrying out different information
handling procedures when an NFP carries out some commercial activities (triggering PIPA) and some
non-commercial activities (not covered by PIPA); and would limit the risk of negative publicity and lost
public trust related to personal information complaints (to OIPC or to the media simply) [22].
30 LAW & GOVERNANCE OF SECONDARY DATA USE
Section 2.1.1 above presents the general obligations for information handling procedures by PIPA. Table 4
summarizes and supplements that section to act as a reference for NFPs of the best practices dictated by
PIPA; this along with Table 1 should provide NFPs with a fair understanding of the activities to follow in
order to be compliant with the tenets and requirements of PIPA.
2.1.5 F O I P & H I A C O N S I D E R AT I O N S
Although PIPA remains the primary legislation denoting the privacy and consent obligations for NFPs
around the collection, use and disclosure of personal information, there may be some NFPs by virtue of
their activities or alliances that fall under other Alberta privacy laws, particularly FOIP and HIA. As stated
above, fair information principles guide all privacy legislation in Alberta, the rest of Canada and all other
countries. A privacy-conservative NFP that follows the PIPA requirements should feel relatively confident
in their collection, use and disclosure of personal information. In what follows, a more considered analysis
is provided regarding the triggers of HIA and FOIP applicability and the limits of their jurisdiction, as well
as any notable (but not exhaustive) distinctions from the previously discussed PIPA.
2.1.5.1 F O I P A P P L I C A B I L I T Y
First, NFPs working with a public body should consider the privacy and information-handling require-
ments of FOIP [19, 22]. In some cases, an NFP will work with a public body via contract, in which case the
public body will likely retain control of any re-
cords and FOIP would apply to all records [21, 22].
The contractual terms should reflect the legisla-
tive requirements of FOIP. The Alberta Privacy
Commissioner has criticized the gap in protection when public bodies work with NFPs that are not subject
to privacy legislation (i.e. in their non-commercial activities) [22]. The Alberta Privacy Commissioner has
recommended that FOIP be amended so that when public bodies and NFPs are sharing personal informa-
tion as partners in cross-sectoral initiatives, the public bodies are responsible for the collection, use and
disclosure and protection of that personal information by the NFP [22].
The contractual terms should reflect the legislative requirements of FOIP.
31POLICYWISE
Second, the HIA could be triggered when NFPs collaborate with or employ HIA custodians. Four criteria
trigger HIA: a custodian collects, uses or discloses health information; the information at issue meets the
definition of personal health information; the collection, use or disclosure relates to the provision of a
health service; and the health information is recorded [32]. Importantly, when the information at issue falls
under FOIP or HIA, then that respective Act would apply, not PIPA [13, 21]. For example, when a government
department discloses personal information to a contractor carrying out work for that department, FOIP
applies to the information (and thus the directly-related activities of the contractor) [21]. Similarly, FOIP
has been clearly considered to begin where HIA ends. An organization could be subject to more than one
privacy legislation.
FOIP was created to promote an open and transparent government alongside the promotion of appro-
priate stewardship of personal information to which the government is privy during its public functions.
In this way, it differs from PIPA and HIA, whose language and purpose is much more towards protecting
individuals’ identifying information in a reasonable balance with the needs of private-sector organizations
and health services delivery professions and organizations to realize their delivery of goods and services.
PIPA and HIA focus on ensuring individuals have access to information about themselves held by organiza-
tions or custodians, while FOIP considers individuals access to information held about public bodies and
programs in addition to individual-level information about themselves.
2.1.5.2 H I A A P P L I C A B I L I T Y
The HIA, which limits the collection, use and disclosure of health information, applies to “custodians” of
FOIP was created to promote an open and transparent government alongside the promotion of appropriate stewardship of personal information.
32 LAW & GOVERNANCE OF SECONDARY DATA USE
“health information” and to their “affiliates” [20, 32]. The three highlighted terms demarcate the extent of HIA
applicability.
A “custodian” is defined in s. 1(1)(f) of the HIA to include the operators of the majority of organizations
and entities that provide health services in Alberta, such as the board of an approved hospital; the oper-
ator of a nursing home; an ambulance operator; a provincial health board; a regional health authority; a
subsidiary health corporation; any board, council, committee, commission, panel or agency created by a
listed custodian or designated in the regulations; a licensed pharmacy; as well as the Department and the
Minister [20]. In addition, a “custodian” includes a health services provider designated by the regulations to
include professionally licensed and regulated pharmacists, optometrists, opticians, chiropractors, physi-
cians, midwives, podiatrists, denturists, dentists, dental hygienists, and nurses [32, 33].
Section 1(1)(a) of the HIA defines “affiliates” to include custodian’s employees; those with contractual,
volunteer, appointee or student relationships with the custodian; health services providers exercising the
right to admit and treat patients at a hospital; an information manager; and, any person designated under
the regulations as an affiliate [20]. Importantly, custodians are not defined to include all individuals or enti-
ties that may collect or use health information in the course of their work [32]. Rather, custodians are those
individuals and entities that are viewed to be, and are positioned to be, trusted “gatekeepers” of an indi-
viduals’ health information. They can be trusted because of their public foundation or their professional
membership and role; mostly, they can be trusted because there is a level of accountability and compliance
to HIA attached to their roles.
The applicability of the HIA to NFPs, thus, hinges on whether the NFP is legally included as a “custodian”
or its “affiliate.” Unlike with PIPA, there is no exception or delimitation of applicability of HIA to NFPs.
Many enumerated custodians could be NFPs due to their incorporation or charitable status (e.g. hospital
or nursing home operators such as Covenant Health). The HIA would come into effect when a listed health
services provider provides a health service while working for an NFP, even if the NFP does not fit within
the custodian definition in and of itself. Similarly, if an NFP enters into a contractual, volunteer or other
collaborative relationship with an enumerated custodian, then the NFP would be deemed an affiliate and
33POLICYWISE
thus bound by the rules for the collection, use and disclosure of health information.
Because they are not defined as health services providers equal to custodians in the HIA, allied health
professionals such as psychologists, social workers, physical therapists, occupational therapists, and re-
spiratory therapists must consider their employment context, contractual relations, and governmental
relations to determine whether the HIA applies. Importantly, many of these allied health professionals are
employed by NFPs to deliver services; thus, NFPs must also be aware of when HIA scrutiny and obligations
are attracted. If an allied health professional is employed by an NFP, and that NFP is neither a custodian
nor an affiliate of a custodian, then the information collected, used or disclosed about an individual (even
if it is individually identifying health information) would not trigger the HIA (although PIPA could be
triggered). A specifically enumerated example to HIA in this area relates to psychologists who work for
a Director of the Child, Youth and Family Enhancement Act, their work and particularly any assessments
that they conduct are not considered health services and considered exempt to the consent requirements
of the HIA.
“Health information” is the other major determinative factor in assessing HIA applicability. Any and all of
two types of information are included in “health information”: “diagnostic, treatment and care informa-
tion” (s. 1(1)(i)) and “registration information” (s. 1(1)(u)) [20]. The former is broadly information about an
individual’s health and health services provided to the individual, while the latter includes six categories
including specified demographic information about an individual collected during provision of health ser-
vices (e.g. address, billing information). Importantly, it is the context of provision of health services that
trigger the HIA protections and limitations around “health information.” “Diagnostic, treatment and care
information” is deemed the most sensitive information about an individual, and thus the most stringent
rules apply to this information. Table 4 provides details which categories of information are included in
these two types of health information.
If, or once, HIA applicability (or the possibility of its applicability) is determined, then one must consider
what activities are permitted, restricted or banned by the HIA as related to the collection, use and disclo-
sure of health information.
34 LAW & GOVERNANCE OF SECONDARY DATA USE
2.1.5.3 H I A , C O N S E N T & D I S C R E T I O N A R Y D I S C L O S U R E
Rather than dictate all the HIA requirements herein, the following will focus on the key and notable re-
quirements of HIA in the context of fair information principles, the recognized sensitivity of health infor-
mation, and the approaches to privacy protection brought along by PIPA and FOIP.
The HIA is clear that personal health numbers are protected as is health information [20, 32]. Also, individu-
als have right to access their own health information, to ask for corrections to be considered; and to know
why it is being collected [20, 32]. There are limits to collection, use and disclosure of health information; and
one must always use the least amount of information at highest degree of anonymity (ss. 57, 58) [20, 32].
As stated earlier, custodians are ex-
pected to first consider whether the
collection, use or disclosure of “ag-
gregate health information” would
be adequate for the intended purpose; if adequate, only aggregate health information should be collected,
used or disclosed [20, 32]. “Aggregate health information” means non-identifying health information about
groups of individuals with common characteristics [20, 32]. Such information is generally statistical informa-
tion of the type that is virtually impossible to identify to the single individual, unless the cell or sample size
is very small (< 10) [20, 32].
If aggregate health information is not adequate for the intended purpose, the custodian must then con-
sider other “non-identifying health information” and whether it would be adequate for the intended pur-
pose [20, 32]. “Non-identifying health information” is defined as information from which the identity of the
individual who is the subject of the information cannot be readily ascertained from the information [20, 32].
Removing an individuals’ name and personal identifiers before information is disclosed and by not pro-
viding other contextual information, information can be essentially anonymous or non-identifying [20, 32]. If
such information would suffice, only that should be made use of [20, 32].
Only when aggregate and other non-identifying health information is inadequate for the intended pur-
“Non-identifying health information” is information from which identity cannot be readily ascertained.
35POLICYWISE
pose, can the custodian collect, use or disclose individually identifying health information, but only if such
activity is authorized by HIA and if such activity is carried out according to the HIA [20, 32]. “Individually
identifying health information” means that the identity of the individual who is the subject of the informa-
tion can be readily ascertained from the information (e.g. name, address, birthdate, full postal code etc…)
[20, 32]. “Readily ascertained” is also defined in the HIA to mean “the identity of an individual (e.g the indi-
vidual’s name or other identifiers or distinguishing characteristics associated with an individual) can be
determined or deduced without having to apply a sophisticated technical method or process, or without
having any particularly technical expertise to do so [20, 32].
This guidance on the order of consideration in the collection, use and disclosure of personal health in-
formation is crucial to all custodians under the HIA, and provides a rubric for all organizations to follow
the minimal extent of collection, use and disclosure of personal information dictated by PIPA and FOIP. It
would be a crucial consideration for all NFPs when determining what data to make available for secondary
use and how. Allowing a case-by-case assessment of purposes for the activity involving the information
(e.g. through controlled access by the NFP or a repository) would ensure the minimal necessary informa-
tion is collected, used and disclosed (with collection historically having a bit more lee-way regarding what
is minimally necessary, for public bodies at least).
Custodians, a term unique to the HIA, can collect, use and disclose non-identifying information for any
purpose, whether it is anonymized health information or aggregate information [20, 32]. As with other pri-
vacy legislation, the legal limitations come to bear on the individually identifying health information.
Here, as always, purpose matters [20, 32]. Only those purposes authorized under s. 27 sanction custodians
Allowing a case-by-case assessment of purposes would ensure the minimal necessary information is collected, used, and disclosed.
36 LAW & GOVERNANCE OF SECONDARY DATA USE
to collect and use individually identifying health information, including providing health services to the
individual; determining eligibility for services under Alberta Health Care Insurance Plan; and conducting
investigations or practice reviews of health professionals [20, 32]. The Minister, the Department and AHS
may use individually identifying health information for planning and resource allocation; health system
management; public health surveillance; health policy development, for within geographic area they have
jurisdiction [20, 32].
The principles of highest degree of anonymity does not strictly apply to the collection, use or disclosure
of health information when using this information for the purpose of providing “health services” or for
determining or verifying the eligibility of an individual to receive a “health service” [20, 32]. Privacy laws do
not aim to limit information exchange with anonymity provisos around service delivery itself; but do aim
to put constraints and safeguards beyond the point of care. This may translate to NFPs that any initial
point of care and service delivery involves information collection as necessary; but any secondary use of
information must involve the highest degree of anonymity possible.
Generally, an individual’s consent is needed before disclosure of individually identifying health informa-
tion (s. 34 HIA) [20, 32]. However, HIA is not as primarily consent-driven as PIPA; custodians possess a signif-
icant ability to collect, use and disclose health information without consent. Exceptions to consent (ss. 35,
37.1, 37.3, 38, 39 40, 46, and 47) relate to legally approved discretionary disclosure [20, 32]. Custodians can
disclose individually identifying diagnostic, treatment and care information without individual consent
to specific persons and for specific purposes listed in the legislation and regulations [20, 32]. These discre-
tionary disclosures include to another custodian for s. 27 purpose; to the person responsible for giving
Activity in question must be research to require REB scrutiny before conduct.
37POLICYWISE
continuing care to the individual; to family members or others with a close personal relationship, unless
the individual expressly requests that family and friends not be informed; and, to police to prevent or limit
fraud or abuse of health services or to protect public health and safety [20, 32].
The HIA permits individually identifying health information (both diagnostic and registration categories)
to be disclosed for research purposes by a custodian, without consent, under Part 5, Div 3 conditions [20,
32]. Those conditions include a research proposal assessed by a research ethics board (REB) designated
by Minister; the researcher must agree to comply with conditions in s. 53 (i.e. meet the conditions of the
custodian for access; obtain consent from participants if demanded by the REB); and the researcher must
enter into agreement with custodian (s. 54 conditions) [20, 32].
Data management, in health information and elsewhere, is crucial to good data governance and for com-
pliance with privacy laws. Custodians must enter into agreements with information managers to assist
in the appropriate care and storage of the information under its control. Section 66 of the HIA defines
an “information manager” as “a person or body that (a) processes, stores, retrieves or disposes of health
information, (b) in accordance with the regulations, strips, encodes or otherwise transforms individually
identifying health information to create non-identifying health information, or (c) provides information
management or information technology services” [20, 32]. A written agreement between the custodian and
the information manager must be entered into to ensure privacy protections and compliance with HIA [20,
32]. When those agreements are in place, consent of the individuals who are the subjects of the information
is not required, for the purposes authorized by the agreement. The purpose of the agreement dictates
what the information manager may do with the health information [20, 32]. As with other affiliations and
contracts, the custodian continues to be responsible for HIA compliance regarding the information [20, 32].
2.2 I N T E L L E C T UA L P R O P E R T Y I S S U E S
Intellectual property (IP) issues are separate from privacy and national security issues [34]. Intellectual
property falls under federal or national jurisdiction; thus, while inter-provincial activities are covered
by the same IP laws, international ones may not [34]. Because IP law covers important ownership, usage
and manipulation rights of particular forms of information, it represents an important component to any
38 LAW & GOVERNANCE OF SECONDARY DATA USE
discussion on secondary use of data. As will be demonstrated, it is an important but very limited legal
obligation and right in Canada regarding secondary use.
In IP, just as in other key legal arenas including privacy law, permission is key [34]. If a data source (e.g.
researcher, repository, NFP) gives permission to reuse data and one’s intended use fits within scope of
the permission, the permission provides the legal basis for data reuse and potential IP-based barriers are
removed [34]. But, if intellectual property or other legal rights on original data remain, the secondary user
or NFP must not infringe on those. This presents legal uncertainty of when, where and how these other
rights from the original data will play out [34]. Primary data sources need to clearly determine the scope
of the permission granted downstream when making “their” data available. The rights that may apply to
research or NFP data include trade secrets (confidential information), copyrights and the special database
rights established in only EU member countries, Mexico and South Korea (and which apply only to data-
bases created or maintained in their borders) [34].
Trade secrets are proprietary or confidential information [34]. According to international standards, na-
tional laws treat information as a trade secret if it derives economic value from not being generally known
or readily ascertainable, so long as the information has been subject to reasonable measures to keep it
secret [34]. Most research data, and likely NFP data, meet this definition, at least in the early stages of
collection and generation [34]. Public disclosure of information removes any associated trade secret pro-
tection [34]. Thus, data sharing or publication would remove trade secrets in research data [34]. This could
be an issue for NFPs or other private sector organizations that have taken reasonable steps to keep some
information secret, while also taking part in secondary use. If this is a concern, the NFP should provide
for the management of trade secrets in their agreement’s terms including timing and scope of information
disclosure. Discussions should occur early and often at the agreement negotiation stage, and not at later
times of publication or dissemination tactics [34].
Copyright grants author(s) of an original work the exclusive rights to reproduce the work, to publicly
distribute copies, to publicly display, publicly perform, or otherwise communicate the work to the pub-
lic, and to make adaptations of the work [34]. Copyright only becomes an issue for secondary data use if it
39POLICYWISE
is likely or plausible that the creator, owner or repository in which data resides is likely to seek to limit
copying, distribution or other reuses of the data [34]. Copyright imposes no restrictions on sharing of the
basic building blocks of knowledge (i.e. facts and ideas), which are part of the public domain and which
make a lot of the data at issue in secondary use discussions [34]. Raw observations and experimental data
are “facts” for copyright purposes and are free to be shared and reused without copyright restriction [34].
Copyright applies to original works of authorship as an author makes creative or editorial decisions about
how ideas and facts are expressed [34]. Separate copyrights attach to data items, organizational structures
and metadata [34]. In this way, copyright can sit on some but not all levels or layers of a work; the layers
that involve expressive choice generally trigger copyright protection [34]. Tables or figures are likely copy-
rightable; copying a whole dataset will involve copying the copyrighted layer [34]. Most data expressed
as numeric values are likely to be “facts” that are in the public domain [34]. Thus, even if copyright exists
at an organizational level, numeric values can be copied and reused without any copyright restrictions
[34]. Separate copyright can arise in the manner that data are selected and arranged (e.g. organization of
Excel spreadsheet if researcher exercised discretion in selecting field names and arranging their order
but copyright is limited to this layer of the dataset; no infringement of copyright if secondary researcher
republished data with renamed and reorganized fields in spreadsheet) [34]. Annotations, visualizations and
other forms of metadata can receive separate copyright protection if sufficiently original [34]. If we use the
principle of “discretionary decisions about expression”, then copyright applies. Copyright then becomes
an issue for the user seeking to reuse these forms of original expression.
There can be users’ rights expressed as exceptions to copyright or limits to copyright owner’s rights. In the
UK, Canada and other Commonwealth countries, the law conducts a fair dealing analysis to determine ex-
ceptions to copyright: (1) determine whether the use fits within one of a list of categorically eligible types
of use (e.g. using copyrighted work for noncommercial research or private study or criticism or review,
which are examples of categorically acceptable uses); (2) balance similar considerations about purpose of
use, extent of work used and effect of use on copyright owner [34]. By contrast, in the US, Israel and other
non-Commonwealth countries, the fair use doctrine is applied by courts, which “considers [the] nature
and purpose of use, how much authorship is in the source work, how much of author’s expression has
40 LAW & GOVERNANCE OF SECONDARY DATA USE
been taken in the use, and whether the use has an adverse effect on copyright owner’s ability to econom-
ically exploit the work” [34]. Some countries provide some level of moral rights in authorship, which are
personal to author and cannot be transferred [34]. These moral rights include that authors have the right to
be attributed; and authors have the right to not be attributed if they no longer wish to be associated with
the work.
In recognition of the growing data deluge and its inherent opportunities, the “UK law recently amended its
copyright to explicitly permit researchers to content mine the research literature because its Parliament
was uncertain whether the existing limitations and exceptions would permit the copying necessary to
engage in content mining” [34]. As stated earlier, in Europe, Mexico and South Korea, a Sui Generis Database
right was created for databases created or maintained in these borders and if the use of these databases
take place in these borders [34]. These special rights apply to any database that requires a “substantial
investment” to assemble or maintain the database; so the investment must be in obtaining the data not
creating the data [34]. This special database right is limited to recognizing the required investments in
obtaining data (not in creating data) [34]. This copyright lasts 15 years [34]. These protections are against
extraction or reutilization of substantial parts of a protected database and frequent extraction of insub-
stantial parts of a protected database [34]. Non-commercial research is not subject to this database right [34].
Usually the person who creates or generates the IP is the initial owner of these rights [34]. When the creator
is an employee, rights holding is more complicated and national variation reemerges as an issue [34]. All IP
rights are transferable (except moral rights in copyright), so the initial owner may not necessarily be the
rights holder [34]. Employers generally own trade secrets developed by employees within the scope of em-
ployment [34]. In the absence of agreement or policy, student or independent researchers would own any
trade secret rights associated with their data [34]. Sponsored research agreements and university or hos-
pital IP policies generally establish rules of ownership and disclosure for trade secrets [34]. Because of the
secret nature of trade secrets, there is no activity required to create it other than the reasonable measures
to keep secret. Copyright is initially owned by author(s) of the copyrighted work; the author made creative
or editorial decisions about how to express the underlying facts and ideas [34]. “If there is a copyright layer
to a dataset or database, the owner(s) of the copyright(s) associated with this layer would be the one(s)
41POLICYWISE
who chose how to organize, arrange, annotate, or visualize the data rather than the one(s) involved in its
generation or collection [34].” The Sui Generis Database rights are held by the person or entity that makes
substantial investment in collecting data from other sources or maintaining database; so, the rights fall to
data aggregators and repositories, not individual researchers, teams, organizations or NFPs [34].
Contracts, licenses and agreements represent a crucial tool for IP rights holders to disclose and share the
data protected by (or connected to) their IP rights under terms that meet their rights and obligations,
including IP rights and privacy policies. Owners of rights can grant permission for reuse through a non-ex-
clusive license [34]. Or, owners can enter into exclusive licenses with secondary users where they give up
the rights to use the IP usually in return for compensation [34]. If the data elements being shared are largely
uncopyrightable, then an agreement may not be necessary. But, agreements are important tools in data
governance to ensure all rights are met and followed. A crucial example of this is in Table 5, which contains
the terms of the copyright license for data shared by Statistics Canada.
2.3 G O V E R N A N C E I S S U E S
Privacy laws are just one area of law that governs the use of information collected by organizations. An-
other crucial governance tactic relates to data governance and research ethics. Data governance relates
to overall management of data, its collection, use, storage and the like. Responsible data stewardship re-
quires a clear and appropriate data governance plan. However, there is no set piece of legislation that sets
out the rules and laws for obligations around data governance. It falls within the previously discussed
privacy legislation, as well as other important normative tactics such as research ethics. Secondary use of
personal health information for research purposes is governed by the HIA; and institutional REBs are rec-
ognized by law as the entities that determine whether such research can proceed. REBs thus have become
legal instruments around the governance of secondary data use. This section will cover research ethics
boards, while the broadest topic of data governance will populate the subsequent section on the ethical
analysis. Ethics builds upon the law, but remains distinct from it.
2.3.1 R E S E A R C H E T H I C S B O A R D S
42 LAW & GOVERNANCE OF SECONDARY DATA USE
The Tri-Council Policy Statement on Research with Human Subjects (TCPS2) is a crucial research policy
guidelines in Canada, and it demarcates what is allowed in research with human subjects (whether as in-
dividuals, groups, parts of individuals, or information about individuals) [35]. REBs are defined in the TCPS2
as “a body of researchers, community members, and others with specific expertise (e.g. in ethics, in rele-
vant research disciplines) established by an institution to review the ethical acceptability of all research
involving humans conducted within the institution’s jurisdiction or under its auspices” [35].
In Alberta, there are three REBs designated under the HIA in Alberta, each with a few sub-committees
to focus on areas of specialization. First, there is the Conjoint Health Research Ethics Board (CHREB) of
the University of Calgary, which reviews applications from Researchers affiliated with the University of
Calgary faculties of Kinesiology, Medicine and Nursing. Second, the Health Research Ethics Board (HREB)
of the University of Alberta, administers the ethics review process for all faculty, staff and students of
the University of Alberta health sciences faculties, Alberta Health Services (in Northern Alberta includ-
ing Edmonton), and Covenant Health. There are four sub-committees of the HREB, which generally focus
on qualitative research, interventional research, non-invasive health research, and invasive biomedical
research. Finally, there is the Health Research Ethics Board of Alberta (HREBA), which is housed at the
provincial research funder Alberta Innovates, which consists of three sub-committees: Cancer Committee
(HREBA-CC), Clinical Trials Committee (HREBA-CTC), and Community Health Committee (HREBA-CHC).
The HREBA-CHC is a multi-disciplinary committee with members from both rural and urban Alberta that
provides scientific and ethical review of health research proposed to be conducted in communities across
Alberta.
When an individual or organization falls under the purview of an REB, REB review and approval is re-
quired before research commences when (1) research involves living human participants, or (2) research
involves human biological materials (including human embryos, fetuses, fetal tissue, reproductive materi-
als and stem cells) whether from living or deceased individuals (TCPS Article 2.1). The term “involves” is
more broadly interpreted than the restrictive “about” that triggers privacy law scrutiny. The bar will not
be as high for REB approval as say PIPA or FOIP applicability. Applicants to REBs must complete ethics ap-
plications which include detailed descriptions of the research, of adherence to TCPS2 requirements, and
43POLICYWISE
of the research protocol. REBs review these applications and make determinations on whether research
should be permitted to proceed, if modifications are required before REB permission is granted, or if re-
search cannot proceed without significant changes requiring a new application.
Failure to comply with the REB process or decisions (i.e. to conduct research without appropriate REB
approval) would lead to an institution’s loss (not just that of the infringing research group) of all funding
from the three national Tri-Council public research funders: the Canadian Institutes of Health Research,
the Social Sciences and Humanities Research Council, and the Natural Sciences and Engineering Research
Council. This heavy sanction promotes a community of compliance with the TCPS2.
The applicability of the TCPS2 and REB re-
view process to an NFP engaging in second-
ary data use is influenced by several points.
First, if any of the parties involved in the data
sharing enterprise have affiliations that fall under any of the three Albertan REBs, then the REB process
may be triggered. For example, if a university-affiliated researcher is involved in the NFP’s plans to collect,
use or disclose personal information (or even aggregate or non-identified personal information), then the
conversation should be had to examine whether REB approval is necessary. Generally, northern-Alberta
university affiliates fall to the HREB; southern-Alberta university affiliates fall to the CHREB; and, cancer
researchers, clinical trial researchers, and community-organization researchers fall to HREBA. Other fac-
tors may exempt a researcher from REB approval, but affiliation is an important trigger to liability that
must be fully considered at the start. Second, the activity in question must be research to require REB
scrutiny before conduct; other activities, which could be called quality assurance, program evaluation, or
business intelligence, that involve collection, examination and analysis of information do not require REB
approval. In the subsequent section, I provide more detail on the distinctions between research attracting
REB review and quality-assurance-like activities that do not attract such review and attention.
2.3.2. R E S E A R C H V S . Q UA L I T Y A S S U R A N C E
The CHREB looks closely at the TCPS2 to ascertain the limits of the definition of research: “where “re-
Activity in question must be research to require REB scrutiny before conduct.
44 LAW & GOVERNANCE OF SECONDARY DATA USE
search” is defined as an undertaking intended to extend knowledge through a disciplined inquiry or sys-
tematic investigation. This includes pilot studies (Article 6.11). The term “disciplined inquiry” refers to
an inquiry that is conducted with the expectation that the method, results, and conclusions will be able to
withstand the scrutiny of the relevant research community” [36]. Quality assurance work does not require
REB approval as long as “you are a legal custodian of any personal health information that will be used
in the project or already have specific consent from the patients to access their information.” These ex-
empt activities are listed in Article 2.5 of the TCPS2 to “include quality improvement, program evaluation
initiatives, performance reviews, which are
understood to be those things relating to the
assessment, management or improvement
of a local program” [35]. Under the HIA, REB
mandates relate to personal health informa-
tion, and not all personal information. If one wants their quality assurance work to be considered research
(e.g. for funding purposes) under the HIA (s. 27(2)), then the organization or individual must apply to the
REB [36]. The CHREB considers research involving human participants that requires ethics review to be “an
effort to produce new, generalizable knowledge” [36]. Where a competitive grant is involved, the project is
research that requires REB approval (even if the granting agency is not a Tri-Council funder) [36]. On the
other hand, quality assurance or quality improvement work can be a published work; so striving for, or
achieving, publication on its own will not require REB approval. In cases where a quality assurance, or
similar, project has changed focused into research, then it must stop and apply for REB approval: no retro-
active REB approval is possible [36].
The HREBA-CHC and Alberta Innovates have spurred an initiative entitled ARECCI: A pRoject Ethics Com-
munity Consensus Initiative [37]. This initiative has developed a tool and recommendations to support in-
tegration of ethics considerations across a range of knowledge-generating health projects, including re-
search, quality improvement, quality assurance, and program evaluation [37]. The goal has been to promote
confidence in assessing and managing risks to participants in any knowledge-generating project. ARECCI
aims to assist those pursuing knowledge-generating health projects by determining appropriate level of
Research involving human partic-ipants that requires ethics review to is “an effort to produce new, generalizable knowledge”
45POLICYWISE
ethics review, which includes assessing the level of risk to participants and researchers [37].
The Dalhousie University REB has provided a definitive and highly respected table to also assist in distin-
guishing research from quality assurance and program evaluation (which I will collectively term quality
improvement (QI)) [38]. If there is a dual purpose to data collection (both research and QI) and if QI is first,
then research use would be a secondary use of data (different purpose than original collection) and one
would need REB approval for that secondary use [38]. The Dalhousie table compares research from QI, and
considers several factors including: facets and role of hypothesis, aims, audience, theory, transferability/
generalizability, participant burden, data collection, presumption of risks and benefits, recruitment tac-
tics, “study” compared to regular services, and response to the question ‘would this be done anyways?’ [38].
When a study test or question is clearly stated and grounded in theory and existing literature, it is research;
meanwhile, QI relates to existing practice or aimed at program innovation or how a program is working
[38]. When the primary purpose is to publish results through scientific publication to expand knowledge,
then it is research; meanwhile, QI aims to gain information to improve practice or service delivery in
particular location [38]. When the primary audience is scholars, practitioners, and organizations beyond
immediate affiliation, then it is research; meanwhile, QI audiences are the organization or system being
assessed [38]. When generalizability is a clear intention, then it is research; meanwhile, QI is not intended
to be generalizable with results focused mainly on specific services or processes, but QI may eventually
be shared descriptively as experience for learning [38]. When the role of theory is high such that the goal
of research is to develop or test theory, then it is research; meanwhile, QI study goals are not focused on
theory, although there may be a small role for evaluation or improvement of a program with theory assist-
Dalhousie University REB has provided a definitive and highly respected table to also assist in distinguishing research from quality assurance and program.
46 LAW & GOVERNANCE OF SECONDARY DATA USE
ing in designing the study [38]. When the
additional burdens on participants are
present such that participation must be
voluntary because additional activities
are required, then it is research; mean-
while, QI often involves less such bur-
dens on participants such that participants continue to engage in routine care [38]. When data collection
is novel compared to the usual project (although secondary data analysis is research), then it is research;
meanwhile, QI data collection is typically not beyond what data is already routinely collected, although
some extra data could be collected for internal or external reporting [38]. When the assumption of benefit
does not exist because research assumes no benefits, then it is research; meanwhile QI often presumes
programs to be effective or beneficial [38]. When the likely beneficiaries are no one or similar individuals
in the future once knowledge attained and translated, then it is research; meanwhile, QI aim to benefit
participants and the local setting [38]. When participants are from multiple sites and/or use control groups,
then it is research; meanwhile, QI involves participants from the practice setting being evaluated [38]. If re-
sults would not apply to anywhere else, then the project would not continue as research as research seeks
to produce results that would apply more broadly; meanwhile, the QI project would continue as it aims to
use information to improve or evaluate that setting [38].
Ultimately, the necessity of REB approval for NFPs projects would need to be determined on a case-by-
case basis, accordingly to the facets and factors listed above. Unless a university-affiliated researcher is
involved in the project, it would be likely that health-related NFP research projects would need to go to
HREBA-CHC for approval. NFP projects that do not involve health information and do not have any affili-
ation to a university fall into a gap wherein no provincial REB is directly responsible. The goals, methods,
activities, information involved, and organizations involved in any data-driven, secondary use opportunity
involving personal information originally collected an NFP would inform the discussion as to whether REB
approval is required. In cases of uncertainty or clear gap, it would be best practice to either partner with
a university-affiliated researcher and utilize their REB, or go to ARECCI and request a review. Also, at the
Projects that do not involve health information and do not have any af-filiation to a university fall into a gap wherein no provincial REB is directly responsible.
47POLICYWISE
start of a larger- or broader- scale secondary use opportunity (e.g. involving more than one NFP, and/or
involving a long-term data mobilization vision), consultation with ARECCI would be prudent as it, along
with compliance with provincial privacy laws, would ensure a strong, legal foundation for the opportunity
and would promote public trust in the NFPs as well as their data-mobilizing tactics.
NFP’s that aim to mobilize the data at their disposal should do so with a clear understanding of their legal obligations and legally informed best practices.
48 LAW & GOVERNANCE OF SECONDARY DATA USE
3. CURRENT OR BEST DATA GOVERNANCE PRACTICES
If one sticks to the letter of the law, there may be many circumstances in which an NFP is not governed by
any privacy legislation in its activities, and thus the identifying information provided to it by individuals or
the public would be available to them to do so as they please. This capacity to use data can be quite power-
ful, in many different ways. The data can act as an asset and resource that the NFP could mobilize to better
its services and better meet its aims and objectives. In a world where data is considered an innovation and
asset, and where many commercial entities especially in social media harvest the data provided to them
and leverage it for profit, the public generally and individuals alone are becoming increasingly concerned
about their information, who has access to it, and what people are doing with it. The fine balance between
privacy and utility is something that all data purveyors have had to contend with for many, many years –
even before the invention of many of today’s
popular social media sites.
NFPs that aim to mobilize the data at their
disposal, should do so with a clear under-
standing of their legal obligations and legally-informed best practices. The above legal analysis aimed to
clarify those current obligations and practices. This section further elaborates on data governance best
practices by providing information on thoughtful, rigourous approaches to data governance and man-
agement in the NFP sector. Canadian and international examples are provided; the latter because of the
soundness and rigour of the approach to developing such guidance. After detailing the responsible data
approach that was derived from a review of several humanitarian organizations’ data policies, specific
organizational approaches will be introduced to detail the breadth of options and issues to consider for
NFPs in determining their data governance approach.
3.1 O V E R V I E W O F T H E R E S P O N S I B L E D ATA A P P R O A C H
In 2016, a comparative review of data governance approaches was conducted within the humanitarian
context [39]. This review particularly considered seven United Nations agencies, seven international organi-
There is a vulnerability of data sub-jetcs which creates new risks with siezing data opportunities.
49POLICYWISE
zations, two governmental agencies, and one research institution [39]. The authors argued that “…to create
an adequate level of trust and ensure the effectiveness of data-driven innovations across the humanitar-
ian sector, data policies, guidelines and implementation safeguards need to be developed and rigorously
tested” [39]. In humanitarian spaces, as well as for most NFPs, there is a vulnerability of data subjects which
creates new risks with seizing data opportunities [39].
Organizational data policies can generally focus on the impact of data use, or on responsible use of data
to protect data subjects and their rights, prevent liability risk and harm, or ideally both [39]. Although lack-
ing from the reviewed organizational data policies, data policies with value and impact indicators were
recommended [39]. These measures would allow organizations to determine whether data use was justi-
fied based on the intended deliverables, and fosters appropriate, longitudinal risk assessment, especially
when sensitive data is accessed [39].
A data audit system is also recommended in the data governance framework. Data handling must be de-
scribed to determine risks and to better enforce organizations and users that thoughtfully justify their
access and use of data [39]. Development of the audit system allows the organization to determine what
data are needed to meet goals or solve problems. Implementation of the data audit system primarily aims
to prevent the collection, use or disclosure of data that is unnecessary or nefarious, which increase risks to
data subjects and organizations. Data auditing could be via stipulated guidelines (e.g. level of anonymiza-
tion) or via a data custodian, controller, or auditing body with oversight and accountability responsibility
[39].
Risk assessment and mitigation strategies comprise another important component to a data governance
policy [39]. Risk assessment fosters the promotion of proportionality between risks and benefits [39]. The
available risk assessment strategies in data policies range in likely effectiveness and burden [39]. The least
burdensome, but likely least effective, assessment strategies involve statements of the importance of con-
sidering risk in data-related activities [39]. Slightly more burdensome and likely more effective strategies
would reference particular risk assessment tools [39]. Finally, the most burdensome and likely most effec-
tive risk assessment strategy would incorporate and mandate the use of concrete risk assessment tools [39].
50 LAW & GOVERNANCE OF SECONDARY DATA USE
Similarly, risk mitigation strategies range in possibilities: prohibitions on types of data use; preventing
and limiting data access; security safeguards to avoid unsanctioned data violations; consent require-
ments; and, the promotion of appropriate data management [39]. Risk mitigation can be at both the orga-
nizational and technical level [39]. Further technical procedures to mitigate risks include physical security,
access control, data classification, security and encryption [39]. Further organizational procedures in data
governance include standard operating procedures; ensuring legal requirements such as reasonable pur-
pose and consent are met; data sharing protocols; and governance mechanisms [39]. Organizations must
also include specific measures for protecting privacy of data subjects using technology and agreements to
protect against surveillance, inappropriate aggregation, exclusion, confidentiality breaches, inappropriate
accessibility, unsanctioned identification of individuals or groups, unapproved secondary use of data, and
avoiding data duplication [39].
Data policies should include recognition of the Fair Information Principles and the laws that cover the
NFP’s jurisdiction [39]. This recognition promotes the definite consideration of legal requirements in the
policy and ensures best practices are grounded in community standards set by law [39].
Policies and rules are only as effective as the compliance to them. Data policies should, thus, also contem-
plate and include mechanisms for monitoring adherence to the policy [39]. Monitoring, like other strategies,
can include one or more different facets. The policy should describe these facets. There could be technical
monitoring in the database systems as part of the audit system; there could be periodic reports provided
to the organizational leaders on data use metrics and any potential risks to data or subjects; and, there
could be surprise assessments of the data access process in the line of “secret shoppers” to ensure com-
pliance with policies. Monitoring compliance can root out problems as well as demonstrate successes in
data governance and data use.
Another facet to data policies where data is collected directly from subjects includes provisions on dispute
resolution and data withdrawal [39]. Data policies should consider the process that will be triggered if data
subjects wish to withdraw their data from the organization, either entirely or for secondary data use.
This process should include how data subjects will be informed of this policy; how they may make their
51POLICYWISE
preferences known; the implications for previously-collected and to-be-collected data; and, the organi-
zational process to effect this preference. Dispute resolution may be another area to be addressed in the
data policy. As described in Albertan privacy law, designation of a privacy or data officer would introduce a
point of contact for organizations to deal with disputes. Similarly, the data access protocols should include
processes when potential data secondary users wish to dispute access decisions.
The format of the data governance policy is itself quite critical. Enumerating the tasks and responsibilities
for enacting the policy and monitoring it are critical [39]. When all actors possess clear roles, it prevents
duplication and promotes implementation [39]. Also, in drafting the data policy, tradeoffs must be consid-
ered [39]. Greater detail brings clarity, but risks inapplicability to novel circumstances; so, a balance must
be found between detail and vagueness [39]. Simplicity is in tension with complexity: the former promotes
readability and compliance, but leaves room for questions and possibly divergent policy implementations
[39]. Generally, leaning towards greater elaboration of the strategies and values of the policy, in a step-by-
step format, promotes understanding, and thus increases the likelihood of implementation [39].
3.2 S P E C I F I C O R G A N I Z AT I O N A L A P P R O A C H E S TO D ATA G O V E R N A N C E
Data governance best practices for NFPs is a novel point of discussion. Many organizations work individ-
ually, rather than collectively, to determine their approach to data stewardship and governance to balance
privacy protection with organizational and sector utility. The diversity and commonality of these organi-
zations’ approaches would be informative to the diverse NFP sector, where organizations vary on resourc-
es, data capacity, and data interests. Ideally, organizations will consider the following four examples and
the entirety of this report to determine the best, most feasible, approach to data governance as they move
forward in seizing data-driven opportunities.
First, Medicins Sans Frontieres (MSF) is a humanitarian, non-governmental organization that adopted a
data sharing policy for routinely collected clinical and research data in 2012 [40]. The aim of this policy was
to ethically promote the sharing of MSF, and ideally other humanitarian and non-governmental organiza-
tions’, data with public health researchers for the benefit of the populations that they work with [40]. The
precursor to this policy was a public, institutional repository of MSF research publications in the context
52 LAW & GOVERNANCE OF SECONDARY DATA USE
of scientific journals prioritizing open access to data [40]. Before this policy was instituted in 2012, MSF
used a case-by-case approach to share their data [40]. This policy was developed in consultation with the
MSF’s own independent Ethics Review Board. Thus, an REB is available to MSF in policy development and
in oversight of policy compliance.
Briefly, the MSF data sharing policy consists of a statement of vision and principles, and then elaborates
the data access process [40]. The vision and principles describe the MSF mandate to promote health data
sharing, to accrue social benefit in opening up access to data, to move MSF towards greater online data
collection, and to prioritize safeguards of patients so that no patients or communities are harmed in the
facilitation of data sharing [40]. With the overriding objective to not do harm, the policy mandates that
sharing should not occur simply for the sake of sharing, but rather when there is the potential for greater
health benefits for populations [40].
The policy begins by defining the data at issue: all health data generated in MSF programs or sites where
MSF is the data custodian [40]. This data includes data from patient records, surveys, health information
systems, research, and human biological material [40]. The data access process is then the focus of the data
sharing policy. Those who can apply for data access include any appropriately qualified researchers from
academia, charitable organizations, and private companies [40]. Qualified is further defined as having au-
thored relevant peer-reviewed articles and still working in the relevant specialty [40]. Preference is given
to researchers from the countries or communities where MSF works, and especially where the datasets
originated [40].
While the policy plans for eventual open access data repositories, managed data access is the policy de-
Qualified is further defined as having authored relevant peer-reviewed articles and still working in the relevant specialty.
53POLICYWISE
fault [40]. The procedure for managed access is planned to be proportionate to the risks associated with
the data, to avoid undue delay or restrict access [40]. The managed access process includes applications to
facilitate assessment of researcher qualifications; consideration of consent issues; and appraisal of scien-
tific merit, potential benefits and risks. The MSF Ethics Review Board must review the applications when
the data includes either (a) identifiable data and/or human samples, even when consent was obtained at
original data collection; or (b) non-identifiable research data for purposes outside the original consent
agreements [40]. For (b), MSF must then attempt to return to study participants to expand their original
consent, or if that is not possible, MSF must secure the consent of the community where the study took
place [40]. This multi-pronged approach to ethics review and consent appears to be MSF’s attempt to en-
sure valuable previously-collected data is not lost to data sharing while also being respectful of participant
and community vulnerability and trust in MSF.
The policy maintains that data sharing must be a cost-neutral exercise, such that data recipients are re-
quired to cover all the costs of retrieving, processing and dispatching MSF datasets [40]. Cost exceptions
could be possible when data recipients demonstrate insufficient funds [40]. This data sharing policy does
not deal with all issues of data governance, but rather establishes a strong foundation for further discus-
sions on data sharing. This policy sets the stage for the use of standard templates including consent to
support the development of data sharing plans and proposals [40]. Data policies and approaches must also
consider the need to promote data quality and the protection of data from corruption or obsolete software
[40]. Data sharing policies must also consider extant agreements that could limit or direct data sharing, such
as contractor agreements with public funding bodies (which also introduce other privacy laws).
Second, another exploration of data governance approaches specifically targeted NFPs [41]. Appropriate
data governance by NFPs should promote the availability of data that is accessible and current to needs;
the usability of data for sound decision-making; the integrity of data that confirms trustworthiness; and
the stewardship of data that protects privacy and complies with legal requirements [41]. A data governance
framework could be divided into three key components: people, policy and technology. The people-fo-
cused facets demarcate authority, accountability and roles in the implementation of data governance, as
well as the fostering of a cultural attitude and collaborative environment with respect to data oppor-
54 LAW & GOVERNANCE OF SECONDARY DATA USE
tunities [41]. The policy-focused features delineate how information flow is managed; how data policies
themselves are managed; how issues are resolved; and how data-related communication is realized [41].
The policies guide decision-making and advance rational outcomes [41] Finally, the technology-focused
discussion targets management of data quality, compliance monitoring, data business rules, and process
management [41]. The development of a data governance approach should include team identification, as
well as a lifecycle-style process wherein goals are identified, policies developed, strategies implemented,
progress evaluated, and progress communicated so that the cycle may begin again to consider goals [41]
Third, another organizational data strategy is that of the Ontario Nonprofit Network [6, 42]. This strategy
aims to foster data-drivenness and data sharing amongst NFPs in Ontario (and beyond) [6, 42]. This type
of policy begins with enumeration of the principles that guide the strategy, including the promotion of
effective data use by NFPs, the assurance of responsible and ethical data collection and access to respect
privacy, recognize vulnerability and promote safety of the data subjects, and the accrual of public benefit
when enabling data access [6, 42].
The succinct data strategy then describes the four components to this strategy: standards, policy, skills
and resources, and leadership [6, 42]. The strategy aims for standardization across Ontario NFPs in the
publication of their data and metadata, to better facilitate secondary data use. The strategy demarcates
the rules and recommended legislation that govern what can be done to the data (or not); that clarify data
ownership and cost allocation amongst NFPs; and that secondary data use must benefit public work. The
strategy considers tactics to build NFP sector capacity in data use and management. Finally, the strategy
aims to foster commitment from leadership at the individual NFP level and at the sector level on investing
time and resources to promote data readiness and data sharing.
And, finally, the Vancouver Foundation has taken a copyright licensing approach to promote secondary
use of its data and outputs [43, 44]. The substantive portion of the policy itself is succinct: the foundation
itself and all grantees must share materials and knowledge via open license under the Creative Commons
Open Licenses [43, 44]. This directive is accompanied by a vision statement and policy development history.
The Vancouver Foundation intends to promote “sector-wide, intentional sharing of socially innovative
55POLICYWISE
ideas, information and resources among our peers and the public” [43]. Stakeholder consultation and legal
analyses were solicited in policy formation [43]. Provisos to the open licensing policy are also elaborated
therein including the mandate to not do harm with open access and the recognition of privacy protection,
charities’ financial viability, and the need to protect traditional and cultural rights [43].
56 LAW & GOVERNANCE OF SECONDARY DATA USE
4. CONCLUSIONS
This paper has aimed to provide NFPs in Alberta with an understanding of their legal and governance
obligations when considering the secondary use of data that they collect or that they would like to reuse.
These findings demonstrate that the law has somewhat limited direct imperatives for NFPs to follow, but
this does not mean that NFPs can do as they wish with the data that they collect. Best practices can be de-
rived from the clear legal obligations of other more-regulated sectors, including private sector businesses,
public bodies, and health information custodians, as well as from the industry standard best practices
from the NFP sector itself.
Data governance and privacy protection represent the two key considerations for NFPs when contemplat-
ing the collection, use and disclosure of identifying information, for the purposes of service delivery and
possibly secondary use. Privacy laws worldwide are based on the fair information principles, which can
be distilled to some key messages: (a) use the minimal information necessary to complete your task; (b)
have consent whenever possible for that use; (c) have administrative, technical and physical safeguards to
protect the information; and (d) individuals possess the right to access information about themselves and
to request corrections of it. Similarly, the trifecta of purpose, reasonableness and minimal extent appear
throughout the allowances made by privacy laws in Alberta.
When looking for the exact applicable legislation, a flexible order of importance of privacy laws in Alberta
is available:
1) If health information at issue, HIA applies.
2) If personal information at issue (but not health information) and a public body is involved
(whether actual or via contracted affiliate), then FOIP applies.
3) If personal information at issue (but not health information) and a private-sector organization
is involved, then PIPA applies.
a. When there are cross-border transactions, PIPEDA applies to the cross-border transactions
57POLICYWISE
while PIPA applies to the intraprovincial activities.
b. If the private-sector organization is duly incorporated as a NFP and it was involved in activities
of a commercial nature, then PIPA applies to those information-related activities during the
commercial activity.
c. If the private-sector organization is duly incorporated as a NFP and it was not involved in any
activities of a commercial nature, then PIPA does not apply.
Once the relevant legal obligations are determined, NFPs must then consider current and best practic-
es to data governance. NFP clientele place great trust in their organizations when seeking services and
supports. That trust could be severely damaged or lost, if there were privacy breaches or risks of harms
because NFPs did not consider client preferences and protections in their use and disclosure of the data.
NFPs should develop a data policy that details the goals, vision, activities, and responsibilities the NFP
and its staff undertake when collecting, using and disclosing identifying information. These policies vary
between NFPs, based on sectors, services, data types, resources and capacities.
Intellectual property laws and privacy laws represent distinct pathways towards data sharing. Copyright
licensing represent a valid avenue to make data available, but if blanket policies they may not provide the
individual protections necessary when identifying information is at issue. Privacy laws offer guidelines to
how to reasonably, and thus equally, balance the individual’s right to privacy to the organization’s need to
use the data that they have. One should not give way to other. In this way, secondary data use when aimed
at improving service delivery or outcomes within the NFP sector and its client population, respectively,
can be realized without sacrificing individual privacy and organizational trust.
NFPs currently fall into several legislative gaps with respect to secondary use of data including identifying
information. For example, privacy laws do not apply to duly incorporated NFPs carrying out non-com-
mercial activities, and research ethics boards are not obliged to review the planned secondary uses of
data by NFPs if there is neither university affiliation nor health information involved. Nevertheless, best
practices around data governance and privacy protection abound. Societal expectations, ethical practices,
58 LAW & GOVERNANCE OF SECONDARY DATA USE
and conservative business approaches all demand that NFPs approach the use and disclosure of data from
a legal and governance perspective. Such a perspective demands the development of a data and privacy
policy. Such a policy should be formatted to include a vision statement that clearly links to recognized
legal requirements and international Fair Information principles, and which details the NFP’s expecta-
tions around the goals of data sharing and the tensions to balance. The content of the policy should then
describe the safeguards in place, the access processes required for secondary use, and the monitoring
processes for compliance. Prioritization of consent, “need to know” directives, and reasonableness would
promote compliance with privacy laws. Roles and tasks could be enumerated to promote effective imple-
mentation.
59POLICYWISE
Tab
le 1
. Key
Obl
igat
ions
of P
IPA
Ten
Key
Obl
igat
ions
to M
eet U
nder
PIP
A
1.
Pers
onal
info
rmat
ion
hand
ling
prac
tices
, pol
icie
s and
pro
cedu
res s
houl
d be
dev
elop
ed to
pro
tect
per
sona
l inf
orm
atio
n, w
hich
sh
ould
cov
er
a. W
hat p
erso
nal i
nfor
mat
ion
is c
olle
cted
(and
ens
urin
g th
at c
olle
ctio
n is
for a
reas
onab
le p
urpo
se a
nd o
nly
info
rmat
ion
is
colle
cted
that
is re
ason
able
for c
arry
ing
out t
hose
pur
pose
s (s.
11))
; b.
How
is c
onse
nt o
btai
ned
for t
he c
olle
ctio
n, u
se a
nd d
iscl
osur
e of
per
sona
l inf
orm
atio
n;
c. H
ow w
ill p
erso
nal i
nfor
mat
ion
be u
sed
and
disc
lose
d;
d. H
ow w
ill a
dequ
ate
stor
age
and
secu
rity
mea
sure
s be
impl
emen
ted;
e.
How
will
per
sona
l inf
orm
atio
n be
dis
pose
d of
; f.
How
will
acc
ess a
nd c
orre
ctio
n re
ques
ts b
e ha
ndle
d; a
nd,
g. H
ow w
ill e
nqui
ries
and
com
plai
nts b
e re
spon
ded
to?
2.
The
priv
acy
and
info
rmat
ion
hand
ling
polic
ies s
houl
d be
revi
ewed
per
iodi
cally
, and
shou
ld a
ddre
ss o
ngoi
ng a
nd n
ew a
ctiv
ities
th
at in
volv
e pe
rson
al in
form
atio
n co
llect
ion,
use
, dis
clos
ure
or st
orag
e.
3.
The
priv
acy
and
info
rmat
ion
hand
ling
polic
ies s
houl
d be
ava
ilabl
e an
d co
mm
unic
ated
to e
mpl
oyee
s, v
olun
teer
s and
oth
er
orga
niza
tiona
l sta
ff, a
s wel
l as t
o th
e pu
blic
incl
udin
g th
e au
dien
ce o
r clie
ntel
e of
the
orga
niza
tion.
Suc
h co
mm
unic
atio
n co
uld
incl
ude
staf
f tra
inin
g, p
amph
lets
and
bro
chur
es, a
nd w
ebsi
te in
form
atio
n.
4.
A pr
ivac
y of
ficer
shou
ld b
e re
cogn
ized
, des
igna
ted
and
supp
orte
d to
exe
rcis
e th
e au
thor
ity to
add
ress
pri
vacy
issu
es re
late
d to
the
orga
niza
tion
and
its o
pera
tions
. Int
erna
l and
ext
erna
l com
mun
icat
ions
shou
ld m
ake
the
iden
tity
and
cont
act i
nfor
mat
ion
of
orga
niza
tiona
l pri
vacy
offi
cer r
eadi
ly a
vaila
ble,
esp
ecia
lly a
t the
tim
e of
gar
neri
ng c
onse
nt fo
r inf
orm
atio
n co
llect
ion.
5.
Al
l con
trac
ts a
nd a
gree
men
ts sh
ould
incl
ude
a pr
ivac
y pr
otec
tion
clau
se, s
o th
at a
ny c
ontr
acto
r of t
he o
rgan
izat
ion
prot
ects
pe
rson
al in
form
atio
n ac
cord
ing
to th
e or
gani
zatio
n’s p
riva
cy a
nd in
form
atio
n ha
ndlin
g po
licie
s.
6.
Unl
ess P
IPA
spec
ifica
lly e
xem
pts,
org
aniz
atio
ns m
ust g
et in
form
ed c
onse
nt to
col
lect
, use
or d
iscl
ose
pers
onal
info
rmat
ion.
In
gath
erin
g co
nsen
t, or
gani
zatio
ns m
ust a
dequ
atel
y in
form
indi
vidu
als o
f the
pur
pose
for i
nfor
mat
ion
colle
ctio
n, a
s wel
l as t
he
prop
osed
and
pot
entia
l use
s, d
iscl
osur
es, s
tora
ge a
nd d
ispo
sal o
f the
info
rmat
ion.
Onl
y re
ason
able
pur
pose
s and
met
hods
of
colle
ctio
n ca
n be
con
sent
ed to
; an
indi
vidu
al c
anno
t con
sent
to u
nrea
sona
ble
colle
ctio
n of
per
sona
l inf
orm
atio
n, in
clud
ing
any
extr
a in
form
atio
n di
sclo
sed
that
is n
ot n
eede
d fo
r the
pur
pose
. Con
sent
can
be
expr
ess (
wri
tten
or v
erba
l), im
plie
d (in
form
atio
n is
vo
lunt
eere
d in
reas
onab
le a
nd c
lear
cir
cum
stan
ces)
, or o
pt-o
ut (o
rgan
izat
ions
pro
vide
indi
vidu
als w
ith th
e re
ason
able
pur
pose
of
thei
r nee
d fo
r per
sona
l inf
orm
atio
n; w
ith e
asy-
to-u
nder
stan
d no
tice
that
con
sent
will
be
impu
ted
if th
ey d
o no
t opt
-out
; with
a
reas
onab
le w
indo
w a
nd c
hanc
e to
say
no a
nd o
pt-o
ut; a
nd w
ith a
ssur
ance
that
the
pers
onal
info
rmat
ion
is n
ot so
sens
itive
it w
ould
be
unr
easo
nabl
e to
use
an
opt-
out f
orm
). Co
nsen
t can
be
chan
ged
or w
ithdr
awn
by th
e in
divi
dual
by
givi
ng th
e or
gani
zatio
n re
ason
able
not
ice,
unl
ess a
lega
l dut
y or
obl
igat
ion
wou
ld b
e in
terf
ered
with
(s. 9
). Th
e co
nseq
uenc
es o
f alte
red
or w
ithdr
awn
cons
ent s
houl
d be
exp
lain
ed to
the
indi
vidu
al. C
onse
nt to
col
lect
, use
or d
iscl
ose
pers
onal
info
rmat
ion
cann
ot b
e a
cond
ition
for a
n or
gani
zatio
n to
supp
ly a
n in
divi
dual
with
a p
rodu
ct o
r ser
vice
, if t
he in
form
atio
n at
issu
e is
bey
ond
that
nec
essa
ry to
supp
ly th
e pr
oduc
t or s
ervi
ce.
7.
As p
er fa
ir in
form
atio
n pr
inci
ples
, org
aniz
atio
ns sh
ould
lim
it th
e co
llect
ion
of p
erso
nal i
nfor
mat
ion,
by
amou
nt a
nd ty
pe, t
o th
e m
inim
um n
eces
sary
to c
arry
out
the
orga
niza
tion’
s obl
igat
ions
. 8.
As
with
info
rmat
ion
colle
ctio
n, p
riva
te se
ctor
org
aniz
atio
ns m
ay o
nly
use
or d
iscl
ose
pers
onal
info
rmat
ion
for r
easo
nabl
e pu
rpos
es
and
mus
t lim
it in
form
atio
n us
e to
the
min
imum
nec
essa
ry to
reas
onab
ly c
arry
out
thos
e en
umer
ated
pur
pose
s.
9.
Som
e ex
cept
ions
to th
e ne
cess
ity o
f con
sent
pri
or to
info
rmat
ion
colle
ctio
n, u
se o
r dis
clos
ure
incl
ude
whe
n co
nsen
t can
not
reas
onab
ly b
e ob
tain
ed in
a ti
mel
y m
anne
r or a
n in
divi
dual
wou
ld n
ot re
ason
ably
be
expe
cted
to re
fuse
con
sent
but
it w
ould
60 LAW & GOVERNANCE OF SECONDARY DATA USE
reas
onab
ly b
e co
nsid
ered
in th
e in
divi
dual
’s in
tere
sts;
whe
n an
othe
r sta
tute
or r
egul
atio
n re
quir
es o
r allo
ws f
or in
form
atio
n co
llect
ion
with
out c
onse
nt; w
hen
the
info
rmat
ion
is p
rovi
ded
by a
Pub
lic B
ody
by la
w; w
hen
info
rmat
ion
colle
ctio
n is
reas
onab
le
for t
he p
urpo
ses o
f a le
gal i
nves
tigat
ion
or p
roce
edin
g; w
hen
the
info
rmat
ion
is d
eter
min
e su
itabi
lity
for a
n aw
ard
or h
onou
r;
whe
n th
e pe
rson
al in
form
atio
n is
pub
licly
ava
ilabl
e; w
hen
colle
ctio
n is
by
an a
rchi
val i
nstit
utio
n or
for r
easo
nabl
e ar
chiv
al
purp
oses
; whe
n in
form
atio
n pe
rtai
ning
to d
ebt c
olle
ctio
n fr
om, o
r deb
t rep
aym
ent t
o, th
e in
divi
dual
; and
, whe
n in
form
atio
n gi
ven
to c
redi
t rep
ortin
g ag
ency
to c
reat
e cr
edit
repo
rt a
nd in
divi
dual
ori
gina
lly p
erm
itted
such
dis
clos
ure.
A fe
w a
dditi
onal
exc
eptio
ns
to c
onse
nt fo
r dis
clos
ure
exis
t, w
hich
incl
ude
whe
n di
sclo
sure
is re
quir
ed to
com
ply
with
a su
bpoe
na, w
arra
nt o
r cou
rt o
rder
; whe
n a
Publ
ic B
ody
or p
olic
e se
rvic
e re
quir
e as
sist
ance
in in
vest
igat
ion
rela
ted
to a
law
enf
orce
men
t pro
ceed
ing;
whe
n di
sclo
sure
is in
re
spon
se to
an
emer
genc
y th
at th
reat
ens t
he li
fe, h
ealth
or s
ecur
ity o
f an
indi
vidu
al o
r the
pub
lic; w
hen
disc
losu
re is
requ
ired
to
cont
act a
fam
ily m
embe
r or f
rien
d of
an
inju
red,
ill o
r dec
ease
d pe
rson
; whe
n di
sclo
sure
is re
ason
able
as r
elat
es to
the
surv
ivin
g sp
ouse
, adu
lt pa
rtne
r or r
elat
ive
of a
dec
ease
d in
divi
dual
; whe
n di
sclo
sure
pro
tect
s aga
inst
, pre
vent
s, su
ppre
sses
or d
etec
ts fr
aud.
10
. Whe
re p
erso
nal i
nfor
mat
ion
rela
tes t
o em
ploy
ees a
nd is
wha
t is r
easo
nabl
y ne
eded
to e
stab
lish,
man
age
or e
nd a
wor
k or
vo
lunt
eer,
that
info
rmat
ion
can
be c
olle
cted
, use
d an
d di
sclo
sed
with
out c
onse
nt fo
r rea
sona
ble
purp
oses
rela
ted
to re
crui
ting,
m
anag
ing
or te
rmin
atin
g pe
rson
nel.
Man
agin
g pe
rson
nel i
s rel
ated
to h
uman
reso
urce
man
agem
ent d
utie
s and
resp
onsi
bilit
ies a
s w
ell a
s adm
inis
teri
ng p
erso
nnel
(e.g
. pay
roll,
succ
essi
on p
lann
ing)
. Per
sona
l inf
orm
atio
n no
t rel
ated
to th
e w
ork
rela
tions
hip
is
not s
ubje
ct to
this
em
ploy
men
t-re
late
d ex
cept
ion
to c
onse
nt. T
he w
ork
rela
tions
hip
cove
rs b
oth
whe
n th
e in
divi
dual
is a
n em
ploy
ee, a
nd w
hen
recr
uitin
g a
pote
ntia
l em
ploy
ee. W
hile
con
sent
is n
ot re
quir
ed, n
otic
e is
requ
ired
whe
n co
llect
ing
empl
oyee
in
form
atio
n fo
r em
ploy
ees;
such
not
ifica
tion
is n
ot re
quir
ed d
urin
g re
crui
tmen
t [13
, 21]
.
61POLICYWISE
Tab
le 2
. PIP
A R
equi
rem
ents
aro
und
Acc
ess
to In
form
atio
n R
ight
s
Issu
es
Det
ails
R
eque
sts
• In
divi
dual
s w
ho m
ake
requ
ests
for a
cces
s ar
e ap
plic
ants
. •
App
lican
ts m
ust p
rovi
de e
noug
h in
form
atio
n to
the
orga
niza
tion,
so
that
the
orga
niza
tion
can
mak
e a
reas
onab
le
effo
rt to
find
the
info
rmat
ion.
•
Nor
mal
ly re
ques
ts a
re m
ade
in w
ritin
g, e
spec
ially
for l
arge
r org
aniz
atio
ns. O
rgan
izat
ions
can
cho
ose
to a
ccep
t ora
l re
ques
ts, i
f the
app
lican
t can
not p
ut th
e re
ques
t in
wri
ting
or if
they
are
a s
mal
ler o
rgan
izat
ion.
•
Req
uest
s fo
r acc
ess
to in
form
atio
n in
clud
e ei
ther
vie
win
g/se
eing
the
info
rmat
ion
or re
ceiv
ing
a co
py o
f the
in
form
atio
n.
• R
eque
sts
do n
ot h
ave
to in
clud
e a
reas
on fo
r the
requ
est.
Org
aniz
atio
nal
Res
pons
e to
Req
uest
s •
The
orga
niza
tion
mus
t res
pond
with
in 4
5 ca
lend
ar d
ays
of re
ceiv
ing
the
requ
est.
• O
rgan
izat
ions
may
impl
emen
t a p
roce
ss fo
r acc
ess
requ
ests
, inc
ludi
ng a
n of
fice
to re
ceiv
e re
ques
ts a
nd a
tim
e lim
it fo
r pro
cess
ing
a re
ques
t wou
ld n
ot b
egin
unt
il th
e re
ques
t arr
ived
at t
he d
esig
nate
d of
fice.
•
Unl
ess
the
reco
rd d
oes
not e
xist
or t
here
is a
sta
tuto
ry re
fusa
l ava
ilabl
e, th
e O
rgan
izat
ion
mus
t (1)
giv
e th
e in
divi
dual
acc
ess
to h
is o
r her
per
sona
l inf
orm
atio
n; (2
) tel
l the
indi
vidu
al w
hat t
he in
form
atio
n ha
s be
en o
r is
bein
g us
ed fo
r, an
d (3
) tel
l the
indi
vidu
al to
who
m, a
nd in
wha
t situ
atio
ns, t
he in
form
atio
n is
bei
ng o
r has
bee
n di
sclo
sed
by th
e or
gani
zatio
n.
• Th
e or
gani
zatio
n m
ust b
e gu
ided
by
reas
onab
lene
ss in
thei
r dea
lings
with
an
acce
ss re
ques
t. Th
is in
clud
es b
eing
op
en, c
ompl
ete
and
accu
rate
in y
our r
espo
nse
to a
pplic
a nt.
• R
easo
nabl
e fe
es c
an b
e ch
arge
d fo
r acc
ess
to p
erso
nal i
nfor
mat
ion
or to
info
rmat
ion
abou
t the
use
or d
iscl
osur
e of
th
at in
form
atio
n. B
ut, o
rgan
izat
ions
can
not c
harg
e em
ploy
ees
for a
cces
s to
em
ploy
men
t inf
orm
atio
n. W
ritte
n fe
e es
timat
es m
ust b
e pr
ovid
ed b
efor
e or
gani
zatio
ns p
roce
ss a
requ
est.
Dep
osits
can
be
requ
ired
. Rec
ords
can
be
with
held
if fe
es a
re o
win
g.
• Th
e 45
- day
clo
ck s
tops
onc
e an
est
imat
e is
pro
vide
d to
the
appl
ican
t, an
d do
es n
ot s
tart
unt
il es
timat
e ac
cept
ed a
nd
depo
sit r
ecei
ved.
If th
e ap
plic
ant d
oes
not r
espo
nd w
ithin
30
days
of w
hen
the
estim
ate
was
giv
en, t
hen
requ
est
cons
ider
ed w
ithdr
awn.
A
utho
rize
d R
epre
sent
ativ
es
• Th
ose
over
18
year
s of
age
can
exe
rcis
e al
l rig
hts
unde
r PIP
A. M
inor
s ca
n ac
t on
thei
r ow
n be
half
if th
ey u
nder
stan
d th
eir r
ight
s an
d po
wer
s, a
nd th
e co
nseq
uenc
es o
f exe
rcis
ing
them
und
er P
IPA
. •
An
auth
oriz
ed re
pres
enta
tive
is a
noth
er p
erso
n w
ho h
as th
e au
thor
ity to
do
wha
t the
indi
vidu
al c
an d
o un
der P
IPA
. Th
ey in
clud
e (a
) a g
uard
ian
of a
min
or; (
b) a
n ex
ecut
or o
r adm
inis
trat
or o
f the
est
ate
of a
n in
divi
dual
who
has
die
d;
(c) a
gua
rdia
n or
trus
tee
of a
dep
ende
nt a
dult;
(d) a
n in
divi
dual
act
ing
with
the
wri
tten
auth
oriz
atio
n of
an
indi
vidu
al; a
nd (e
) an
indi
vidu
al w
ho is
act
ing
unde
r a p
ower
of a
ttorn
ey.
Exce
ptio
ns to
Giv
ing
Acc
ess
• A
n or
gani
zatio
n ca
n re
fuse
acc
ess
in s
elec
t situ
atio
ns, s
uch
as:
• W
hen
info
rmat
ion
is p
rote
cted
by
any
lega
l pri
vile
ge
• W
hen
disc
losu
re w
ould
giv
e aw
ay c
onfid
entia
l bus
ines
s in
form
atio
n, a
nd it
is n
ot u
nrea
sona
ble
to h
old
back
the
info
rmat
ion
• W
hen
the
info
rmat
ion
was
col
lect
ed fo
r an
inve
stig
atio
n or
lega
l pro
ceed
ing
62 LAW & GOVERNANCE OF SECONDARY DATA USE
• W
hen
disc
losu
re m
ight
resu
lt in
that
type
of i
nfor
mat
ion
no lo
nger
bei
ng s
uppl
ied
and
it is
reas
onab
le fo
r the
or
gani
zatio
n to
nee
d th
e ty
pe o
f inf
orm
atio
n •
Whe
n a
med
iato
r or a
rbitr
ator
col
lect
ed th
e in
form
atio
n •
An
orga
niza
tion
MU
ST re
fuse
acc
ess
if di
sclo
sure
: •
Cou
ld re
ason
ably
be
expe
cted
to th
reat
en th
e lif
e or
sec
urity
of a
noth
er in
divi
dual
; •
Wou
ld s
how
per
sona
l inf
orm
atio
n ab
out a
noth
er in
divi
dual
; or
• W
ould
iden
tify
the
indi
vidu
al w
ho g
ave
you
an o
pini
on a
bout
som
eone
els
e in
con
fiden
ce a
nd th
e in
divi
dual
gi
ving
the
opin
ion
does
not
con
sent
to th
e di
sclo
sure
of h
is o
r her
iden
tity.
You
can
hol
d ba
ck th
e id
entit
y of
the
pers
on w
ho w
rote
the
opin
ion
whi
le s
till g
ivin
g ac
cess
to th
e op
inio
n its
elf,
unle
ss th
e ap
plic
ant c
ould
figu
re o
ut
who
gav
e th
e op
inio
n by
read
ing
it.
63POLICYWISE
Tab
le 3
. OIP
C in
terp
reta
tions
and
use
s of
“us
e” a
nd “
disc
lose
” in
PIP
A, F
OIP
, or H
IA c
ompl
aint
s’ a
djud
icat
ion.
OIP
C#
Yea
r
Def
enda
nt
C
ompl
ain
t
Dis
cuss
ion
on
“co
llec
t”
D
iscu
ssio
n o
n “
use”
D
iscu
ssio
n o
n “
disc
lose
” or
“di
sclo
sure
” F2
012
-05
2012
W
orke
rs’
Com
pens
atio
n Bo
ard
• Pu
blic
Bod
y (P
B)
colle
cted
and
use
d in
form
atio
n fr
om
thir
d pa
rty
abou
t Co
mpl
aina
nt.
• Th
at in
form
atio
n w
as
used
to d
eter
min
e Co
mpl
aina
nt w
as (a
) no
t “de
pend
ent”
un
der l
egis
latio
n;
and
thus
(b)
unen
title
d to
de
ceas
ed h
usba
nd’s
pens
ion.
• PB
inve
stig
ator
s und
er
Wor
kers
’ Com
pens
atio
n Ac
t “m
ay c
olle
ct a
ny in
form
atio
n th
at c
ould
reas
onab
ly b
e sa
id to
be
rela
ted
to th
e m
atte
r und
er in
vest
igat
ion
and
pote
ntia
lly re
leva
nt. I
t ne
ed n
ot u
ltim
atel
y be
pr
oven
to b
e re
leva
nt in
fa
ct.”
[par
a. 3
0]. I
f in
vest
igat
ors w
orki
ng in
go
od fa
ith, t
hen
shou
ld b
e fr
ee to
col
lect
all
pote
ntia
lly
rele
vant
info
rmat
ion.
•
Indi
rect
col
lect
ion
was
au
thor
ized
und
er th
e W
CA
[par
a. 3
3].
Argu
men
ts:
• PB
arg
ued
that
in
form
atio
n w
as n
ot
“use
d” b
ecau
se it
was
not
“r
elie
d up
on to
mak
e th
e de
term
inat
ion”
at i
ssue
(d
epen
denc
y is
sue)
. •
Com
plai
nant
arg
ued
that
PB
con
tinue
s to
“ref
er” t
o co
ntes
ted
info
rmat
ion
and
thus
can
not a
rgue
th
at d
id n
ot u
se.
Dec
isio
n •
Whe
n in
form
atio
n in
clud
ed in
the
wri
ting
of
the
deci
sion
lett
er,
cont
este
d in
form
atio
n w
as “u
sed”
, eve
n if
give
n lit
tle to
no
wei
ght i
n de
cisi
on [p
ara.
39]
. •
This
use
was
eith
er to
m
ake
dete
rmi n
atio
n or
to
at le
ast t
horo
ughl
y do
cum
ent e
vide
nce
revi
ewed
[par
a. 4
1].
• Th
e us
e w
as lo
gica
lly
rela
ted
to th
e pu
rpos
e fo
r w
hich
the
info
rmat
ion
was
col
lect
ed
(inve
stig
atio
n of
Co
mpl
aina
nt’s
clai
m
unde
r WCA
) [pa
ra. 4
1].
So, a
utho
rize
d “u
se”
unde
r FO
IP [p
ara.
42]
.
• D
iscl
osur
e of
per
sona
l in
form
atio
n is
eith
er
spec
ifica
lly a
utho
rize
d un
der F
OIP
or i
s not
; “th
e po
ssib
le n
egat
ive
impa
ct
of th
e di
sclo
sure
is n
ot a
fa
ctor
in d
eter
min
ing
whe
ther
the
disc
losu
re
was
aut
hori
zed”
[par
a.
47].
• W
hen
PB d
iscl
oses
in
form
atio
n to
a
repr
esen
tativ
e in
thei
r ca
paci
ty a
s age
nt fo
r the
Co
mpl
aina
nt
(Com
plai
nant
aut
hori
zed
repr
esen
tativ
e to
act
in
thei
r ste
ad a
nd re
ques
t PB
to c
omm
unic
ate
via
repr
esen
tativ
e), t
hen
it is
an
aut
hori
zed
disc
losu
re
[par
a. 4
9].
• Si
gned
aut
hori
zatio
n fo
rm
equa
tes t
o co
nsen
t [pa
ra.
50].
• D
iscl
osur
e by
PB
to
Appe
als C
omm
issi
on u
pon
requ
est,
whi
ch w
as
dire
ctly
aut
hori
zed
by th
e W
CA [p
ara.
51]
.
F20
13-3
1 20
13
Cent
ral A
B Ch
ild
& F
amily
Au
thor
ity
(Reg
ion
4)
• Co
mpl
aina
nt
com
plai
ned
her P
B em
ploy
er c
olle
cted
, us
ed a
nd d
iscl
osed
he
r per
sona
l in
form
atio
n co
ntra
FO
IP.
• PB
col
lect
ed p
erso
nal
info
rmat
ion
dire
ctly
from
Co
mpl
aina
nt (d
octo
r’s
note
s), s
o in
com
plia
nce
s.
34 F
OIP
[par
a. 9
]. •
Man
agin
g em
ploy
ees i
s “an
op
erat
ing
prog
ram
or
activ
ity o
f the
PB”
per
s.
• “S
ame
cons
ider
atio
ns
appl
y w
heth
er it
is a
use
or
a d
iscl
osur
e” [p
ara.
13
]. •
Very
stri
ct in
quir
y in
to
whe
ther
info
rmat
ion
used
or d
iscl
osed
, not
the
• Th
e sh
arin
g of
the
first
D
r’s n
ote
from
ori
gina
l re
cipi
ent (
Offi
ce
Adm
inis
trat
or) t
o O
ffice
M
anag
er a
nd to
Co
mpl
aina
nt’s
Supe
rvis
or
was
dis
clos
ure
[par
a. 2
0].
It w
as fo
r val
id p
urpo
se o
f
64 LAW & GOVERNANCE OF SECONDARY DATA USE
• N
otes
from
phy
sici
an
excu
sing
Co
mpl
aina
nt fr
om
som
e ph
ysic
al ta
sks
due
to h
er m
edic
al
cond
ition
wer
e sh
ared
with
PB
supe
rvis
ors,
onl
y on
e of
who
m w
as
supe
rvis
or o
f uni
t w
here
Com
plai
nant
as
ked
to w
ork
(but
co
uldn
’t). A
nd,
Com
plai
nant
was
as
ked
ques
tions
ab
out h
er m
edic
al
cond
ition
that
re
fuse
d to
ans
wer
; m
eetin
g w
ith
Supe
rvis
or a
nd O
ffice
Ad
min
istr
ator
.
33(c
) FO
IP [p
ara.
10].
Pers
onal
info
rmat
ion
in D
r’s
note
s rel
ated
to m
edic
al
cond
ition
and
wha
t co
nditi
on p
reve
nt h
er fr
om
doin
g; so
dir
ectly
rela
ted
to
job
dutie
s.
• N
o pe
rson
al in
form
atio
n co
llect
ed in
mee
ting
beca
use
(a) p
erso
nal i
nfor
mat
ion
in
FOIP
is re
cord
ed
info
rmat
ion,
and
no
reco
rded
info
rmat
ion
colle
cted
in m
eetin
g; (b
) Co
mpl
aina
nt re
fuse
d to
an
swer
que
stio
ns so
no
colle
ctio
n [p
ara.
11].
offic
ial p
roto
col i
n pl
ace
or n
ot [p
ara.
19].
• Sa
me
cons
ider
atio
ns
rega
rdin
g us
e an
d di
sclo
sure
(i.e
. for
pu
rpos
e of
man
agin
g or
ad
min
iste
ring
per
sonn
el;
at m
inim
al n
eces
sary
). •
Prop
er u
se o
f per
sona
l in
form
atio
n.
man
agin
g pe
rson
nel
[par
a. 2
0].
• Si
mila
r dis
clos
ure
for
seco
nd D
r’s n
ote
whe
n pr
ovid
ed to
oth
er
man
agem
ent.
Agai
n va
lid
purp
ose
of m
anag
ing
pers
onne
l [pa
ra. 2
1].
• In
cons
iste
ncy
betw
een
PB
Supe
rvis
or w
itnes
s te
stim
ony
and
Com
plai
nant
spec
ulat
ion
that
seco
nd D
r’s n
ote
shar
ed w
ith o
ther
(h
oriz
onta
l) Su
perv
isor
s.
OIP
C to
ok w
itnes
s te
stim
ony
that
not
e co
nten
ts n
ot d
iscu
ssed
, ra
ther
just
lim
ited
info
rmat
ion
that
Co
mpl
aina
nt c
ould
not
co
ver o
ther
dut
ies a
nd to
pl
an st
affin
g ac
cord
ingl
y.
Man
agin
g pe
rson
nel
purp
ose
valid
. F2
013
-32
&
F20
13-3
3
2013
Ci
ty o
f Edm
onto
n •
PB sh
owed
Co
mpl
aina
nt’s
neig
hbor
cop
y of
bu
ildin
g pl
ans f
or
Com
plai
nant
’s ne
w
hous
e an
d pr
ovid
ed
copy
of p
lans
. •
Com
plai
nant
co
mpl
aine
d th
is
infr
inge
d FO
IP.
• Th
is d
ecis
ion
invo
lved
firs
t OIP
C ad
judi
catio
n; ju
dici
al
revi
ew; s
econ
d O
IPC
adju
dica
tion.
• R
e: a
cces
s: P
B m
ust s
earc
h fo
r rec
ords
that
are
in it
s cu
stod
y an
d co
ntro
l [pa
ra.
10].
• N
ot a
pplic
able
. •
Judi
cial
revi
ew o
f fir
st
OIP
C ad
judi
catio
n in
dica
ted
that
can
not u
se
PIPA
def
initi
on o
f “p
erso
nal i
nfor
mat
ion”
to
inte
rpre
t FO
IP “p
erso
nal
info
rmat
ion:
the
two
Acts
ha
ve d
iffer
ent p
urpo
ses
and
PIPA
’s de
finiti
on
defin
ed to
be
muc
h br
oade
r tha
n th
at o
f FO
IP
[par
a. 2
3].
• PI
PA P
I = in
form
atio
n ab
out i
dent
ifiab
le
indi
vidu
al. F
OIP
PI =
re
cord
ed in
form
atio
n ab
out i
dent
ifiab
le
info
rmat
ion
incl
udin
g se
vera
l spe
cific
pa
ram
eter
s.
65POLICYWISE
• FO
IP in
tend
ed to
fost
er
open
and
tran
spar
ent
gove
rnm
ent [
para
. 26]
. •
Judi
cial
revi
ew a
lso
foun
d th
at “e
xclu
sion
from
the
pres
umpt
ion
of
“unr
easo
nabl
e in
vasi
on o
f pe
rson
al p
riva
cy” d
oes n
ot
nece
ssar
ily m
ean
incl
usio
n in
the
defin
ition
of
“per
sona
l inf
orm
atio
n”
[par
a. 2
9].
• Is
sue
mor
e if
build
ing
plan
s wer
e pe
rson
al
info
rmat
ion
unde
r FO
IP:
seco
nd O
IPC
adju
dica
tion
foun
d th
ey w
ere
not
pers
onal
info
rmat
ion
beca
use
“… th
e pa
rtic
ular
ex
tern
al fe
atur
es o
f the
bu
ildin
g th
at a
re re
veal
ed
in th
e pl
ans …
are
su
ffici
ently
com
mon
plac
e …
that
they
do
not r
evea
l an
ythi
ng su
ffici
ently
pe
rson
al a
bout
[C
ompl
aina
nt] t
o m
ake
the
plan
s mor
e ‘a
bout
’ her
th
an th
ey a
re ‘a
bout
’ the
bu
ildin
g.” [
para
. 34]
. •
Sinc
e th
e in
form
atio
n is
no
t PI,
then
no
need
to
dete
rmin
e if
disc
lose
d co
ntra
FO
IP. B
ut, f
irst
O
PIC
adju
dica
tion
foun
d th
at b
uild
ing
plan
s wer
e PI
and
in sh
owin
g to
ne
ighb
or, i
t was
dis
clos
ed
cont
ra F
OIP
. F2
015
-42
2015
Al
bert
a H
uman
Se
rvic
es
• Th
e Co
mpl
aina
nt
mad
e a
com
plai
nt
to th
e Co
mm
issi
oner
that
th
e PB
had
co
llect
ed h
is
pers
onal
•
•
• Th
e Ad
judi
cato
r fou
nd
that
the
Publ
ic B
ody
had
cont
rave
ned
Part
2
of th
e FO
IP A
ct w
hen
it co
llect
ed th
e Co
mpl
aina
nt’s
pers
onal
in
form
atio
n fr
om th
e
66 LAW & GOVERNANCE OF SECONDARY DATA USE
info
rmat
ion
from
th
e JO
IN d
atab
ase.
•
He
com
plai
ned
that
th
e PB
had
co
llect
ed
info
rmat
ion
abou
t an
offe
nce
taki
ng
plac
e w
hen
he w
as
a yo
uth
and
hist
oric
al
alle
gatio
ns a
bout
hi
m th
at d
id n
ot
resu
lt in
co
nvic
tions
. •
The
Com
plai
nant
al
lege
d th
at
Hum
an S
ervi
ces
then
use
d th
e in
form
atio
n it
obta
ined
from
the
JOIN
dat
abas
e to
m
ake
deci
sion
s re
gard
ing
his
empl
oym
ent.
•
He
com
plai
ned
that
th
e PB
dis
clos
ed
his p
erso
nal
info
rmat
ion
to it
s hu
man
reso
urce
s de
part
men
t and
to
a m
embe
r of t
he
Edm
onto
n Po
lice
Serv
ice
(EPS
). H
e co
mpl
aine
d th
at
the
PB’s
use
and
disc
losu
re o
f his
pe
rson
al
info
rmat
ion
are
in
cont
rave
ntio
n of
Pa
rt 2
of t
he F
OIP
Ac
t.
JOIN
dat
abas
e, w
hen
it ha
d us
ed th
is
info
rmat
ion,
and
whe
n it
disc
lose
d th
is
info
rmat
ion
to it
s H
uman
Res
ourc
es
Div
isio
n. S
he a
lso
foun
d th
at th
e Pu
blic
Bod
y ha
d no
t est
ablis
hed
that
its
dis
clos
ure
of th
e Co
mpl
aina
nt’s
pers
onal
in
form
atio
n to
the
EPS
mem
ber w
as in
co
mpl
ianc
e w
ith P
art 2
of
the
FOIP
Act
. The
Ad
judi
cato
r ord
ered
the
Publ
ic B
ody
to st
op
colle
ctin
g, u
sing
, and
di
sclo
sing
the
Com
plai
nant
’s pe
rson
al
info
rmat
ion
in
cont
rave
ntio
n of
the
Part
2 o
f the
FO
IP A
ct.
F20
14-4
2 20
14
Calg
ary
Polic
y Se
rvic
e •
PB p
olic
y of
ficer
re
veal
ed in
form
atio
n •
Not
app
licab
le.
• N
ot a
pplic
able
. •
Sect
ion
4(1)
of F
OIP
ex
clud
es so
me
abou
t the
term
s of a
R
ecog
niza
nce,
a
Cert
ifica
te o
f Ana
lyst
, an
d a
Not
ice
of
Inte
ntio
n to
Co
mpl
aina
nt’s
pare
nts.
•
Com
plai
nant
arg
ued
his P
I dis
clos
ed in
co
ntra
vent
ion
of
FOIP
.
info
rmat
ion
from
FO
IP
info
rmat
ion
rela
ted
to
cour
t file
(jud
ges a
nd
cour
ts) (
a) a
nd re
late
d to
pr
osec
utio
n th
at h
as n
ot
been
com
plet
ed (k
). •
AB C
ourt
of A
ppea
l and
th
is O
IPC
adju
dica
tor b
oth
agre
e th
at s.
4(1
) ex
empt
ions
app
ly to
en
tiret
y of
FO
IP, s
o bo
th
acce
ss to
info
rmat
ion
and
prot
ectio
n of
pri
vacy
pr
ovis
ions
. •
Rec
ogni
zanc
e w
as si
gned
by
a ju
stic
e of
the
peac
e;
info
rmat
ion
rela
yed
to
pare
nts b
y po
licy
offic
er
oral
ly b
ut so
urce
was
R
ecog
niza
nce;
thus
, pol
icy
offic
er d
iscl
osed
in
form
atio
n; b
ut th
e in
form
atio
n an
d di
sclo
sure
bot
h ex
empt
ed
from
FO
IP p
er s.
4(1
)(a)
[p
ara.
18].
• Th
e Ce
rtifi
cate
of A
naly
st
and
Not
ice
of In
tent
ion
from
Cro
wn
pros
ecut
er v
ia
PB: “
… se
rvin
g th
e Ap
plic
ant w
ith th
ese
reco
rds w
as a
step
take
n to
fu
rthe
r an
ongo
ing
pros
ecut
ion
and
… th
e re
cord
s rel
ate
to th
e pr
osec
utio
n” [p
ara.
19].
• Pr
osec
utio
n w
as o
ngoi
ng.
Sect
ion
4(1)
(k) i
nten
ded
to
ensu
re th
at p
rose
cutio
ns
may
pro
ceed
with
out
inte
rfer
ence
. Inf
orm
atio
n in
latt
er tw
o re
cord
s re
late
d to
pro
secu
tion
not
yet c
ompl
ete.
So,
reco
rds
and
disc
losu
re fa
ll w
ithin
s.
4(1
)(k)
exe
mpt
ion
to
FOIP
[par
a. 2
2].
67POLICYWISE
abou
t the
term
s of a
R
ecog
niza
nce,
a
Cert
ifica
te o
f Ana
lyst
, an
d a
Not
ice
of
Inte
ntio
n to
Co
mpl
aina
nt’s
pare
nts.
•
Com
plai
nant
arg
ued
his P
I dis
clos
ed in
co
ntra
vent
ion
of
FOIP
.
info
rmat
ion
from
FO
IP
info
rmat
ion
rela
ted
to
cour
t file
(jud
ges a
nd
cour
ts) (
a) a
nd re
late
d to
pr
osec
utio
n th
at h
as n
o t
been
com
plet
ed (k
). •
AB C
ourt
of A
ppea
l and
th
is O
IPC
adju
dica
tor b
oth
agre
e th
at s.
4(1
) ex
empt
ions
app
ly to
en
tiret
y of
FO
IP, s
o bo
th
acce
ss to
info
rmat
ion
and
prot
ectio
n of
pri
vacy
pr
ovis
ions
. •
Rec
ogni
zanc
e w
as si
gned
by
a ju
stic
e of
the
peac
e;
info
rmat
ion
rela
yed
to
pare
nts b
y po
licy
offic
er
oral
ly b
ut so
urce
was
R
ecog
niza
nce;
thus
, pol
icy
offic
er d
iscl
osed
in
form
atio
n; b
ut th
e in
form
atio
n an
d di
sclo
sure
bot
h ex
empt
ed
from
FO
IP p
er s.
4(1
)(a)
[p
ara.
18].
• Th
e Ce
rtifi
cate
of A
naly
st
and
Not
ice
of In
tent
ion
from
Cro
wn
pros
ecut
er v
ia
PB: “
… se
rvin
g th
e Ap
plic
ant w
ith th
ese
reco
rds w
as a
step
take
n to
fu
rthe
r an
ongo
ing
pros
ecut
ion
and
… th
e re
cord
s rel
ate
to th
e pr
osec
utio
n” [p
ara.
19].
• Pr
osec
utio
n w
as o
ngoi
ng.
Sect
ion
4(1)
(k) i
nten
ded
to
ensu
re th
at p
rose
cutio
ns
may
pro
ceed
with
out
inte
rfer
ence
. Inf
orm
atio
n in
latt
er tw
o re
cord
s re
late
d to
pro
secu
tion
not
yet c
ompl
ete.
So,
reco
rds
and
disc
losu
re fa
ll w
ithin
s.
4(1
)(k)
exe
mpt
ion
to
FOIP
[par
a. 2
2].
68 LAW & GOVERNANCE OF SECONDARY DATA USE
F20
16-6
2 20
16
Albe
rta
Hea
lth
Serv
ices
•
An in
voic
e co
ntai
ning
Co
mpl
aina
nt’s
PI w
as
give
n to
her
by
a co
-w
orke
r. T
hen
PI
abou
t her
le
ave/
susp
ensi
on w
as
shar
ed w
ith o
ther
PB
empl
oyee
s (ca
rryi
ng
an u
nsea
led
enve
lope
fo
r del
iver
y). P
B w
as
her e
mpl
oyer
. •
Com
plai
nant
arg
ued
thes
e w
ere
uses
or
disc
losu
res o
f PI i
n co
ntra
vent
ion
of
FOIP
.
• N
ot a
pplic
able
. •
Anal
ysis
by
OIP
C ad
judi
cato
r was
aro
und
whe
ther
this
was
di
sclo
sure
, aut
hori
zed
or
not?
• In
form
atio
n at
issu
e w
as
PI (n
ame,
title
, sal
ary,
in
form
atio
n on
su
spen
sion
/lea
ve).
• D
iscl
osur
e is
abo
ut
whe
ther
the
othe
r [c
owor
ker i
n th
is c
ase]
“w
as a
ble
to v
iew
the
info
rmat
ion”
, not
whe
ther
th
ey a
ctua
lly d
id v
iew
the
PI o
r not
[par
a. 12
]. •
Firs
t dis
clos
ure
to
cow
orke
r in
carr
ying
in
voic
e w
as n
ot a
utho
rize
d be
caus
e co
wor
ker d
id n
ot
need
to se
e de
tails
of
invo
ice
to re
imbu
rse
Com
plai
nant
or e
ven
to
advi
se C
ompl
aina
nt th
at
clai
m a
ppro
ved
[par
a. 2
1].
• Se
cond
dis
clos
ure
to
com
mun
icat
ions
and
ed
ucat
ion
pers
onne
l in
prep
arat
ion
of n
ewsl
ette
r.
This
was
use
and
di
sclo
sure
as i
t was
in
form
atio
n sh
arin
g [p
ara.
25
]. •
Seco
nd d
iscl
osur
e w
as
mor
e in
form
atio
n th
an
reas
onab
le to
mee
t its
pu
rpos
e: g
oal t
o ta
ke
dow
n ar
ticle
abo
ut
Com
plai
nant
on
site
and
re
plac
e ar
ticle
so th
ey d
id
not n
eed
to k
now
of h
er
susp
ensi
on/l
eave
[par
a.
32].
F20
12-2
2 20
12
AB J
ustic
e &
So
licito
r Gen
eral
•
AB J
ustic
e &
Sol
icito
r G
ener
al (J
AG)
disc
lose
d 3
lett
ers o
f Co
mpl
aina
nt’s
med
ical
info
rmat
ion
and
info
rmat
ion
of
WCB
cla
ims t
o AB
• N
ot a
pplic
able
. •
Not
app
licab
le.
• In
itial
bur
den
of p
roof
on
com
plai
nant
to a
dduc
e ev
iden
ce re
gard
ing
wha
t PI
was
dis
clos
ed a
nd h
ow
it w
as d
iscl
osed
. The
pu
blic
bod
y ha
s bud
ento
sh
ow d
iscl
osur
e w
as
acco
rdin
g to
FO
IP.
69POLICYWISE
F20
16-6
2 20
16
Albe
rta
Hea
lth
Serv
ices
•
An in
voic
e co
ntai
ning
Co
mpl
aina
nt’s
PI w
as
give
n to
her
by
a co
-w
orke
r. T
hen
PI
abou
t her
le
ave/
susp
ensi
on w
as
shar
ed w
ith o
ther
PB
empl
oyee
s (ca
rryi
ng
an u
nsea
led
enve
lope
fo
r del
iver
y). P
B w
as
her e
mpl
oyer
. •
Com
plai
nant
arg
ued
thes
e w
ere
uses
or
disc
losu
res o
f PI i
n co
ntra
vent
ion
of
FOIP
.
• N
ot a
pplic
able
. •
Anal
ysis
by
OIP
C ad
judi
cato
r was
aro
und
whe
ther
this
was
di
sclo
sure
, aut
hori
zed
or
not?
• In
form
atio
n at
issu
e w
as
PI (n
ame,
title
, sal
ary,
in
form
atio
n on
su
spen
sion
/lea
ve).
• D
iscl
osur
e is
abo
ut
whe
ther
the
othe
r [c
owor
ker i
n th
is c
ase]
“w
as a
ble
to v
iew
the
info
rmat
ion”
, not
whe
ther
th
ey a
ctua
lly d
id v
iew
the
PI o
r not
[par
a. 12
]. •
Firs
t dis
clos
ure
to
cow
orke
r in
carr
ying
in
voic
e w
as n
ot a
utho
rize
d be
caus
e co
wor
ker d
id n
ot
need
to se
e de
tails
of
invo
ice
to re
imbu
rse
Com
plai
nant
or e
ven
to
advi
se C
ompl
aina
nt th
at
clai
m a
ppro
ved
[par
a. 2
1].
• Se
cond
dis
clos
ure
to
com
mun
icat
ions
and
ed
ucat
ion
pers
onne
l in
prep
arat
ion
of n
ewsl
ette
r.
This
was
use
and
di
sclo
sure
as i
t was
in
form
atio
n sh
arin
g [p
ara.
25
]. •
Seco
nd d
iscl
osur
e w
as
mor
e in
form
atio
n th
an
reas
onab
le to
mee
t its
pu
rpos
e: g
oal t
o ta
ke
dow
n ar
ticle
abo
ut
Com
plai
nant
on
site
and
re
plac
e ar
ticle
so th
ey d
id
not n
eed
to k
now
of h
er
susp
ensi
on/l
eave
[par
a.
32].
F20
12-2
2 20
12
AB J
ustic
e &
So
licito
r Gen
eral
•
AB J
ustic
e &
Sol
icito
r G
ener
al (J
AG)
disc
lose
d 3
lett
ers o
f Co
mpl
aina
nt’s
med
ical
info
rmat
ion
and
info
rmat
ion
of
WCB
cla
ims t
o AB
• N
ot a
pplic
able
. •
Not
app
licab
le.
• In
itial
bur
den
of p
roof
on
com
plai
nant
to a
dduc
e ev
iden
ce re
gard
ing
wha
t PI
was
dis
clos
ed a
nd h
ow
it w
as d
iscl
osed
. The
pu
blic
bod
y ha
s bud
ento
sh
ow d
iscl
osur
e w
as
acco
rdin
g to
FO
IP.
Corp
orat
e H
uman
R
esou
rces
(CH
R).
• Co
mpl
aina
nt a
rgue
d th
is w
as im
prop
er
disc
losu
re p
er F
OIP
.
• O
btai
ning
an
indi
vidu
al’s
cons
ent f
or d
iscl
osur
e is
on
ly o
ne o
f the
way
s a P
B ca
n ha
ve th
e au
thor
ity to
di
sclo
se th
e in
divi
dual
’s PI
[p
ara.
18].
• JA
G w
as a
utho
rize
d to
di
sclo
se P
I to
CHR
in
lett
ers b
ecau
se re
leva
nt to
de
term
ine
whe
ther
and
ho
w to
requ
est f
urth
er
med
ical
ass
essm
ent,
whi
ch C
HR
cou
ld a
ssis
t JA
G w
ith. I
nfor
mat
ion
shar
ing
rela
ted
to h
uman
re
sour
ces m
anag
emen
t be
twee
n JA
G h
uman
re
sour
ces s
taff
and
CHR
si
mila
r sta
ff. T
his
reas
onab
le p
urpo
se a
nd
fits u
nder
FO
IP [p
ara.
21]
. F2
012
-23
2012
Al
bert
a Co
rpor
ate
Hum
an
Res
ourc
es
• Co
nnec
ted
to F
2012
-22
•
AB C
orpo
rate
H
uman
Res
ourc
es
(CH
R) c
olle
cted
3
lett
ers o
f Co
mpl
aina
nt’s
med
ical
info
rmat
ion
from
AB
Just
ice
&
Solic
itor G
ener
al
(JAG
) and
pro
vide
d th
is P
I to
Life
Mar
k O
ccup
atio
nal
Serv
ices
/Life
Mar
k H
ealth
Ser
vice
s (L
M).
Lett
ers
deta
iled
med
ical
in
form
atio
n an
d cl
aim
s inf
orm
atio
n re
gard
ing
her c
laim
to
WCB
. •
Com
plai
nant
arg
ued
this
con
trav
ened
FO
IP.
• CH
R’s
colle
ctio
n of
Co
mpl
aina
nt P
I fro
m J
AG
had
not c
ontr
aven
ed F
OIP
. CH
R h
as a
utho
rity
to c
olle
ct
PI u
nder
s. 3
3(c)
as
info
rmat
ion
rela
ted
dire
ctly
to
and
was
nec
essa
ry fo
r an
oper
atin
g ac
tivity
of C
HR
. CH
R is
resp
onsi
ble
for
advi
sing
and
ass
istin
g go
vern
men
t dep
artm
ents
in
hum
an re
sour
ce m
atte
rs;
here
in J
AG re
quir
ed a
dvic
e an
d as
sist
ance
on
asse
ssin
g Co
mpl
aina
nt’s
func
tiona
l ca
paci
ty to
det
e rm
ine
her
abili
ty to
per
form
pre
viou
s ta
sks [
para
s. 16
-17]
. •
“… a
pub
lic b
ody
is e
ntitl
ed
to c
onsi
dera
ble
latit
ude
in
deci
ding
that
the
colle
ctio
n of
per
sona
l inf
orm
atio
n is
ne
cess
ary
in a
giv
en c
ase,
an
d th
at it
s dec
isio
n sh
ould
no
t be
inte
rfer
ed w
ith u
nle s
s
• N
ot a
pplic
able
. •
PB is
aut
hori
zed
to
disc
lose
PI,
in a
bsen
ce o
f in
divi
dual
’s co
nsen
t, on
ba
sis o
f any
of t
he
purp
oses
or c
ircu
mst
ance
s se
t out
in s.
40(
1) F
OIP
. •
“Eve
n if
the
exch
ange
of
info
rmat
ion
with
in a
PB
mig
ht b
e ch
arac
teri
zed
as
a us
e of
info
rmat
ion,
LM
is
a th
ird
p art
y vi
s-à-
vis
CHR
. [pa
ra. 3
1]” C
HR
ar
gued
LM
was
em
ploy
ee
of C
HR
, but
Adj
udic
ator
fo
und
LM a
s a th
ird
part
y se
rvic
e pr
ovid
ed.
• “.
. whe
n de
cidi
ng w
heth
er
the
purp
ose
of a
use
or
disc
losu
re o
f PI i
s the
sa
me
as o
r con
sist
ent w
ith
the
purp
ose
of c
olle
ctio
n,
one
shou
ld e
xam
ine
the
spec
ific
purp
ose;
ot
herw
ise,
a P
B w
ould
ha
ve to
o w
ide
a la
titud
e to
us
e an
d di
sclo
se P
I sim
ply
70 LAW & GOVERNANCE OF SECONDARY DATA USE
pate
ntly
unr
easo
nabl
e.
[par
a. 17
]”
• Th
e le
tter
s con
sist
of P
I be
caus
e co
ntai
n na
me,
in
form
atio
n ab
out h
ealth
an
d he
alth
car
e hi
stor
y,
info
rmat
ion
abou
t em
ploy
men
t his
tory
, and
ot
hers
’ opi
nion
s abo
ut h
er
[par
a. 12
]. •
This
col
lect
ion
was
indi
rect
(v
ia J
AG),
whi
ch is
in
com
plia
nce
with
s. 3
4 (P
I m
ay b
e co
llect
ed in
dire
ctly
or
mus
t be
colle
cted
dir
ectly
fr
om th
e in
divi
dual
in
ques
tion)
[par
a. 2
3].
by c
hara
cter
izin
g th
e pu
rpos
es b
road
ly e
noug
h.”
[par
a. 3
4].
• W
hile
col
lect
ion
of th
e PI
in
the
lett
ers e
nabl
ed th
e CH
R to
pro
vide
adv
ice
and
assi
stan
ce to
JAG
, the
ad
judi
cato
r fou
nd “t
hat
disc
losu
re o
f the
in
form
atio
n to
LM
was
not
ne
cess
ary
in o
rder
for
CHR
to a
ctua
lly a
rran
ge,
and
obta
in th
e re
sults
of,
the
[fun
ctio
nal c
apac
ity
exam
inat
ion]
.” [p
ara.
36]
. LM
’s as
sess
men
t was
re
lativ
ely
limite
d, so
it d
id
not r
equi
re so
man
y de
tails
abo
ut
Com
plai
nant
’s m
edic
al
cond
ition
or a
nyth
ing
abou
t her
WCB
cla
ims t
o ca
rry
out t
he F
CE.
• Th
is d
iscl
osur
e to
LM
had
no
reas
onab
le a
nd d
irec
t co
nnec
tion
to C
HR
’s sp
ecifi
c pu
rpos
e of
ar
rang
ing
the
FCE;
at
mos
t an
i ndi
rect
co
nnec
tion
exis
ted.
CH
R
colle
ctio
n fr
om J
AG w
as to
de
term
ine
if FC
E ap
prop
riat
e; o
nce
FCE
dete
rmin
ed a
ppro
pria
te,
CHR
dis
clos
ure
to L
M w
as
only
reas
onab
le to
ext
ent
to a
ctua
lly a
rran
ge F
CE
[par
a. 3
7].
• D
iscl
osur
e w
as n
ot
cons
iste
nt w
ith p
urpo
se
for w
hich
they
wer
e co
llect
ed fr
om J
AG, p
er s.
41
FO
IP.
• Co
mpl
aina
nt si
gned
co
nsen
t for
m w
ith L
M to
co
llect
ion
of h
ealth
hi
stor
y; b
ut, t
his c
onse
nt
71POLICYWISE
pate
ntly
unr
easo
nabl
e.
[par
a. 17
]”
• Th
e le
tter
s con
sist
of P
I be
caus
e co
ntai
n na
me,
in
form
atio
n ab
out h
ealth
an
d he
alth
car
e hi
stor
y,
info
rmat
ion
abou
t em
ploy
men
t his
tory
, and
ot
hers
’ opi
nion
s abo
ut h
er
[par
a. 12
]. •
This
col
lect
ion
was
indi
rect
(v
ia J
AG),
whi
ch is
in
com
plia
nce
with
s. 3
4 (P
I m
ay b
e co
llect
ed in
dire
ctly
or
mus
t be
colle
cted
dir
ectly
fr
om th
e in
divi
dual
in
ques
tion)
[par
a. 2
3].
by c
hara
cter
izin
g th
e pu
rpos
es b
road
ly e
noug
h.”
[par
a. 3
4].
• W
hile
col
lect
ion
of th
e PI
in
the
lett
ers e
nabl
ed th
e CH
R to
pro
vide
adv
ice
and
assi
stan
ce to
JAG
, the
ad
judi
cato
r fou
nd “t
hat
disc
losu
re o
f the
in
form
atio
n to
LM
was
not
ne
cess
ary
in o
rder
for
CHR
to a
ctua
lly a
rran
ge,
and
obta
in th
e re
sults
of,
the
[fun
ctio
nal c
apac
ity
exam
inat
ion]
.” [p
ara.
36]
. LM
’s as
sess
men
t was
re
lativ
ely
limite
d, so
it d
id
not r
equi
re so
man
y de
tails
abo
ut
Com
plai
nant
’s m
edic
al
cond
ition
or a
nyth
ing
abou
t her
WCB
cla
ims t
o ca
rry
out t
he F
CE.
• Th
is d
iscl
osur
e to
LM
had
no
reas
onab
le a
nd d
irec
t co
nnec
tion
to C
HR
’s sp
ecifi
c pu
rpos
e of
ar
rang
ing
the
FCE;
at
mos
t an
indi
rect
co
nnec
tion
exis
ted.
CH
R
colle
ctio
n fr
om J
AG w
as to
de
term
ine
if FC
E ap
prop
riat
e; o
nce
FCE
dete
rmin
ed a
ppro
pria
te,
CHR
dis
clos
ure
to L
M w
as
only
reas
onab
le to
ext
ent
to a
ctua
lly a
rran
ge F
CE
[par
a. 3
7].
• D
iscl
osur
e w
as n
ot
cons
iste
nt w
ith p
urpo
se
for w
hich
they
wer
e co
llect
ed fr
om J
AG, p
er s.
41
FO
IP.
• Co
mpl
aina
nt si
gned
co
nsen
t for
m w
ith L
M to
co
llect
ion
of h
ealth
hi
stor
y; b
ut, t
his c
onse
nt
only
cov
ered
col
lect
ing
info
rmat
ion
from
her
in
cour
se o
f FCE
, not
from
CH
R p
rior
to F
CE [p
ara.
40
]. F2
012
-28
2012
Ed
mon
ton
Polic
e Se
rvic
e •
Com
plai
nant
nam
e an
d lic
ense
pla
te
num
ber u
sed
to ru
n qu
erie
s on
polic
e in
form
atio
n sy
stem
s by
var
ious
PB
mem
bers
in 2
008
and
2009
. 72
quer
ies,
m
ostly
2 q
ueri
es in
si
ngle
occ
asio
n.
• Co
mpl
aina
nt a
llege
d so
me
quer
ies l
acke
d au
thor
izat
ion
by s.
39
FOIP
.
• PB
may
use
PI f
or p
urpo
se it
w
as c
olle
cted
or c
ompl
ied,
or
for u
s con
sist
ent w
ith th
at
purp
ose
(s. 3
9(1)
(a))
[par
a.
6].
• H
ere,
app
ropr
iate
pur
pose
w
ould
be
law
enf
orce
men
t pu
rpos
e or
for p
urpo
se
rela
ting
to a
nd n
eces
sary
for
an o
pera
ting
prog
ram
of P
B.
Also
, ext
ent o
f its
use
mus
t be
nec
essa
ry to
ena
ble
PB to
ca
rry
out i
ts la
w
enfo
rcem
ent p
urpo
ses i
n a
reas
onab
le m
anne
r.
• In
this
cas
e, C
ompl
aina
nt
had
alte
rcat
ion
with
pol
ice
offic
er; s
teps
take
n fo
r of
ficer
’s sa
fety
; rel
ated
to
Com
plai
nant
dri
ving
. •
Seve
ral q
ueri
es h
ad la
w
enfo
rcem
ent p
urpo
ses a
s th
ey re
late
d to
offi
cers
m
ovin
g th
e cl
aim
aga
inst
Co
mpl
aina
nt fo
rwar
d or
to
dete
rmin
e Co
mpl
aina
nt
iden
tity
etc.
. to
ensu
re h
e co
mpl
ied
with
not
goi
ng
near
hig
h sc
hool
he
was
not
to
go
near
and
to a
sses
s him
be
caus
e he
was
list
ed a
s an
offic
er sa
fety
con
cern
. •
Mos
t con
tent
ious
que
ries
by
polic
e of
ficer
vic
tim w
ho
quer
ied
Com
plai
nant
on
date
of C
ompl
aina
nt
acqu
itted
of c
harg
es.
Adju
dica
tor s
aid
actio
ns
som
ewha
t pre
mat
ure
for l
aw
enfo
rcem
ent p
urpo
se a
nd
not e
xten
t nec
essa
ry to
car
ry
out l
aw e
nfor
cem
ent
•
• Se
cond
issu
e, ra
ther
than
fr
amed
as a
ppro
pria
te
use/
disc
losu
re w
as
whe
ther
PB
mad
e re
ason
able
secu
rity
ar
rang
emen
ts a
gain
st su
ch
risk
s as u
naut
hori
zed
use.
•
“rem
arks
” fie
lds i
n da
taba
se fo
r que
ry sh
ould
be
giv
en b
ecau
se su
peri
or
evid
ence
to th
at o
f a
plau
sibl
e ex
plan
atio
n as
to
why
que
ry c
ondu
cted
, to
geth
er w
ith a
n at
test
atio
n of
usu
al o
r in
vari
able
pra
ctic
e of
co
nduc
ting
quer
ies f
or
auth
oriz
ed p
urpo
ses
[par
a. 4
0].
• O
IPC
requ
ired
a g
reat
dea
l of
ora
l tes
timon
y an
d di
scus
sion
on
the
reco
rdin
g of
spec
ific
reas
ons f
or th
e qu
ery
beca
use
that
is “a
n im
port
ant e
lem
ent o
f re
ason
able
secu
rity
m
easu
res,
in th
at it
bot
h re
quir
es th
e re
ason
to b
e fo
rmul
ated
cle
arly
bef
ore
the
quer
y is
don
e (w
hich
co
uld
diss
uade
in
appr
opri
ate
quer
ies)
, an
d en
able
s an
audi
t afte
r th
e fa
ct th
at c
an d
raw
on
dire
ct e
vide
nce
of th
e re
ason
s, a
s opp
osed
to
conj
ectu
re. …
. If t
he
reas
ons,
or a
bsen
ce o
f re
ason
s, c
anno
t be
dete
rmin
ed, t
here
is n
o di
sinc
entiv
e fo
r mem
bers
72 LAW & GOVERNANCE OF SECONDARY DATA USE
purp
ose
in a
reas
onab
le
man
ner [
para
. 20]
. •
21 q
ueri
es w
here
no
reas
on
prov
ided
but
affi
davi
ts th
at
they
wer
e as
sign
ed to
pat
rol
or c
anin
e un
it; th
at n
ot
acqu
aint
ed w
ith
Com
plai
nant
; tha
t the
re
wer
e us
ual r
easo
ns w
hy
quer
ies c
ondu
cted
; and
that
th
eir u
sual
and
inva
riab
le
prac
tice
was
to c
ondu
ct
quer
ies o
nly
for p
olic
e pu
rpos
es. N
one
of q
ueri
es
for v
ehic
le st
ops.
But
, the
tim
ing
and
orde
r of t
he
quer
ies s
ugge
sts t
hey
wer
e in
nocu
ous i
n a
way
that
re
fute
s sug
gest
ion
that
Co
mpl
aina
nt w
as
spec
ifica
lly a
nd
inap
prop
riat
ely
targ
eted
[p
ara.
35]
.
to u
se th
e to
ol fo
r in
appr
opri
ate
purp
oses
” [p
ara.
63]
. •
For C
ompl
aina
nt, a
ll qu
erie
s wer
e pr
oper
and
no
thin
g of
thes
e qu
erie
s su
gges
ts th
e sy
stem
is
faili
ng, s
o no
reas
on to
qu
estio
n w
heth
er s.
38
bein
g m
et [p
ara.
67]
.
F20
13-5
5 20
13
Wor
kers
’ Co
mpe
nsat
ion
Boar
d
• PB
col
lect
ed, u
sed
and
disc
lose
d in
form
atio
n fr
om
med
ical
con
sulta
nts
with
in P
B in
de
term
inat
ions
f or
an o
ngoi
ng c
laim
w
ith th
e PB
re
gard
ing
wor
kpla
ce
inju
ry. Q
uest
ions
re
gard
ing
inju
ry a
nd
abili
ty to
retu
rn to
w
ork.
•
Com
plai
nant
arg
ued
PB n
ot a
utho
rize
d (o
r ou
ght n
ot to
be
auth
oriz
ed) t
o re
ly o
n th
e op
inio
n of
m
edic
al c
onsu
ltant
s in
mak
ing
a de
term
inat
ion
rega
rdin
g he
r cla
im.
• Th
e m
edic
al c
onsu
ltant
s are
co
ntra
ct n
ot sa
lari
ed
empl
oyee
s of P
B; th
ey
perf
orm
func
tions
of P
B on
be
half
of P
B; a
nd m
emos
w
ritt
en o
n le
tter
head
of
Med
ical
Ser
vice
s are
a of
the
PB. T
hus,
they
are
PB
empl
oyee
s for
pur
pose
s of
FOIP
[par
a. 16
].
• Co
llect
ion
of C
ompl
aina
nt
PI b
y m
edic
al c
onsu
ltant
s is
colle
ctio
n by
PB,
as
perf
orm
ed in
cou
rse
of jo
b du
ties [
para
. 16]
. •
Mus
t giv
e de
fere
nce
to P
B to
de
term
ine
wha
t inf
orm
atio
n ne
cess
ary
to p
rope
rly
dete
rmin
e cl
aim
; ind
irec
t co
llect
ions
per
mitt
ed w
ith
this
def
eren
ce a
s the
y re
late
to
cla
im d
eter
min
atio
n [p
ara.
29]
.
• PB
soug
ht o
ut o
pini
ons
from
med
ical
co
nsul
tant
s. “E
ven
if th
ese
opin
ions
wer
e gi
ven
little
to n
o w
eigh
t in
reac
hing
a d
ecis
ion
abou
t th
e Co
mpl
aina
nt, t
hey
wer
e in
corp
orat
ed in
to
the
Com
plai
nant
’s cl
aim
fil
es; I
find
that
the
opin
ions
wer
e us
ed fo
r th
e pu
rpos
es o
f FO
IP
Act”
[par
a. 3
2].
• Se
ctio
n 41
FO
IP li
sts
whe
n us
e or
dis
clos
ure
of
PI is
con
sist
ent w
ith
purp
oses
for w
hich
it w
as
colle
cted
(rea
sona
ble
and
dire
ct c
onne
ctio
n to
that
pu
rpos
e; n
eces
sary
for
perf
orm
ing
lega
lly
auth
oriz
ed d
utie
s) [p
ara.
34
].
• Si
mila
r arg
umen
t for
di
sclo
sure
as f
or u
s. P
B di
sclo
sed
Com
plai
nant
’s PI
to m
edic
al c
onsu
ltant
s fo
r con
sulta
nts t
o fo
rm
info
rmed
opi
nion
re
gard
ing
Com
plai
nant
’s in
jury
. Def
eren
ce g
iven
. Al
l dis
clos
ure
for
reas
onab
le p
urpo
se a
nd
not m
ore
than
nec
essa
ry
[par
as. 3
7 -39
].
• N
o ev
iden
ce th
at P
B us
ed
Com
plai
nant
’s m
edic
al
info
rmat
ion
in
auth
oriz
ed m
anne
r or
beyo
nd e
xten
d ne
cess
ary
to m
ake
clai
m
dete
rmin
atio
n [p
ara.
35]
. F2
012
-27
2012
H
oly
Fam
ily
Cath
olic
Reg
iona
l D
iv N
o. 3
7
• PB
law
yer r
evea
led
info
rmat
ion
(PI v
ia
doct
or’s
refe
rral
le
tter
) to
Com
plai
nant
’s la
wye
r ab
out m
atte
r bef
ore
OIP
C w
hen
law
yer
was
not
repr
esen
ting
Com
plai
nant
in th
at
mat
ter.
The
law
yer
repr
esen
ted
Com
plai
nant
in
sepa
rate
em
ploy
men
t-re
late
d co
urt a
ctio
n; w
hile
th
e is
sue
befo
re th
e O
IPC
rela
ted
to a
n ac
cess
requ
est f
or a
re
ferr
al le
tter
and
w
here
in th
e Co
mpl
aina
nt w
as
self-
repr
esen
ted.
•
Com
plai
nant
arg
ued
this
was
dis
clos
ure
of
his P
I con
tra
FOIP
.
• W
hen
the
PB re
ceiv
ed th
e Co
mpl
aina
nt’s
lett
er to
the
FOIP
Coo
rdin
ator
, it
colle
cted
the
pers
onal
in
form
atio
n th
at th
e le
tter
co
ntai
ned
(incl
udin
g fa
ct
that
Com
plai
nant
mad
e ac
cess
requ
est f
or re
ferr
al
lett
er a
nd fa
ct in
volv
ed in
O
IPC
file)
for t
he p
urpo
se o
f co
urt a
ctio
n, a
nd a
lso
for
purp
ose
of O
IPC
file
[par
a.
28].
• N
ot a
pplic
able
. •
Com
plai
nant
did
indi
cate
th
at h
e so
ught
acc
ess t
o th
e re
ferr
al le
tter
to g
ive
to
his l
awye
r reg
ardi
ng th
e co
urt a
ctio
n. A
lso,
the
refe
rral
lett
er w
as fo
r use
in
a p
roce
edin
g be
fore
a
cour
t to
whi
ch th
e PB
was
a
part
y, so
aut
hori
zed
unde
r s. 4
0(1)
(v) F
OIP
[p
ara.
8].
•
PI u
nder
FO
IP m
ust b
e “a
bout
” an
indi
vidu
al.
“The
term
“abo
ut” i
n th
e co
ntex
t of t
he d
efin
iton
is
high
ly si
gnifi
cant
re
stri
ctiv
e m
odifi
er, i
n th
at “a
bout
” an
indi
vidu
al
is a
muc
h na
rrow
er id
ea
than
“rel
ated
” to
an
indi
vidu
al; i
nfor
mat
ion
that
is g
ener
ated
or
colle
cted
in c
onse
quen
ce
of so
me
actio
n on
the
part
of
, or a
ssoc
iate
d w
ith, a
n in
divi
dual
– a
n th
at is
th
eref
ore
conn
ecte
d to
hi
m o
r her
in so
me
way
–
is n
ot n
eces
sari
ly “a
bout
th
at in
divi
dual
. [pa
ra. 1
3]”
Whe
re P
B la
wye
r di
scus
sed
the
OIP
C fil
e as
re
solv
ed in
the
lett
er is
ab
out t
he fi
le, n
ot a
bout
th
e Co
mpl
aina
nt so
not
PI.
Onl
y PI
dis
clos
ed b
y PB
w
ere
that
he
mad
e ac
cess
re
ques
t and
invo
lved
in a
O
IPC
file;
but
, the
se w
ere
auth
oriz
ed [p
ara.
16].
73POLICYWISE
• N
o ev
iden
ce th
at P
B us
ed
Com
plai
n ant
’s m
edic
al
info
rmat
ion
in
auth
oriz
ed m
anne
r or
beyo
nd e
xten
d ne
cess
ary
to m
ake
clai
m
dete
rmin
atio
n [p
ara.
35]
. F2
012
-27
2012
H
oly
Fam
ily
Cath
olic
Reg
iona
l D
iv N
o. 3
7
• PB
law
yer r
evea
led
info
rmat
ion
(PI v
ia
doct
or’s
refe
rral
le
tter
) to
C om
plai
nant
’s la
wye
r ab
out m
atte
r bef
ore
OIP
C w
hen
law
yer
was
not
repr
esen
ting
Com
plai
nant
in th
at
mat
ter.
The
law
yer
repr
esen
ted
Com
plai
nant
in
sepa
rate
em
ploy
men
t -re
late
d co
urt a
ctio
n; w
hile
th
e is
sue
befo
re th
e O
IPC
rela
ted
to a
n ac
cess
requ
est f
or a
re
ferr
al le
tter
and
w
here
in th
e Co
mpl
aina
nt w
as
self-
repr
esen
ted.
•
Com
plai
nant
arg
ued
this
was
dis
clos
ure
of
his P
I con
tra
FOIP
.
• W
hen
the
PB re
ceiv
ed th
e Co
mpl
aina
nt’s
lett
er to
the
FOIP
Coo
rdin
ator
, it
colle
cted
the
pers
onal
in
form
atio
n th
at th
e le
tter
co
ntai
ned
(incl
udin
g fa
ct
that
Com
plai
nant
mad
e ac
cess
requ
est f
or re
ferr
al
lett
er a
nd fa
ct in
volv
ed in
O
IPC
file)
for t
he p
urpo
se o
f co
urt a
ctio
n, a
nd a
lso
for
purp
ose
of O
IPC
file
[par
a.
28].
• N
ot a
pplic
able
. •
Com
plai
nant
did
indi
cate
th
at h
e so
ught
acc
ess t
o th
e re
ferr
al le
tter
to g
ive
to
his l
awye
r reg
ardi
ng th
e co
urt a
ctio
n. A
lso,
the
refe
rral
lett
er w
as fo
r use
in
a p
roce
edin
g be
fore
a
cour
t to
whi
ch th
e PB
was
a
part
y, so
aut
hori
zed
unde
r s. 4
0(1)
(v) F
OIP
[ p
ara.
8].
•
PI u
nder
FO
IP m
ust b
e “a
bout
” an
indi
vidu
al.
“The
term
“abo
ut” i
n th
e co
ntex
t of t
he d
efin
iton
is
high
ly si
gnifi
cant
re
stri
ctiv
e m
odifi
er, i
n th
at “a
bout
” an
indi
vidu
al
is a
muc
h na
rrow
er id
ea
than
“rel
ated
” to
an
indi
vidu
al; i
nfor
mat
ion
that
is g
ener
ated
or
colle
cted
in c
onse
quen
ce
of so
me
actio
n on
the
part
of
, or a
ssoc
iate
d w
ith, a
n in
divi
dual
– a
n th
at is
th
eref
ore
conn
ecte
d to
hi
m o
r her
in so
me
way
–
is n
ot n
eces
sari
ly “a
bout
th
at in
divi
dual
. [pa
ra. 1
3]”
Whe
re P
B la
wye
r di
scus
sed
the
OIP
C f il
e as
re
solv
ed in
the
lett
er is
ab
out t
he fi
le, n
ot a
bout
th
e Co
mpl
aina
nt so
not
PI.
Onl
y PI
dis
clos
ed b
y PB
w
ere
that
he
mad
e ac
cess
re
ques
t and
invo
lved
in a
O
IPC
file;
but
, the
se w
ere
auth
oriz
ed [p
ara.
16].
74 LAW & GOVERNANCE OF SECONDARY DATA USE
• Co
mpl
aina
nt le
tter
to
FOIP
Coo
rdin
ator
refe
rred
to
the
cour
t act
ion;
thus
, Co
mpl
aina
nt li
nked
thes
e tw
o ac
tions
. Co
rres
pond
ence
by
PB
law
yer m
ust o
nly
be to
Co
mpl
aina
nt la
wye
r (L
awye
r’s C
ode
of
Cond
uct)
and
wou
ld o
nly
be c
oher
ent a
nd
unde
rsta
ndab
le if
refe
rred
to
refe
rral
lett
er a
nd O
IPC
file
[par
a. 2
6].
• Th
e di
sclo
sure
was
co
nsis
tent
with
one
of t
he
purp
oses
for w
hich
the
Com
plai
nant
’s le
tter
was
in
itial
ly c
olle
cted
(the
co
urt a
ctio
n), t
hus t
he P
B w
as a
utho
rize
d to
dis
clos
e un
der s
. 40(
1) (c
) [pa
ra.
28].
• Th
e di
sclo
sure
was
onl
y to
th
e ex
tent
nec
essa
ry to
en
able
the
PB to
resp
ond
to th
e Co
mpl
aina
nt’s
lett
er
in a
reas
onab
le m
anne
r (it
com
plet
e th
e di
scus
sion
) [p
ara.
31]
. No
supe
rflu
ous
or e
xtra
neou
s inf
orm
atio
n th
at P
B sh
ould
hav
e re
dact
ed; a
nd, l
ette
r re
fere
nces
the
only
co
here
nt a
nd se
nsib
le w
ay
to a
ddre
ss p
oint
s Co
mpl
aina
nt h
ad m
ade
[par
a. 3
2].
• W
hile
dir
ectio
n of
co
mm
unic
atio
n be
twee
n la
wye
rs g
uide
d by
Law
So
ciet
y of
Alb
erta
Pr
ofes
sion
al C
ode
of
Cond
uct;
the
cont
ent o
f th
e di
scus
sion
and
any
di
sclo
sure
of P
I gui
ded
by
s. 4
0(1)
(c) o
f FO
IP in
that
75POLICYWISE
disc
losu
re m
ust b
e fo
r pu
rpos
e co
nsis
tent
with
pu
rpos
e fo
r whi
ch
info
rmat
ion
was
ori
gina
lly
colle
cted
from
the
Com
plai
nant
. With
thes
e bo
th, P
B au
thor
ized
to
disc
losu
re in
form
atio
n to
Co
mpl
aina
nt la
wye
r [pa
ra.
40].
P20
13-0
3 20
13
Proj
ect
Porc
hlig
ht
• Co
mpl
aina
nt
empl
oyer
trac
ed
pers
onal
tele
phon
e ca
lls m
ade
usin
g a
Blac
kber
ry d
evic
e pr
ovid
ed to
him
by
the
orga
niza
tion.
Co
mpl
aina
nt a
llege
d th
at b
reac
hed
PIPA
al
ong
with
alle
ged
failu
re to
secu
re h
is
PI c
onta
ined
in h
is
empl
oym
ent o
ffer
lett
er a
nd ta
x fo
rms.
• O
rgan
izat
ion
was
in
corp
orat
ed u
nder
Ont
ario
le
gisl
atio
n as
not
-for
-pro
fit
non-
shar
e ca
pita
l co
rpor
atio
n; b
ut, n
ot in
Al
bert
a, so
it w
as n
ot a
not
-fo
r-pr
ofit
and
thus
not
ex
empt
from
PIP
A. It
is a
n or
gani
zatio
n; th
us su
bjec
t to
PIPA
rega
rdin
g al
l PI t
hat i
s co
llect
ed, u
sed
and
disc
lose
d by
it [p
ara.
16].
• O
rgan
izat
ion
calle
d ce
rtai
n nu
mbe
rs o
n th
e Co
mpl
aina
nt’s
call
list
invo
ice
so a
s to
asce
rtai
n th
e re
cipi
ents
of t
he c
alls
and
th
e na
ture
of t
he c
alls
[par
a.
23].
This
was
col
lect
ion
of
info
rmat
ion
[par
a. 2
6].
Org
aniz
atio
n us
ed th
is
info
rmat
ion
beca
use
arra
nged
mee
ting
with
Co
mpl
aina
nt to
cha
stis
e hi
m
for m
akin
g th
e te
leph
one
calls
[par
a. 2
6].
• Th
is in
form
atio
n w
as
pers
onal
info
rmat
ion
(not
pe
rson
al e
mpl
oyee
in
form
atio
n) b
ecau
se it
in
clud
ed id
entit
ies o
f cer
tain
re
cipi
ents
reve
aled
to b
e hi
s fr
iend
s and
/or f
amily
and
th
e na
ture
of a
t lea
st o
ne c
all
reve
aled
one
of h
is in
tere
sts
of a
hig
hly
pers
onal
nat
ure.
Th
is in
form
atio
n w
as
• Sa
me
anal
ysis
for
colle
ctio
n an
d us
e.
• “I
f an
orga
niza
tion
does
no
t hav
e th
e au
thor
ity to
co
llect
and
use
par
ticul
ar
pers
onal
info
rmat
ion,
it
nece
ssar
ily c
olle
cts a
nd
uses
the
info
rmat
ion
for
purp
oses
that
are
not
re
ason
able
, and
ther
e ca
n be
no
poss
ibili
ty o
f co
llect
ion
and
use
to a
re
ason
able
ext
ent.”
[par
a.
59]
• Al
so d
iscu
ssed
re
ason
able
secu
rity
: “An
or
gani
zatio
n ha
s the
bu
rden
of p
rovi
ng th
at it
m
ade
reas
onab
le se
curi
ty
arra
ngem
ents
to p
rote
ct
the
pers
onal
info
rmat
ion
that
is in
its c
usto
dy o
r un
der i
ts c
ontr
ol, a
s it i
s in
the
best
pos
ition
to
prov
ide
evid
ence
of t
he
step
s tha
t it h
as ta
ken.
” [p
ara.
68]
Ask
ing
an
empl
oyee
to re
com
plet
e an
ann
ual f
orm
doe
s nto
m
ean
that
it h
as
lost
/mis
plac
ed/i
nsec
urel
y ha
ndle
d pr
evio
us
info
rmat
ion.
O
rgan
izat
ion
mai
ntai
ns
pers
onne
l rec
ords
in a
se
cure
file
loca
tion
at it
s he
ad o
ffice
. Tha
t suf
ficed
•
76 LAW & GOVERNANCE OF SECONDARY DATA USE
“abo
ut” t
he C
ompl
aina
nt a
s an
iden
tifia
ble
indi
vidu
al
[par
a. 2
7].
• Ad
judi
cato
r fou
nd th
ere
was
no
“acc
epta
ble
use”
pol
icy
that
rest
rict
ed th
e ab
ility
of
the
Com
plai
nant
to m
ake
pers
onal
cal
ls u
sing
the
Blac
kber
ry, a
nd th
ere
was
th
eref
ore
no su
ch p
olic
y in
corp
orat
ed in
to h
is
empl
oym
ent a
gree
men
t. Th
is m
eant
, the
re c
ould
be
no p
ossi
ble
brea
ch o
f the
Co
mpl
aina
nt’s
empl
oym
ent
agre
emen
t, no
inve
stig
atio
n,
and
no a
bilit
y fo
r the
O
rgan
izat
ion
to re
ly o
n ss
. 14
(d) a
nd 17
(d) t
o co
llect
an
d us
e th
e Co
mpl
aina
nt’s
PI [p
ara.
41]
. •
An o
rgan
izat
ion
mig
ht b
e ab
le to
col
lect
and
use
in
form
atio
n re
gard
ing
reci
pien
ts a
nd n
atur
e of
ph
one
calls
mad
e by
em
ploy
ee u
sing
em
ploy
er-
issu
ed c
omm
unic
atio
ns
devi
ce (s
s. 15
, 18
PIPA
) if (
a)
it is
reas
onab
le fo
r or
gani
zatio
n to
col
lect
and
us
e th
e in
form
atio
n fo
r the
pa
rtic
ular
pur
pose
; and
(2)
the
colle
ctio
n an
d us
e of
in
form
atio
n in
que
stio
n m
ust r
elat
e to
the
empl
oym
ent r
elat
ions
hip
or
be fo
r pur
pose
s of m
anag
ing
the
empl
oym
ent
rela
tions
hip
[par
a. 4
6].
• Ju
st b
ecau
se e
mpl
oyer
un
ilate
rally
cho
oses
to d
o so
met
hing
rega
rdin
g an
em
ploy
ee d
oes n
ot
auto
mat
ica l
ly m
ake
the
empl
oyer
’s ac
t som
ethi
ng
rela
ting
to e
mpl
oym
ent
for r
easo
nabl
e se
curi
ty
for a
djud
icat
or [p
ara.
70
].
77POLICYWISE
rela
tions
hip
or m
anag
emen
t of
that
rela
tions
hip
[par
a.
47].
• N
o co
nsen
t or p
rior
not
ice
had
occu
rred
in th
is c
ase
to
perm
it co
llect
ion
and
use
of
PI. [
para
. 52]
•
•
Org
aniz
atio
n or
dere
d to
stop
co
llect
ing
and
usin
g PI
in
cont
rave
ntio
n of
PIP
A.
P20
13-0
1 20
13
Prof
essi
onal
D
rive
rs B
urea
u of
Ca
nada
Inc.
• O
rgan
izat
ion
Gat
hers
in
form
atio
n ab
out
truc
k dr
iver
s fro
m
thei
r em
ploy
ers,
and
th
en m
akes
this
in
form
atio
n av
aila
ble
by su
bscr
iptio
n to
its
clie
nts,
whi
ch in
clud
e ot
her e
mpl
oyer
s or
pros
pect
ive
empl
oyer
s of t
ruck
dr
iver
s .
• Co
mpl
aina
nt
requ
este
d ac
cess
to
her P
I; a
nd a
sked
O
IPC
to re
view
O
rgan
izat
ion’
s re
spon
se to
her
and
m
ade
com
plai
nt
rega
rdin
g th
e O
rgan
izat
ion’
s co
llect
ion,
use
and
di
sclo
sure
of h
er P
I.
• Th
e in
form
atio
n at
issu
e w
as
PI a
s it c
onta
ined
her
lice
nse
num
ber,
dat
e of
bir
th, s
ocia
l in
sura
nce
num
ber,
hei
ght,
wei
ght,
e tc…
. Th
e O
rgan
izat
ion
prov
ided
no
subm
issi
ons f
or th
is in
quir
y.
• Th
at “…
the
Org
aniz
atio
n ha
s cus
tody
of t
he re
cord
s es
tabl
ishe
s tha
t the
O
rgan
izat
ion
has c
olle
cted
an
d us
ed th
e Co
mpl
aina
nt’s
pers
onal
info
rmat
ion
with
in
the
term
s of s
. (1)
(k) [
of
PIPA
]” [p
ara.
20]
. •
Alth
ough
the
pers
onal
in
form
atio
n w
as o
rigi
nally
co
llect
ed a
nd u
sed
for
purp
oses
of e
ither
es
tabl
ishi
ng o
r man
agin
g em
ploy
men
t rel
atio
nshi
p,
ther
e w
as n
o em
ploy
men
t re
latio
nshi
p be
twee
n O
rgan
izat
ion
and
Com
plai
nant
. So,
this
is n
ot
pers
onal
em
plo y
ee
info
rmat
ion.
So,
no
exce
ptio
ns to
con
sent
for
disc
losu
re a
vaila
ble
(i.e.
ss.
14, 1
5 an
d 21
). [p
aras
. 22 -
23]
• Al
thou
gh th
e O
rgan
izat
ion
calls
itse
lf an
ass
ocia
tion,
th
e or
gani
zatio
n is
a
corp
orat
ion,
and
dis
tinct
• Sa
me
as c
olle
ctio
n di
scus
sion
. •
The
evid
ence
con
tain
ed o
n O
rgan
izat
ion’
s web
site
ba
se fi
ndin
g th
at
Org
aniz
atio
n ha
s co
llect
ed, u
se a
nd
disc
lose
d th
e PI
of th
e Co
mpl
aina
nt (a
nd o
ther
tr
uck
driv
ers)
[par
a. 2
5].
Org
aniz
atio
n ga
ther
s em
ploy
men
t his
tory
abo
ut
truc
k dr
iver
s and
giv
es
acce
ss to
this
info
rmat
ion
to tr
ucki
ng c
ompa
nies
that
pa
y su
bscr
iptio
n fe
e [p
ara.
27
]. In
form
atio
n ke
pt in
pa
per f
iles a
nd in
a
data
base
[par
a. 2
9].
Rep
orts
they
pro
duce
co
ntai
n dr
iver
’s em
ploy
men
t his
tory
with
em
ploy
ers,
the
empl
oyer
’s op
inio
ns, t
he e
mpl
oyee
’s dr
iver
’s lic
ense
, and
bi
rthd
ate
[par
. 29]
. “Th
e O
rgan
izat
ion
colle
cts
pers
onal
info
rmat
ion
abou
t tru
ck d
rive
rs fr
om
truc
king
com
pani
es, u
ses
this
info
rmat
ion,
by
crea
ting
a fil
e an
d ad
ding
it
to it
s dat
abas
e w
hich
it
will
offe
r for
pur
chas
e,
and
disc
lose
s the
PI t
o cl
ient
s whe
n th
ey re
ques
t a
repo
rt a
nd p
ay fo
r it”
[p
ara.
29]
.
78 LAW & GOVERNANCE OF SECONDARY DATA USE
from
the
orga
niza
tions
that
su
bmitt
ed th
e Co
mpl
aina
nt’s
PI to
it [p
ara.
30
]. •
The
Org
aniz
atio
n di
d no
t ob
tain
con
sent
from
Co
mpl
aina
nt in
ci
rcum
stan
ces w
here
it w
as
nece
ssar
y th
at it
do
so, a
nd
had
not p
rovi
ded
notic
e of
its
col
lect
ion
[par
a. 3
5]. T
he
cons
ents
Com
plai
nant
en
tere
d in
to w
hen
appl
yin g
to
a tr
ucki
ng c
ompa
ny w
ere
not e
xten
ded
to th
e O
rgan
izat
ion
and
did
not
auth
oriz
e th
e tr
ucki
ng
com
pany
to d
iscl
ose
the
Com
plai
nant
’s PI
to th
e O
rgan
izat
ion
so th
at th
e O
rgan
izat
ion
coul
d us
e it
for
its b
usin
ess o
r dis
clos
e it
furt
her [
para
. 35]
. Aut
hori
t y
to c
heck
refe
renc
es d
oes n
ot
auth
oriz
e th
is th
ird -
part
y O
rgan
izat
ion
to c
olle
ct, u
se
or d
iscl
ose
PI.
• A
hand
-wri
tten
con
sent
afte
r th
e O
rgan
izat
ion
has
colle
cted
PI d
id n
ot su
ffice
fo
r OIP
C Ad
judi
cato
r. A
lso,
th
e co
nsen
t for
Org
aniz
atio
n to
con
duct
refe
renc
e ch
eck
“can
not b
e in
terp
rete
d as
au
thor
izin
g th
e O
rgan
izat
ion
to c
olle
ct th
e ki
nds o
f in
form
atio
n th
at it
has
co
llect
ed” (
very
per
sona
l in
form
atio
n su
ch a
s hei
ght,
wei
ght,
SIN
) [pa
ra. 3
9].
• N
o st
atut
ory
exem
ptio
ns
appl
ied
to O
rgan
izat
ion
gett
ing
cons
ent.
• R
easo
nabl
enes
s of c
olle
ctio
n re
quir
es th
at c
olle
ctio
n ac
tual
ly m
eet t
he p
urpo
se
for w
hich
it is
inte
nded
• O
rgan
izat
ion
had
not
esta
blis
hed
that
it h
ad
colle
cted
, use
d, a
nd
disc
lose
d on
ly th
e pe
rson
al in
form
atio
n ne
cess
ary
for m
eetin
gs it
s pu
rpos
es. S
o,
Org
aniz
atio
n ha
d br
each
ed P
IPA
in a
ll re
gard
s and
ord
ered
to
ceas
e co
llect
ing,
usi
ng a
nd
disc
losi
ng p
erso
nal
info
rmat
ion
of
Com
plai
nant
in
cont
rave
ntio
n of
PIP
A.
• Be
caus
e no
evi
denc
e th
at
esta
blis
hed
a re
ason
able
pu
rpos
e fo
r col
lect
ion
and
use
of C
ompl
aina
nt’s
PI,
then
no
evid
ence
to
esta
blis
h th
at d
iscl
osur
es
wer
e fo
r rea
sona
ble
purp
ose.
79POLICYWISE
[par
a. 5
0]. B
ecau
se
Org
aniz
atio
n di
d no
t mak
e su
bmis
sion
s for
inqu
iry;
w
ebsi
te a
nd re
cord
s alo
ne
coul
d no
t cor
rela
te th
e in
form
atio
n th
at w
as
colle
cted
with
the
purp
ose
in
colle
ctin
g it.
Can
not f
ind
that
Org
aniz
atio
n tr
ying
to
com
bat f
raud
in c
olle
ctin
g PI
, so
dist
ingu
isha
ble
from
le
gal c
ases
(e.g
. Leo
n’s)
. [p
ara.
52]
. •
Org
aniz
atio
n ha
d no
t es
tabl
ishe
d th
at it
had
co
llect
ed, u
sed
or d
iscl
osed
th
e Co
mpl
aina
nt’s
pers
onal
in
form
atio
n on
ly fo
r re
ason
able
pur
pose
s.
Beca
use
Org
aniz
atio
n di
d no
t exp
lain
pur
pose
, the
n ca
nnot
est
ablis
h a
reas
onab
le p
urpo
se [p
ara.
55
]. •
Sinc
e O
rgan
izat
ion
colle
cts
PI fr
om tr
ucki
ng c
ompa
nies
no
t Com
plai
nant
dir
ectly
, th
en m
ust b
e w
ithin
s. 12
(in
form
atio
n at
issu
e m
ay b
e co
llect
ed w
ithou
t con
sent
of
indi
vidu
al u
nder
s.. 1
4, 15
or
22).
Sinc
e co
nsen
t mus
t be
obta
ined
for P
I at i
ssue
, the
n co
ntra
vene
s. 12
[par
a. 6
8].
• Se
ctio
n 13
requ
ires
not
ice
of
purp
ose
of c
olle
ctin
g PI
and
na
me
of so
meo
ne w
ho
answ
er’s
for O
rgan
izat
ion
any
ques
tions
abo
ut
colle
ctio
n.
F20
13-0
6 20
13
Serv
ice
Albe
rta
• Em
ploy
ee o
f Sen
tinel
R
egis
try
disc
lose
d th
e Co
mpl
aina
nt’s
addr
ess t
o an
in
divi
dual
who
had
th
en g
one
to th
e ad
dres
s with
the
• N
ot a
pplic
able
•
Not
app
licab
le.
• Th
e PI
at i
ssue
dis
clos
ed
from
a re
gist
ry m
aint
aine
d by
PB;
so if
info
rmat
ion
is
in th
e co
ntro
l or c
usto
dy
of a
pub
lic b
ody,
such
as
Serv
ice
Albe
rta,
then
PIP
A do
es n
ot a
pply
. FO
IP
80 LAW & GOVERNANCE OF SECONDARY DATA USE
inte
ntio
n of
ha
rass
ing
or
conf
ront
ing
the
Com
plia
nant
. OIP
C pr
evio
usly
de
term
ined
that
FO
IP a
pplie
d.
• Co
mpl
aina
nt
com
plai
ned
of
impr
oper
dis
clos
ure.
•
GET
FR
OM
PAP
ER
AT H
OM
E.
appl
ies a
s thi
s is p
erso
nal
info
rmat
ion
disc
lose
d fr
om M
OVE
S da
taba
se.
• R
egis
try
empl
oyee
di
sclo
sed
PI w
ithou
t au
thor
izat
ion,
con
trar
y to
PB
’s po
licie
s and
pr
oced
ures
. SO
, PB
did
not d
iscl
ose
Com
plai
nant
’s PI
. Dis
clos
ures
by
rogu
e em
ploy
ee, n
ot P
B [p
ara.
10
]. •
PB h
ad n
ot ta
ken
adeq
uate
m
easu
res t
o m
onito
r m
anne
r in
whi
ch R
egis
try
empl
oyee
s acc
esse
d PI
fr
om M
OVE
S da
taba
se.
F20
13-0
1 20
13
Edm
onto
n Po
lice
Serv
ice
• PB
’s pr
evio
us p
olic
y in
clud
ed th
at
web
site
pos
ted
copi
es
of d
isci
plin
ary
deci
sion
s inv
olvi
ng
its m
embe
rs.
• Ap
plic
ant o
ngoi
ng
requ
est t
o PB
for
copi
es o
f dis
cipl
inar
y de
cisi
ons n
ot p
oste
d on
web
site
. PB
resp
onse
d bu
t se
vere
d la
rge
port
ions
per
FO
IP.
• In
form
atio
n at
issu
e w
as
pers
onal
info
rmat
ion
as it
re
late
d to
con
tent
of
disc
iplin
ary
deci
sion
s, 3
pa
rtie
s’ na
mes
, age
s, se
x,
mar
ital s
tatu
s, h
/c a
nd
empl
oym
ent h
isto
ry, a
nd
opin
ions
abo
ut th
em [p
ara.
8]
.
•
• In
its d
ecis
ion
as to
w
heth
er to
with
hold
or
disc
lose
reco
rds
resp
onsi
ve to
requ
est,
PB
not t
aken
into
acc
ount
all
rele
vant
fact
ors e
spec
ially
th
at d
isci
plin
ary
deci
sion
s in
this
inqu
iry
wer
e re
ad
alou
d, p
ublic
ly, a
t he
arin
g’s c
oncl
usio
n.
• S.
17 F
OIP
rela
tes t
o di
sclo
sure
har
mfu
l to
pers
onal
pri
vacy
(with
hold
be
caus
e di
sclo
sure
wou
ld
be u
nrea
sona
ble
inva
sion
of
the
thir
d pa
rtie
s’ pe
rson
al p
riva
cy).
• M
uch
of se
vere
d in
form
atio
n w
as n
ot
med
ical
info
rmat
ion
(whi
ch w
ould
be
unre
ason
able
inva
sion
if
disc
lose
d).
• S
17(5
) req
uire
s co
nsid
erat
ion
of a
ny
over
ridi
ng fa
ctor
s w
eigh
ing
in fa
vour
of
disc
losu
re. P
revi
ous
deci
sion
s fou
nd th
at
81POLICYWISE
desi
rabi
lity
of su
bjec
ting
actio
ns o
f a p
olic
e se
rvic
e to
pub
lic sc
rutin
y ov
erro
de p
resu
mpt
ions
ag
ains
t dis
clos
ure
and
any
poss
ible
repu
tatio
nal
harm
[par
a. 19
]. •
Verb
ally
dis
clos
ing
cont
ent o
f wri
tten
reco
rd
= di
sclo
sure
und
er F
OIP
[p
ara.
33]
. Thu
s, P
B di
sclo
sed
deci
sion
s to
any
mem
ber o
f pub
lic p
rese
nt,
mem
ber o
f med
ia p
rese
nt,
who
may
hav
e th
en
diss
emin
ated
this
in
form
atio
n fu
rthe
r. •
BC O
IPC
deci
sion
: pri
or
publ
ic d
iscl
osur
e by
PB
of
info
soug
ht in
acc
ess
requ
est o
verr
ides
pr
esum
ptio
n th
at
disc
losu
re w
ould
be
unre
ason
able
inva
sion
of a
th
ird
part
y’s p
erso
nal
priv
acy.
[par
a 36
-37]
•
ABQ
B: p
rinc
iple
that
w
hen
polic
e di
scip
linar
y he
arin
gs a
re h
eld
in
publ
ic, t
here
is n
o ex
pect
atio
n of
pri
vacy
. •
Any
repu
tatio
nal h
arm
s or
futu
re e
mpl
oym
ent h
arm
s to
subj
ects
of t
he
disc
iplin
ary
hear
ings
(a
ffect
ed 3
rd p
artie
s) o
n di
sclo
sure
wou
ld h
ave
been
ther
e an
yway
s be
caus
e of
the
disc
iplin
ary
hear
ing
and
not u
nfai
r to
disc
lose
if th
ey h
ad in
fact
br
each
ed p
olic
e re
gula
tions
/cod
es. S
o th
ese
fact
ors d
id n
ot
miti
gate
the
disc
losu
re.
F20
13-0
2 20
13
Gra
nde
Yello
whe
ad
• Co
mpl
aina
nts
succ
essf
ully
sued
for
•
•
• Im
plie
d un
dert
akin
g no
t to
use
info
rmat
ion
82 LAW & GOVERNANCE OF SECONDARY DATA USE
Publ
ic S
choo
l D
ivis
ion
No.
77
defa
mat
ion
by
Albe
rta
Teac
hers
’ As
soci
atio
n, p
rinc
ipal
an
d te
ache
r at s
choo
l th
eir s
on a
tten
ded.
•
Com
plai
nant
s co
mpl
aine
d PB
di
sclo
sed
thei
r PI t
o AT
A co
ntra
ct F
OIP
.
disc
lose
d th
roug
h a
pre-
tria
l dis
cove
ry p
roce
ss
appl
ied
to m
uch
of th
e in
form
atio
n at
issu
e. O
IPC
only
dea
lt w
ith in
fo in
Co
mpl
aina
nt’s
poss
essi
on
as re
sult
of a
cces
s req
uest
m
ade
to P
B by
Co
mpl
aina
nts.
•
Info
giv
en b
y PB
to A
TA a
s pa
rt o
f the
pre
-tri
al
disc
over
y pr
oces
s.
Cons
ider
PI b
ecau
e Co
mpl
aina
nts’
nam
es,
mar
ital s
tatu
s, o
pini
ons
abou
t Com
plai
nant
s and
Co
mpl
aina
nts’
pers
onal
vi
ews o
r opi
nion
s.
• Is
sues
with
subm
issi
ons
from
PB.
•
Just
ifica
tion
for
disc
losu
res m
ade
at t r
ial
of d
efam
atio
n cl
aim
by
PB
beca
use
Not
ice
to A
tten
d su
bmitt
ed. B
UT,
not
ju
stify
dis
clos
ure
of
reco
rds p
rior
to th
e tr
ial.
• O
PIC
foun
d th
at
Com
plai
nant
s’ PI
was
di
sclo
sed
to A
TA b
y PB
em
ploy
ees (
eith
er
supe
rint
ende
nt o
r pr
inci
pal)
[par
a. 3
8]. B
oth
mem
bers
of A
TA b
ut o
nly
prin
cipa
l was
par
ty to
lit
igat
ion.
•
FOIP
: gov
erns
the
actio
ns
of p
ublic
bod
ies,
not
in
divi
dual
s. S
o w
hen
indi
vidu
al a
ctin
g as
hea
d of
a p
ublic
bod
y, th
en
FOIP
app
lies b
ut n
ot w
hen
actin
g in
per
sona
l cap
acity
[p
ara.
44]
. •
Teac
hers
’ rig
hts t
o no
t be
defa
med
, wei
gh
83POLICYWISE
pow
erfu
lly in
favo
ur o
f di
sclo
sure
of P
I. [p
ara.
58]
D
iscl
osur
e im
port
ant t
o de
term
inat
ion
of ri
ghts
. P
2013
-08
2013
So
beys
Gro
up
Inc.
•
A fo
rem
an o
f O
rgan
izat
ion
calle
d he
r to
ask
abou
t her
ab
senc
e fr
om w
ork;
fo
rem
an to
ld h
er th
at
he h
ad re
ad h
er
pers
onne
l file
and
re
ad to
her
in
form
atio
n fr
om th
e fil
e ab
out h
er
disa
bilit
y cl
aim
mad
e to
her
insu
ranc
e co
mpa
ny. A
frie
nd o
f Co
mpl
aina
nt a
lso
calle
d he
r afte
r fo
rem
an h
ad to
ld
frie
nd a
bout
Co
mpl
aina
nt’s
disa
bilit
y cl
aim
. •
Com
plai
nt th
at
Org
aniz
atio
n ha
d im
prop
erly
col
lect
ed,
used
and
dis
clos
ed P
I w
hile
Com
plai
nant
on
med
ical
leav
e.
• O
rgan
izat
ion
did
not
part
icip
ate
in th
e in
quir
y.
• us
e •
Com
plai
nant
’s de
scri
ptio
n of
co
nver
satio
ns w
ith
fore
man
and
frie
nd m
et
initi
al b
urde
n of
pro
of
rega
rdin
g us
e an
d di
sclo
sure
[par
a. 12
]. •
PI/P
EI u
sed
whe
n fo
rem
an a
cces
sed
her
pers
onne
l file
and
di
scus
sed
the
disa
bilit
y cl
aim
stat
us w
ith
Com
plai
nant
. •
Beca
use
no su
bmis
sion
s,
uncl
ear w
hy fo
rem
an
wou
ld n
eed
to se
e en
tire
insu
rer l
ette
r and
det
ails
; ra
ther
than
lim
ited
to
know
that
dis
abili
ty c
laim
de
nied
. [pa
ra. 2
9].
• Bu
t, th
is in
fo a
lso
PI.
Coul
d be
exe
mpt
from
co
nsen
t und
er s.
17 P
IPA
unde
r spe
cifie
d ci
rcum
stan
ces.
But
, no
evid
ence
from
O
rgan
izat
ion
so fo
und
that
no
auth
ority
to u
se
PI w
ithou
t con
sent
.
• Fo
rem
an d
iscl
osed
PI/
PEI
whe
n fo
rem
an to
ld h
er
frie
nd/c
owor
ker t
hat t
he
Com
plai
nant
’s cl
aim
had
be
en d
enie
d [p
ara.
34]
. Po
ssib
le th
at fo
rem
an
disc
lose
d in
form
atio
n fo
r pu
rpos
e of
man
agin
g Co
mpl
aina
nt’s
empl
oym
ent;
but n
o su
bmis
sion
s so
not s
ure.
Bu
t, in
any
cas
e, n
ot
reas
onab
le to
dis
clos
e th
e st
atus
of t
he
Com
plai
nant
’s di
sabi
lity
clai
m [p
ara.
35]
. •
But,
this
info
als
o PI
. Co
uld
be e
xem
pt fr
om
cons
ent u
nder
s. 2
0 PI
PA
unde
r spe
cifie
d ci
rcum
stan
ces.
But
, no
evid
ence
from
O
rgan
izat
ion
so fo
und
that
no
aut
hori
ty to
col
lect
PI
disc
lose
con
sent
.
P20
14-0
3 20
14
Mor
pheu
s Th
eatr
e So
ciet
y &
St
oryb
rook
Th
eatr
e So
ciet
y
• M
arke
ting
emai
l fr
om S
tory
book
Th
eatr
e So
ciet
y. H
e co
mpl
aine
d to
St
oryb
ook,
whi
ch
stat
ed th
at a
n er
ror
in it
s dat
abas
e th
at
shar
ed w
ith
Mor
pheu
s The
atre
So
ciet
y ca
usin
g St
oryb
ook
to h
ave
acce
ss to
Mor
pheu
s pa
tron
info
rmat
ion.
• Co
mpl
aina
nt’s
past
sp
onso
rshi
p of
Sto
rybo
ok
mak
es th
e co
llect
ion
of P
I by
Stor
yboo
k no
long
er a
n is
sue
[par
a. 8
]. •
PI in
clud
es n
ame
and
emai
l ad
dres
s. S
o, P
I at i
ssue
. •
Stor
yboo
k is
a N
FP
inco
rpor
ated
und
er S
ocie
ties
Act,
so a
n N
FP u
nder
PIP
A.
• St
oryb
ook
sent
Co
mpl
aina
nt a
n em
ail
adve
rtis
ing
a St
oryb
ook
prog
ram
. So,
Sto
rybo
ok
used
the
Com
plai
nant
’s na
me
and
cont
act
info
rmat
ion
in se
ndin
g th
at e
mai
l. [p
ara.
20]
. •
Base
d on
pas
t dec
isio
n (P
2013
-D-0
1): “
A co
mm
erci
al a
ctiv
ity is
an
y tr
ansa
ctio
n, a
ct,
cond
uct o
r reg
ular
cou
rse
• Co
mpl
aina
nt w
as a
pas
t sp
onso
r of S
tory
book
, w
hich
is w
hy S
tory
book
ha
d th
e Co
mpl
aina
nt’s
PI.
So M
orph
eus d
id n
ot
disc
lose
info
rmat
ion
to
Stor
yboo
k. [p
ara.
8]
84 LAW & GOVERNANCE OF SECONDARY DATA USE
• Co
mpl
aint
that
M
orph
eus d
iscl
osed
PI
with
out c
onse
nt
and
Stor
yboo
k co
llect
ed a
nd u
sed
info
rmat
ion
PI
inap
prop
riat
ely.
M
orph
eus c
ompl
aint
w
ithdr
awn.
of c
ondu
ct th
at is
of a
co
mm
erci
al c
hara
cter
. …
the
defin
ition
is m
eant
to
capt
ure
activ
ities
that
are
m
ore
or le
ss c
omm
erci
al,
or a
ppea
r to
be
com
mer
cial
by
mos
t ac
coun
ts.
…. P
IPA
is
mea
nt to
app
ly to
Non
-pr
ofit
orga
niza
tions
that
ar
e ca
rryi
ng o
ut a
ctiv
ities
as
thou
gh th
ey a
re a
bu
sine
ss.”
[ pa
ra. 2
3]
• Se
lling
tick
ets o
r re
gist
ratio
n fo
r the
atre
pr
ogra
ms h
as
com
mer
cial
nat
ure
and
is
com
mer
cial
act
ivity
un
der P
IPA
[par
a. 2
4].
Mar
ketin
g St
oryb
ook’
s pr
ogra
mm
ing
is
com
mer
cial
act
ivity
usi
ng
PI [p
ara.
25]
. •
Stor
yboo
k ar
gues
that
it
inad
vert
ently
use
d Co
mpl
aina
nt’s
info
rmat
ion
for
mar
ketin
g pu
rpos
es. S
O,
cann
ot c
laim
had
au
thor
ity to
use
PI u
nder
s.
17 e
xem
ptio
ns to
co
nsen
t [pa
ra. 2
7].
• St
oryb
ook
disc
usse
d th
e da
taba
se c
olle
ctio
n m
eans
and
reas
ons t
hat
info
rmat
ion
is u
sed.
It
did
not a
rgue
that
it h
ad
obta
ined
con
sent
, in
any
form
, fro
m th
e Co
mpl
aina
nt to
use
his
pe
rson
al in
form
atio
n. S
o fo
und
that
no
cons
ent
exis
ted
[par
a. 3
0]. N
o au
thor
ity to
use
Co
mpl
aina
nt’s
PI to
em
ail h
im m
arke
ting
mat
eria
ls [p
ara.
31]
.
85POLICYWISE
• St
oryb
ook
orde
red
to
dele
te C
ompl
aina
nt’s
info
rmat
ion
from
da
taba
se.
F20
14-0
7 20
14
Bow
Val
ley
Colle
ge
• Pu
blic
Bod
y se
vere
d pe
rson
al in
form
atio
n fr
om re
cord
s whe
n re
spon
ding
to a
cces
s re
ques
t. Co
mpl
aina
nt
aske
d to
hav
e th
at
seve
ring
revi
ewed
. •
Com
plai
nant
co
mpl
aine
d th
at P
B ha
d di
sclo
sed
PI
cont
ra F
OIP
.
• In
form
atio
n at
issu
e in
clud
ed re
ferr
al le
tter
by
prog
ram
coo
rdin
ator
of P
B in
clud
ing
poss
ibili
ty o
f m
enta
l hea
lth a
sses
smen
t of
Com
plai
nant
.
•
• N
ot su
ffici
ent e
vide
nce
to
esta
blis
h th
at th
e PB
had
us
ed o
r dis
clos
ed h
is P
I. •
Com
plai
nant
subm
itted
th
at
• PB
arg
ued
that
shar
ed
cons
ent f
orm
and
refe
rral
fo
rms w
ith n
urse
. Sin
ce n
o as
sess
men
t con
duct
ed; n
o re
port
ing
or sh
arin
g of
in
form
atio
n ab
out
Com
plai
nant
bet
wee
n an
y he
alth
pro
fess
iona
l and
PB
. PB
did
not h
ave
any
evid
ence
to sh
ow P
B di
sclo
sed
his P
I to
med
ical
pr
ofes
sion
als,
stud
ents
or
to Ir
ania
n G
over
nmen
t. N
o ev
iden
tiary
bur
den
met
by
Com
plai
nant
. F2
014
-30
20
14
Appe
als
Com
mis
sion
for
Albe
rta
Wor
kers
’ Co
mpe
nsat
ion
• Ap
plic
ant m
ade
acce
ss re
ques
t und
er
FOIP
to P
B fo
r st
atis
tics r
egar
ding
nu
mbe
r of a
ppea
ls
cond
ucte
d by
PB
addr
essi
ng sp
ecifi
c po
licy
and
how
man
y of
thos
e ap
peal
s wer
e gr
ante
d.
• PB
resp
onde
d th
ere
wer
e no
reco
rds
resp
onsi
ve to
Ap
plic
ant’s
requ
est
and
sent
them
to
CanL
II w
ebsi
te.
• PB
arg
ued
that
it
mai
ntai
ns d
atab
ase
of d
ecis
ions
but
not
to
leve
l of d
etai
l tha
t Ap
plic
ant’s
requ
est
requ
ired
and
als
o
•
•
• An
ade
quat
e se
arch
re
quir
es a
pub
lic b
ody
to
take
eve
ry re
ason
able
ef
fort
to se
arch
for t
he
actu
al re
cord
s req
uest
ed
[par
a. 7
]. •
PB a
rgue
d th
at c
reat
ing
a re
spon
sive
reco
rd fo
r Ap
plic
ant w
ould
am
ount
to
con
duct
ing
rese
arch
for
a pa
rty
appe
arin
g be
fore
it:
“… c
ondu
ctin
g re
sear
ch
that
may
supp
ort a
pa
rtic
ular
app
eal o
r typ
e of
app
eal h
as th
e po
tent
ial
to c
reat
e a
reas
onab
le
appr
ehen
sion
of b
ias a
nd
is b
eyon
d th
e sc
ope
of it
s ro
le a
s an
inde
pend
ent
deci
sion
-mak
er.”
[par
a.
15].
86 LAW & GOVERNANCE OF SECONDARY DATA USE
argu
ed th
at c
reat
ing
reco
rd fr
om it
s el
ectr
onic
dat
a bas
e w
ould
unr
easo
nabl
y in
terf
ere
with
its
oper
atio
ns.
• R
eque
stor
’s id
entit
y is
not
to
influ
ence
how
requ
est i
s pr
oces
sed
[par
a. 16
]. •
“Whe
re a
PB
can
crea
te a
re
cord
from
info
rmat
ion
curr
ently
exi
stin
g in
el
ectr
onic
form
by
esse
ntia
lly m
anip
ulat
ing
the
data
, it h
as a
n ob
ligat
ion
to d
o so
in
resp
onse
to a
n ac
cess
re
ques
t, as
long
as i
t can
be
don
e us
ing
the
PB’s
norm
al h
ardw
are,
so
ftwar
e an
d te
chni
cal
expe
rtis
e an
d w
here
cr
eatin
g th
e re
cord
wou
ld
not u
nrea
sona
bly
inte
rfer
e w
ith th
e PB
’s op
erat
ions
.”
[par
a. 2
0].
• Ad
judi
cato
r agr
eed
with
PB
that
step
s req
uire
d (a
bout
1 em
ploy
ee
wor
king
fullt
ime
for 1
m
onth
) exc
eed
FOIP
re
quir
emen
ts.
• H
owev
er, t
here
may
be
anot
her a
venu
e to
sear
ch
the
reco
rds,
whi
ch w
as n
ot
fully
exp
lore
d by
PB.
PB
orde
red
to e
xplo
re th
at
poss
ibili
ty [p
ara.
34]
. P
2014
-02
2014
Co
nsum
er C
hoic
e Aw
ards
•
Org
aniz
atio
n fo
rwar
ded
chai
n of
em
ails
bet
wee
n O
rgan
izat
ion
and
Com
plai
nant
to 3
rd
part
y co
mpa
ny.
Com
plai
nant
arg
ued
this
was
dis
clos
ure
cont
ra P
IPA.
•
Org
aniz
atio
n di
d no
t ha
ve a
utho
rity
to
disc
lose
Co
mpl
aina
nt’s
PI.
• In
form
atio
n at
issu
e in
clud
ed n
ame,
wor
k em
ail
and
opin
ion
on c
ompa
ny.
Nam
e is
cle
arly
PI a
nd
pers
onal
opi
nion
cou
ld b
e PI
. Wor
k em
ail w
as P
I be
caus
e co
mm
unic
atio
n no
t pa
rt o
f job
dut
ies.
• N
/A
• O
rgan
izat
ion
stat
ed it
had
co
nsen
t. N
o ex
cept
ions
to
cons
ent f
rom
PIP
A ap
plie
d. N
o au
thor
ity to
di
sclo
se w
ithou
t con
sent
[p
ara.
19].
• Fo
r s. 8
(2) t
o ap
ply
(if g
ive
info
rmat
ion
with
out
cons
ent v
olun
tari
ly a
nd
reas
onab
le th
at p
erso
n w
ould
vol
unta
rily
pro
vide
in
form
atio
n), m
ust b
e ob
viou
s in
circ
umst
ance
s th
at O
rgan
izat
ion
wou
ld
87POLICYWISE
disc
lose
info
rmat
ion
to 3
rd
part
y co
mpa
ny [p
ara.
23]
. Th
e Co
mpl
aina
nt m
ust
know
the
purp
ose
befo
re
sect
ion
8 is
trig
gere
d [p
ara.
27]
. •
Org
aniz
atio
n in
form
ed
Com
plai
nant
that
they
w
ould
get
in to
uch
with
co
mpa
ny, b
ut it
was
not
ob
viou
s to
him
that
his
PI
wou
ld a
lso
be sh
ared
. R
easo
nabl
e in
terp
reta
tion
of O
rgan
izat
ion’
s st
atem
ent [
para
. 24]
. It
coul
d ha
ve b
een
a re
ason
able
inte
rpre
tatio
n th
at O
rgan
izat
ion
wou
ld
shar
e bo
th n
ame
and
com
plai
nant
. Her
e ke
y is
th
at th
ere
was
mor
e th
an
one
reas
onab
le
inte
rpre
tatio
n. G
iven
the
room
for
mis
inte
rpre
tatio
n, it
was
in
cum
bent
on
Org
aniz
atio
n to
cla
rify
be
fore
rely
ing
on th
e Co
mpl
aina
nt’s
failu
re to
ob
ject
to it
s sta
ted
plan
[p
ara.
27]
. Sec
tion
8(2)
te
st is
obj
ectiv
e[ p
ara.
28]
: “s
how
ing
that
it w
as n
ot
unre
ason
able
for t
he
Org
aniz
atio
n to
thin
k it
had
cons
ent i
s not
the
sam
e th
ing
as sh
owin
g th
at it
did
hav
e co
nsen
t.”
• Ex
pres
s con
sent
ent
ails
“y
ou m
ay d
iscl
ose
this
in
form
atio
n” [p
ara.
26]
. •
Org
aniz
atio
n co
uld
not
rely
on
both
hav
ing
cons
ent a
nd u
sing
the
notic
e op
tion
(opt
-out
) co
nsen
t. Th
ere
was
no
time
limit
prov
ided
to
88 LAW & GOVERNANCE OF SECONDARY DATA USE
Com
plai
nant
to st
op
disc
losu
re o
f PI.
Not
ice
that
is su
bjec
t to
diffe
rent
in
terp
reta
tions
is n
ot
notic
e th
at C
ompl
aina
nt
coul
d ha
ve re
ason
ably
be
en e
xpec
ted
to
unde
rsta
nd [p
ara.
31]
. F2
014
-21
2014
Al
bert
a H
uman
Se
rvic
es
• Se
rvic
e pr
ovid
er
cont
ract
ed b
y PB
. Co
mpl
aina
nt
com
plai
ned
that
se
rvic
e pr
ovid
er
colle
cted
, use
d an
d di
sclo
sed
his P
I co
ntra
FO
IP w
hen
arra
nged
refe
rral
s for
as
sess
men
t and
re
habi
litat
ion
serv
ices
to a
ssis
t him
re
: med
ical
co
nditi
on.
• Co
mpl
aina
nt a
rgue
d th
at se
rvic
e pr
ovid
er
acte
d as
PB.
• Se
rvic
e pr
ovid
er =
a
part
icul
ar so
ciet
y th
at h
elps
in
divi
dual
s with
a p
artic
ular
ty
pe o
f med
ical
con
ditio
n th
roug
h ed
ucat
ion
and
refe
rral
s to
com
mun
ity
reso
urce
s for
ass
essm
ent
and
reha
bilit
atio
n (d
oesn
’t pr
ovid
e th
e as
sess
men
t or
reha
bilit
atio
n se
rvic
es
itsel
f). C
ompl
aina
nt le
arnt
ab
out s
ervi
ce p
rovi
der i
n co
urse
of r
ecei
ving
serv
ices
fo
rm A
lber
ta W
orks
(= P
B).
• At
rele
vant
tim
e,
Mem
oran
dum
of A
gree
men
t fo
r Ser
vice
s bet
wee
n PB
and
se
rvic
e pr
ovid
er. P
B ac
know
ledg
es it
is
resp
onsi
ble
for t
he
colle
ctio
n, u
se, a
nd
disc
losu
re o
f the
Co
mpl
aina
nt’s
PI b
y se
rvic
e pr
ovid
er g
iven
latt
er
cont
ract
ed b
y PB
. So,
re
fere
nces
to se
rvic
e pr
ovid
er o
r its
staf
f is
indi
rect
refe
renc
e to
PB
[par
a. 2
]. •
PI a
t iss
ue b
ecau
se in
clud
ed
nam
e, a
ddre
ss, c
onta
ct
info
rmat
ion,
mar
ital s
tatu
s,
pers
onal
hea
lth n
umbe
r,
heal
th a
nd e
mpl
oym
ent
hist
ory
and
opin
ions
abo
ut
him
. [pa
ra. 5
]. •
Serv
ice
Prov
ider
con
trac
ted
to p
erfo
rm se
rvic
es a
s par
t of
pro
vinc
ial i
nita
tive;
thus
• Co
mpl
aina
nt a
llege
d PB
m
ade
impr
oper
use
of h
is
PI. B
ut, d
id n
ot c
lear
ly
expl
ain
that
impr
oper
us
e. H
ence
adj
udic
ator
vi
ewed
the
com
plai
nant
of
impr
oper
use
was
m
ore
rega
rdin
g fa
ct P
I di
sclo
sed
to c
erta
in th
ird
part
ies.
[par
a. 4
1]
• PB
may
bot
h us
e an
d di
sclo
se in
divi
dual
’s PI
fo
r pur
pose
for w
hich
PI
was
col
lect
ed o
r com
pile
d or
for a
use
con
sist
ent
with
that
pur
pose
[par
a.
43].
• In
mak
ing
refe
rral
s,
Serv
ice
Prov
ider
dis
clos
ed
Com
plai
nant
’s PI
[par
a.
27].
• Al
l dis
clos
ures
for p
urpo
se
of a
rran
ging
ass
ess m
ent
and
reha
bilit
atio
n se
rvic
es
as p
art o
f an
oper
atin
g pr
ogra
m o
r act
ivity
of P
B.
Rea
sona
ble
and
dire
ctio
n co
nnec
tion
to th
e co
llect
ion
of th
e PI
in th
e fir
st p
lace
. Nec
essa
ry fo
r op
erat
ing
a le
gally
au
thor
ized
pro
gram
of t
he
PB.
• So
me
agen
cies
no
refe
rral
m
ade,
just
con
tem
plat
ed
so n
o di
sclo
sure
. [pa
ra.
32].
• R
efer
rals
onl
y di
sclo
sed
fact
that
refe
rral
soug
ht,
reas
on fo
r ref
erra
l, an
d th
at C
ompl
aina
nt b
eing
as
sist
ed b
y Se
rvic
e Pr
ovid
er. M
inim
al
info
rmat
ion
nece
ssar
y.
Cons
iste
nt w
ith p
urpo
se o
f co
llect
ion.
[par
a. 3
9].
89POLICYWISE
initi
ativ
e =
oper
atin
g pr
ogra
m o
f the
PB.
•
Serv
ice
prov
ider
col
lect
ed P
I on
initi
al c
onta
ct in
take
fo
rm.
• Co
mpl
aina
nt st
ated
onl
y w
ante
d em
ploy
men
t as
sist
ance
not
re
habi
litat
ion;
so, f
elt t
hat
som
e he
alth
PI c
olle
cted
was
be
yond
wha
t nec
essa
ry.
• “…
eve
n if
the
Com
plai
nant
so
ught
em
ploy
men
t -re
late
d se
rvic
es o
nly,
it w
as st
ill p
art
of th
e PB
’s pr
ogra
m o
r ac
tivity
to c
onsi
der
arra
ngin
g re
ferr
als,
as
sess
men
t or r
ehab
ilita
tion
in o
rder
to d
eter
min
e w
hat
type
of e
mpl
oym
ent b
est
suite
d th
e Co
mpl
aina
nt.
[Adj
udic
ator
] the
refo
re
foun
d th
at th
e co
llect
ion
of
all o
f the
PI o
f the
Co
mpl
aina
nt…
was
au
thor
ized
by
s. 3
3(c)
.”
[par
a. 12
]. •
Whi
le c
onse
nt fo
rm
cont
empl
ated
col
lect
ion
of
PI fr
om c
erta
in a
genc
ies a
nd
indi
vidu
als,
in th
is c
ase
no
info
rmat
ion
colle
cted
in
actu
ality
. [pa
ra. 1
7].
• Se
rvic
e pr
ovid
er, a
s co
ntra
cted
by
PB, c
an fa
ll un
der F
OIP
exc
eptio
ns
rela
ted
to “e
mpl
oyee
s” a
nd
info
rmat
ion
shar
ing
whe
n fo
r pur
pose
of d
eliv
erin
g co
mm
on o
r int
egra
ted
prog
ram
or s
ervi
ce. [
para
. 22
]. F2
014
-28
2014
Al
bert
a H
ealth
•
Com
plai
nant
=
form
er e
mpl
oyee
of
PB. C
ompl
aine
d th
at
supe
rvis
or h
ad
•
•
• PB
cla
imed
that
sent
em
ail
for p
urpo
se o
f man
agin
g an
d ad
min
iste
ring
pe
rson
nel,
but c
once
ded
90 LAW & GOVERNANCE OF SECONDARY DATA USE
emai
led
all m
embe
rs
of P
B ex
ecut
ive
team
an
d di
sclo
sed
that
he
wou
ld b
e aw
ay fr
om
offic
e fo
r per
sona
l re
ason
s.
• Cl
aim
ed b
reac
h of
FO
IP.
• Al
so, b
elie
ved
that
em
ail h
ad b
een
forw
arde
d be
yond
or
igin
al d
istr
ibut
ion
list.
that
not
aut
hori
zed
to
disc
lose
nat
ure
of
Com
plai
nant
’s le
ave.
•
PB d
iscl
osed
mor
e PI
than
ne
cess
ary
to m
eet i
ts
stat
ed p
urpo
se. S
O
cont
rave
ned
s. 4
0(4)
FO
IP. D
iscl
osur
e of
leav
e w
as re
ason
able
and
au
thor
ized
; but
dis
clos
ure
of th
e re
ason
for t
he le
ave
was
not
aut
hori
zed.
An
othe
r mor
e ge
neri
c te
rm p
ossi
ble.
No
indi
catio
n of
co
nfid
entia
lity
in e
mai
l so
that
forw
arde
d oc
curr
ed.
• PB
mus
t onl
y di
sclo
se a
s pe
rmitt
ed b
y FO
IP a
nd
mus
t mak
e re
ason
able
se
curi
ty a
rran
gem
ents
to
prot
ect P
I. •
Dis
clo
F20
14-3
6 20
14
Albe
rta
Hea
lth
• In
divi
dual
mad
e ac
cess
requ
est t
o PB
un
der F
OIP
for a
ll po
licie
s, p
ast a
nd
pres
ent,
in re
gard
s to
the
clos
ing
of h
ealth
fa
cilit
ies.
•
PB p
rovi
ded
8 pa
ges
of re
cord
s and
w
ithhe
ld 4
4 pa
ges i
n en
tiret
y.
• Ap
plic
ant a
rgue
d po
licie
s out
line
proc
ess f
or m
akin
g de
cisi
ons o
n a
part
icul
ar m
atte
r,
and
do n
ot c
onta
in
info
rmat
ion
that
can
be
with
held
.
•
•
• W
ithhe
ld re
cord
s wer
e no
t re
spon
sive
to A
pplic
ant’s
re
ques
t. •
With
held
reco
rds “
draf
t in
tern
al c
orre
spon
denc
e an
d an
alys
is.”
Rec
ords
do
not p
erta
in to
com
plet
ed
polic
ies,
whi
ch A
pplic
ant
soug
ht so
not
app
licab
le.
[par
a. 11
].
F20
15-1
5 20
15
Albe
rta
Ener
gy
• Ac
cess
requ
est t
o PB
fo
r stu
dies
, rep
orts
or
docu
men
ts
com
pari
ng A
B
•
•
• N
umer
ical
info
rmat
ion
in
grap
hs o
r cha
rts i
n th
e re
cord
s at i
ssue
fell
unde
r s.
16(1
) of F
OIP
as
91POLICYWISE
roya
lty ra
tes a
nd
regi
me
for n
on-
rene
wab
le e
nerg
y re
sour
ces c
osts
to
roya
lty ra
tes a
nd
regi
mes
in o
ther
ju
risd
ictio
ns.
• So
me
resp
onsi
ve
reco
rds i
nclu
ded
info
rmat
ion
on a
pr
ivat
e se
ctor
or
gani
zatio
n (3
rd
part
y). P
B ga
ve
acce
ss to
App
lican
t; 3r
d par
ty re
ques
ted
revi
ew o
f dec
isio
n ar
guin
g di
sclo
sure
w
ould
be
harm
ful t
o bu
sine
ss in
tere
sts.
info
rmat
ion
was
trad
e se
cret
and
supp
lied
in
conf
iden
ce. D
iscl
osur
e co
uld
resu
lt in
har
m
enum
erat
ed in
s. 16
(1)©
if
disc
lose
d.
• 3r
d par
ty’s
nam
e co
uld
not
be w
ithhe
ld a
s it d
id n
ot
fall
into
any
of c
ateg
orie
s of
info
in s.
16(1
)(a)
.
F20
15-1
7 20
15
Coun
ty o
f St.
Paul
No.
19
• Co
mpl
aina
nt st
ates
G
razi
ng R
eser
ve se
nt
emai
l con
tain
ing
his
PI to
PB;
PB
gave
n em
ail t
o la
w fi
rm
repr
esen
ting
a Co
mm
issi
on o
f whi
ch
PB a
mem
ber f
or
Com
mis
sion
to u
se in
pr
ocee
ding
bef
ore
Envi
ronm
enta
l Ap
peal
s Boa
rd.
Com
mis
sion
no t
G
razi
ng R
eser
ve
part
y to
pro
ceed
ing.
•
Emai
l : in
form
atio
n re
gadi
ng u
nres
olve
d bi
ll fo
r a g
razi
ng fe
e ch
arge
d to
Co
mpl
aina
nt.
• Co
mpl
aina
nt a
rgue
d in
appr
opri
ate
colle
ctio
n an
d di
sclo
sure
of P
I due
to
lack
of a
utho
rity
.
• In
form
atio
n w
as a
bout
Co
mpl
aina
nt’s
agr i
cultu
ral
oper
atio
n, n
ot a
bout
him
as
indi
vidu
al. T
hus F
OIP
doe
s no
t app
ly.
• Pu
blic
Lan
ds A
ct su
ppor
ted
clai
m th
at p
erso
n to
who
m
graz
ing
allo
tmen
ts a
re
gran
ted
are
oper
atin
g a
busi
ness
. Mem
bers
hip
info
rmat
ion
incl
udin
g pa
ymen
t for
mem
bers
hip
is
info
rmat
ion
abou
t tha
t bu
sine
ss, n
ot P
I. [p
ara.
9]
• Pr
evio
us O
IPC
orde
rs fo
und
that
dis
clos
ure
of n
ame
not
unre
ason
able
inva
sion
of
priv
acy
per s
. 17
whe
re
asso
ciat
ed in
form
atio
n re
veal
s onl
y th
at in
divi
dual
ac
ting
in a
form
al,
repr
esen
tativ
e, p
rofe
ssio
nal,
offic
ial,
publ
ic o
r em
ploy
men
t cap
acity
, unl
ess
that
info
rmat
ion
also
has
a
pers
onal
dim
ensi
on. [
para
. 10
].
•
•
92 LAW & GOVERNANCE OF SECONDARY DATA USE
• In
farm
ing
cont
ext,
OIP
C pr
evio
usly
stat
ed th
at P
I “is
re
cord
ed in
form
atio
n ab
out
an id
entif
iabl
e in
divi
dual
, w
hich
mea
ns a
hum
an b
eing
ac
ting
in h
is o
r her
nat
ural
ca
paci
ty.”
PI d
istin
ct fr
om
info
rmat
ion
abou
t in
divi
dual
’s bu
sine
ss, n
o m
atte
r how
set -
up (e
.g. s
ole
prop
riet
orsh
ip, p
artn
ersh
ip,
unin
corp
orat
ed a
ssoc
iatio
n,
corp
orat
ion
or o
ther
ent
ity).
[par
a. 11
] •
If m
embe
rshi
p fe
es o
wed
, ow
ned
by C
ompl
aina
nt a
s an
orga
niza
tion,
not
as a
n in
divi
dual
[par
a. 13
]. F2
015
-27
20
15
Albe
rta
Just
ice
&
Solic
itor G
ener
al
• Fo
rmer
em
ploy
ee o
f PB
com
plai
ned
that
PB
CU
D h
is P
I con
tra
FIO
P w
hen
sear
ched
hi
s nam
e in
AB
Com
mun
ity O
ffend
er
Man
agem
ent
data
base
(ACO
M)
whi
le e
mpl
oyed
. •
PB d
id se
arch
to
veri
fy C
ompl
aina
nt’s
hone
sty
and
inte
grity
.
• Se
arch
was
of P
B’s o
wn
data
base
, so
not a
col
lect
ion
of C
ompl
aina
nt’s
PI.
• In
app
lyin
g fo
r job
, su
bmitt
ed c
rim
inal
reco
rd
chec
k, w
hich
show
ed n
o cr
imin
al c
onvi
ctio
ns.
• La
ter P
B co
ncer
ned
abou
t Co
mpl
aina
nt h
ones
ty, s
o ch
ecke
d AC
OM
and
foun
d on
e re
sult
of so
me
cont
act/
invo
lvem
ent.
• PB
did
not
hav
e au
thor
ity
to u
se C
ompl
inan
t’s P
I fr
om A
COM
dat
abas
ed
beca
use
info
rmat
ion
used
in
way
not
con
sist
ent
with
pur
pose
for w
hich
it
was
col
lect
ed.
• Pu
rpos
e of
ori
gina
l co
llect
ion
was
to tr
ack
offe
nder
s ser
ving
in
com
mun
ity a
nd to
ass
ist
empl
oyee
s of P
B in
volv
ed
with
thes
e of
fend
ers.
PB
acce
ss in
this
cas
e to
ve
rify
Com
plai
nant
’s pa
st
and
hone
sty.
Thu
s,
purp
oses
in c
olle
ctio
n an
d us
e no
t con
sist
ent.
Com
plai
n ant
not
of
fend
er se
rvin
g tim
e in
co
mm
unity
and
che
ckin
g ho
nest
y no
t par
t of
ACO
M d
atab
ase.
•
Nee
d co
nsis
tenc
y be
twee
n us
e an
d pu
rpos
e fo
r col
lect
ion.
• Co
mpl
aina
nt d
id n
ot
cons
ent t
o us
e an
d/or
di
sclo
sure
of h
is P
I. •
F20
15-2
6
2015
Ca
lgar
y Po
lice
Serv
ice
• Co
mpl
inan
t bel
ieve
d th
at h
er P
I and
that
•
Adju
dica
tor f
ound
that
PI
was
col
lect
ed fo
r pur
pose
s of
•
•
93POLICYWISE
of h
er k
ids w
as
colle
cted
by
PB
cont
ra F
OIP
. •
PB re
ceiv
ed c
all t
hat
youn
g ch
ild a
nd
infa
nt le
ft al
one
in
mot
or v
ehic
le in
sh
oppi
ng c
entr
e pa
rkin
g lo
t for
10
min
utes
at t
ime
of
call.
Whe
n po
lice
arri
ved,
car
gon
e.
Calle
r gav
e lic
ense
nu
mbe
r.
• PB
team
att
ende
d Co
mpl
aina
nt h
ouse
to
dis
cuss
cas
e an
d is
sue.
Sub
mitt
ed
polic
e re
port
s on
inve
stig
ativ
e fin
ding
s.
• Co
mpl
aina
nt fe
lt PB
sh
ould
not
hav
e co
llect
ed h
er P
I.
law
enf
orce
men
t and
was
th
eref
ore
perm
itted
und
er
FOIP
. •
Safe
ty c
once
rns f
or c
hild
ren.
N
eed
for t
reat
ass
essm
ent,
and
thus
was
law
en
forc
emen
t mat
ter.
•
Afte
r a p
oten
tial l
aw
enfo
rcem
ent m
atte
r is
conc
lude
d, re
cord
s of w
hat
tran
spir
ed sh
ould
still
be
mad
e. T
rans
pare
ncy
of th
ese
inte
ract
ions
is c
ritic
al fo
r up
hold
ing
righ
ts.
F20
16-4
1
2016
Se
rvic
e Al
bert
a •
The
Cana
da R
even
ue
Agen
cy (t
he C
RA)
m
ade
a re
ques
t to
the
PB fo
r the
Ap
plic
ant’s
phy
sica
l ad
dres
s.
• Th
e Pu
blic
Bod
y pr
ovid
ed th
e ad
dres
s it
had
on fi
le;
how
ever
, thi
s add
ress
pr
oved
to b
e a
mai
ling,
rath
er th
an
resi
dent
ial,
addr
ess.
•
Whe
n th
e Ap
plic
ant
appl
ied
to re
new
her
m
otor
veh
icle
re
gist
ratio
n, th
e PB
re
quir
ed h
er to
pr
ovid
e pr
oof o
f the
ad
dres
s of h
er
resi
denc
e (t
he
Appl
ican
t’s “p
hysi
cal
• Th
e Ap
plic
ant c
ompl
aine
d th
at th
e Pu
blic
Bod
y ha
d co
ntra
vene
d th
e FO
IP A
ct
whe
n it
disc
lose
d he
r pe
rson
al in
form
atio
n to
the
CRA.
The
Adj
udic
ator
de
term
ined
that
sect
ion
4 ap
plie
d to
som
e re
cord
s, a
s th
ese
reco
rds w
ere
crea
ted
from
info
rmat
ion
in th
e of
fice
of th
e R
egis
trar
of
Mot
or V
ehic
le S
ervi
ces.
H
owev
er, s
he fo
und
that
se
ctio
n 20
did
not
aut
hori
ze
the
PB to
with
hold
any
of
the
info
rmat
ion
to w
hich
it
had
appl
ied
this
pro
visi
on
and
she
orde
red
disc
losu
re
of th
is in
form
atio
n.
• Th
e Ad
judi
cato
r det
erm
ined
th
at th
e PB
had
two
purp
oses
for c
olle
ctin
g th
e Ap
plic
ant’s
phy
sica
l add
ress
:
•
•
94 LAW & GOVERNANCE OF SECONDARY DATA USE
addr
ess”
with
in th
e te
rms o
f the
Ope
rato
r Li
cens
ing
and
Vehi
cle
Cont
rol
Reg
ulat
ion)
. •
Whe
n sh
e pr
ovid
ed
the
requ
este
d pr
oof,
an in
vest
igat
or o
f the
PB
con
tact
ed th
e CR
A to
info
rm it
that
th
e Ap
plic
ant h
ad
prov
ided
a n
ew
phys
ical
add
ress
and
su
ppor
ting
docu
men
tatio
n.
• Th
e CR
A th
en
requ
este
d th
e ph
ysic
al a
ddre
ss a
nd
the
PB p
rovi
ded
it.
Afte
r the
CR
A ob
tain
ed th
e ph
ysic
al
addr
ess,
the
CRA
obta
ined
a C
ourt
or
der t
o ob
tain
the
phys
ical
add
ress
and
th
e su
ppor
ting
docu
men
tatio
n th
e Ap
plic
ant h
ad
prov
ided
. The
CR
A su
bseq
uent
ly
initi
ated
lega
l pr
ocee
ding
s aga
inst
th
e Ap
plic
ant.
The
Appl
ican
t mad
e a
requ
est f
or h
er fi
le
from
the
PB u
nder
th
e Fr
eedo
m o
f In
form
atio
n an
d Pr
otec
tion
of P
riva
cy
Act (
the
FOIP
Act
).
• Th
e PB
refu
sed
acce
ss to
the
file
on
the
basi
s of s
ectio
ns 4
(A
pplic
atio
n) a
nd 2
0 (D
iscl
osur
e H
arm
ful
to L
aw E
nfor
cem
ent)
. Th
e Ap
plic
ant s
ough
t
the
first
was
for e
nsur
ing
that
the
Reg
istr
ar h
ad
suffi
cien
t inf
orm
atio
n to
m
ake
a de
term
inat
ion
as to
w
heth
er th
e Ap
plic
ant w
as a
re
side
nt o
f Alb
erta
and
the
seco
nd w
as to
ass
ist t
he
CRA.
•
The
Adj
udic
ator
det
erm
ined
th
at a
ssis
ting
the
CRA
was
no
t a p
urpo
se fo
r whi
ch th
e PB
was
aut
hori
zed
by th
e FO
IP A
ct to
col
lect
per
sona
l in
form
atio
n. T
he
Adju
dica
tor d
eter
min
ed th
at
the
PB h
ad d
iscl
osed
the
Appl
ican
t’s p
erso
nal
info
rmat
ion
on fo
ur
occa
sion
s. S
he fo
und
that
th
e fir
st th
ree
disc
losu
res
wer
e no
t aut
hori
zed
by th
e FO
IP A
ct, b
ut th
at th
e fo
urth
di
sclo
sure
, whi
ch w
as m
ade
to c
ompl
y w
ith a
Cou
rt
orde
r, w
as a
utho
rize
d. T
he
Adju
dica
tor o
rder
ed th
e PB
to
dis
clos
e th
e in
form
atio
n to
whi
ch it
had
app
lied
sect
ion
20 a
nd o
rder
ed it
to
ceas
e co
llect
ing,
usi
ng, a
nd
disc
losi
ng th
e Ap
plic
ant’s
pe
rson
al in
form
atio
n in
co
ntra
vent
ion
of th
e FO
IP
Act.
95POLICYWISE
revi
ew o
f thi
s de
cisi
on.
F20
16-2
6
2016
Ed
mon
ton
Publ
ic
Scho
ol D
istr
ict
No.
7
• Co
mpl
aina
nt is
fe
mal
e tr
ansg
ende
r st
uden
t at s
choo
l run
by
PB.
•
Com
plai
ned
that
PB
disc
lose
d he
r PI
cont
ra F
OIP
whe
n te
ache
rs d
ispl
ayed
or
calle
d ou
t her
lega
l na
me,
whi
ch is
a
typi
cally
mal
e na
me.
•
Com
plai
nant
and
pa
rent
s met
with
sc
hool
offi
cial
s;
offic
ials
told
that
they
co
uld
advi
se
Com
plai
nant
’s te
ache
rs th
at sh
e w
as
tran
sgen
der b
ut d
id
not w
ant s
choo
l bod
y aw
are
of th
is. S
choo
l of
ficia
ls a
gree
d an
d as
sure
d in
form
atio
n pr
ivac
y. O
ne
acco
mm
odat
ion
was
to
use
pap
er li
st fo
r ro
ll ca
ll (w
ith
pref
erre
d na
me)
not
co
mpu
ter l
ist (
with
le
gal n
ot c
hose
n na
me)
. On
num
ber o
f oc
casi
ons,
lega
l nam
e di
spla
yed
on sc
reen
at
fron
t of c
lass
room
vi
sibl
e to
cla
ss; o
ne 2
oc
casi
ons t
each
er o
r st
uden
t rea
d le
gal
nam
e; 1
o cca
sion
su
pply
teac
her l
oudl
y di
scus
sed
proc
ess f
or
nam
e ch
ange
. •
Man
y of
inci
dent
s in
volv
ed su
pply
te
ache
rs;
Com
plai
nant
adv
ised
• PI
at i
ssue
(nam
e, se
x, a
nd
that
gen
der i
dent
ity
diffe
rent
form
her
sex
at
birt
h).
• Le
gal n
ame
not c
hang
ed a
nd
refle
cted
that
she
was
bor
n ph
ysic
ally
mal
e.
• Be
caus
e Co
mpl
aina
nt
requ
este
d th
at in
form
atio
n no
t be
disc
lose
d, th
en
disc
losi
ng it
not
un
reas
onab
le i n
vasi
on o
f her
pr
ivac
y.
• D
iscl
osur
e w
as n
ot p
rude
nt
or n
eces
sary
in th
e ci
rcum
stan
ces,
so c
ontr
a s.
40
(4) F
OIP
.
•
• PB
agr
eed
it ha
d br
each
ed
FOIP
and
had
not
mad
e pr
oper
secu
rity
ar
rang
emen
ts to
pro
tect
Co
mpl
aina
nt’s
PI.
• PI
Dis
clos
ed in
bre
ach
of
s. 4
0 of
Act
. •
PB fa
iled
to m
ake
prop
er
secu
rity
arr
ange
men
ts, b
ut
note
d th
at d
raft
polic
y cr
eate
d af
ter t
hese
br
each
es a
ddre
ssed
co
ncer
ns ra
ised
by
Com
plai
nant
. Dra
ft po
licy
incl
udes
info
rmin
g st
uden
ts th
at th
eir c
hose
n na
me
and
gend
er c
an b
e ch
ange
d co
nfid
entia
lity
i n
com
pute
r sch
ool r
ecor
ds
with
sign
ed p
aren
t co
nsen
t and
dis
cuss
ion;
w
ithou
t Dis
tric
t let
ter
scho
ol w
ill e
nsur
e st
uden
t’s c
hose
n na
me
and
chos
en g
ende
r co
rrec
tly e
nter
ed in
to h
ard
copy
; sup
ply
teac
hers
will
be
info
rmed
via
info
pa
ckag
e an
d ve
rbal
ly to
us
e on
ly la
st n
ame
for
stud
ents
’ in
roll
call
and
not u
se sc
reen
; pri
ncip
al
to in
stru
ct st
aff t
o on
ly u
se
last
nam
es.
96 LAW & GOVERNANCE OF SECONDARY DATA USE
that
bin
der i
s cre
ated
fo
r sup
ply
teac
hers
an
d co
ntai
ns in
fo
that
teac
her m
ust
take
att
enda
nce
from
pa
per c
opy
of c
lass
lis
t. P
2016
-07
20
16
Red
i Ent
erpr
ises
So
ciet
y •
Org
aniz
atio
n re
ques
ted
wri
tten
ac
coun
t of
Com
plai
nant
’s cr
imin
al c
onvi
ctio
n.
• Co
mpl
aina
nt a
rgue
d th
at w
as c
ontr
a PI
PA.
• Em
ploy
ee si
tuat
ion.
•
Did
not
det
erm
ine
if PI
PA
appl
ied
beca
use
NFP
, pa
rtie
s agr
ee to
go
forw
ard
assu
min
g it
did
appl
y.
• In
form
atio
n w
as n
ever
pr
ovid
ed, j
ust r
eque
sted
. •
“PIP
A ba
lanc
es th
e ri
ght o
f an
indi
vidu
al to
pri
vacy
of
thei
r PI w
ith th
e ne
ed fo
r an
orga
niza
tion
to C
UD
PI.
If
an o
rgan
izat
ion
can
dem
onst
rate
the
colle
ctio
n of
PI i
s nec
essa
ry to
ena
ble
it to
mee
t cer
tain
reas
onab
le
purp
oses
and
it is
col
lect
ed
in a
reas
onab
le m
anne
r,
then
the
colle
ctio
n m
ay b
e al
low
ed u
nder
the
Act.”
[p
ara.
10].”
•
Org
aniz
atio
n ha
d po
licy
of
requ
irin
g a
wri
tten
, sig
ned
acco
unt o
f the
cri
min
al
activ
ities
of i
ts e
mpl
oyee
s.
[par
a. 18
]. •
This
info
rmat
ion
is a
re
quir
emen
t to
shar
e [p
ara.
23
]. Co
llect
ion
is so
lely
for
empl
oym
ent r
elat
ed
purp
oses
. Evi
denc
e th
at
info
rmat
ion
cont
aine
d in
em
ploy
ee fi
le a
nd u
sed
only
to
man
age
empl
oym
ent
rela
tions
hip.
Thi
s re
ason
able
exp
lana
tion:
O
rgan
izat
ion
gave
suffi
cien
t no
tice,
use
d to
man
age
empl
oym
ent r
elat
ions
hip,
w
orks
with
vul
nera
ble
•
•
97POLICYWISE
that
bin
der i
s cre
ated
fo
r sup
ply
teac
hers
an
d co
ntai
ns in
fo
that
teac
her m
ust
take
att
enda
nce
from
pa
per c
opy
of c
lass
lis
t. P
2016
-07
20
16
Red
i Ent
erpr
ises
So
ciet
y •
Org
aniz
atio
n re
ques
ted
wri
tten
ac
coun
t of
Com
plai
nant
’s cr
imin
al c
onvi
ctio
n.
• Co
mpl
aina
nt a
rgue
d th
at w
as c
ontr
a PI
PA.
• Em
ploy
ee si
tuat
ion.
•
Did
not
det
erm
ine
if PI
PA
appl
ied
beca
use
NFP
, pa
rtie
s agr
ee to
go
forw
ard
assu
min
g it
did
appl
y.
• In
form
atio
n w
as n
ever
pr
ovid
ed, j
ust r
eque
sted
. •
“PIP
A ba
lanc
es th
e ri
ght o
f an
indi
vidu
al to
pri
vacy
of
thei
r PI w
ith th
e ne
ed fo
r an
orga
niza
tion
to C
UD
PI.
If
an o
rgan
izat
ion
can
dem
onst
rate
the
colle
ctio
n of
PI i
s nec
essa
ry to
ena
ble
it to
mee
t cer
tain
reas
onab
le
purp
oses
and
it is
col
lect
ed
in a
reas
onab
le m
anne
r,
then
the
colle
ctio
n m
ay b
e al
low
ed u
nder
the
Act.”
[p
ara.
10].”
•
Org
aniz
atio
n ha
d po
licy
of
requ
irin
g a
wri
tten
, sig
ned
acco
unt o
f the
cri
min
al
activ
ities
of i
ts e
mpl
oyee
s.
[par
a. 18
]. •
This
info
rmat
ion
is a
re
quir
emen
t to
shar
e [p
ara.
23
]. Co
llect
ion
is so
lely
for
empl
oym
ent r
elat
ed
purp
oses
. Evi
denc
e th
at
info
rmat
ion
cont
aine
d in
em
ploy
ee fi
le a
nd u
sed
only
to
man
age
empl
oym
ent
rela
tions
hip.
Thi
s re
ason
able
exp
lana
tion:
O
rgan
izat
ion
gave
suffi
cien
t no
tice,
use
d to
man
age
empl
oym
ent r
elat
ions
hip,
w
orks
with
vul
nera
ble
•
•
popu
latio
n an
d se
eks s
afe
and
secu
re e
nvir
o nm
ent,
trea
ted
as c
onfid
entia
l in
form
atio
n.
• O
rgan
izat
ion
in c
ompl
ianc
e w
ith s.
15 P
IPA.
P
2016
-08
20
16
Albe
rta
Asse
ssor
s As
soci
atio
n •
Org
aniz
atio
n di
sclo
sed
her P
I by
usin
g a
data
m
atch
ing
data
base
to
anal
yze
dem
onst
ratio
n re
port
su
bmitt
ed to
UBC
. Co
mpl
aina
nt’s
nam
e an
d st
uden
t num
ber
incl
uded
in
dem
onst
ratio
n re
port
. •
Org
aniz
atio
n to
ok
disc
iplin
ary
mea
sure
s aga
inst
Co
mpl
aina
nt o
n ba
sis
of a
naly
sis o
f de
mon
stra
tion
repo
rt.
• Co
mpl
aina
nt
com
plai
ns th
ese
actio
ns c
ontr
a PI
PA>
• O
rgan
izat
ion
= N
FP p
er s.
56
PIP
A. N
ot a
pro
fess
iona
l re
gula
tory
org
aniz
atio
n.
• O
rgan
izat
ion
CUD
Co
mpl
aina
nt’s
PI a
s par
t of
its re
gula
tory
and
di
scip
linar
y fu
nctio
n.
• Co
mm
erci
al a
ctiv
ities
ty
pica
lly th
ose
invo
lvin
g bu
ying
, sel
ling,
or e
xcha
nge
of g
oods
or s
ervi
ces [
para
. 13
]. •
PIPA
did
not
app
ly b
ecau
se
CUD
not
in c
onne
ctio
n w
ith
com
mer
cial
act
ivity
. •
Org
aniz
atio
n CU
D P
I th
roug
h ap
plic
atio
n of
so
ftwar
e fo
r pur
pose
of
regu
latin
g m
embe
r of
asse
ssor
pro
fess
ion,
not
in
conn
ectio
n w
ith p
urch
ase
of
softw
are.
[ pa
ra 19
]. •
Fine
s are
not
goo
ds o
r se
rvic
es, a
nd th
ey a
re n
ot
boug
ht, s
old
or e
xcha
nged
[p
ara.
20]
. In
asse
ssin
g th
e fin
es a
nd c
osts
, the
di
scip
linar
y co
mm
ittee
was
no
t pro
vidi
ng a
goo
d or
a
serv
ice,
or r
equi
ring
that
the
Com
plai
nant
pur
chas
e a
good
or a
serv
ice.
As
sess
men
t of f
ines
doe
s nto
ha
ve a
com
mer
cial
ch
arac
ter.
•
•
H20
16-0
2
2016
Al
bert
a H
ealth
Se
rvic
es
• Co
mpl
aina
nt
requ
este
d di
sclo
sure
lo
gs fo
r her
AB
Elec
tron
ic H
ealth
R
ecor
ds (N
etCa
re).
• Cu
stod
ian
conc
eded
that
Co
mpl
aina
nt’s
heal
th
info
rmat
ion
had
been
use
d w
ithou
t aut
hori
zatio
n.
•
• Ad
judi
cato
r req
uire
d Cu
stod
ian
to p
ut in
pla
ce
safe
guar
ds th
at p
rote
cted
Co
mpl
aina
nt’s
HI f
rom
sp
ecifi
c id
entif
iabl
e ri
sk.
98 LAW & GOVERNANCE OF SECONDARY DATA USE
She
disc
usse
d th
at
indi
vidu
al (A
ffilia
te)
had
revi
ewed
her
HI.
Com
plai
nant
kne
w
Affil
iate
and
kne
w
they
had
no
reas
on to
re
view
her
reco
rd.
• Co
mpl
aina
nt b
elie
ves
Affil
iate
may
hav
e ob
tain
ed in
form
atio
n in
reco
rds a
nd u
sed
it to
con
tact
Co
mpl
aina
nt’s
empl
oyer
and
an
othe
r ind
ivid
ual.
• Br
each
of s
. 25
HIA
occ
urre
d by
Cus
todi
an’s
affil
iate
[ pa
ra. 4
]. Af
filia
te a
cces
sed
HI o
n on
e oc
casi
on w
ith n
o ne
ed to
kno
w. U
sed
it to
co
ntac
t Com
plai
nant
em
ploy
er to
com
plai
n ab
out
Com
plai
nant
; day
late
r the
y w
ere
rem
orse
ful a
nd
with
drew
that
com
plai
nant
.
• Cu
rren
t saf
egua
rds
incl
uded
trai
ning
and
aw
aren
ess p
roce
dure
s; IT
po
licie
s lim
iting
CU
to
auth
oriz
ed p
erso
n nel
; po
licie
s pro
vidi
ng fo
r ed
ucat
ion,
trai
ning
and
au
ditin
g of
com
plia
nce
with
pol
icie
s; p
olic
ies
outli
ning
repo
rtin
g an
d br
each
dis
cipl
ine;
pol
icie
s re
: mon
itori
ng a
nd
audi
ting
of IT
reso
urce
s.
• Cu
stod
ian
reco
gniz
ed ri
sk
that
em
ploy
ees a
nd
affil
iate
s may
use
or a
cces
s H
I with
out a
utho
rity
; po
licy
mea
sure
s out
lined
in
tend
ed to
pro
tect
ag
ains
t suc
h un
auth
oriz
ed
use
or a
cces
s. [p
ara.
12].
• Al
l sec
urity
step
s mus
t be
reas
onab
le: m
itiga
tion
stra
tegi
es d
o no
t nee
d to
be
per
fect
; inf
orm
atio
n se
curi
ty a
nd b
reac
hes m
ay
still
occ
ur e
ven
whe
n re
ason
able
safe
guar
ds
have
bee
n im
plem
ente
d [p
ara.
13].
• Cu
stod
ian
foun
d to
hav
e ta
ken
reas
onab
le st
eps t
o m
aint
ain
safe
guar
ds to
ge
nera
lly p
rote
ct H
I co
nfid
entia
lity
and
gene
rally
pro
tect
aga
inst
re
ason
ably
ant
icip
ated
un
auth
oriz
e d U
D o
r acc
ess
to H
I [pa
ra. 1
5].
• Bu
t, no
t cle
ar th
at
reas
onab
le st
eps t
aken
to
miti
gate
risk
from
id
entif
iabl
e in
divi
dual
(A
ffilia
te).
[par
a. 16
]. N
o in
form
atio
n re
gard
ing
revi
ew o
f Affi
liate
’s ac
cess
in
Med
itech
and
Net
care
99POLICYWISE
[par
a. 19
]. O
IPC
not t
old
date
s tha
t rev
iew
per
iod
cove
red
nor t
hat t
here
w
ould
be
furt
her r
evie
ws.
•
Affil
iate
face
d sa
nctio
ns
from
gov
erni
ng
prof
essi
onal
bod
y in
clud
ing
man
dato
ry
com
plet
ion
of m
odul
es o
n et
hics
and
pri
vacy
. [ p
ara.
21
]. •
Cust
odia
n m
aske
d Co
mpl
aina
nt’s
Net
care
in
form
atio
n so
add
ition
al
laye
r of p
riva
cy to
her
in
form
atio
n fr
om a
ll em
ploy
ees a
nd a
ffilia
tes o
f Cu
stod
ian
(not
just
this
Af
filia
te).
• Af
filia
te h
ad to
wri
te le
tter
of
apo
logy
to C
ompl
aina
nt
and
her e
mpl
oyer
. But
le
tter
of a
polo
gy d
iffer
ent
from
fact
s to
prof
essi
o nal
bo
dy. T
o pr
ofes
sion
al
body
, adm
itted
acc
ess f
or
pers
onal
use
, not
“no
reas
on” a
s to
OIP
C. [p
ara.
25
]. •
Foun
d th
at C
usto
dian
not
de
mon
stra
ted
how
to
prot
ect a
gain
st a
ny
reas
onab
ly a
ntic
ipat
ed
unau
thor
ized
use
, di
sclo
sure
or a
cces
s to
Com
plai
nant
’s or
oth
ers’
HI b
y Af
filia
te [p
ara.
27]
. •
Com
plai
nant
des
crib
ed
harm
she
suffe
red
from
Af
filia
te’s
actio
ns
incl
udin
g si
gnifi
cant
re
ticen
ce to
acc
ess
heal
thca
re.
H20
16-0
6 (n
ot
2016
Al
bert
a H
ealth
Se
rvic
es
• Th
e Co
mpl
aina
nt
mad
e a
com
plai
nt
that
two
phys
icia
ns
• Sh
e fo
und
that
the
phys
icia
ns h
ad g
aine
d ac
cess
ed to
the
• Sh
e de
term
ined
that
af
filia
tes m
ay u
se o
r di
sclo
se h
ealth
• Th
e tw
o ph
ysic
ians
als
o di
sclo
sed
the
heal
th
info
rmat
ion
they
had
100 LAW & GOVERNANCE OF SECONDARY DATA USE
prin
ted)
ga
ined
acc
ess t
o he
r he
alth
info
rmat
ion
from
Alb
erta
Net
care
in
con
trav
entio
n of
th
e H
ealth
In
form
atio
n Ac
t (H
IA).
• Al
bert
a H
ealth
Se
rvic
es (A
HS)
, w
hich
ope
rate
d th
e fa
cilit
ies a
t whi
ch th
e ac
cess
es o
ccur
red,
an
d th
e tw
o ph
ysic
ians
invo
lved
co
nced
ed th
at th
e tw
o ph
ysic
ians
had
ga
ined
acc
ess t
o th
e Co
mpl
aina
nt’s
heal
th
info
rmat
ion
in 2
008
for t
he p
urpo
se o
f ad
dres
sing
a
com
plai
nt to
the
Dep
artm
ent C
hair
th
at h
ad b
een
mad
e ab
out c
are
they
had
pr
ovid
ed to
the
Com
plai
nant
, and
ag
ain
in 2
012
for t
he
purp
ose
of d
efen
ding
th
emse
lves
in a
re
late
d he
arin
g co
nduc
ted
by th
e Al
bert
a Co
llege
of
Phys
icia
ns a
nd
Surg
eons
(the
Co
llege
).
Com
plai
nant
’s he
alth
in
form
atio
n fo
r the
ir o
wn
pers
onal
pur
pose
s, ra
ther
th
an th
ose
of A
HS,
and
that
AH
S ha
d, b
y op
erat
ion
of
sect
ion
62(2
) of t
he H
IA,
cont
rave
ned
sect
ion
25
(pro
hibi
tion
rega
rdin
g us
e of
he
alth
info
rmat
ion)
of t
hat
Act o
n th
ose
occa
sion
s whe
n th
e tw
o ph
ysic
ians
did
this
. Al
thou
gh th
e Ad
judi
cato
r or
dere
d th
e tw
o ph
ysic
ians
to
mee
t the
ir d
uty
to c
ompl
y w
ith th
e H
IA a
nd it
s re
gula
tions
whe
n th
ey u
se
and
disc
lose
hea
lth
info
rmat
ion,
the
Adju
dica
tor
deci
ded
that
she
coul
d no
t or
der t
he tw
o ph
ysic
ians
to
com
ply
with
AH
S’s p
o lic
ies
and
proc
edur
es, g
iven
that
do
ing
so w
ould
not
ens
ure
the
conf
iden
tialit
y of
the
Com
plai
nant
’s he
alth
in
form
atio
n.
info
rmat
ion
only
at t
he
dire
ctio
n of
, und
er th
e au
thor
ity o
f, or
on
beha
lf of
, the
cus
todi
an w
ith
who
m th
ey a
re a
ffilia
ted.
obta
ined
to th
e Co
llege
. Th
e Ad
judi
cato
r de
term
ined
that
AH
S w
as
the
cust
odia
n in
this
cas
e,
and
that
the
two
phys
icia
ns w
ere
affil
iate
s of
AH
S.
• Th
e Ad
judi
cato
r als
o de
term
ined
that
the
Com
plai
nant
’s he
alth
in
form
atio
n ha
d be
en
disc
lose
d to
the
Colle
ge b
y th
e tw
o ph
ysic
ians
for t
he
purp
ose
of d
efen
ding
th
emse
lves
in a
com
plai
nt.
She
foun
d th
at a
ffilia
tes
may
dis
clos
e he
alth
in
form
atio
n on
ly u
nder
th
e au
thor
ity o
f, or
on
beha
lf of
the
cust
odia
n w
ith w
hom
they
are
af
filia
ted
and
are
subj
ect
to th
e sa
me
limita
tions
to
whi
ch th
e 2
cust
odia
n is
su
bjec
t whe
n th
ey d
o so
. •
She
dete
rmin
ed th
at A
HS
wou
ld h
ave
had
no
auth
ority
to d
iscl
ose
the
Com
plai
nant
’s he
alth
in
form
atio
n in
the
circ
umst
ance
s in
whi
ch
the
two
affil
iate
s dis
clos
ed
it, a
s AH
S w
as n
ot a
par
ty
to th
e co
mpl
aint
co
nduc
ted
by th
e Co
llege
, an
d ha
d no
t rec
eive
d a
form
al d
eman
d fo
r the
re
cord
s.
• Th
e Ad
judi
cato
r co
nclu
ded
that
thes
e ac
cess
es a
nd d
isc l
osur
es
caus
ed A
HS
to c
ontr
aven
e se
ctio
ns 2
5 an
d 31
of t
he
HIA
. The
Adj
udic
ator
de
term
ined
that
AH
S’s
polic
ies a
nd p
roce
dure
s w
ere
not a
dequ
ate
to
101POLICYWISE
prot
ect t
he C
ompl
aina
nt’s
heal
th in
form
atio
n fr
om
the
risk
s of u
naut
hori
zed
use
and
disc
losu
re, a
s the
y ap
pear
ed to
per
mit
affil
iate
s to
use
and
disc
lose
hea
lth
info
rmat
ion
for t
heir
ow
n pe
rson
al p
urpo
ses,
rath
er
than
pur
pose
s of A
HS
that
ar
e au
thor
ized
by
sect
ions
27
and
35
of th
e H
IA.
Whi
le th
e Ad
judi
cato
r fo
und
that
use
and
di
sclo
sure
of t
he
Com
plai
nant
’s he
alth
in
form
atio
n by
the
two
phys
icia
ns h
ad le
d AH
S to
co
ntra
vene
the
HIA
, it
appe
ared
that
the
two
phys
icia
ns h
ad n
ot
cont
rave
ned
AHS
polic
ies
and
proc
edur
es w
hen
they
us
ed a
nd d
iscl
osed
the
Com
plai
nant
’s he
alth
in
form
atio
n fo
r the
ir o
wn
pers
onal
pur
pose
s.
• Th
e Ad
judi
cato
r ord
ered
AH
S to
cea
se u
sing
and
di
sclo
sing
the
Com
plai
nant
’s he
alth
in
form
atio
n in
co
ntra
vent
ion
of th
e H
IA.
She
sugg
este
d th
at
com
plia
nce
with
the
orde
r co
uld
be a
chie
ved
by
revi
sing
the
polic
ies a
nd
proc
edur
es fo
r affi
liate
s su
ch th
at th
ey w
ould
co
nvey
the
follo
win
g: 1)
on
ly A
HS
is th
e cu
stod
ian
and
auth
oriz
ed c
usto
dian
at
site
s it o
pera
tes,
2) t
he
HIA
aut
hori
zes o
nly
an
“aut
hori
zed
cust
odia
n” to
us
e or
dis
clos
e he
alth
in
form
atio
n vi
a th
e
102 LAW & GOVERNANCE OF SECONDARY DATA USE
Albe
rta
EHR
, and
3)
affil
iate
s may
use
or
disc
lose
he a
lth
info
rmat
ion
via
the
Albe
rta
EHR
at A
HS’
s si
tes o
nly
whe
re A
HS
wou
ld h
ave
auth
ority
to
use
or d
iscl
ose
heal
th
info
rmat
ion.
The
Ad
judi
cato
r als
o de
term
ined
that
AH
S sh
ould
revi
ew it
s pol
icie
s to
ens
ure
that
they
cre
ate
enfo
rcea
ble
oblig
atio
ns fo
r af
filia
tes t
o co
llect
, use
, or
disc
lose
hea
lth
info
rmat
ion
unde
r the
au
thor
ity o
f AH
S, in
co
mpl
ianc
e w
ith th
e H
IA,
such
that
sect
ion
62(4
)(b)
is
eng
aged
shou
ld a
n af
filia
te u
se o
r dis
clos
e he
alth
info
rmat
ion
in a
w
ay th
at c
ontr
aven
es th
e H
IA
F20
16-0
1
2016
Bo
w V
alle
y Co
llege
•
Com
plai
nant
co
mpl
aine
d th
at P
B us
ed o
r dis
clos
ed h
is
PI c
ontr
a FO
IP w
hen
Acad
emic
Pr
epar
atio
n Co
ordi
nato
r em
aile
d nu
mbe
r of e
mpl
oyee
s of
PB
to a
dvis
e th
em
of o
ngoi
ng c
onfli
ct
betw
een
Com
plai
nant
(s
tude
nt) a
nd
anot
her s
tude
nt.
• Co
mpl
aina
nt h
ad
succ
essf
ully
sued
ot
her s
tude
nt a
roun
d is
sue.
• In
form
atio
n co
llect
ed w
as
nece
ssar
y fo
r an
activ
ity o
f PB
. Nec
essa
ry to
use
nam
e be
caus
e st
uden
t at P
B so
ne
cess
ary
for o
pera
ting
prog
ram
and
act
ivity
[par
a.
15].
• Co
ntex
t of e
mai
l and
use
of
Com
plai
nant
’s fir
s t n
ame
= PI
und
er a
ct. [
para
. 11]
. •
Acad
emic
Pre
para
tion
Coor
dina
tor w
rote
em
ails
to
two
supe
rvis
ors a
nd a
noth
er
empl
oyee
of P
B st
atin
g th
at
talk
ed to
oth
er st
uden
t in
clud
ing
that
wou
ld b
e re
ceiv
ing
war
ning
lett
er;
that
not
hav
e co
ntac
t with
Co
mpl
aina
nt; a
n d to
info
rm
PB if
Com
plai
nant
con
tact
ed
him
. Oth
er st
uden
t inf
orm
ed
them
of l
itiga
tion.
• In
form
atio
n w
as u
sed
whe
n se
nt v
ia e
mai
l. Co
uld
be se
en a
s di
sclo
sure
bet
wee
n on
e em
ploy
ee to
oth
ers.
OIP
C Ad
judi
cato
r tre
ated
it a
s us
e an
d di
sclo
sure
, with
re
sults
bei
ng sa
me.
[par
a.
12]
• In
form
atio
n us
ed fo
r re
ason
con
sist
ent w
ith
why
info
rmat
ion
was
co
llect
ed.
• R
esol
ving
issu
es b
etw
een
stud
ents
and
rela
ted
conc
erns
ari
sing
from
ca
mpu
s -re
late
d ac
tiviti
es
is re
spon
sibi
lity
of P
B.
[par
a. 17
]. •
Emai
ling
Com
plai
nant
’s PI
to li
mite
d nu
mbe
r of
empl
oyee
s had
a
• PB
foun
d to
hav
e m
ade
reas
onab
le se
curi
t y
arra
ngem
ent a
gain
st th
e ri
sk o
f una
utho
rize
d ac
cess
, CU
D o
f Co
mpl
aina
nt’s
PI: e
mai
l ac
coun
ts re
mai
n w
ithin
PB
com
pute
r net
wor
k;
netw
ork
mon
itore
d by
IT
serv
ices
dep
artm
ent f
or
thin
gs su
ch a
s sec
urity
th
reat
s, v
irus
es a
nd
unau
thor
ized
acc
ess;
em
ploy
ee e
ma i
l acc
ount
s ar
e pa
ssw
ord
prot
ecte
d an
d al
l em
ploy
ees m
ust
follo
w P
B IT
pol
icie
s [p
ara.
22]
. •
PB m
et is
dut
y un
der s
. 38
whe
n em
aile
d Co
mpl
aina
nt’s
PI.
103POLICYWISE
reas
onab
le a
nd d
irec
t co
nnec
tion
to th
e pu
rpos
e of
the
colle
ctio
n an
d w
as n
eces
sary
for
oper
atin
g a
lega
lly
auth
oriz
ed p
rogr
am o
f PB
[par
a. 19
]. N
o co
ntra
vent
ion
of P
art 2
of
FOIP
. P
2016
-02
20
16
Gra
ndin
Man
or
Ltd.
•
Cond
o un
it ow
ner
com
plai
ned
that
O
rgan
izat
ion
put u
p su
rvei
llanc
e sy
stem
no
t in
com
plai
nanc
e w
ith P
IPA.
Co
mpl
aine
d th
at n
o si
gns n
otify
ing
indi
vidu
als o
f ext
ent
of su
rvei
llanc
e an
d ex
tent
that
cam
eras
in
use
. Com
plai
ned
that
Con
do b
oard
re
view
ed fo
otag
e an
d us
ed in
fo fr
om
foot
age
to re
view
by
law
infr
actio
ns a
nd
to e
nfor
c e
com
plia
nce
with
co
ndo
byla
ws.
Co
mpl
aine
d th
at
Org
aniz
atio
n co
llect
ed h
is P
I with
ca
mer
as w
hen
he
scri
bble
d co
mm
ents
on
not
ice
post
ed b
y el
evat
or a
nd w
hen
use
info
to se
nd h
im
war
ning
lett
er a
bout
co
nduc
t.
• O
wne
rs h
ad p
asse
d re
solu
tion
to in
crea
se
surv
eill a
nce
in
cond
omin
ium
. The
y ac
ted
as
Org
aniz
atio
n.
• W
hen
visi
tors
vis
it co
ndom
iniu
m th
ey h
ave
suffi
cien
t not
ice
of p
rese
nce
of su
rvei
llanc
e th
at th
ey m
ay
be d
eem
ed to
con
sent
to
Org
aniz
atio
n’s c
olle
ctio
n of
PI
for p
urpo
ses o
f m
aint
aini
ng se
curi
ty o
f bu
ildin
g. P
urpo
se o
f de
terr
ing
vand
alis
m a
nd
prom
otin
g se
curi
ty in
bu
ildin
g; a
lso
to in
crea
se
valu
e of
pro
pert
y an
d m
ake
resi
dent
s fee
l saf
e.
• Su
rvei
llanc
e ca
mer
as
capt
ure
PI o
f ind
ivid
uals
in
disc
rmin
antly
.
• W
hen
Org
aniz
atio
n re
view
ed su
rvei
llanc
e fo
otag
e fo
r pur
pose
of
dete
rrin
g th
e Co
mpl
aina
nt fr
om
scri
bblin
g co
mm
ents
on
notic
es in
the
futu
re, i
t di
d so
for p
urpo
se fo
r w
hich
PIP
A re
quir
es it
to
obta
in c
onse
nt a
nd to
pr
ovid
er n
otic
e pr
ior t
o co
llect
ion.
•
Org
aniz
atio
n m
ust c
ease
co
llect
ing
and
usin
g PI
fr
om su
rvei
llanc
e ca
mer
as fo
r pur
pose
s ot
her t
han
obvi
ous
purp
oses
for h
avin
g su
rvei
llanc
e un
less
it fi
rst
prov
ided
app
ropr
iate
no
tice
unde
r PIP
A of
its
inte
ntio
n to
col
lect
and
us
e in
form
atio
n fo
r the
se
purp
oses
. •
Adju
dica
tor u
nabl
e to
say
that
scri
bblin
g no
tes o
n no
tices
is c
rim
inal
va
ndal
ism
, so
nto
sure
th
at fi
ts in
no
tice/
purp
ose.
•
104 LAW & GOVERNANCE OF SECONDARY DATA USE
Tab
le 4
. Bes
t pra
ctic
es d
icta
ted
by P
IPA
Tac
tics
Req
uire
d by
PIP
A
Det
ail
Priv
acy
polic
y §
Nee
d po
licie
s and
pro
cedu
res i
n pl
ace
to c
over
all
pers
onal
info
rmat
ion
that
is in
you
r cus
tody
(s
tore
d) o
r con
trol
(dec
ide
how
to u
se, d
iscl
ose,
stor
e an
d fo
r how
long
kee
p).
§ Po
licie
s sho
uld
cove
r §
Wha
t per
sona
l inf
orm
atio
n is
col
lect
ed?
§ H
ow o
btai
n co
nsen
t for
col
lect
ing,
usi
ng a
nd d
iscl
osin
g pe
rson
al in
form
atio
n?
§ H
ow u
se a
nd d
iscl
ose
pers
onal
info
rmat
ion?
§
How
ens
ure
that
ade
quat
e se
curi
ty m
easu
res a
re in
pla
ce?
§ W
here
is in
form
atio
n st
ored
? §
How
is it
secu
red?
§
Who
has
acc
ess t
o or
use
s it?
§
How
is in
form
atio
n di
spos
ed o
f?
§ H
ow p
roce
ss a
cces
s req
uest
s?
§ To
who
m is
it d
iscl
osed
? §
How
is d
iscl
osur
e de
cide
d?
§ H
ow re
spon
d to
enq
uiri
es a
nd c
ompl
aint
s?
§ Th
e re
ason
able
ness
test
indi
cate
s tha
t rev
iew
pri
vacy
and
info
han
dlin
g pr
oced
ures
for b
oth
new
an
d on
-goi
ng a
ctiv
ities
Pr
ivac
y of
fice
r §
Nee
d to
des
igna
te:
§ 1 o
r mor
e in
divi
dual
s to
mak
e su
re th
at th
e or
gani
zatio
n fo
llow
s the
rule
s in
PIPA
§
1 or m
ore
indi
vidu
als t
o be
the
cont
act p
erso
n(s)
for a
nsw
erin
g qu
estio
ns a
bout
PIP
A, ta
king
ac
cess
requ
ests
and
com
plai
nts r
elat
ed to
PIP
A §
Del
egat
e al
tern
ate
indi
vidu
als a
s ba
ck u
p.
Con
sent
§
Nee
d co
nsen
t of i
ndiv
idua
l to
§
Colle
ct p
erso
nal i
nfor
mat
ion
(fro
m in
divi
dual
or s
omeo
ne o
ther
than
indi
vidu
al)
§ U
se p
erso
nal i
nfor
mat
ion,
or
§ D
iscl
ose
pers
onal
info
rmat
ion
§ U
sual
ly g
et c
onse
nt a
t inf
orm
atio
n co
llect
ion
§ Co
nsen
t onl
y va
lid if
col
lect
ion
is re
ason
able
. Con
sent
doe
s not
per
mit
unre
ason
able
col
lect
ion
of
info
rmat
ion.
§
Cons
ent c
an b
e ex
pres
s (w
ritt
en o
r ver
bal;
elec
tron
ic o
r har
d co
py, b
ut e
lect
roni
c co
py sh
ould
be
turn
ed in
to h
ard
copy
), im
plie
d (v
olun
teer
info
rmat
ion
for a
n ob
viou
s pur
pose
and
reas
onab
le to
vo
lunt
eer;
don
’t ha
ve to
giv
e no
tice
beca
use
obvi
ous c
olle
ctin
g in
form
atio
n; if
not
obv
ious
then
ne
ed e
xpre
ss o
r opt
-out
) or n
ot o
ptin
g ou
t. §
If in
divi
dual
vol
unte
ers m
ore
pers
onal
info
rmat
ion
than
nee
ded
for p
urpo
se, o
rgan
izat
ion
cann
ot c
olle
ct, u
se o
r dis
clos
e th
e ex
tra
info
rmat
ion.
§
Base
d on
reas
onab
le e
xpec
tatio
ns in
cir
cum
stan
ces a
nd g
iven
sens
itivi
ty o
f inf
orm
atio
n §
Cons
ent m
ust b
e in
form
ed so
that
eno
ugh
info
rmat
ion
prov
ided
by
orga
niza
tion
on c
olle
ctio
n on
th
e pu
rpos
e of
col
lect
ion
and
prop
osed
use
of i
nfor
mat
ion
to m
ake
an in
form
ed d
ecis
ion.
§
Opt
-out
con
sent
is p
ossi
ble
whe
n
105POLICYWISE
§ O
rgan
izat
ion
info
rms i
ndiv
idua
l abo
ut th
e pu
rpos
e in
col
lect
ing,
usi
ng o
r dis
clos
ing
info
rmat
ion
§ G
ive
easy
-to-
unde
rsta
nd n
otic
e be
fore
or a
t tim
e of
col
lect
ion,
use
or d
iscl
osur
e §
Indi
vidu
als h
ave
reas
onab
le c
hanc
e to
say
no (r
e: fo
rmat
, pro
cedu
re, t
ime)
§
The
pers
onal
info
rmat
ion
is n
ot to
o se
nsiti
ve
§ In
divi
dual
can
cha
nge
or w
ithdr
aw c
onse
nt b
y gi
ving
org
aniz
atio
n re
ason
able
not
ice
(as l
ong
as it
do
es n
ot in
terf
ere
with
lega
l dut
y or
obl
igat
ion
betw
een
any
2 pa
rtie
s)
§ In
divi
dual
can
put
reas
onab
le te
rms a
nd c
ondi
tions
on
thei
r con
sent
§
Org
aniz
atio
n ca
nnot
mak
e co
nsen
t reg
ardi
ng p
erso
nal i
nfor
mat
ion
colle
ctio
n, u
se o
r dis
clos
ure
a co
nditi
on to
supp
ly a
pro
duct
or s
ervi
ce, i
f ask
ing
for t
he in
form
atio
n is
bey
ond
wha
t is r
equi
red
to g
ive
serv
ice.
§
The
cons
ent w
ill b
e de
emed
ille
gal a
nd in
valid
if fa
lse
or m
isle
adin
g m
eans
wer
e pu
rpos
ivel
y us
ed to
obt
ain
the
cons
ent.
Secu
rity
§
Take
reas
onab
le s
teps
to m
ake
sure
that
per
sona
l inf
orm
atio
n co
llect
ed, u
sed
or d
iscl
osed
is
accu
rate
and
com
plet
e.
§ U
pdat
ing
info
rmat
ion
to th
e ex
tent
reas
onab
le fo
r its
use
, rat
her t
han
rout
inel
y is
acc
epta
ble.
So,
fr
eque
ntly
use
d in
form
atio
n sh
ould
be
upda
ted
mor
e fr
eque
ntly
than
info
rmat
ion
used
rare
ly.
§ U
se re
ason
able
saf
egua
rds
(phy
sica
l, ad
min
istr
ativ
e an
d te
chni
cal)
to p
rote
ct p
erso
nal
info
rmat
ion
from
uns
anct
ione
d ac
cess
, mis
use,
thef
t, lo
ss, d
estr
uctio
n. S
afeg
uard
s sh
ould
be
appr
opri
ate
to th
e se
nsiti
vit y
of t
he in
form
atio
n.
§ Ex
ampl
es o
f phy
sica
l saf
egua
rds
incl
ude
§ Lo
ckin
g fil
e ca
bine
ts a
nd a
reas
whe
re fi
les
are
stor
ed w
hen
no o
ne is
ther
e.
§ A
llow
ing
only
em
ploy
ees
who
nee
d ac
cess
to s
tora
ge a
reas
or f
iling
cab
inet
s to
hav
e ac
cess
to
them
§
Cle
arin
g fil
es a
nd re
cord
s co
ntai
ning
per
sona
l inf
orm
atio
n of
f you
r des
k at
the
end
of th
e da
y §
Shre
ddin
g pa
pers
con
tain
ing
pers
onal
info
rmat
ion
rath
er th
an p
laci
ng th
em in
a g
arba
ge b
ag
or re
cycl
ing
bin.
§
Exam
ples
of a
dmin
istr
ativ
e sa
fegu
ards
incl
ude
§ Tr
aini
ng e
mpl
oyee
s on
pol
icie
s an
d ru
les
for p
rote
ctin
g pe
rson
al in
form
atio
n an
d th
e co
nseq
uenc
es o
f not
follo
win
g th
em
§ En
suri
ng th
at p
erso
nal i
nfor
mat
ion,
esp
ecia
lly s
ensi
tive
info
rmat
ion,
is a
cces
sibl
e on
ly to
th
ose
empl
oyee
s w
ho n
eed
to k
now
the
info
rmat
ion
§ St
orin
g on
ly a
s m
uch
pers
onal
info
rmat
ion
as n
eces
sary
on
mob
ile d
evic
es (e
.g. l
apto
ps, U
SB
flash
dri
ves)
§
Usi
ng c
over
she
ets
whe
n fa
per
sona
l inf
orm
atio
n, a
nd e
stab
lishi
ng p
roto
cols
to e
nsur
e on
ly a
utho
rize
d re
cipi
ents
rece
ive
fax
(esp
ecia
lly fo
r sen
sitiv
e in
form
atio
n)
§ H
avin
g em
ploy
ees
take
an
oath
of c
onfid
entia
lity
§ C
ondu
ctin
g au
dits
to e
nsur
e em
ploy
ee c
ompl
ianc
e w
ith s
afeg
uard
pro
cedu
res.
§
Exam
ples
of t
echn
ical
saf
egua
rds
§ U
sing
equ
ipm
ent o
r sof
twar
e th
at tr
unca
tes
debi
t and
cre
dit c
ard
num
bers
on
rece
ipts
106 LAW & GOVERNANCE OF SECONDARY DATA USE
§ U
sing
pas
swor
d-pr
otec
ted
scre
ensa
vers
so
visi
tors
can
not s
ee in
form
atio
n on
com
pute
rs
§ U
sing
fire
wal
ls a
nd a
nti-v
irus
pro
gram
s on
com
pute
rs
§ U
sing
pas
swor
ds to
mak
e su
re o
nly
cert
ain
wor
kers
hav
e ac
cess
to in
form
atio
n on
co
mpu
ters
and
cha
ngin
g pa
ssw
ords
ofte
n §
Encr
yptin
g m
obile
ele
ctro
nic
devi
ces
cont
aini
ng p
erso
nal i
nfor
mat
ion
(e.g
. lap
tops
, USB
fla
sh d
rive
s)
§ Er
asin
g co
mpu
ter h
ard
driv
es b
efor
e yo
u se
ll or
don
ate
them
§
Ret
entio
n po
licie
s m
ust a
lso
be e
stab
lishe
d an
d ex
ecut
ed a
ppro
pria
tely
. Per
sona
l inf
orm
atio
n sh
ould
onl
y be
kep
t as
long
as
reas
onab
le to
car
ry o
ut b
usin
ess
or le
gal p
urpo
ses.
§
Whe
re a
ppro
ved
base
d on
fina
ncia
l, le
gal,
oper
atio
nal,
audi
t or a
rchi
val r
equi
rem
ents
, or
gani
zatio
ns m
ay fo
llow
thos
e ap
prov
ed re
tent
ion
peri
ods
or s
ched
ules
. §
Even
if a
n in
divi
dual
has
cha
nged
or w
ithdr
awn
his
or h
er c
onse
nt fo
r col
lect
ing,
usi
ng o
r di
sclo
sing
info
rmat
ion,
an
orga
niza
tion
may
kee
p th
at in
form
atio
n if
ther
e ar
e le
gal o
r bus
ines
s re
ason
s to
do
so (b
ut c
anno
t use
or d
iscl
ose
that
info
rmat
ion)
. A
cces
s an
d co
rrec
tion
requ
ests
Se
e T
able
2
107POLICYWISE
Tab
le 4
. The
cat
egor
ies
of “
heal
th in
form
atio
n” u
nder
HIA
.
Typ
e of
“H
ealth
info
rmat
ion”
In
clud
ed C
ateg
orie
s “D
iagn
ostic
, tre
atm
ent a
nd c
are
info
rmat
ion”
•
The
phys
ical
and
men
tal h
ealth
of a
n in
divi
dual
•
A “
heal
th s
ervi
ces”
(def
initi
on H
IA s
. 1(1
)(m
)) p
rovi
ded
to a
n in
divi
dual
for t
he
purp
oses
of:
• Pr
otec
ting,
pro
mot
ing
or m
aint
aini
ng p
hysi
cal a
nd m
enta
l hea
lth;
• Pr
even
ting
illne
ss;
• D
iagn
osin
g an
d tr
eatin
g ill
ness
; •
Reh
abili
tatio
n; o
r •
Car
ing
for t
he h
ealth
nee
ds o
f the
ill,
disa
bled
, inj
ured
or d
ying
; •
Don
atio
n by
an
indi
vidu
al o
f a b
ody
part
or s
ubst
ance
, inc
ludi
ng in
form
atio
n de
rive
d fr
om th
e te
stin
g or
exa
min
atio
n of
a b
ody
part
or b
odily
sub
stan
ce;
• A
dru
g as
def
ined
in th
e Ph
arm
acy
and
Dru
g A
ct p
rovi
ded
to a
n in
divi
dual
; •
A h
ealth
car
e ai
d, d
evic
e, p
rodu
ct, e
quip
men
t or o
ther
item
pro
vide
d to
an
indi
vidu
al p
ursu
ant t
o a
pres
crip
tion
or o
ther
aut
hori
zatio
n;
• Th
e am
ount
of a
ny b
enef
it pa
id o
r pay
able
und
er th
e A
lber
ta H
ealth
Car
e Ins
uran
ce
Act
or a
ny o
ther
am
ount
pai
d or
pay
able
in re
spec
t of a
hea
lth s
ervi
ce p
rovi
ded
to
an in
divi
dual
; and
•
Any
oth
er in
form
atio
n ab
out a
n in
divi
dual
that
is c
olle
cted
whe
n a
heal
th s
ervi
ce is
pr
ovid
ed to
the
indi
vidu
al b
ut d
oes
not i
nclu
de in
form
atio
n th
at is
not
wri
tten,
ph
otog
raph
ed, r
ecor
ded
or s
tore
d in
som
e m
anne
r in
a re
cord
. •
The
follo
win
g in
form
atio
n ab
out t
he h
ealth
ser
vice
pro
vide
r atte
ndin
g to
the
indi
vidu
al:
• N
ame;
•
Busi
ness
title
; •
Busi
ness
mai
ling
addr
ess
and
busi
ness
ele
ctro
nic
addr
ess;
•
Busi
ness
tele
phon
e nu
mbe
r and
bus
ines
s fa
csim
ile n
umbe
r; •
Type
of h
ealth
ser
vice
s pr
ovid
er;
• Li
cens
e nu
mbe
r or a
ny o
ther
num
ber a
ssig
ned
to th
e he
alth
ser
vice
s pr
ovid
er b
y a
heal
th p
rofe
ssio
nal b
ody
to id
entif
y th
at h
ealth
ser
vice
s pr
ovid
er;
• Pr
ofes
sion
; •
Job
clas
sific
atio
n;
• Em
ploy
er;
• M
unic
ipal
ity in
whi
ch th
e he
alth
ser
vice
s pr
ovid
er’s
pra
ctic
e is
loca
ted;
•
Prov
inci
al s
ervi
ce p
rovi
der i
dent
ifica
tion
num
ber t
hat i
s as
sign
ed to
the
heal
th
serv
ices
pro
vide
r by
the
Min
iste
r to
iden
tify
the
heal
th s
ervi
ces
prov
ider
; •
Any
oth
er in
form
atio
n sp
ecifi
ed in
the
regu
latio
ns.
108 LAW & GOVERNANCE OF SECONDARY DATA USE
“Reg
istr
atio
n in
form
atio
n”
• Ba
sic
info
rmat
ion
colle
cted
whe
n in
divi
dual
s re
gist
er to
rece
ive
heal
th s
ervi
ces.
The
in
form
atio
n is
pri
mar
ily u
sed
to d
eter
min
e el
igib
ility
and
for b
illin
g pu
rpos
es. T
his
info
rmat
ion
wou
ld in
clud
e:
• D
emog
raph
ic in
form
atio
n, in
clud
ing
the
indi
vidu
al’s
per
sona
l hea
lth n
umbe
r; •
Loca
tion
info
rmat
ion;
•
Tele
com
mun
icat
ions
and
info
rmat
ion;
•
Res
iden
cy in
form
atio
n;
• H
ealth
ser
vice
s el
igib
ility
info
rmat
ion;
and
•
Billi
ng in
form
atio
n, in
clud
ing
an in
divi
dual
’s a
ccou
nt n
umbe
r.
109POLICYWISE
Tab
le 5
. Cop
yrig
ht L
icen
se p
artic
ular
s fo
r Sta
tistic
s C
anad
a
o
As
of F
ebru
ary
1, 2
012,
info
rmat
ion
publ
ishe
d by
Sta
tistic
s Can
ada
(SC)
aut
omat
ical
ly c
over
ed b
y th
e O
pen
Lice
nse
with
the
exce
ptio
n of
Sta
tistic
s Can
ada’
s pos
tal p
rodu
cts a
nd P
ublic
Use
Mic
roda
ta F
iles (
PUM
Fs).
o
Lice
nse
agre
emen
t can
use
SC
info
rmat
ion
with
out r
estr
ictio
ns o
n sh
arin
g an
d re
dist
ribu
tion,
for c
omm
erci
al a
nd n
on-c
omm
erci
al
purp
oses
. Mus
t alw
ays a
ckno
wle
dge
SC a
s sou
rce
of d
ata
and
adhe
re to
con
ditio
ns o
f SC
Ope
n Li
cens
e.
§ By
usi
ng d
ata,
one
acc
epts
all
term
s and
con
ditio
ns o
f Ope
n Li
cens
e.
§ G
ive
full
cred
it to
SC
if us
ed o
r ref
erre
d to
in st
udy,
art
icle
s, p
aper
s or o
ther
rese
arch
wor
ks.
o
Aggr
egat
e da
ta a
vaila
ble
thro
ugh
CAN
SIM
and
Cen
sus w
ebsi
te =
Ope
n D
ata,
gov
erne
d by
SC
Ope
n Li
cens
e Ag
reem
ent
§ W
orld
wid
e, ro
yalty
-fre
e, n
on-e
xclu
sive
lice
nse
to u
se/r
epro
duce
/pub
lish/
free
ly-d
istr
ibut
e/se
ll th
e in
form
atio
n/va
lue-
adde
d pr
oduc
ts, a
nd su
blic
ense
. o
PU
MFs
subj
ect t
o D
ata
liber
atio
n In
itiat
ive
(DLI
) Lic
ense
(pos
sibl
y id
entif
iabl
e da
ta),
whi
ch h
as fo
llow
ing
key
term
s of l
icen
se su
ch
that
Mic
roda
ta fi
les:
§
Shal
l be
used
for s
tatis
tical
and
rese
arch
pur
pose
s. N
o ot
her p
urpo
se u
nles
s pri
or w
ritt
en c
onse
nt o
f SC
§ Sh
all b
e us
ed b
y ed
ucat
ors,
stud
ents
and
staf
f. Sh
all n
ot b
e re
prod
uced
and
tran
smitt
ed to
out
side
per
son
or o
rgan
izat
ion.
§
Shal
l NO
T be
mer
ged
or li
nked
with
oth
er d
atab
ases
for p
urpo
se o
f att
empt
ing
to id
entif
y an
indi
vidu
al p
erso
n, b
usin
ess o
r or
gani
zatio
n §
Shal
l not
be
pres
ente
d in
a m
anne
r tha
t giv
es a
ppea
ranc
e th
at u
ser m
ay h
ave
rece
ived
, or h
ad a
cces
s to,
info
rmat
ion
held
by
SC a
bout
any
iden
tifia
ble
pers
on, b
usin
ess o
r org
aniz
atio
n.
§ Pr
ovid
ed so
ftwar
e sh
all N
OT
be d
isas
sem
bled
, dec
ompi
led
or in
any
way
reve
rse
engi
neer
ed.
o
Publ
icat
ions
of a
ny in
form
atio
n ba
sed
on P
UM
Fs m
ust u
se st
ipul
ated
acc
redi
tatio
n.
Fo
und
at h
ttp:
//lib
guid
es.u
sask
.ca/
copy
righ
t/st
ats.
110 LAW & GOVERNANCE OF SECONDARY DATA USE
111POLICYWISE
1. Committee on Transborder Flow of Scientific Data NRC. Bits of power: Issues in global access to scientific data. 1997.
2. Alberta Go. Information Sharing Strategy - Supporting Social-Based Service Delivery. 2016 November 1, 2016. Report No.
3. Idealware. The State of Nonprofit Data. Portland, OR: 2012.
4. Cave J. A shifting sector: emerging trends for Canada’s nonprofits in 2016. The Philanthropist. 2016.
5. Lenczner MP, S.;. From Stories to Evidence: How Mining Data Can Promote Innovation in the Nonprofit Sector. Technology Innovation Management Review. 2012:10-5.
6. Network ON. Towards a Data Strategy for the Ontario Nonprofit Sector. Toronto, ON: 2015.
7. Companies Act, Stat. C-21 (2000).
8. Societies Act, Stat. S-14 (2000).
9. Charitable Fund-raising Act, Stat. c. C-9 (2000).
10. Center IK. Data Sharing Concepts and Terminology. 1990, 2014. In: z/OS MVS Programming: Sysplex Services Guide [Internet]. IBM Corporation.
11. Council; MR. Data Sharing Glossary London, UK: Medical Research Council.
12. Van Ymeren J. An Open Future: Data priorities for the not-for-profit sector. Toronto, ON: The Mowat Centre’s Not-For-Profit Research Hub, 2015 February, 2015. Report No.: Contract No.: Mowat Re search #107.
13. Personal Information Protection Act, Stat. P-6.5 (2003).
14. Personal Information Protection and Electronic Documents Act, Stat. c. 5 (2000).
15. McLeod Grant HC, L.R.;. Creating High-Impact Nonprofits. Stanford Social Innovation Review. 2007;Fall 2007:32-41.
16. de Las Casas LG, T.; Pritchard, D.;. The Power of Data: Is the Charity Sector Ready to Plug In? London, UK: 2013.
17. Warren SDB, L.D.;. The Right to Privacy. Harvard Law Review. 1890;4(5):193-220.
18. Solove DJ. A Taxonomy of Privacy. University of Pennsylvania Law Review. 2006;154(3):477-560.
19. Freedom of Information and Protection of Privacy Act, Stat. F-25 (2000).
R E F E R E N C E S
112 LAW & GOVERNANCE OF SECONDARY DATA USE
20. Health Information Act, Stat. c. H-5 (2000).
21. A Guide for Businesses and Organizations on the Personal Information and Privacy Acti. Edmonton, AB: Service Alberta, 2008.
22. McKinley A. The Effect of Privacy and Anti-Spam Legislation on Charities and Non-Profits. Advising Charities, Not-for-Profits and Social Enterprises 2013/2014 (Seminar); December 4, 2013; Calgary, AB: Legal Education Society of Alberta; 2013.
23. Development TOfEC-oa. Thirty Years After: The OECD Privacy Guidelines. Paris: 2011.
24. Ohm P. Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization. UCLA Law Review. 2010;57:1701-77.
25. El Emam K, Buckeridge D, Tamblyn R, Neisa A, Jonker E, Verma A. The re-identification risk of Canadians from longitudinal demographics. BMC medical informatics and decision making. 2011;11:46. Epub 2011/06/24. doi: 10.1186/1472-6947-11-46. PubMed PMID: 21696636; PubMed Central PMCID: PMCPMC3151203.
26. Malin BA, Emam KE, O’Keefe CM. Biomedical data privacy: problems, perspectives, and recent advances. Journal of the American Medical Informatics Association : JAMIA. 2013;20(1):2-6. Epub 2012/12/12. doi: 10.1136/amiajnl-2012-001509. PubMed PMID: 23221359; PubMed Central PM CID: PMCPMC3555341.
27. Legal Aid Society of Alberta. Office of the Information & Privacy Commissioner of Alberta: Office of the Information & Privacy Commissioner of Alberta; 2013.
28. Lindsay Park Sports Society. Office of the Information and Privacy Commissioner of Alberta; 2007.
29. Canadian Skin Cancer Foundation. Office of the Information and Privacy Commissioner of Alberta; 2008.
30. Fairways Villa South Homeowners’ Association. Office of the Information and Privacy Commissioner of Alberta; 2011.
31. Leon’s Furniture Limited v. Alberta (Information and Privacy Commissioner). ABCA; 2011. p. 94.
32. Alberta Go. Health Information Act: Guidelines and Practices Manual. Edmonton, AB: 2011.
33. Health Information Regulation, Stat. 70/2001 (2001).
34. Carroll MW. Sharing Research Data and Intellectual Property Law: A Primer. PLoS biology. 2015;13(8):1-11. doi: 10.1371/journal.pbio.1002235.
35. Canada; CIoHRNSaERCoCSSaHRCo. Tri-Council Policy Statement: Ethical Conduct of Research Involving Humans. 2010.
113POLICYWISE
36. Board; CHRE. Comparison of the Characteristics of Research and Quality Improvement/Quality Assurance/Program Evaluation Activities. 2017 January 30, 2017. Report No.
37. Solutions AI-H. A pRoject Ethics Community Consensus Initiative (ARECCI). Edmonton, AB: 2015.
38. Guidelines for differentiating among Research, Program Evaluation and Quality Improvement: Dalhousie University; [February 22, 2017].
39. Berens JM, U.; Verhulst, S.;. Mapping and Comparing Responsible Data Approaches. GovLab and Centre for Innovation, Leiden University, 2016 June 2016. Report No.
40. Karunakara U. Data Sharing in a Humanitarian Organization: The Experience of Médecins Sans Frontières. PLoS medicine. 2013;10(12):e1001562. doi: 10.1371/journal.pmed.1001562.
41. Folkes C. Understanding Nonprofit Data Governance LinkedIn2013 [cited 2017 May 15, 2017]. Available from: https://www.slideshare.net/CathyFolkesCFRE/understanding-nonprofit-data- governance.
42. Network; ON. Data Strategy Toronto: Ontario Nonprofit Network; 2016 [cited 2017 March 24, 2017]. Available from: http://theonn.ca/our-work/our-partnerships/data-strategy/ #1467045087069-8c6d1de7-a236.
43. Foundation; V. Open Licensing Initiative Vancouver: Vancouver Foundation; 2015 [cited 2017 Mar 22, 2017]. Available from: https://www.vancouverfoundation.ca/our-work/initiatives/open- licensing-initiative.
44. McCort K. Open Policies Unlock Our Full Potential Vancouver: Vancouver Foundation; 2015 [cited 2017 March 22, 2017]. Available from: https://www.vancouverfoundation.ca/whats-new/open- policies-unlock-our-full-potential.
S U G G E S T E D C I TAT I O N
Manhas, Kiran Pohar. Law & Governance of Secondary Data Use: Obligations of Not-for-Profit Organiza-
tions in Alberta. Edmonton, AB: PolicyWise for Children & Families, 2017.
Released: August 22nd, 2017
(780) 944 8630
www.policywise.com
601, 9925-109 Street
Edmonton, AB, Canada T5K 2J8
C O N TA C T U S
P O L I C Y W I S E
PolicyWise for Children & Families exists to improve well-being by leading, creating, enabling and mobi-
lizing research and evaluation for evidence-informed policy and practice.
PolicyWise was established as a not-for-profit corporation in 2003 and is a partnership between Alberta’s
universities, the community and the Government of Alberta. We are a provincial organization, governed
by a Board of Directors, managed by a President and CEO and supported by a team of individuals with
expertise in applied research, data science, knowledge mobilization, communications and administration.
PolicyWise distinguishes itself through its focus on mobilizing evidence to inform social policy, collabo-
rative approach and organizational structure: a formal bridge between government, academia, and the
community.
S A G E
SAGE (Secondary Analysis to Generate Evidence) is a collaborative data repository platform that aims to
connect stakeholders through secondary use of data. Research data, community service data, and admin-
istrative data related to health and social well-being is managed and shared through SAGE. SAGE increases
the value of data by providing the infrastructure, processes and governance to bring stakeholders together
to use data in new ways and inform social policy and practice.