The Commissioner has the power to conduct investigations to ensure compliance with the Freedom of Information and Protection of Privacy Act, Health Information Act and Personal Information Protection Act. The results of some of these investigations are included in public investigation reports.
Investigation Reports
Year | Legislation | IR | Date | Body | |
---|---|---|---|---|---|
PIPA | 2022 | P2022-IR-02 | July 28, 2022 |
PORTpassThe investigation into PORTpass’ protection of personal information under PIPA was opened after an individual made a complaint to the… [More]The investigation into PORTpass’ protection of personal information under PIPA was opened after an individual made a complaint to the OIPC. During the investigation, PORTpass failed to demonstrate that it implemented any technical and administrative safeguards to protect personal information. The investigation found that PORTpass did not protect personal information in its custody or under its control in contravention of section 34 of PIPA. As PORTpass is now dissolved, there is no longer an “organization” as defined in PIPA to whom the Commissioner can make recommendations, or against whom an order compelling compliance can be issued.
|
|
PIPA | 2022 | NR | P2022-IR-01 | June 1, 2022 |
The TDL Group Corp. (the operator and franchisor of Tim Hortons in Canada)This joint investigation was opened to look into the alleged tracking of customers through the Tim Hortons app by The… [More]This joint investigation was opened to look into the alleged tracking of customers through the Tim Hortons app by The TDL Group Corp. The investigation found that the Tim Hortons app was not in compliance with Canada's privacy laws. The investigation resulted in three recommendations, including deleting any remaining location data collected, establishing a privacy management program and reporting on progress in nine months.
|
PIPA | 2021 | P2021-IR-04 | October 13, 2021 |
LifeLabs Inc.After LifeLabs Inc. reported a privacy breach to the OIPC, the Commissioner opened an investigation under PIPA. The investigation resulted… [More]After LifeLabs Inc. reported a privacy breach to the OIPC, the Commissioner opened an investigation under PIPA. The investigation resulted in three findings and five recommendations to LifeLabs Inc.
|
|
PIPA | 2021 | NR | P2021-IR-03 | October 7, 2021 |
Alcanna Inc. & Servall Data Systems Inc.This investigation looked into Alcanna Inc.’s use of Servall Data Systems’ Patronscan ID-scanning system in liquor stores. There were 16… [More]This investigation looked into Alcanna Inc.'s use of Servall Data Systems' Patronscan ID-scanning system in liquor stores. There were 16 findings and five recommendations in the investigation. Alcanna and Servall committed to address each of the recommendations.
|
PIPA | 2021 | NR | P2021-IR-02 | July 29, 2021 |
Babylon Health Canada Ltd.The OIPC issued its findings and recommendations after investigating the Babylon by Telus Health app under PIPA. There were 23… [More]The OIPC issued its findings and recommendations after investigating the Babylon by Telus Health app under PIPA. There were 23 findings and nine recommendations made in this investigation.
|
PIPA | 2021 | NR | P2021-IR-01 | February 3, 2021 |
Clearview AI, Inc.The joint investigation by the Office of the Privacy Commissioner of Canada, the Commission d’accès à l’information du Québec, the… [More]The joint investigation by the Office of the Privacy Commissioner of Canada, the Commission d'accès à l'information du Québec, the Office of the Information and Privacy Commissioner for British Columbia and the Office of the Information and Privacy Commissioner of Alberta concluded that the technology company violated federal and provincial privacy laws. The investigation found that Clearview had collected highly sensitive biometric information without the knowledge or consent of individuals. Furthermore, Clearview collected, used and disclosed Canadians’ personal information for inappropriate purposes, which cannot be rendered appropriate via consent.
|
PIPA | 2020 | NR | P2020-IR-01 | October 29, 2020 |
Cadillac Fairview Corporation Ltd.A joint investigation of the Cadillac Fairview Corporation Ltd. by the Information and Privacy Commissioner of Alberta, the Privacy Commissioner… [More]A joint investigation of the Cadillac Fairview Corporation Ltd. by the Information and Privacy Commissioner of Alberta, the Privacy Commissioner of Canada, and the Information and Privacy Commissioner for British Columbia found that Cadillac Fairview embedded cameras inside their digital information kiosks at 12 shopping malls across Canada and used facial recognition technology without their customers’ knowledge or consent. Among several findings, the Commissioners found that the notice of the use of facial recognition technology was insufficient. The Commissioners also found that that Cadillac Fairview collected personal information, and contravened privacy laws by failing to obtain meaningful consent as they collected the 5 million images with small, inconspicuous cameras. The investigation made recommendations, including that if Cadillac Fairview were to use such technology in the future, it should take steps to obtain express, meaningful consent, before capturing and analyzing the biometric facial images of shoppers.
|
PIPA | 2011 | NR | P2010-IR-02 | April 28, 2011 |
Pierson’s Funeral Service Ltd.An individual made a complaint that Pierson’s Funeral Service contravened PIPA by providing personal information of the complainant and his… [More]An individual made a complaint that Pierson’s Funeral Service contravened PIPA by providing personal information of the complainant and his deceased wife to a service provider in the United States, without consent, and without notifying the complainant. The investigation confirmed that Pierson's Funeral Service contravened PIPA.
|
PIPA | 2010 | NR | P2010-IR-01 | February 16, 2010 |
Mark's Work WearhouseAn individual made a complaint after Mark’s Work Wearhouse (MWW) required him to sign a declaration of understanding for a… [More]An individual made a complaint after Mark's Work Wearhouse (MWW) required him to sign a declaration of understanding for a credit check during an in-person interview for a sales associate position. MWW said that it conducted a pre-employment credit check in regard to the complainant as the information provides an assessment of how job applicants will handle financial responsibilities and tasks with their employment duties as a sales associate. It also said the credit check is an assessment of whether the job applicants have a probable risk of in-store theft or fraud. The investigation found that the personal credit information collected by MWW was not reasonably required to assess the complainant’s ability to perform the duties a sales associate, or to assess whether he might have a tendency towards committing in-store theft or fraud.
|
FOIP | 2009 | NR | P2009-IR-02 & F2009-IR-02 | June 23, 2009 |
Sun Life Assurance Company of Canada & Southern Alberta Institute of TechnologyAn individual made a complaint that the Southern Alberta Institute of Technology (SAIT) had collected his personal information inappropriately from… [More]An individual made a complaint that the Southern Alberta Institute of Technology (SAIT) had collected his personal information inappropriately from a third party. The individual believed that SAIT should not have collected his personal information since he was no longer employed by the institution. He also complained that the Sun Life Assurance Company of Canada (Sun Life) should not have disclosed his personal information to his former employer. The investigation determined that the individual had given consent when he signed forms as part of his long term disability plan. The investigation found that Sun Life had wording on its form permitting the collection and disclosure of personal information for the purposes of managing the complainant’s file. However, the investigation recommended that both SAIT and Sun Life update consent forms for greater clarity of what information will be collected and disclosed.
|
PIPA | 2008 | P2008-IR-05 | August 27, 2008 |
Empire Ballroom (1208558 Alberta Ltd.)An individual made a complaint after Empire Ballroom introduced a thumbprint sign-in system to track employee shift arrival and departure… [More]An individual made a complaint after Empire Ballroom introduced a thumbprint sign-in system to track employee shift arrival and departure times. The investigation found that Empire Ballroom met the requirements of sections 15(2)(a) and 18(2)(a) of PIPA because its purposes for collecting and using the personal information were reasonable. The investigation also found that the information was hashed, encrypted and password protected. However, Empire Ballroom failed to meet notice requirements under sections 15(2)(c) and 18(2)(c) under PIPA as it did not properly explain what information was being collected and used. The investigation made other findings and resulted in three recommendations.
|
|
PIPA | 2008 | P2008-IR-04 | August 19, 2008 |
Canada Life Assurance CompanyAn individual made a complaint that Canada Life Assurance Company’s disclosure certain personal information to a financial advisor was not… [More]An individual made a complaint that Canada Life Assurance Company's disclosure certain personal information to a financial advisor was not reasonable under PIPA. The investigation found that Canada Life Assurance acted in compliance with section 16 of PIPA in using the complainant’s personal information for reasonable purposes (field underwriting, confirmation of accuracy and insurability, and contract delivery), and to the extent reasonable when it included all of her medical information in the insurance documents presented to her by Investors Group which had to perform approved duties. The investigation also found that the financial advisor had authorized access to the complainant’s personal information, and Canada Life made reasonable arrangements, through its policies, contract, and alternative procedures for underwriting and contract delivery to protect personal information, in compliance with section 34 of PIPA. However, the investigation resulted in two recommendations.
|
|
PIPA | 2008 | P2008-IR-03 | April 10, 2008 |
TransAlta Corporation & Kelly, Luttmer and Associates Ltd.An individual made a complaint alleging that his employer, TransAlta Corporation (TransAlta), and the employer’s contracted service provider, Kelly, Luttmer… [More]An individual made a complaint alleging that his employer, TransAlta Corporation (TransAlta), and the employer’s contracted service provider, Kelly, Luttmer and Associates Ltd. (KLA), contravened PIPA. The investigation found that the organizations contravened PIPA. The investigation resulted in four recommendations.
|
|
PIPA | 2008 | P2008-IR-02 | March 5, 2008 |
DeVry Canada LLC (DeVry Institute of Technology)An individual made a complaint alleging that DeVry Institute of Technology (DeVry) failed to adequately protect his personal information. The… [More]An individual made a complaint alleging that DeVry Institute of Technology (DeVry) failed to adequately protect his personal information. The complainant alleged a DeVry employee fraudulently used the complainant's personal information for a credit application. The investigation found that DeVry failed to make reasonable security arrangements to protect personal information, as required by section 34 of PIPA. The investigation resulted in 10 recommendations.
|
|
PIPA | 2008 | NR | P2008-IR-01 | January 7, 2008 |
Alberta Motor Association Insurance CompanyIndividuals made a complaint after the Alberta Motor Association Insurance Company (AMA) conducted an investigation to detect insurance fraud and… [More]Individuals made a complaint after the Alberta Motor Association Insurance Company (AMA) conducted an investigation to detect insurance fraud and required the verification of personal information provided by the complainants. The investigation found that AMA did not contravene PIPA when it collected information about the complainants and disclosed information about them to a bankruptcy trustee without their consent.
|
PIPA | 2007 | NR | P2007-IR-07 | December 17, 2007 |
Ticketmaster Canada Ltd.An individual made a complaint after he went on Ticketmaster Canada Ltd.’s website to purchase tickets for an event. During… [More]An individual made a complaint after he went on Ticketmaster Canada Ltd.’s website to purchase tickets for an event. During the online transaction, the complainant was unable to proceed with his on-line ticket purchase unless he consented to Ticketmaster’s “Use of Personal Information” privacy statement. The complainant was particularly concerned with the contents of this privacy statement, which authorized Ticketmaster to share his email address with event providers for the event providers’ marketing purposes. The investigation determined Ticketmaster contravened PIPA by requiring online customers to consent to the use of personal information for the event provider’s marketing purposes, as a condition of a ticket sales transaction. The investigation also determined Ticketmaster’s online opt-out process did not allow customers to make an informed decision about consent. It also did not offer customers a reasonable opportunity to decline or object to the use of their personal information for event providers’ marketing purposes. Ticketmaster’s online privacy policy was also found to be complex and ambiguous.
|
PIPA | 2007 | NR | P2007-IR-06 | September 24, 2007 |
TJX Companies Inc. & Winners Merchant International LPThe OIPC and the Office of the Privacy Commissioner of Canada completed a joint investigation that found the risk of… [More]The OIPC and the Office of the Privacy Commissioner of Canada completed a joint investigation that found the risk of a breach of sensitive personal information held by TJX Companies Inc., the US parent company of Winners and HomeSense stores in Canada, was foreseeable, but the company failed to put in place adequate security safeguards.
|
FOIP | 2007 | NR | P2007-IR-05 & F2007-IR-04 | August 20, 2007 |
Hearing Conservation Consultants Ltd. & Alberta Infrastructure and TransportationAn individual made a complaint alleging that his former employer, Hearing Conservation Consultants Ltd. (HCC), improperly disclosed his personal information… [More]An individual made a complaint alleging that his former employer, Hearing Conservation Consultants Ltd. (HCC), improperly disclosed his personal information under PIPA to Infrastructure and Transportation’s driver fitness and monitoring branch. The complainant maintained that Infrastructure and Transportation collected his personal information from his former employer without proper authority under FOIP and then used it to place conditions on his driving privileges. The investigation found that HCC was in compliance with PIPA and Infrastructure and Transportation was in compliance with FOIP. However, there were four recommendations made in the investigation.
|
PIPA | 2007 | NR | P2007-IR-04 | April 10, 2007 |
EPCOR Utilities Inc.An individual made a complaint alleging that EPCOR collected, used and disclosed his personal information without consent. The complainant, an… [More]An individual made a complaint alleging that EPCOR collected, used and disclosed his personal information without consent. The complainant, an EPCOR employee at the time, took a leave of absence from EPCOR. Shortly thereafter, EPCOR received unsolicited information suggesting the complainant was about to begin work for another company. EPCOR contacted the other company to verify the complainant’s alleged employment there. The investigation found that EPCOR had collected, used and disclosed the complainant’s personal information to investigate a possible contravention of the complainant’s employment agreement. As such, consent was not required. Further, the investigation found that the information qualified as personal employee information under PIPA and the complainant was notified at the time of hire that his personal information could be collected, used or disclosed for investigation purposes.
|
PIPA | 2007 | NR | P2007-IR-03 | March 19, 2007 |
West Energy Ltd.The Commissioner initiated an investigation when personal information, submitted in a well licensing application, was posted on a public website… [More]The Commissioner initiated an investigation when personal information, submitted in a well licensing application, was posted on a public website after the Energy and Utilities Board (EUB) electronically received it from West Energy Ltd. The information was about residents in the emergency planning zone of two proposed sour gas wells and included, among other sensitive data, health information, information about the whereabouts of children and when homes would be vacant. The investigation found that West Energy ought to have known that licensing applications are made public on the EUB website and should therefore not have included sensitive information intended for the confidential emergency response plan. It was recommended that West Energy review with the EUB the application requirements; develop a privacy policy; have a specially trained privacy officer review all of its applications prior to submission to the EUB to ensure the personal information disclosed is limited to only that which is required.
|
PIPA | 2007 | NR | P2007-IR-02 | February 20, 2007 |
Midwest Property Management, Able, Apton, Morris & Stagg Inc., Nor-Don Collection Network, Inc., and Complete Collection Centers International Ltd.An individual made a complaint alleging that after she moved out of a rental apartment managed by Midwest Property Management… [More]An individual made a complaint alleging that after she moved out of a rental apartment managed by Midwest Property Management (Midwest), she received a notice from a collection agency. She disputed that any money was owed by her and settled the issue with Midwest. Midwest confirmed that the charges assessed would be waived and that the collection agency would be directed to close the account. Subsequently, two more collection agencies contacted her. She followed up with both collection agencies and the errors were addressed. The investigation found that Midwest failed to establish how each of its successive collection agencies would maintain and then return files. One of the collection agencies was found to be in contravention of PIPA by producing inaccurate information. Midwest also breached PIPA by facilitating its contractors’ use of inaccurate personal information without a reasonable purpose and without consent. There were four recommendations made to the organizations.
|
PIPA | 2007 | NR | P2007-IR-01 | February 12, 2007 |
Wilson Banwell Human Solutions Inc.An individual made a complaint alleging that Wilson Banwell Human Solutions Inc. (Wilson Banwell) disclosed and failed to protect personal… [More]An individual made a complaint alleging that Wilson Banwell Human Solutions Inc. (Wilson Banwell) disclosed and failed to protect personal information in contravention of PIPA. After failing to pass a drug and alcohol test, the complainant was referred to Wilson Banwell, an employee assistance provider, for a “return to work assessment.” He signed a consent authorizing release of “assessment / treatment summaries” to his employer to facilitate his return to work. The complainant believed Wilson Banwell would limit its report to recommendations arising from the assessment. However, the Wilson Banwell psychologist sent a three-page report to both the complainant’s employer and union. The investigation found that despite having comprehensive and articulate privacy policies addressing collection, use and disclosure of personal information, notification of purpose, consent protocols, and information security, contraventions of PIPA by employees may still occur.
|
PIPA | 2006 | NR | P2006-IR-05 | September 26, 2006 |
MD Management Ltd.The investigation into a stolen laptop determined that MD Management, a financial services subsidiary of the Canadian Medical Association, did… [More]The investigation into a stolen laptop determined that MD Management, a financial services subsidiary of the Canadian Medical Association, did not adequately protect the personal information in its custody. While there were administrative policies in place to protect personal information, MD Management did not implement adequate technical safeguards, such as encryption.
|
PIPA | 2006 | NR | P2006-IR-04 | September 14, 2006 |
Alberta Regional Council of CarpentersAn individual made a complaint about how the Alberta Regional Council of Carpenters (RCC) was collecting and protecting personal information… [More]An individual made a complaint about how the Alberta Regional Council of Carpenters (RCC) was collecting and protecting personal information of members. The individual also said RCC failed to assist him in a request for information. The investigation found that there were reasonable security arrangements to protect personal information. There were recommendations for responding to access requests, limiting collection and retention.
|
PIPA | 2006 | NR | P2006-IR-03 | April 19, 2006 |
Monarch Beauty SupplyThe investigation found that Monarch Beauty Supply, a beauty trade company with operations across the USA and Canada, improperly disposed… [More]The investigation found that Monarch Beauty Supply, a beauty trade company with operations across the USA and Canada, improperly disposed of 2,606 customer credit and debit card sales receipts by placing them in an unlocked dumpster. These receipts were stolen and (in at least one case) used to commit fraud. There were four recommendations, including notifying individuals affected by the breach.
|
PIPA | 2006 | NR | P2006-IR-02 | April 3, 2006 |
CIR Realtors and PDL Mobility Ltd.A realtor with CIR Realtors called his own customer service agents on a number of occasions to see how his… [More]A realtor with CIR Realtors called his own customer service agents on a number of occasions to see how his incoming calls were handled by PDL Mobility Ltd., a third party service provider to CIR Realtors. Recordings of the complainant’s telephone calls, during which he berated PDL employees, were later used by CIR in deciding to terminate the complainant’s contract. The investigation found that CIR contravened PIPA when the call centre collected and used the complainant’s personal information without consent, and without notifying him that his calls were being recorded.
|
PIPA | 2006 | NR | P2006-IR-01 | January 24, 2006 |
Business Depot Ltd. (Operating as Staples Business Depot)An individual made a complaint when Staples Business Depot sold a used computer that contained personal information of the previous… [More]An individual made a complaint when Staples Business Depot sold a used computer that contained personal information of the previous customer. The investigation found that Staples contravened PIPA by failing to safeguard information when it did not attempt to remove the previous customer's personal information before it was re-sold.
|
PIPA | 2005 | NR | P2005-IR-09 | November 3, 2005 |
Precision Drilling CorporationAn individual made a complaint alleging that Precision Drilling Corporation (Precision) improperly collected personal information from an event data recorder… [More]An individual made a complaint alleging that Precision Drilling Corporation (Precision) improperly collected personal information from an event data recorder in a privately-owned motor vehicle and used the data in a decision to terminate the employee who was operating the vehicle for work purposes. The investigation found in the specific circumstances of this case, Precision did not breach PIPA when it collected the data from the privately-owned vehicle. Precision had properly established policies to support its recording program.
|
PIPA | 2005 | NR | P2005-IR-08 | August 24, 2005 |
SAS Institute CanadaAn individual made a complaint that SAS Institute Canada (SAS) had requested a credit report during the employment recruitment process.… [More]An individual made a complaint that SAS Institute Canada (SAS) had requested a credit report during the employment recruitment process. The investigation found that the personal credit information collected by SAS was not reasonably required to establish an employment relationship as there were other less intrusive and more effective means to meet SAS' purposes.
|
PIPA | 2005 | NR | P2005-IR-07 | August 3, 2005 |
Canadian TireTwo complaints to the OIPC reported that a Canadian Tire store in Calgary and a Canadian Tire Store in Sherwood… [More]Two complaints to the OIPC reported that a Canadian Tire store in Calgary and a Canadian Tire Store in Sherwood Park refused to complete a return of good transaction unless the customers provided their driver's licence number or other identification. The investigator found that the Calgary store contravened PIPA by collecting and retaining driver's licence numbers in its merchandise return system. There was no evidence the Sherwood Park had retained the driver's licence numbers.
|
PIPA | 2005 | NR | P2005-IR-06 | July 21, 2005 |
CBV Collection Services Ltd.An individual made a complaint reporting that CBV Collection Services Ltd. (CBV) faxed a form to the complainant’s place of… [More]An individual made a complaint reporting that CBV Collection Services Ltd. (CBV) faxed a form to the complainant’s place of employment, and specifically to a non-confidential fax machine. In so doing, the complainant alleged CBV failed to adequately protect her personal information from possible disclosure to other colleagues and employees in her workplace. The investigation found that a CBV employee acted contrary to policy.
|
PIPA | 2005 | NR | P2005-IR-05 | July 12, 2005 |
Builders Energy Services Ltd., Stikeman Elliott LLP, Shtabsky & Tussman LLP and Remote Wireline Services Ltd.The Commissioner opened an investigation into the disclosure of employee home addresses and social insurance numbers (SINs) by law firms… [More]The Commissioner opened an investigation into the disclosure of employee home addresses and social insurance numbers (SINs) by law firms on both sides of a business deal involving a purchase of nine oilfield service companies by Builders Energy Services Ltd. The investigation found that the disclosure of the home addresses and SINs was not necessary for the purpose of the business transaction, and any subsequent disclosures were unnecessary.
|
PIPA | 2005 | NR | P2005-IR-04 | May 13, 2005 |
R.J. Hoffman Holdings Ltd.An individual made a complaint alleging that R.J. Hoffman Holdings Ltd (Hoffman Holdings). Hoffmans installed video surveillance cameras throughout its… [More]An individual made a complaint alleging that R.J. Hoffman Holdings Ltd (Hoffman Holdings). Hoffmans installed video surveillance cameras throughout its Lloydminster premises for the following purposes asset security and employee safety and employee performance management. The investigation found that the collection of personal employee information for the purposes of managing employee productivity would not be considered reasonable in this case and would contravene PIPA.
|
PIPA | 2005 | NR | P2005-IR-03 | January 31, 2005 |
Digital Communications Group Inc.Edmonton Police Service (EPS) notified the OIPC that documents containing personal information from a number of businesses, including Linens ‘N… [More]Edmonton Police Service (EPS) notified the OIPC that documents containing personal information from a number of businesses, including Linens ‘N Things, Nor-Don Collection Network Inc., and Digital Communications Group Inc., were found during a police investigation. The investigation found that these businesses failed to protect personal information in their custody, and recommended them to notify individuals affected by the breach.
|
PIPA | 2005 | NR | P2005-IR-02 | January 31, 2005 |
Nor-Don Collection Network Inc.Edmonton Police Service (EPS) notified the OIPC that documents containing personal information from a number of businesses, including Linens ‘N… [More]Edmonton Police Service (EPS) notified the OIPC that documents containing personal information from a number of businesses, including Linens ‘N Things, Nor-Don Collection Network Inc., and Digital Communications Group Inc., were found during a police investigation. The investigation found that these businesses failed to protect personal information in their custody, and recommended them to notify individuals affected by the breach.
|
PIPA | 2005 | NR | P2005-IR-01 | January 31, 2005 |
Linens ‘N ThingsEdmonton Police Service (EPS) notified the OIPC that documents containing personal information from a number of businesses, including Linens ‘N… [More]Edmonton Police Service (EPS) notified the OIPC that documents containing personal information from a number of businesses, including Linens ‘N Things, Nor-Don Collection Network Inc., and Digital Communications Group Inc., were found during a police investigation. The investigation found that these businesses failed to protect personal information in their custody, and recommended them to notify individuals affected by the breach.
|
PIPA | 2004 | NR | P2004-IR-02 | October 15, 2004 |
Melrose Rural Electrification Association, ATCO Electric and Direct Energy Marketing LimitedAn individual made a complaint that the Melrose Rural Electrification Association (Melrose REA) and its service provider, ATCO Electric, had… [More]An individual made a complaint that the Melrose Rural Electrification Association (Melrose REA) and its service provider, ATCO Electric, had disclosed customer information to Direct Energy Marketing Limited (Direct Energy) in contravention of PIPA. The investigation found that the disclosure of personal information between the parties was done in accordance with PIPA, which allows the disclosure without consent if the future use and disclosure of personal (customer) information is limited to the provision of services originally undertaken by ATCO Electric.
|
PIPA | 2004 | NR | P2004-IR-01 | July 26, 2004 |
EPCORThe Commissioner received privacy complaints about EPCOR’s personal information collection practices. The investigation found that EPCOR was collecting personal information… [More]The Commissioner received privacy complaints about EPCOR's personal information collection practices. The investigation found that EPCOR was collecting personal information beyond what was required for their business purposes and did not adequately notify customers as to the purposes for which social insurance numbers were used.
|
HIA | 2021 | NR | H2021-IR-01 | July 29, 2021 |
Babylon Health Canada Ltd.The OIPC issued its findings and recommendations after investigating the Babylon by Telus Health app under HIA. There were eight… [More]The OIPC issued its findings and recommendations after investigating the Babylon by Telus Health app under HIA. There were eight findings and 11 recommendations made in this investigation.
|
HIA | 2019 | H2019-IR-01 | May 21, 2019 |
Dr. Peter IdahosaThis investigation was opened after the OIPC received a breach report that alleged unauthorized accesses and disclosures of health information… [More]This investigation was opened after the OIPC received a breach report that alleged unauthorized accesses and disclosures of health information at Consort and District Medical Society Clinic. The investigation found that certain employees accessed, used and disclosed health information in contravention of HIA. The investigation also found that the custodian failed to implement administrative safeguards and did not adhere to technical safeguards. There were four recommendations made, based on the findings.
|
|
HIA | 2018 | NR | H2018-IR-01 | October 17, 2018 |
Alberta Health ServicesThis investigation was opened after Alberta Health Services (AHS) reported a privacy breach to the OIPC about a former employee… [More]This investigation was opened after Alberta Health Services (AHS) reported a privacy breach to the OIPC about a former employee who had improperly accessed the health information of more than 12,000 individuals between 2004 to 2015 in Netcare, the provincial electronic health record, and Netcare Person Directory, a subsystem of the provincial electronic health record. After AHS notified affected individuals, the OIPC received a total of 30 written complaints from affected individuals. Given the number of affected individuals in this case, the number of complaints submitted to the OIPC and media coverage of this matter, the Commissioner opened this investigation to review whether the employee’s accesses were in compliance with HIA and whether AHS took reasonable steps to safeguard health information.
|
HIA | 2017 | NR | H2017-IR-02 | November 29, 2017 |
Alberta Health ServicesThe Commissioner opened an investigation after Alberta Health Services (AHS) reported a breach. The investigation found that AHS contravened HIA… [More]The Commissioner opened an investigation after Alberta Health Services (AHS) reported a breach. The investigation found that AHS contravened HIA when 49 of its employees accessed and used the health information of a patient and her daughter for unauthorized purposes. The unauthorized activities took place at the South Health Campus emergency department in Calgary.
|
HIA | 2017 | H2017-IR-01 | October 2, 2017 |
Dr. Justin Charles SebastianThe Commissioner opened this investigation after Dr. Justin Charles Sebastian reported to the OIPC that a consultation letter he prepared… [More]The Commissioner opened this investigation after Dr. Justin Charles Sebastian reported to the OIPC that a consultation letter he prepared concerning one of his patients was inadvertently made accessible over the internet as a result of actions taken by an outside company he hired to provide transcription services. The investigation highlights the importance of signing an information agreement with contractors or with any other person or body who are defined as information managers in HIA.
|
|
HIA | 2015 | NR | H2015-IR-01 | December 9, 2015 |
Alberta's Health SectorAs the health sector prepared for mandatory breach reporting and notification provisions, the Commissioner released this investigation on the management… [More]As the health sector prepared for mandatory breach reporting and notification provisions, the Commissioner released this investigation on the management of privacy breaches and the health sector's readiness for the amendments when they come into force. The investigation found that practices vary widely and the health sector is not uniformly prepared for mandatory breach reporting and notification. The investigation made a number of recommendations, including considerable training and education.
|
HIA | 2014 | NR | H2014-IR-01 | August 26, 2014 |
Medicentres Canada Inc.The Commissioner opened an investigation after the theft of a Medicentres Canada Inc. laptop that contained billing information for 621,884… [More]The Commissioner opened an investigation after the theft of a Medicentres Canada Inc. laptop that contained billing information for 621,884 individuals. The investigation found that Medicentres contravened HIA by failing to consider privacy risks and by failing to take reasonable steps to safeguard health information on the laptop computer. Medicentres, acting as the physicians’ information manager, contravened HIA by failing to implement these controls. Also, it did not provide guidance to the contractor whose laptop was stolen about the protection of health information.
|
HIA | 2013 | NR | H2013-IR-02 | December 5, 2013 |
Amani Pharmacy Ltd.A woman made a complaint alleging that a pharmacist contacted her twice by phone and attempted to establish a relationship… [More]A woman made a complaint alleging that a pharmacist contacted her twice by phone and attempted to establish a relationship with her on Facebook. The woman was concerned that the pharmacist had obtained her contact information when she filled a prescription at the pharmacy. The investigation found that the pharmacist misused health information and the pharmacy manager failed to implement reasonable safeguards to protect confidentiality, including providing privacy and security training to the pharmacist.
|
HIA | 2013 | NR | H2013-IR-01 | July 24, 2013 |
Dr. Dianne Smith & Dr. Ashif JafferThe Commissioner opened an investigation after a physician reported that she had lost custody and control of her patients’ health… [More]The Commissioner opened an investigation after a physician reported that she had lost custody and control of her patients' health information from the Didsbury Medical Clinic. The physician said the information may be in the custody of the clinic's electronic medical record service provider. The investigation revealed that the non-physician owner of the clinic had signed the agreement with the service provider, rather than the physicians. Neither physician working at the clinic had signed an agreement directly with the service provider, contravening HIA.
|
HIA | 2012 | H2012-IR-01 | October 4, 2012 |
Calgary Co-op Shawnessy Centre PharmacyAn individual made a complaint after being presented with a form by his pharmacist that asked him if he had… [More]An individual made a complaint after being presented with a form by his pharmacist that asked him if he had “any condition that affects the immune system such as cancer, AIDS, etc” when he went to the Co-op Shawnessy Centre Pharmacy to get a vitamin B12 injection. He believed that even asking the question constituted an excessive collection of health information. The pharmacy acknowledged that there is no clinical need to collect information on a patient’s immune system function when they are seeking the health service sought by the individual, although it does administer some drugs and vaccines by injection where this information is clinically relevant. The investigation made recommendations for changes in practice and documentation surrounding the administration of injections.
|
|
HIA | 2011 | NR | H2011-IR-04 | November 30, 2011 |
Covenant HealthThree individuals made complaints alleging that a Covenant Health physician had viewed their health information without proper authority under HIA.… [More]Three individuals made complaints alleging that a Covenant Health physician had viewed their health information without proper authority under HIA. The investigation determined that the physician contravened HIA by misusing Netcare, the provincial electronic health record system. The investigation found that Covenant Health had a policy intended to prevent this kind of abuse, but that it did not train its physicians in information security and did not implement technical controls to enforce individual accountability for Netcare use.
|
HIA | 2011 | NR | H2011-IR-03 | August 19, 2011 |
University of Calgary Medical ClinicsThe Commissioner opened an investigation after the University of Calgary reported that a server had been infected by viruses, which… [More]The Commissioner opened an investigation after the University of Calgary reported that a server had been infected by viruses, which allowed the creation of back door that in turn allows an external party to take control of and to steal data from the affected computer. The investigation found the root cause of the breach was an unmanaged computer server that was not included in regular security scans. The server’s operating system and anti-virus software were out of date and the server had several unnecessary administrator accounts, which allowed malicious software to spread. The investigation made several recommendations, including conducting an annual review of information systems to ensure that health information is safe, conducting a risk assessment before installing new equipment or software and to provide annual training to staff.
|
HIA | 2011 | NR | H2011-IR-02 | August 3, 2011 |
Covenant HealthAn individual complained that she had been approached to participate in a study and she wanted to know how the… [More]An individual complained that she had been approached to participate in a study and she wanted to know how the researcher had accessed her health record. The investigation revealed the physician who was conducting the study did not follow proper research procedures in HIA before contacting the complainant. Covenant Health was the custodian of the health information in question. Besides being a researcher, the physician also worked at a Covenant Health clinic. The physician used health information available through the physician’s work at Covenant Health to contact potential research subjects without entering into a research agreement with Covenant Health as required by HIA. Covenant Health was unaware of this activity and had not authorized the research.
|
FOIP | 2011 | H2011-IR-01 & F2011-IR-01 | May 25, 2011 |
Alberta Health ServicesAn individual made a complaint alleging that his health information had been collected and used by employees of the former… [More]An individual made a complaint alleging that his health information had been collected and used by employees of the former Calgary Health Region (CHR), now Alberta Health Services (AHS), in contravention of HIA. The investigation found that HIA does not require consent when health information is collected or used for the purpose of providing a health service to an individual. However, the investigation resulted in four recommendations.
|
|
HIA | 2010 | NR | H2010-IR-02 | August 17, 2010 |
Dr. Anthony FordThe Commissioner opened an investigation after a property management firm contacted the OIPC to report that staff had discovered 10… [More]The Commissioner opened an investigation after a property management firm contacted the OIPC to report that staff had discovered 10 boxes of records in the former office space of the Highland Park Medical Centre rented by Dr. Anthony Ford. This was the second time medical records had been recovered from the same office space. The investigation found that Dr. Ford had contravened HIA by failing to conduct an inventory after moving offices to ensure no files had been left behind.
|
HIA | 2009 | NR | H2009-IR-07 | December 9, 2009 |
Alberta Health ServicesThe Commissioner opened an investigation after Alberta Health Services (AHS) announced that a computer virus may have exposed health information… [More]The Commissioner opened an investigation after Alberta Health Services (AHS) announced that a computer virus may have exposed health information of up to 11,582 people from Netcare, the provincial electronic health record system. The virus was designed to steal information displayed on infected computers and send the data to an unknown party. The investigation concluded that AHS did not contravene HIA. While some areas for improvement were noted, the investigation determined that Alberta Health Services had reasonable measures in place to protect against viruses. In fact, AHS discovered Coreflood after its anti-virus system failed to do so. AHS removed the virus, performed a forensic investigation, notified those affected by mail and enhanced security controls to prevent similar incidents.
|
HIA | 2009 | NR | H2009-IR-06 | October 20, 2009 |
Dr. Johan MyburghAn individual made a complaint when remarks by his ex-wife convinced him that she had knowledge of his medical information… [More]An individual made a complaint when remarks by his ex-wife convinced him that she had knowledge of his medical information without his consent. Specifically, the individual alleged that an employee of his doctor’s office had accessed his health information in the clinic’s electronic medical record (EMR) and disclosed information about him stopping a particular medication to his ex-wife. While the investigation found no evidence to support the complainant’s allegations, it was discovered that almost two years of health information had been permanently lost by the clinic when it switched EMR systems. The investigation found this to be a contravention of HIA, which requires custodians to take steps to protect health information against reasonably anticipated threats such as loss.
|
HIA | 2009 | NR | H2009-IR-05 | November 24, 2009 |
Dr. James KozanAn individual complained to the Commissioner that an employee at the Bigelow Fowler Clinic in Lethbridge had disclosed his health… [More]An individual complained to the Commissioner that an employee at the Bigelow Fowler Clinic in Lethbridge had disclosed his health information to his employer. The complainant’s employer claimed to have called the clinic to inquire about a day-off he had taken for illness. In a letter to the complainant, the employer said a clinic staff member had checked an electronic database during this call to verify his appointment times. The investigation found that the clinic's electronic medical record (EMR) system log had been turned off. The investigation found that the Clinic contravened section 60 of HIA for failing to turn on its EMR logging system. The investigation resulted in three recommendations.
|
HIA | 2009 | NR | H2009-IR-04 | May 26, 2009 |
Caritas Health GroupThe investigation was opened after an individual received a three-page fax in error from the Misericordia Hospital which contained detailed… [More]The investigation was opened after an individual received a three-page fax in error from the Misericordia Hospital which contained detailed records of the birth and subsequent medical treatment of a child which had been given up for adoption. The records identified the child by name, date of birth, patient identification number and unique lifetime identifier. The records also identified the adoptive parents and contained information about the biological mother. The investigation determined that the unauthorized disclosure of this sensitive health information could have been avoided had the custodians accessed the report through Netcare instead of faxing it multiple times.
|
FOIP | 2009 | H2009-IR-03 & F2009-IR-01 | April 14, 2009 |
Caritas Health Group & Capital HealthAn individual made a complaint after alleging that her employer, Caritas Health Group, told her that it had accessed Netcare… [More]An individual made a complaint after alleging that her employer, Caritas Health Group, told her that it had accessed Netcare in search of laboratory results to determine her immunization status for the purpose of employment. The investigation found that FOIP, not HIA, applied in the circumstances. The investigation found that FOIP authorized the collection of the complainant’s immunization records, but the manner in which the information was collected was flawed. The investigation resulted in five recommendations.
|
|
HIA | 2009 | NR | H2009-IR-02 | February 3, 2009 |
Dr. David F. MellerAn individual made a complaint after discovering that his physician had disclosed his health information in response to a subpoena… [More]An individual made a complaint after discovering that his physician had disclosed his health information in response to a subpoena issued by a Montana court. The individual questioned whether the physician had jurisdiction to release his records under HIA. There is a process to have foreign court orders and subpoenas recognized by an Alberta court, but it was not followed in this case. The physician had no authority to directly respond to the Montana subpoena.
|
HIA | 2009 | H2009-IR-01 & P2009-IR-01 | January 6, 2009 |
Lamont Health Care Centre, Dr. Jaime Wagan Namit & Great-West Life Assurance CompanyAn individual made a complaint about the disclosure of her health information by her physician, Dr. Jaime Wagan Namit, to… [More]An individual made a complaint about the disclosure of her health information by her physician, Dr. Jaime Wagan Namit, to her employer, Lamont Health Care Centre (LHCC), and an insurance company, Great-West Life Assurance Company (GWL). The investigation found that LHCC’s practice of assuming custodianship of a practicing community based physician’s charts contravened HIA, and resulted in a breach of the complainant’s privacy. The investigation found that GWL’s collection of personal information was limited to the extent reasonable to meet its purposes. The investigation resulted in one recommendation.
|
|
HIA | 2008 | H2008-IR-03 | October 21, 2008 |
East Central HealthEast Central Health (ECH) reported to the Commissioner that a laptop containing health information had been stolen from the Two… [More]East Central Health (ECH) reported to the Commissioner that a laptop containing health information had been stolen from the Two Hills Health Centre. The investigation found that ECH had taken many steps to protect health information that must be stored on laptop computers. These steps included conducting a risk assessment prior to using mobile devices, and ensuring that mobile devices that store health information are encrypted and that they also adhere to minimum regional standards related to physical security and passwords. ECH also recognized the need to support these practices through the development of policies and procedures and had drafted policies for privacy and security controls.
|
|
HIA | 2008 | NR | H2008-IR-02 | July 3, 2008 |
A complaint was made after an individual received his health information but was also given health information belonging to other…
[More]
A complaint was made after an individual received his health information but was also given health information belonging to other individuals. The investigation noted the physician had taken measures to ensure his data were accurate, but that a third party service provider introduced an error and another records service provider failed to check records before sending them out. These errors may have been avoided if the parties involved had given more attention to the provisions in HIA for information managers. The investigation resulted in three recommendations.
|
HIA | 2008 | NR | H2008-IR-01 | May 15, 2008 |
Health and Wellness, David Thompson Health Region & a PharmacistA woman asked her pharmacist to limit the disclosure of her health information through Netcare, but was told the pharmacist… [More]A woman asked her pharmacist to limit the disclosure of her health information through Netcare, but was told the pharmacist could not refuse to disclose information to Health and Wellness. The investigation confirmed that individuals can ask that disclosure of their health information through Netcare be limited. The investigation recommended Health and Wellness to take steps to fully implement the technology that will allow custodians to limit the disclosure of health information through Netcare and communicate the availability of this option to Netcare users and Albertans.
|
HIA | 2007 | NR | H2007-IR-02 | November 5, 2007 |
Capital HealthThe Commissioner opened an investigation after receiving a privacy breach report from Capital Health that said four laptops containing health… [More]The Commissioner opened an investigation after receiving a privacy breach report from Capital Health that said four laptops containing health information had been stolen from an office. The investigation determined that Capital Health contravened HIA when it did not maintain adequate safeguards to protect health information stored on laptop computers. There were four recommendations made to Capital Health.
|
HIA | 2007 | NR | H2007-IR-01 | August 30, 2007 |
Health Quality Council of Alberta & David Thompson Health RegionThe Commissioner opened an investigation into the Health Quality Council of Alberta (HQCA) and David Thompson Health Region after an… [More]The Commissioner opened an investigation into the Health Quality Council of Alberta (HQCA) and David Thompson Health Region after an individual, who had received an 80 page survey by mail, made a complaint. The survey contained a covering letter that included some of the complainant's health information. The health information had been provided to HQCA by the David Thompson Health Region so that a sample of patients could be selected to survey. The individual questioned how HQCA obtained his health information and its efforts to secure the information. The investigation concluded that the David Thompson Health Region had authority to disclose health information to HQCA and that HQCA had authority to collect the information under HIA and FOIP. The investigation also found that HQCA had conducted a privacy impact assessment prior to conducting the survey, and had taken reasonable steps to secure the information.
|
HIA | 2006 | NR | H2006-IR-02 | December 5, 2006 |
Calgary Health RegionThe Commissioner initiated an investigation after a laptop was stolen from Calgary Health Region (CHR). The investigation found that CHR… [More]The Commissioner initiated an investigation after a laptop was stolen from Calgary Health Region (CHR). The investigation found that CHR had policies in place that would have protected the stolen laptop and the information it contained, but those policies were not fully implemented by the program area affected by the breach, including no encryption on the laptop.
|
HIA | 2006 | NR | H2006-IR-01 | February 2, 2006 |
Wal-Mart PharmacyThe Commissioner was asked to investigate after an individual was unable to purchase insulin because he refused to provide a… [More]The Commissioner was asked to investigate after an individual was unable to purchase insulin because he refused to provide a pharmacist with personal information. The investigation established the collection of the prospective purchaser’s name, address, date of birth, phone number and other relevant information pertaining to any allergies or medical conditions by a pharmacist is permitted under HIA.
|
HIA | 2005 | NR | H2005-IR-02 | December 12, 2005 |
Alberta Cancer BoardIndividuals made complaints expressing concern th at information related to a woman’s Papanicolaou (Pap test) is disclosed without consent to… [More]Individuals made complaints expressing concern th at information related to a woman’s Papanicolaou (Pap test) is disclosed without consent to the Alberta Cancer Board (ACB), and that there is no ability for a woman to opt-out of the program. The investigation found that the ACB had authority to collect, use or disclose health information, but did not meet the duty under HIA to consider an individual’s expressed wish about how much health information to disclose.
|
PIPA | 2005 | NR | H2005-IR-01 | June 30, 2005 |
Health and WellnessThe Commissioner initiated an investigation into the loss of a missing data tape containing information related to the administration of… [More]The Commissioner initiated an investigation into the loss of a missing data tape containing information related to the administration of the Alberta Health Care Insurance Plan (AHCIP), specifically group premium statement information. The investigation recommended that Health and Wellness notify all affected Albertans, as the data tape had not been located.
|
HIA | 2004 | NR | H2004-IR-01 | December 7, 2004 |
RJA Medicentres Canada Inc., Capital Health, Hys Centre Physicial Therapy Ltd., et al.In the OIPC’s first joint investigation with the Office of the Privacy Commissioner of Canada, the offices found that misdirected… [More]In the OIPC's first joint investigation with the Office of the Privacy Commissioner of Canada, the offices found that misdirected faxes sent to an Alberta couple contravened provincial and federal privacy laws. The intended recipient was a health services provider. The investigation recommended that the organizations that sent the faxes implement additional measures to protect personal information.
|
HIA | 2003 | NR | H2003-IR-03 | September 25, 2003 |
Family Care Medical CentreThe Family Care Medical Centre was broken into and computers were stolen. The computers were connected to the clinic’s electronic… [More]The Family Care Medical Centre was broken into and computers were stolen. The computers were connected to the clinic’s electronic medical record (EMR) system. The investigation found that the clinic had met the requirements of HIA by completing a privacy impact assessment and implementing safeguards to protect health information. Although computers were stolen, health information was protected as the clinic had saved all health information to a data server that was secured in a locked room. The report noted that the steps taken by the clinic to comply with HIA and implement safeguards to protect health information served to keep this incident from becoming a privacy breach.
|
HIA | 2003 | NR | H2003-IR-02 | June 23, 2003 |
Associate Medical ClinicAn investigation was opened after a television broadcaster reported the discovery of health information on the hard drive of a… [More]An investigation was opened after a television broadcaster reported the discovery of health information on the hard drive of a used computer purchased by an individual in Calgary, Alberta. The records/information contained health information related to medical care and treatment provided by physicians at the Associate Medical Clinic. The investigation noted that this was an unfortunate situation involving custodians who take the privacy and confidentiality of health information seriously, but that custodians must maintain safeguards to protect health information, including appropriate measures to ensure proper disposal of health information. The investigation recommended that computer data storage components or portable media containing health information that requires exchange or disposal should be destroyed, or the health information should be permanently deleted through use of a commercial disk wiping utility.
|
FOIP | 2003 | NR | H2003-IR-01 & F2003-IR-03 | May 30, 2003 |
Northern Lights School Division and Mental Health BoardAn individual made a complaint that the Mental Health Board (MHB) disclosed health information related to a suicide attempt in… [More]An individual made a complaint that the Mental Health Board (MHB) disclosed health information related to a suicide attempt in contravention of HIA and Northern Lights School Division # 69 (NLSD) collected personal information in contravention of FOIP. The investigation found that the MHB’s disclosure of health information and NLSD's collection of personal information were authorized by HIA and FOIP, as the disclosure and collection were made for the purpose of providing continuing treatment and care in an effort to ensure the safety of the student. However, the investigation found that the school did not have reasonable security arrangements in place to protect against unauthorized access to the information that had been collected, and a number of recommendations were made.
|
HIA | 2003 | H2002-IR-03 | February 3, 2003 |
Lakeland Regional Health AuthorityAn individual made a complaint stating that a doctor, as an affiliate of Lakeland Regional Health Authority, disclosed her health… [More]An individual made a complaint stating that a doctor, as an affiliate of Lakeland Regional Health Authority, disclosed her health information to family members without her consent, while she was in the hospital. The complainant cited an incident where the coctor disclosed health information to her father and sister-in-law, and a separate incident of disclosure to her father. The investigation found the disclosures were authorized by HIA.
|
|
HIA | 2002 | NR | H2002-IR-02 | November 25, 2002 |
Medicine ShoppeAn individual made a complaint against a pharmacist and a Medicine Shoppe pharmacy in Calgary alleging that her health information… [More]An individual made a complaint against a pharmacist and a Medicine Shoppe pharmacy in Calgary alleging that her health information was disclosed to her estranged husband in contravention of HIA. The investigation found that the pharmacist and pharmacy were required to obtain the individual’s consent before they provided a computer printout of a client’s prescription history to her estranged husband. The investigation also determined that the pharmacy and the pharmacist did not maintain administrative safeguards to protect the confidentiality of health information and the privacy of its clients, as required by the HIA.
|
FOIP | 2002 | NR | H2002-IR-01 | August 16, 2002 |
Capital Health Authority, Aspen Regional Health Authority and HealthWise HomeCare Inc.The Commissioner received a report from the Capital Health Authority (CHA) that computers containing individually identifying health information had been… [More]The Commissioner received a report from the Capital Health Authority (CHA) that computers containing individually identifying health information had been stolen from their affiliate, HealthWise HomeCare Inc. Aspen Regional Health Authority # 11 (Aspen) reported this incident to the Commissioner, as HealthWise HomeCare Inc. is also their affiliate. The investigation found that CHA and Aspen did not yet establish or adopt policies and procedures, and therefore did not maintain administrative safeguards required by the HIA. The investigation also found that HealthWise HomeCare Inc. had taken reasonable steps to protect health information.
|
FOIP | 2023 | F2023-IR-01 | April 20, 2023 |
City of EdmontonAn individual approached the OIPC asking the Commissioner for an investigation under FOIP into a concern she had about a… [More]An individual approached the OIPC asking the Commissioner for an investigation under FOIP into a concern she had about a new practice by the Dedicated Accessible Transit Service (DATS), which is operated by the City of Edmonton. The City of Edmonton had instituted a requirement that DATS clients answer questions about their health/COVID-19 status before a trip on the transit service would be booked. The questions helped determine the type of ride service required, including if there was a need for single-client transport versus multi-client transport. The investigation concluded that the City of Edmonton had authority under section 33(c) of FOIP to collect personal information, specifically the responses from its clients to the health/COVID-19 status screening questions. There were no recommendations for the City of Edmonton.
|
|
FOIP | 2020 | NR | F2020-IR-01 | July 29, 2020 |
Alberta Public BodiesThis investigation looked into the use of the “public interest override” provision (section 32) by public bodies under FOIP. The… [More]This investigation looked into the use of the “public interest override” provision (section 32) by public bodies under FOIP. The report includes an analysis of the public interest override in Alberta, survey results of Alberta public bodies regarding section 32, and a review of public interest disclosures in Canadian jurisdictions. The investigation found that Alberta public bodies understand and take seriously the requirement to disclose “information about a risk of significant harm to the environment or to the health or safety of the public” (section 32(1)(a)), but rarely turn their minds to disclosing information proactively when it is “clearly in the public interest” (section 32(1)(b)).
|
FOIP | 2019 | F2019-IR-02 | November 14, 2019 |
Justice and Solicitor GeneralThis investigation was opened after Justice and Solicitor General (JSG) submitted three section 55 applications to disregard five access requests.… [More]This investigation was opened after Justice and Solicitor General (JSG) submitted three section 55 applications to disregard five access requests. All of the requests were for closed circuit television recordings at the Calgary Remand Centre. In its section 55 applications, JSG requested that the Commissioner advise them to secure the responsive video records if they were to be preserved. Upon discovering those statements, the Commissioner requested JSG to confirm whether it had preserved the responsive records. JSG informed the Commissioner that all responsive records had been overwritten. The Commissioner initiated this investigation in response. The investigation resulted in four findings and 10 recommendations.
|
|
FOIP | 2019 | NR | F2019-IR-01 | March 12, 2019 |
Service AlbertaThis investigation looked into the management and storage of email at four Government of Alberta (GoA) departments – Service Alberta,… [More]This investigation looked into the management and storage of email at four Government of Alberta (GoA) departments – Service Alberta, Alberta Transportation, Alberta Education and Executive Council. The investigation was opened after the Official Opposition wrote to the Commissioner outlining several concerns about the GoA’s use of email, based on access to information request responses it had received from GoA departments. The investigation made three recommendations that centred on what Service Alberta’s information management compliance program should include and that Service Alberta should begin planning to implement a government-wide official records electronic storage repository.
|
FOIP | 2018 | NR | F2018-IR-03 | September 21, 2018 |
City of CalgaryThis investigation into an unauthorized disclosure of personal information by the City of Calgary was opened after the City of… [More]This investigation into an unauthorized disclosure of personal information by the City of Calgary was opened after the City of Calgary voluntarily reported a privacy breach to the OIPC. Seven individuals also submitted privacy complaints to the OIPC upon being notified about the breach by the City of Calgary. The investigation looked at whether the City of Calgary contravened FOIP when an employee disclosed personal information, whether reasonable safeguards to protect personal information were in place and, based on the concerns of complainants, reviewed whether the City of Calgary followed the key steps in responding to a privacy breach.
|
FOIP | 2018 | NR | F2018-IR-02 | June 19, 2018 |
Balancing PoolThe Commissioner opened this investigation after two applicants had concerns after receiving responses to similar access requests to the Balancing… [More]The Commissioner opened this investigation after two applicants had concerns after receiving responses to similar access requests to the Balancing Pool related to power purchase agreements. The investigation found that the Balancing Pool did not destroy records that were responsive to an access request. There was no evident connection between an instruction to delete a draft briefing note in an email and either of the applicants’ access requests or possible future access requests. Additionally, the instruction to delete the draft briefing note was not followed by the Balancing Pool. However, the investigation also found that the Balancing Pool was not fully aware of its records management policies and procedures. Furthermore, employees of the Balancing Pool were not trained at the time to understand the difference between official and transitory records.
|
FOIP | 2018 | NR | F2018-IR-01 | June 19, 2018 |
Government of AlbertaAfter the release of Investigation Report F2016-IR-01, an individual wrote a letter to the Commissioner with concerns that the apparent… [More]After the release of Investigation Report F2016-IR-01, an individual wrote a letter to the Commissioner with concerns that the apparent misunderstanding of the application of FOIP to the information held in Action Request Tracking System (ARTS) may have impacted responses he or others received to previous access requests made under FOIP. The Commissioner opened this investigation in response to those concerns. The investigation found that Government of Alberta departments, in responding to access requests where relevant records may be available through the ARTS database, make every reasonable effort to assist applicants and to respond to each applicant openly, accurately and completely as required by FOIP.
|
FOIP | 2017 | F2017-IR-04 | December 21, 2017 |
Alberta Gaming and Liquor CommissionThe Commissioner opened this investigation to review whether the Alberta Gaming and Liquor Commission (AGLC) is in compliance with Part… [More]The Commissioner opened this investigation to review whether the Alberta Gaming and Liquor Commission (AGLC) is in compliance with Part 2 of FOIP regarding the personal information collected from applicants for casino advisor positions in application forms. This investigation addresses substantially the same matter as did Investigation Report F2002-IR-008. Based on evidence, the previous investigation report and the considerable latitude with which public bodies are able to decide what personal information is necessary for them to collect, the investigation found that AGLC is compliant with Part 2 of FOIP when collecting personal information for casino advisor position in its application forms.
|
|
FOIP | 2017 | NR | F2017-IR-03 | April 11, 2017 |
Government of AlbertaThe Commissioner opened this investigation after there were allegations of delays and possible interference in the Government of Alberta’s (GoA)… [More]The Commissioner opened this investigation after there were allegations of delays and possible interference in the Government of Alberta’s (GoA) handling of access requests. The report identifies a number of factors that contribute to delays, including a significant increase in the number of access requests, the complexity of requests and applicant expectations. However, the investigation faced a number of challenges that made it impossible to make meaningful and reliable findings with respect to other potential issues in the access request response process, including nearly 800 pages of records provided by the GoA for the investigation that were either fully or partially redacted.
|
FOIP | 2017 | NR | F2017-IR-02 | February 23, 2017 |
Executive Council & Public Affairs BureauThe Commissioner opened this investigation to review Executive Council and Public Affairs Bureau’s processing of access requests to identify reasons… [More]The Commissioner opened this investigation to review Executive Council and Public Affairs Bureau's processing of access requests to identify reasons for the chronic delays that are currently being experienced. The investigation made nine recommendations to improve compliance with FOIP.
|
FOIP | 2017 | NR | F2017-IR-01 | February 23, 2017 |
Justice and Solicitor GeneralThe Commissioner opened this investigation to review Justice and Solicitor General’s processing of access requests to identify reasons for the… [More]The Commissioner opened this investigation to review Justice and Solicitor General's processing of access requests to identify reasons for the chronic delays that were being experienced. The investigation made 19 recommendations to improve compliance with FOIP.
|
FOIP | 2016 | NR | F2016-IR-02 | August 10, 2016 |
Service Alberta & Executive CouncilThe investigation of Service Alberta and Executive Council was launched on the Commissioner’s own motion following a leak to the… [More]The investigation of Service Alberta and Executive Council was launched on the Commissioner’s own motion following a leak to the media in August 2014 of documents showing cellphone and data charges for four former Executive Council officials, including a former Deputy Premier. The investigation found that, on a balance of probabilities, the documents were disclosed by Executive Council. Because the personal information was disclosed in an uncontrolled manner, without due consideration of all the circumstances (including the four affected individuals’ privacy interests), the disclosure was a contravention of FOIP. Executive Council was also found to have used personal information in contravention of FOIP.
|
FOIP | 2016 | NR | F2016-IR-01 | January 7, 2016 |
Environment and Sustainable Resource DevelopmentA joint investigation was opened with the Public Interest Commissioner. PIC received a disclosure of wrongdoing under the Public Interest… [More]A joint investigation was opened with the Public Interest Commissioner. PIC received a disclosure of wrongdoing under the Public Interest Disclosure (Whistleblower Protection) Act related to the possible destruction of records in the Action Request Tracking System (ARTS), a ministerial correspondence tracking application. The Information and Privacy Commissioner received letters expressing concern about the destruction of records at Environment and Sustainable Resource Development, and generally within the Government of Alberta. The allegations were made after the 2015 provincial election. The investigation made several findings and 16 recommendations.
|
FOIP | 2015 | NR | F2015-IR-01 | November 19, 2015 |
Service AlbertaThe Commissioner initiated an investigation to examine whether Service Alberta complied with FOIP in the disclosure of public service salary,… [More]The Commissioner initiated an investigation to examine whether Service Alberta complied with FOIP in the disclosure of public service salary, benefit and severance information. The investigation found that, in general, the collection, use and disclosure of personal information was not in compliance with FOIP during the period when activities were underway to prepare until a directive – an “enactment” under FOIP – authorized the collection, use and disclosure of personal information for the purpose of the "sunshine list".
|
FOIP | 2014 | NR | F2014-IR-02 | June 27, 2014 |
EducationThe Commissioner opened the investigation after 34 individuals made complaints under FOIP about a mass email sent by the Minister… [More]The Commissioner opened the investigation after 34 individuals made complaints under FOIP about a mass email sent by the Minister of Education to Alberta teachers. The investigation revealed that the mailing list used by the Minister of Education to contact teachers was created from a teacher registry that included both business and personal email addresses of 34,328 teachers. The email addresses were collected by Education from teachers applying for certification, and from school authorities submitting information to update the registry. The investigation ultimately concluded that FOIP authorized the use and disclosure of teacher names and business email addresses since this is information that is routinely disclosed in a business or professional context. The use and disclosure of teacher names and personal email addresses, however, was not authorized under FOIP. |
FOIP | 2014 | NR | F2014-IR-01 | March 17, 2014 |
Edmonton Police ServiceThe Commissioner initiated an investigation into the Edmonton Police Service’s (EPS) Project Operation Warrant Execution (OWE) to ensure it was… [More]The Commissioner initiated an investigation into the Edmonton Police Service's (EPS) Project Operation Warrant Execution (OWE) to ensure it was in compliance with FOIP and to ensure that consideration was given to the protection of personal information. The investigation found that EPS did not make reasonable security arrangements to protect personal information as required under FOIP when it implemented Project OWE. The investigation also found that EPS had authority to disclose some, but not all, of the personal information, and that EPS did not limit the extent of personal information disclosed to what was necessary to carry out its purposes in a reasonable manner. The investigation resulted in three recommendations.
|
FOIP | 2013 | NR | F2013-IR-03, P2013-IR-01 & H2013-IR-02 | October 24, 2013 |
Service Alberta, Alberta Treasury Branches, Health and Alberta Health ServicesThe Commissioner opened an investigation after a fire caused sprinklers to activate which damaged servers that stored personal and health… [More]The Commissioner opened an investigation after a fire caused sprinklers to activate which damaged servers that stored personal and health information for Service Alberta, Alberta Treasury Branches (ATB), Health and Alberta Health Services. The investigation found that three of the respondents had business continuity and disaster recovery plans in place. One of the respondents, Alberta Health Services, had components of a business continuity plan in place, but no comprehensive plan, and was therefore found to be in contravention of HIA. The investigation resulted in seven recommendations for all regulated stakeholders under FOIP, HIA and PIPA.
|
FOIP | 2013 | NR | F2013-IR-02 | July 19, 2013 |
Law Enforcement Review BoardA police officer made a complaint after the Law Enforcement Review Board (LERB) disclosed the police officer’s name in a… [More]A police officer made a complaint after the Law Enforcement Review Board (LERB) disclosed the police officer’s name in a decision posted on its website. The investigation determined that FOIP permitted LERB to disclose the officer’s personal information to the general public in a decision on its website. The public disclosure of the personal information was consistent with the original purposes for which LERB collected and compiled the information (that is, conducting appeals in public). The investigation also found that the personal information in the decision was limited to the essential elements and the information was disclosed only to the extent necessary for LERB to carry out its purposes in a reasonable manner.
|
FOIP | 2013 | NR | F2013-IR-01 | July 4, 2013 |
Bow Valley CollegeThe Commissioner opened an investigation after an individual contacted the OIPC about the purchase of a used computer server. The… [More]The Commissioner opened an investigation after an individual contacted the OIPC about the purchase of a used computer server. The personal information of approximately 183,900 students and 3,500 employees of Bow Valley College (BVC) was stored on the server. The investigation revealed that the server was one of 21 decommissioned servers that BVC had asked the Electronic Recycling Association (ERA) to pick-up. BVC believed it had contracted ERA to wipe the data from the servers. However, BVC had no signed contract or agreement in place with ERA, and received no written assurance that the data was wiped, or that the devices were physically destroyed.
|
FOIP | 2011 | NR | F2012-IR-01 | July 27, 2011 |
Edmonton Public School DistrictA number of complaints were made after Edmonton Public School District (EPSD) reported that a USB memory stick containing personal… [More]A number of complaints were made after Edmonton Public School District (EPSD) reported that a USB memory stick containing personal information of more than 7,000 individuals was lost. The investigation determined that even though the EPSD had policies and guidelines, training and practices in place, they were not followed in this incident. The investigation also found that EPSD had retained the personal information on a computer hard drive for a longer period of time than was necessary.
|
FOIP | 2010 | NR | F2010-IR-01 | October 21, 2010 |
Justice and Solicitor GeneralThe Commissioner received complaints from 25 Justice and Solicitor General employees (JSG) alleging that JSG had conducted credit checks as… [More]The Commissioner received complaints from 25 Justice and Solicitor General employees (JSG) alleging that JSG had conducted credit checks as part of an internal investigation into allegations about fraudulent cheques being cashed at various locations. The investigation determined that JSG contravened FOIP when it obtained the credit reports. JSG admitted that the credit checks were inappropriate and did not assert any defence in response to the complaints.
|
FOIP | 2008 | NR | F2008-IR-02 | November 24, 2008 |
Calgary Parking AuthorityAn individual informed the Commissioner that the Calgary Parking Authority was collecting licence plate numbers under a program known as… [More]An individual informed the Commissioner that the Calgary Parking Authority was collecting licence plate numbers under a program known as ParkPlus. ParkPlus was set up to manage public parking in downtown Calgary. Instead of parking meters, solar powered pay machines were installed in newly established parking zones. The ParkPlus system collects vehicle licence plate numbers and payment information of the individuals who use the system. Upon investigation, it was determined the Calgary Parking Authority was collecting the information in compliance with FOIP and had proper safeguards and procedures in place to protect any information that is collected.
|
FOIP | 2008 | F2008-IR-01 | August 7, 2008 |
Southwood Care Centre & Intercare CorporationAn individual made a complaint about the Southwood Care Centre nursing home’s use of a hand scanner to clock in… [More]An individual made a complaint about the Southwood Care Centre nursing home's use of a hand scanner to clock in and out of work. The investigation found the use of a biometric scanning system to sign employees in and out of work was compliant with FOIP.
|
|
FOIP | 2007 | NR | F2007-IR-05 | September 10, 2007 |
Energy and Utilities BoardThe Commissioner opened an investigation after the Edmonton Journal reported that the Energy and Utilities Board (EUB) had hired four… [More]The Commissioner opened an investigation after the Edmonton Journal reported that the Energy and Utilities Board (EUB) had hired four private investigators to “spy” on landowners and individuals during proceedings held at Rimbey, Alberta. The investigation determined the personal information collected was not necessary for the Rimbey proceedings and the collection was not for the purposes of law enforcement under FOIP. Consequently, the investigation found that the collection was not authorized under section 33(b) or section 33(c) of FOIP. The investigation also found that EUB did not fulfill its obligations as required by FOIP when it employed the private investigators because it did not ensure there were safeguards in place to protect personal information against such risks as unauthorized access, collection, use, disclosure or destruction.
|
FOIP | 2007 | NR | F2007-IR-03 | March 19, 2007 |
Calgary Police ServiceAn individual and employee of Calgary Police Service made a complaint about seven accesses to his personal information in a… [More]An individual and employee of Calgary Police Service made a complaint about seven accesses to his personal information in a database made by other Calgary Police Service employees. The investigation determined that employees of the Calgary Police Service accessed the personal information of the complainant without authorization under FOIP.
|
FOIP | 2007 | NR | F2007-IR-02 | March 7, 2007 |
Energy and Utilities BoardThe Commissioner initiated an investigation when personal information, submitted in a well licensing application, was posted on a public website… [More]The Commissioner initiated an investigation when personal information, submitted in a well licensing application, was posted on a public website after the Energy and Utilities Board (EUB) electronically received it from West Energy Ltd. The information was about residents in the emergency planning zone of two proposed sour gas wells and included, among other sensitive data, health information, information about the whereabouts of children and when homes would be vacant. The investigation found that the information dealing with emergency planning activities was disclosed by EUB contrary to FOIP. The investigation also concluded that EUB did not have reasonable security arrangements to guard against unauthorized disclosure when information is submitted electronically. The report made a number of recommendations for EUB to consider including making arrangements to prevent a reoccurrence.
|
FOIP | 2007 | NR | F2007-IR-01 | January 17, 2007 |
City of EdmontonThe Commissioner initiated the investigation after learning about an employee survey conducted by the City of Edmonton shortly after it… [More]The Commissioner initiated the investigation after learning about an employee survey conducted by the City of Edmonton shortly after it was sent to employees. The information collected included education level, languages spoken, identity based on appearance and sexual orientation. The survey was voluntary and no information that could identify an employee was retained by the City of Edmonton. The investigation determined that the survey was in compliance with FOIP. However, there were three recommendations made to the City of Edmonton.
|
FOIP | 2006 | NR | F2006-IR-03 | November 2, 2006 |
Solicitor General and Public SecurityThe Commissioner opened an investigation after being notified by Solicitor General and Public Security regarding the loss of a file… [More]The Commissioner opened an investigation after being notified by Solicitor General and Public Security regarding the loss of a file containing personal information about an inmate at a correctional facility. The investigation found no tracking of inmate files occurred between the Fort McMurray Correctional Camp and the Fort Saskatchewan Correctional Centre. A number of recommendations were issued.
|
FOIP | 2006 | NR | F2006-IR-02 | September 12, 2006 |
Edmonton Police ServiceIn response to a complaint, the Commissioner initiated an investigation into the practice of the Edmonton Police Service (EPS) requiring… [More]In response to a complaint, the Commissioner initiated an investigation into the practice of the Edmonton Police Service (EPS) requiring applicants to submit two copies of valid identification, including one piece of photographic identification. EPS would record the identification information. The investigation found the practice to be consistent with the protection provisions of FOIP as a reasonable security arrangement to protect the personal information of individuals from inappropriate access or disclosure.
|
FOIP | 2006 | NR | F2006-IR-01 | February 24, 2006 |
Edmonton Police ServiceThe investigation into an individual’s complaint found that a name search by the Edmonton Police Service (EPS) was not for… [More]The investigation into an individual's complaint found that a name search by the Edmonton Police Service (EPS) was not for a law enforcement purpose under section 39(1)(a) of FOIP. The investigation noted that EPS had recently amended its rules for accessing police information systems.
|
FOIP | 2005 | NR | F2005-IR-05 | July 20, 2005 |
University of CalgaryThe University of Calgary archives had accepted a donation from a third party of a collection of records relating to… [More]The University of Calgary archives had accepted a donation from a third party of a collection of records relating to a labour dispute. Two individuals made complaints asking the Commissioner to investigate this matter as the record collection included copies of their personal correspondences. Section 4(1)(j) of FOIP excludes material deposited in the archives of a public body by a person or entity other than a public body. However, the University of Calgary closed public access to the records in relation to the complainants and presented a proposal to the complainants to resolve their issues.
|
FOIP | 2005 | NR | F2005-IR-04 | July 19, 2005 |
Southern Alberta Institute of TechnologyAn individual made a complaint questioning the documentation required by the Southern Alberta Institute of Technology (SAIT) to support a… [More]An individual made a complaint questioning the documentation required by the Southern Alberta Institute of Technology (SAIT) to support a name change and its use of a student’s social insurance number (SIN) to identify existing student records. The investigation found SAIT's practices were in compliance with FOIP, and that SAIT had resolved the issue with the complainant on its own initiative.
|
FOIP | 2005 | NR | F2005-IR-03 | April 27, 2005 |
City of CalgaryAn individual wrote an email to the City of Calgary Emergency Medical Services (EMS) office to relay his concern that… [More]An individual wrote an email to the City of Calgary Emergency Medical Services (EMS) office to relay his concern that EMS was endorsing a program of a charitable organization using a tax-funded public service. The individual made a complaint alleging that EMS provided a copy of his email to the charitable organization in contravention of FOIP. The investigation found EMS disclosed the complainant's personal information in contravention of FOIP.
|
FOIP | 2005 | NR | F2005-IR-02 | April 22, 2005 |
Alberta Pensions Administration CorporationAn investigation into the loss of four computer tape cartridges and two microfiches containing information of Alberta Pensions Administration Corporation… [More]An investigation into the loss of four computer tape cartridges and two microfiches containing information of Alberta Pensions Administration Corporation pension plan members found proper protocols were not in place to protect personal information in transit. The investigation resulted in two recommendations.
|
FOIP | 2005 | NR | F2005-IR-01 | April 27, 2005 |
Edmonton Police ServiceIt was alleged that members of the Edmonton Police Service (EPS) inappropriately used EPS’ information systems and the Canadian Police… [More]It was alleged that members of the Edmonton Police Service (EPS) inappropriately used EPS' information systems and the Canadian Police Information Centre (CPIC) in relation to two individuals for an improper purpose. The investigation concluded that EPS did use personal information as contained in the EPS information systems in contravention of Part 2 of FOIP and made three recommendations.
|
FOIP | 2004 | NR | F2004-IR-03 | December 10, 2004 |
Personnel Administration Office and Solicitor GeneralAfter being notified that the Edmonton Police Service had recovered documents containing credit information of a number of civil servants,… [More]After being notified that the Edmonton Police Service had recovered documents containing credit information of a number of civil servants, two individuals made complaints and the Commissioner opened an investigation. The investigation found that the documents likely originated from a TransUnion of Canada Inc. office, and there was no evidence the breach came from a provincial government office.
|
FOIP | 2004 | NR | F2004-IR-02 | June 28, 2004 |
Conseil scolaire catholique et francophone du Sud de l’AlbertaAn individual made a complaint that the Conseil scolaire catholique et francophone du Sud de l’Alberta (school district) had sent… [More]An individual made a complaint that the Conseil scolaire catholique et francophone du Sud de l’Alberta (school district) had sent written warnings to a number of parents regarding an infraction complaint that contained information about the complainant’s child and other students. The investigation found the disclosure to the parents was allowed under section 40(1)(c) of FOIP, but the disclosure did not meet the requirement of section 40(4) of FOIP (disclose only what is necessary and reasonable).
|
FOIP | 2004 | NR | F2004-IR-01 | May 27, 2004 |
Northern Alberta Institute of TechnologyAn individual made a complaint that said NAIT contravened FOIP by disclosing information about the complainant in a news article.… [More]An individual made a complaint that said NAIT contravened FOIP by disclosing information about the complainant in a news article. In the news article, a NAIT employee referenced a specific individual who is also employed with NAIT. The investigation found that, despite the individual's name not being mentioned in the news article, NAIT contravened FOIP.
|
FOIP | 2003 | NR | F2003-IR-05 | August 6, 2003 |
Edmonton Police ServiceEdmonton Police Service (EPS) submitted to the OIPC a privacy impact assessment (PIA) concerning a pilot project to conduct video… [More]Edmonton Police Service (EPS) submitted to the OIPC a privacy impact assessment (PIA) concerning a pilot project to conduct video surveillance of the Whyte Avenue in Edmonton corridor during the Canada Day long weekend and Fringe Festival. The Commissioner agreed with EPS' explanation in the PIA that, as long as EPS collected personal information for the purposes of law enforcement as set out in the PIA, EPS had the authority under FOIP to collect personal information via video surveillance cameras in the particular circumstances pertaining to Whyte Avenue. However, in a postscript to the investigation report, the Commissioner expressed concern about the general use of surveillance cameras in public places.
|
FOIP | 2003 | NR | F2003-IR-04 | July 23, 2003 |
Government of Alberta's Personnel Administration OfficeThe Commissioner opened an investigation into the Government of Alberta’s government-wide annual employee survey and its use of a contractor… [More]The Commissioner opened an investigation into the Government of Alberta's government-wide annual employee survey and its use of a contractor to conduct the survey on the government's behalf. The Commissioner had received information that claimed the verbatim responses contained sufficient details that would enable departments to identify specific employees. The investigation reviewed 294 pages of edited verbatim responses and found no evidence that these responses would be linked to specific individuals, and the statements were not considered "personal information" under FOIP.
|
FOIP | 2003 | NR | F2003-IR-02 | June 5, 2003 |
Livingstone Range School DivisionAn individual made a complaint regarding the amount of personal information disclosed in a letter issued by a school within… [More]An individual made a complaint regarding the amount of personal information disclosed in a letter issued by a school within the jurisdiction of Livingstone Range School Division. The investigation determined that the disclosure was authorized under section 40(1)(c) of FOIP (disclosure for the purpose for which the information was collected). The investigation also determined that the disclosure to the staff was in accordance with section 40(4) of FOIP. However, the investigation found that the disclosure to students and parents was more than was necessary. Therefore, the investigation finds that the disclosure to students and parents did not comply with the requirement under section 40(4) of FOIP.
|
FOIP | 2003 | NR | F2003-IR-01 | February 19, 2003 |
Children's ServicesChildren’s Services launched an unrestricted publicly accessible website containing the detailed personal information of 90 children who are available for… [More]Children’s Services launched an unrestricted publicly accessible website containing the detailed personal information of 90 children who are available for adoption. The Commissioner initiated an investigation. The report finds that Children’s Services has the authority under FOIP to disclose the children’s personal information on the website for the purpose of finding homes for children who are available for adoption. The initial descriptions of the children contained more personal information than was necessary for the operation of the website, but the revised descriptions are in compliance with FOIP. Children's Services made several commitments to address privacy concerns.
|
FOIP | 2003 | NR | F2002-IR-12 | June 10, 2003 |
City of CalgaryThe Commissioner received a privacy complaint regarding the amount of personal information collected by the City of Calgary’s Fire Department… [More]The Commissioner received a privacy complaint regarding the amount of personal information collected by the City of Calgary’s Fire Department during its recruitment of firefighters. The investigation determined that section 33(c) of FOIP authorizes the fire department to collect personal information that is relevant and necessary to its recruitment process, and the collection of personal information from the personal history statement is collected with authority under this section of the Act. The investigation also determined that the information collected from the personal history statement is used for the purpose for which the information was collected, namely to screen and assess candidates’ suitability and eligibility for employment as firefighters, in accordance with section 39(1)(a) of FOIP. Lastly, the investigation found that the fire department implemented reasonable security arrangements to protect personal information.
|
FOIP | 2003 | NR | F2002-IR-11 | March 21, 2003 |
Northland School DivisionThe Commissioner received privacy complaints against the Northland School Division No. 61. The complainant said the school division had requested… [More]The Commissioner received privacy complaints against the Northland School Division No. 61. The complainant said the school division had requested a child welfare record check without authority under FOIP. The investigation found no evidence that employment was being considered or offered to the complainant when the child welfare record check was collected. The investigation determined that the collection of the complainant’s personal information contravened FOIP.
|
FOIP | 2003 | NR | F2002-IR-10 | May 7, 2003 |
Northern Alberta Institute of TechnologyThe Alberta Union of Provincial Employees Local 038 (AUPE) made a complaint against the Northern Alberta Institution of Technology (NAIT)… [More]The Alberta Union of Provincial Employees Local 038 (AUPE) made a complaint against the Northern Alberta Institution of Technology (NAIT) questioning the amount of personal information collected by NAIT from a health screening questionnaire and NAIT’s authority to collect this information. The investigation determined that NAIT’s collection of personal information complies with section 33(c) of FOIP, which allows a public body to collect personal information that relates directly to and is necessary for an operating program or activity of a public body. However, the investigation also determined that the assessment of prospective employees and the delivery of health services to employees are separate and distinct programs/activities with different information requirements. Personal information collected may be relevant and necessary for one program/activity, but may not be relevant for the other. By using one form to collect personal information for the two programs/activities, NAIT was at risk of collecting more personal information than was relevant or necessary from prospective employees, who did not become employees.
|
FOIP | 2003 | NR | F2002-IR-09 | April 2, 2003 |
City of CalgaryAn individual raised a concern about the City of Calgary’s Taxi Commission. Specifically, the taxi commission’s practice to collect criminal… [More]An individual raised a concern about the City of Calgary's Taxi Commission. Specifically, the taxi commission's practice to collect criminal record information on taxi drivers and brokers when they apply for, or annually renew, their licenses. The report found that the taxi commission, now known as Livery Transport Services, has a mandate to ensure the safety of the travelling public with respect to the livery industry, and as a result has the authority under FOIP to collect criminal record information on taxi drivers and brokers when they apply for, or annually renew, their licences.
|
FOIP | 2002 | NR | F2002-IR-08 | December 13, 2002 |
Alberta Gaming and Liquor CommissionThe Commissioner received two complaints against the Alberta Gaming and Liquor Commission (AGLC). The complainants questioned the amount of personal… [More]The Commissioner received two complaints against the Alberta Gaming and Liquor Commission (AGLC). The complainants questioned the amount of personal information collected by AGLC from its application package for license/registration. The complainants also questioned the extent of AGLC’s collection, which includes information about individuals other than the applicant applying for a license/registration. The application package is part of the background check conducted by AGLC to determine whether or not it would grant a license or registration. AGLC uses the application package to collect information from the applicant, persons associated with the applicant (referred to as “associated persons”), persons associated with an associated person, and any other person determined by AGLC. The investigation concluded that AGLC's collection practices were authorized by FOIP.
|
FOIP | 2002 | F2002-IR-07 | October 28, 2002 |
Calgary Board of EducationA parent made a complaint when a private school transferred their child’s student records to Calgary Board of Education. The… [More]A parent made a complaint when a private school transferred their child's student records to Calgary Board of Education. The investigation found that CBE's collection of the child’s student records from the
private school complies with section 33(a) and 34(1)(a)(ii) of FOIP. |
|
FOIP | 2002 | NR | F2002-IR-06 | August 13, 2002 |
City of CalgaryThe City of Calgary sells lists of recently issued building permits. Among other information, building permits contain the name of… [More]The City of Calgary sells lists of recently issued building permits. Among other information, building permits contain the name of the person or business applying for the permit (known as the applicant) and the construction site address. If the applicant is an individual this is considered personal information. An individual made a complaint under FOIP when the City of Calgary released information contained on a building permit granted to the complainant. The investigation found FOIP allows for the disclosure of personal information on building permits if the release is limited to the name of the applicant and the nature of the permit. The nature of the permit includes the construction site address.
|
FOIP | 2002 | NR | F2002-IR-05 | July 18, 2002 |
University of CalgaryAn individual made a complaint that the University of Calgary (U of C) disclosed an incident report to their supervisor… [More]An individual made a complaint that the University of Calgary (U of C) disclosed an incident report to their supervisor in contravention of FOIP. The investigation found that campus security at the U of C was called to an incident involving the complainant and their spouse. The complainant was an employee at the university at that time. The incident was recorded in an incident report. The complainant’s former supervisor asked for and obtained a copy of the incident report from campus security. The investigation determined that the disclosure did not comply with any of the disclosure provisions set out under FOIP. The investigation in three recommendations to the U of C.
|
FOIP | 2002 | NR | F2002-IR-04 | July 22, 2002 |
Métis Settlement Transition Commission and Alberta Aboriginal Affairs and Northern DevelopmentAn individual made a complaint alleging that their privacy had been violated as a result of a report issued jointly… [More]An individual made a complaint alleging that their privacy had been violated as a result of a report issued jointly by the Metis Settlement Transition Commission and Alberta Aboriginal Affairs and Northern Development. The investigation found that the Metis Settlements Transition Commissioner, appointed under section 171 of the Metis Settlement Act by the public body, violated part 2 of FOIP. The investigation also advised that any commission or agency appointed by the public body to review in advance any report that is considered for public release to determine if there are any FOIP implications to its release.
|
FOIP | 2002 | NR | F2002-IR-03 | May 30, 2002 |
Government ServicesAn individual made a complaint claiming that an employee of Government Services had used employment connections to obtain access to… [More]An individual made a complaint claiming that an employee of Government Services had used employment connections to obtain access to the complainant's unlisted telephone number. The investigation found no evidence to substantiate the complaint.
|
FOIP | 2002 | NR | F2002-IR-02 | April 23, 2002 |
Greater St. Albert Catholic SchoolsThe St. Albert Minor Hockey Association (SAMHA) claimed that Greater St. Albert Catholic Schools disclosed student attendance information to a… [More]The St. Albert Minor Hockey Association (SAMHA) claimed that Greater St. Albert Catholic Schools disclosed student attendance information to a hockey team manager and had asked that the OIPC investigate this matter. Greater St. Albert Catholic Schools acknowledged that one of the schools under its jurisdiction made an error in judgment and disclosed the attendance records of two students to a hockey team manager. Greater St. Albert Catholic Schools admitted it was a contravention of FOIP.
|
FOIP | 2002 | NR | F2002-IR-01 | April 23, 2002 |
Fort McMurray Catholic SchoolsParents made a complaint about Fort McMurray Catholic Schools alleging that their child’s personal information was disclosed publicly without proper… [More]Parents made a complaint about Fort McMurray Catholic Schools alleging that their child's personal information was disclosed publicly without proper authority through the posting of the child's provincial achievement assessment test results on a school-based, wall-mounted community bulletin board. The investigation found that the disclosure had been an unreasonable invasion of the student’s privacy, failing to respect the full requirements of sections 40(1)(b) and 17(2)(j) and 17(3). However, the investigation found that Fort McMurray Catholic Schools had changed its practices and that the current practices of the school district concerning recognition of student results allow for the proper disclosure under FOIP.
|
FOIP | 2003 | NR | 2001-IR-11 | January 10, 2003 |
Alberta Research Council Inc.An individual made a complaint under FOIP about an Alberta Research Council Inc. (ARC Inc.) directive asking staff to provide… [More]An individual made a complaint under FOIP about an Alberta Research Council Inc. (ARC Inc.) directive asking staff to provide a CV (or resume) to be stored online and accessible to other staff and an annual requirement to update the CV. The investigation found that, given the distinctive nature of ARC Inc.’s work in formulating and marketing research proposals based on staff expertise and availability, the proposed system complies with the collection, use and disclosure requirements of FOIP.
|
FOIP | 2001 | NR | 2001-IR-10 | November 29, 2001 |
Transportation and UtilitiesThe applicant said that Transportation had failed to live up to its duty to assist in responding to an access… [More]The applicant said that Transportation had failed to live up to its duty to assist in responding to an access request. In addition, there were allegations that records had been purposely withheld and that the applicant had been lied to or misled by Transportation. The applicant also alleged that a manager with Transportation had sworn a false statutory declaration. The investigation concluded that Transportation had properly performed its duty to assist the applicant and that there was insufficient evidence to proceed with any charges under the offence section (section 86) of FOIP.
|
FOIP | 2001 | NR | 2001-IR-09 | October 24, 2001 |
Lake Beuamaris Physical Therapy Ltd.A local television broadcaster reported that physical therapy records had been located in a field in Northeast Edmonton. The records… [More]A local television broadcaster reported that physical therapy records had been located in a field in Northeast Edmonton. The records contained health information under HIA related to care and treatment provided through Lake Beaumaris Physical Therapy Ltd. The report noted that some of the information contained in patient charts held by Lake Beaumaris Physical Therapy Ltd. is subject to the HIA, and therefore the patient charts must be secured to the requirements set out by the HIA. The report concluded that this was a single breach of privacy caused by human error. Section 60 of the HIA requires that reasonable steps be taken to protect the confidentiality of health information. The report makes five recommendations to help prevent a similar breach from occurring in the future.
|
FOIP | 2001 | NR | 2001-IR-08 | August 24, 2001 |
University of AlbertaAn individual questioned how colleagues at the University of Alberta (U of A) obtained a letter with the results of… [More]An individual questioned how colleagues at the University of Alberta (U of A) obtained a letter with the results of an investigation into a complaint to the U of A about the individual. The individual said the colleagues had “no right to access the information in the first place nor to use it for this new purpose.” The investigation found that an individual employed with the U of A disclosed the letter to the colleagues. The investigation concluded that the U of A used and disclosed personal information in violation of FOIP. The investigation resulted in recommendations to the U of A to train staff about FOIP.
|
FOIP | 2001 | NR | 2001-IR-07 | September 10, 2001 |
Alberta LearningAn individual had asked Minister of Alberta Learning to review a matter regarding special education funding and services for the… [More]An individual had asked Minister of Alberta Learning to review a matter regarding special education funding and services for the complainant’s child. The Minister appointed a committee to conduct this review and to make recommendations to the minister. During the review process, the committee interviewed a physician regarding the child. The complainant questioned the committee's authority to collect medical information about the child. The investigation found that the collection complied with the collection provisions set out in FOIP.
|
FOIP | 2001 | NR | 2001-IR-06 | July 19, 2001 |
University of AlbertaFormer University of Alberta (U of A) employees asked the Commissioner to investigate events resulting in the supplying of their… [More]Former University of Alberta (U of A) employees asked the Commissioner to investigate events resulting in the supplying of their personal information to an outsource company looking to provide contracted application management services for the university’s computer systems. The investigation report finds that a set of disclosures of comprehensive employment-related personal information on four dozen employees was made to the prospective outsource operator in April 2000. These disclosures were made purposely, without consent and in violation of Part 2 of FOIP. The investigation resulted in five recommendations to the U of A.
|
FOIP | 2001 | NR | 2001-IR-05 | May 29, 2001 |
Calgary Board of EducationIndividuals wrote letters of complaint about a school principal. Two of the letters were subsequently disclosed to executive members of… [More]Individuals wrote letters of complaint about a school principal. Two of the letters were subsequently disclosed to executive members of a school council and a person responsible for the volunteer program. The individuals filed a complaint against the Calgary Board of Education as they felt that the disclosure of their letters to these individuals was contrary to FOIP. The investigation found that the majority of the information in the letters was the personal information of the principal. However, the letters also contained some information that was the personal information of the complainants. The investigation found that, in this case, there was no provision in FOIP that permitted the disclosure to the members of school councils. As well, it was found that disclosure of the complaint letters was not necessary for the performance of the duties of the school volunteer.
|
FOIP | 2001 | NR | 2001-IR-04 | June 6, 2001 |
Edmonton Public SchoolsThe applicant had applied to Edmonton Public Schools for access to information, and subsequently filed a complaint with the Commissioner… [More]The applicant had applied to Edmonton Public Schools for access to information, and subsequently filed a complaint with the Commissioner citing three issues. The investigation resulted in five findings and recommendations.
|
FOIP | 2001 | NR | 2001-IR-03 | May 17, 2001 |
Mental Health BoardThe Edmonton Journal reported that a social worker with Alberta Hospital Edmonton had mistakenly faxed patient information to its newsroom.… [More]The Edmonton Journal reported that a social worker with Alberta Hospital Edmonton had mistakenly faxed patient information to its newsroom. The Commissioner opened an investigation. The investigation found that the Mental Health Act applied to the information disclosed, and not FOIP. Consequently, the Commissioner had no jurisdiction over the disclosure.
|
FOIP | 2001 | NR | 2001-IR-02 | April 27, 2001 |
City of CalgaryAn individual made a complaint by forwarding a letter to the Office of the Calgary City Clerk regarding the complainant’s… [More]An individual made a complaint by forwarding a letter to the Office of the Calgary City Clerk regarding the complainant's decision to withdraw from consideration for reappointment to the Calgary Police Commission. Copies of the letter were distributed during the in camera session of an organizational meeting. Subsequently, portions of the letter were printed in a Calgary Herald article the next morning. A councillor responsible for reading portions of the letter to the Calgary Herald said she would apologize for breaching the complainant's privacy.
|
FOIP | 2001 | NR | 2001-IR-01 | March 22, 2001 |
Children's ServicesNewspaper articles reported that an individual received two e-mails from a regional office of Children’s Services that contained personal and… [More]Newspaper articles reported that an individual received two e-mails from a regional office of Children’s Services that contained personal and sensitive information relating to children. The Commissioner opened an investigation. The report said FOIP places a duty on public bodies to ensure that personal information is secure and not improperly disclosed. The Commissioner added that the recipient of the errant email should have contacted the department immediately instead of turning the information over to the media.
|
FOIP | 2003 | NR | 2000-IR-09 | May 27, 2003 |
Edmonton Public SchoolsThe investigation into the collection practices by an outside enterprise occurring at Alberta high schools found that no personal information… [More]The investigation into the collection practices by an outside enterprise occurring at Alberta high schools found that no personal information was being collected, used or disclosed by the schools themselves. However, there were concerns with how a company involved in school presentations is able to gather student personal information. The report suggests to all Alberta high schools a set of precautions to protect the personal information of students and their families.
|
FOIP | 2001 | NR | 2000-IR-07 | March 23, 2001 |
Grande Yellowhead Regional DivisionThe Commissioner received two complaints against the Grande Yellowhead Regional Division regarding a school’s production of a CD, which contained… [More]The Commissioner received two complaints against the Grande Yellowhead Regional Division regarding a school's production of a CD, which contained images of students photographed. The investigation found that the school's collection and use of student photographs were in accordance with FOIP. However, the investigation found that parents were not notified of the school's collection and usage of the student photographs, and reminded Grande Yellowhead Regional Division of its duty to comply with the notification requirements set out under section 33(2) of FOIP. The investigation also found that the school's disclosure of student identification numbers to the company contracted to produce the CD was not necessary and not authorized under FOIP.
|
FOIP | 2001 | NR | 2000-IR-06 | March 8, 2001 |
City of CalgaryAn individual submitted three complaints against the City of Calgary. The investigation found that the City of Calgary breached the… [More]An individual submitted three complaints against the City of Calgary. The investigation found that the City of Calgary breached the complainant’s privacy when an employee disclosed information to other employees that the complainant initiated an action under FOIP. The investigation resulted in five recommendations to the City of Calgary.
|
FOIP | 2001 | NR | 2000-IR-05 | February 21, 2001 |
Workers' Compensation BoardAn individual made a complaint alleging that the Workers’ Compensation Board (WCB) violated FOIP when a case manager disclosed the… [More]An individual made a complaint alleging that the Workers' Compensation Board (WCB) violated FOIP when a case manager disclosed the complainant's resume to a prospective employer without the complainant's authorization or consent. The complainant also alleged that the case manager disclosed information about the complainant to the complainant's current employer. The investigation found the disclosures were in compliance with sections 38(1)(d) (disclosure for the purpose of complying with an enactment of Alberta) and 38(1)(j) (disclosure for the purpose of determining suitability or eligibility for a program or benefit) of FOIP. However, the investigation recommended that the WCB clearly communicate in writing to injured workers when they are referred to job search assistance programs that their resumes would be placed on their WCB files, and that copies of the resume may be forwarded to potential employers.
|
FOIP | 2000 | NR | 2000-IR-04 | April 6, 2000 |
Alberta LearningAn individual alleged that Alberta Learning had used a medical questionnaire in rendering its decision on the complainant’s 1999 appeal… [More]An individual alleged that Alberta Learning had used a medical questionnaire in rendering its decision on the complainant’s 1999 appeal for additional funding. The complainant stated the medical questionnaire had been provided to the students' finance board as part of the complainant’s application for loan forgiveness and that Alberta Learning had no right to obtain access to and use this information. The investigation found no evidence that Alberta Learning used the medical questionnaire in its denial of the complainant’s appeal for additional funding. Nevertheless, two recommendations were made to Alberta Learning.
|
FOIP | 2000 | NR | 2000-IR-03 | July 25, 2000 |
Lethbridge Housing AuthorityA former tenant with the Lethbridge Housing Authority (LHA) made a complaint alleging that LHA disclosed her personal information to… [More]A former tenant with the Lethbridge Housing Authority (LHA) made a complaint alleging that LHA disclosed her personal information to a private landlord and to several businesses without her authorization. LHA believed the complainant had provided her authorization two years earlier in a "consent to release" document signed by the then tenant. The investigation found that the complainant had revoked her authorization prior to the release, the release was never dated and was not specific enough to allow for informed consent and LHA had breached the complainant's privacy. The investigation concluded that consent to release information is, among other things, time sensitive and should be time specific. Generic authorizations do not fulfill the obligation for a public body to obtain specific and current consent from an individual when releasing personal information.
|
FOIP | 2000 | NR | 2000-IR-02 | July 7, 2000 |
Calgary Police CommissionThe report concludes a complaint from the Calgary Police Association (CPA) that a City of Calgary councillor breached CPA board… [More]The report concludes a complaint from the Calgary Police Association (CPA) that a City of Calgary councillor breached CPA board members' privacy by sending correspondence to their private residences. The councillor requested and was given a list of home addresses from the Calgary Police Commission so that individual board members' opinions could be obtained regarding the issues of parallel investigations and active CPA support of political candidates. Correspondence was sent to the individuals’ home addresses and contained their position and listed the Calgary Police Association as the organization they represented. The investigation made several findings and resulted in six recommendations.
|
FOIP | 2000 | NR | 2000-IR-01 | June 13, 2000 |
Office of the Auditor GeneralThe applicant alleged that the Office of the Auditor General did not respond to the applicant’s access request in accordance… [More]The applicant alleged that the Office of the Auditor General did not respond to the applicant’s access request in accordance with the time limits specified by FOIP, and did not make every reasonable effort to assist the applicant. The investigation found that the Office of the Auditor General extended the time limits for response in order to comply with the requirements of section 30 of FOIP, which deals with notification to third parties. FOIP requires that a public body respond to an access request not later than 30 days after receiving it. However, the Act allows the 30-day time limit for response to be extended under certain circumstances, such as notification to third parties. Therefore, the Office of the Auditor General’s extension was in accordance with FOIP. The investigation als found no evidence of failure by the Office of the Auditor General to assist the applicant under FOIP.
|
FOIP | 2000 | NR | 1999-IR-09 | October 23, 2000 |
City of CalgaryAn individual applied to the City of Calgary for access to information. Subsequently, a City of Calgary lawyer wrote to… [More]An individual applied to the City of Calgary for access to information. Subsequently, a City of Calgary lawyer wrote to an external legal firm about the individual’s request for access to information. The legal firm had represented the complainant previously on another matter. The lawyer also sent a copy of the letter to the Taxi Commission. The investigation found that the lawyer was not authorized to respond to access requests on behalf of the City of Calgary, and that the lawyer’s actions had the potential of placing the City of Calgary in a position of breaching FOIP. The investigation also found that the complainant was a corporation and not an individual. In previous orders, the Commissioner determined that only individuals could have personal information.
|
FOIP | 2000 | NR | 1999-IR-08 | July 5, 2000 |
Workers' Compensation BoardAfter receiving a response to an access request, an individual made a complaint based on that response as he questioned… [More]After receiving a response to an access request, an individual made a complaint based on that response as he questioned the Workers' Compensation Board’s (WCB) authority to collect and disclose personal information. The investigation found that WCB breached the complainant’s privacy when it disclosed information obtained from an informant to the complainant’s former employer. The investigation found that the Workers' Compensation Act grants WCB broad powers. However, WCB’s jurisdiction and powers are confined to matters under that Act and its regulations. As WCB had already determined that the informant’s allegations had no impact on the benefits granted to the complainant, the information was not relevant to the administration of the Workers' Compensation Act or its regulations.
|
FOIP | 2000 | NR | 1999-IR-07 | July 14, 2000 |
City of EdmontonAn individual made a complaint expressing concern that an employee at the Kinsmen Sports Centre, which is owned and operated… [More]An individual made a complaint expressing concern that an employee at the Kinsmen Sports Centre, which is owned and operated by the City of Edmonton, used information obtained from work to promote a product that the employee was selling in a private business venture. In addition, the complainant wanted to ensure that the Kinsmen Sports Centre had appropriate safeguards and measures in place to protect personal information from unauthorized use and disclosure. The investigation concluded that the complainant's privacy was breached, and resulted in seven recommendations to the City of Edmonton to strengthen the protection of personal information.
|
FOIP | 2000 | NR | 1999-IR-06 | February 14, 2000 |
TreasuryAn individual made a complaint alleging that their personal information was gathered by or for Treasury as the basis from… [More]An individual made a complaint alleging that their personal information was gathered by or for Treasury as the basis from which to proceed with legal action. The complainant had an outstanding student loan with the Government of Alberta which had been sold to a private collection agency. The investigation found several areas where recommendations were made to improve the process for when debts to the Crown are sold to a third party, including proper notification to the debtor as to who they would be dealing with in the future.
|
FOIP | 2000 | NR | 1999-IR-05 | January 17, 2000 |
Community Development and InfrastructureAn individual made a complaint that alleged that employees of Community Development and Infrastructure breached the complainant’s privacy when they… [More]An individual made a complaint that alleged that employees of Community Development and Infrastructure breached the complainant's privacy when they disclosed the complainant's personal information to various parties. The complainant also claimed that the employees were willfully spreading information about the complainant that they knew was false, and that their actions damaged the complainant's ability to make a living. The investigation found that the complainant’s personal information was disclosed in accordance with FOIP, and that determining the truthfulness of statements made by other parties about the complainant is outside the jurisdiction of FOIP.
|
FOIP | 2000 | NR | 1999-IR-04 | February 17, 2000 |
St. Thomas Aquinas Catholic SchoolsAn individual informed the OIPC that some records relating to an access request were destroyed by St. Thomas Aquinas Catholic… [More]An individual informed the OIPC that some records relating to an access request were destroyed by St. Thomas Aquinas Catholic Schools. Section 86(1)(e) of FOIP states a person must not willfully destroy any records with the intent to evade a request for access to the records. Under section 86(2), a person who commits such an offence would be liable to a fine of not more than $10,000.The records at issue were elementary grade unit tests that had been written and marked. The investigation concluded that the destruction of the unit tests was not willful, and it was not with the intent to evade a request for access. However, the investigation resulted in four recommendations to St. Thomas Aquinas Catholic Schools.
|
FOIP | 1999 | NR | 1999-IR-03 | December 17, 1999 |
County of Smoky LakeAn individual delivered a box of records containing personal information to the OIPC. The records were found in the town’s… [More]An individual delivered a box of records containing personal information to the OIPC. The records were found in the town's recycling bin. The individual requested an investigation. The County of Smoky Lake acknowledged it erred in placing the records containing personal information in the recycle bin. However, the disposal was prior to the October 1, 1999, which was the date on which municipalities became subject to FOIP. As a result, the improper disposal could not be a breach of FOIP.
|
FOIP | 1999 | NR | 1999-IR-02 | July 7, 1999 |
Edmonton Public SchoolsThe Commissioner received a complaint that Edmonton Public Schools breached the privacy of grade six students by administering a questionnaire… [More]The Commissioner received a complaint that Edmonton Public Schools breached the privacy of grade six students by administering a questionnaire without obtaining the consent of parents/guardians. Edmonton Public Schools asked students to complete a questionnaire as part of a study to identify factors that affect student achievement scores. The investigation found that Edmonton Public Schools had authority under section 32(c) of the FOIP Act to collect personal information for the purpose of the study. However, it was found that Edmonton Public Schools contravened section 33(2) of the FOIP Act by failing to provide parents/guardians with prior notification that their child would be asked to complete a questionnaire as part of the study. It also disclosed personal information improperly. The investigation resulted in four recommendations to Edmonton Public Schools.
|
FOIP | 1999 | NR | 1999-IR-01 | April 20, 1999 |
Municipal Affairs and HealthThe Commissioner opened an investigation after reading an article in the National Post that questioned Vital Statistics’ practice of collecting… [More]The Commissioner opened an investigation after reading an article in the National Post that questioned Vital Statistics’ practice of collecting certain information from the “Notice of Live Birth or Stillbirth and Newborn Record” form which physicians complete subsequent to a birth. An MLA also requested an investigation. The investigation found that the collection of the notice of birth by Vital Statistics and Health complies with the collection provisions under Part 2 of FOIP.
|
FOIP | 1999 | 1998-IR-16 | July 12, 1999 |
Energy and Utilities BoardAn investigation into a complaint that the Alberta Energy and Utilities Board disclosed personal information to an outside party resulted… [More]An investigation into a complaint that the Alberta Energy and Utilities Board disclosed personal information to an outside party resulted in a number of recommendations from the OIPC.
|
|
FOIP | 2001 | 1998-IR-15 | March 19, 2001 |
Grande Yellowhead Regional DivisionA school in the Grande Yellowhead Regional Division disclosed a volunteer’s home contact information to a sales representative in Toronto.… [More]A school in the Grande Yellowhead Regional Division disclosed a volunteer's home contact information to a sales representative in Toronto. The volunteer complained. Although no contravention of FOIP was found, it was suggested that the school find ways to make it clear to volunteers how it will use contact information in the event it must refer callers to them on school matters.
|
|
FOIP | 2001 | 1998-IR-14 | March 16, 2001 |
EnergyThis investigation looked into alleged shredding of royalty calculation information by Energy, as mentioned in the 1997-98 Annual Report of… [More]This investigation looked into alleged shredding of royalty calculation information by Energy, as mentioned in the 1997-98 Annual Report of the Auditor General for Alberta. The investigation found that the documents shredded were reproducible reports from a maintained database application. The printouts of the information about royalties were destroyed in the shredding, but the information remained intact and capable of again being reproduced in the same formats for the same or similar purposes. One recommendation was made to Energy.
|
|
FOIP | 1999 | 1998-IR-13 | November 4, 1999 |
Human Resources and EmploymentAn individual made a request for personal information to Human Resources and Employment, and alleged that Human Resources and Employment… [More]An individual made a request for personal information to Human Resources and Employment, and alleged that Human Resources and Employment failed to provide the information to which the applicant was seeking access under FOIP. The individual also made a complaint that Human Resources and Employment use the personal information in making a decision that directly affected the complainant, but did not retain the personal information used so that the complainant might have the opportunity to obtain access to it. The individual also complained that Human Resources and Employment disclosed the complainant's personal information to a third party in contravention of FOIP. The investigation made findings on four issues, and resulted in three recommendations.
|
|
FOIP | 1999 | 1998-IR-12 | March 29, 1999 |
Workers' Compensation Board Appeals CommissionAn individual made a complaint alleging that the Appeals Commission breached the complainant’s privacy by disclosing information about the complainant… [More]An individual made a complaint alleging that the Appeals Commission breached the complainant’s privacy by disclosing information about the complainant to legal representatives of parties named as defendants by the complainant in a civil law suit. The complainant claimed that the defendants subsequently sent the information disclosed by the Appeals Commission to a doctor in the United States for a medical opinion. The investigation found that the Appeals Commission did not disclose information about the complainant to the defendants.
|
|
FOIP | 1999 | 1998-IR-11 | March 1, 1999 |
Lethbridge Police Service and Edmonton Police ServiceAn individual complained after the Lethbridge Police Service disclosed through a media release personal information about the complainant’s criminal record… [More]An individual complained after the Lethbridge Police Service disclosed through a media release personal information about the complainant's criminal record under the authority of section 31 of FOIP. The investigation found, among other things, that the disclosure by Lethbridge Police Service was "rationally defensible" but that it should not have released the complainant's address in the public release. The investigation resulted in three recommendations.
|
|
FOIP | 1999 | 1998-IR-09 | February 3, 1999 |
Executive CouncilThe applicant requested access from Executive Council to “[c]opies of all memoranda, backgrounders, briefing documents and studies prepared for the… [More]The applicant requested access from Executive Council to “[c]opies of all memoranda, backgrounders, briefing documents and studies prepared for the Premier of Alberta by the Executive Council, the Department of Economic Development and Tourism and the Alberta Treasury Branches, between January 1, 1993 and December 31, 1995, in the possession of Executive Council, pertaining to the refinancing of the West Edmonton Mall (WEM)”. A search for records failed to produce responsive records, which the applicant questioned. The investigation found that the search conducted by Executive Council was not as thorough and complete as required by section 9 of FOIP, based on an inadequate records management system. The investigation resulted in seven recommendations.
|
|
FOIP | 1998 | 1998-IR-08 | December 21, 1998 |
Workers' Compensation BoardAn individual made a complaint about the disclosure of their personal information by the Workers’ Compensation Board. The recommendations made… [More]An individual made a complaint about the disclosure of their personal information by the Workers’ Compensation Board. The recommendations made in Investigation Report 1998-IR-05 were applicable for this investigation.
|
|
FOIP | 1998 | 1998-IR-07 | December 16, 1998 |
Workers' Compensation BoardTwo individuals made complaints about the disclosure of their personal information by the Workers’ Compensation Board. The recommendations made in… [More]Two individuals made complaints about the disclosure of their personal information by the Workers' Compensation Board. The recommendations made in Investigation Report 1998-IR-05 were applicable for this investigation.
|
|
FOIP | 1998 | 1998-IR-06 | November 23, 1998 |
Workers' Compensation BoardAn individual made a complaint that the Workers’ Compensation Board (WCB) was using medical information that was irrelevant to the… [More]An individual made a complaint that the Workers' Compensation Board (WCB) was using medical information that was irrelevant to the complainant's WCB claim. WCB removed the irrelevant personal information from the complainant's claim file, and said it will be notifying the complainant of the modifications to the file and will provide copies of the file to the complainant.
|
|
FOIP | 1998 | 1998-IR-05 | October 29, 1998 |
Workers' Compensation BoardThe investigation found that the Workers’ Compensation Board disclosed personal information in violation of FOIP when it provided correspondence and… [More]The investigation found that the Workers' Compensation Board disclosed personal information in violation of FOIP when it provided correspondence and medical information to parties named as defendants by the complainant in a civil law suit.
|
|
FOIP | 1998 | 1998-IR-04 | September 18, 1998 |
HealthThe investigation concluded that a personal tax assessment was actually provided to a third party by the complainant’s accountant and… [More]The investigation concluded that a personal tax assessment was actually provided to a third party by the complainant's accountant and not by Health.
|
|
FOIP | 1998 | 1998-IR-03 | June 15, 1998 |
HealthThe Commissioner concluded that the collection of social insurance numbers by Health is not in accordance with FOIP. The Commissioner… [More]The Commissioner concluded that the collection of social insurance numbers by Health is not in accordance with FOIP. The Commissioner recommended that Health formalize its procedures for verifying identification of callers to reduce the risk of breaching an individual's personal privacy.
|
|
FOIP | 1998 | 1998-IR-02 | May 14, 1998 |
Workers' Compensation BoardThe Commissioner confirmed that the disclosure of personal information by the Workers’ Compensation Board was authorized by FOIP. The collection… [More]The Commissioner confirmed that the disclosure of personal information by the Workers' Compensation Board was authorized by FOIP. The collection of personal information by Family and Social Services was also authorized.
|
|
FOIP | 1998 | NR | 1998-IR-01 | June 4, 1998 |
Workers' Compensation BoardThe Commissioner confirmed that the Workers’ Compensation Board was authorized to collect personal information it considered necessary to process a… [More]The Commissioner confirmed that the Workers' Compensation Board was authorized to collect personal information it considered necessary to process a claim. The investigation also found that disclosure of health information by a regional health authority was not subject to FOIP at the time.
|