Controlling Internal Access To Local Government Records

Off-site Access
Under section 30 of FOIPPA, the head of a public body must protect any personal information in the records of the local government by taking reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or disposal. If access to the local government’s records is available within the local government’s offices by elected officials and employees through the local government’s intranet, this duty can be compromised unless steps are taken to preserve the confidentiality of the records.

Making personal information accessible to local government officials and employees on an off-site basis by means of portable laptop computers and other electronic devices poses security problems. The laptops may be accessible to other persons, including children, who have no understanding of the statutory protection afforded to the records. At a minimum, these devices should be password protected so that no other person can have access either to the computer or device itself, or, by extension, to the local government’s records.

The same security problems apply to hard copies of records. If staff, Councillors or Board members take their own copies of sensitive documents containing personal information to their homes or outside offices, there is the risk these documents may fall into the hands of persons who are not authorized to see them. The local government will have failed in its duty to protect that information from disclosure.

To avoid security leaks, documents containing sensitive information can be made available in a very limited manner. Numbered copies can be distributed at meetings only rather than in advance. Then when council or board has dealt with the matter, the copies can be collected and either destroyed or stored in a secure place. Members needing the information in advance can view it in the corporate administration office.