Controlling Internal Access To Local Government Records

Recommendations

1.	Level of Access There are various levels of access that can be given to elected officials, as well as to employees of the local government. It is understood that the limitation of access would have to be practical from a technical, as well as a convenience point of view. Elected officials may need only the basic service of having their agenda packages, including attachments or reports, sent to them electronically by e-mail or available on the local government’s intranet web site. A page of the web site can be dedicated to the agenda packages and can be password protected, giving the password only to elected officials and those staff that require it. The information should also be password protected on their home or business office computer. If elected officials require additional information, their requests could be funneled through the Corporate Administrator or FOIPPA head, who could then determine whether they should have access to the additional information. Sensitive information should be deleted from the web site once it has been dealt with by the council/board.
2.	Security Arrangements Section 30 of FOIPPA requires the head to protect personal information with reasonable security arrangements. Otherwise, there may be inadvertent contraventions of FOIPPA. If the local government fails to provide security for its records, it may be considered negligent and be subject to actions for damages. Note that section 73 of FOIPPA provides protection from such lawsuits but only where the public body or official was acting in good faith. Knowing that security should be provided and failing to act on that knowledge can be evidence of bad faith. No one should be allowed the kind of access that allows them to take records outside of the local government offices without the necessary security precautions in place. Computers in the local government offices should be secure from access by members of the public, as evidence of the local government’s good faith efforts to protect personal and business information as required by FOIPPA. So-called “dumb” terminals can be set up for the public to view public records, such as bylaws. Failure to take these steps could have serious repercussions for the local government in terms of financial penalties as well as loss of confidence by the public.
3.	Training If elected officials are given access to the local government’s records, then they must be given specific instructions and training on how to handle the records, and especially on the disclosure rules under FOIPPA. A primary rule is that they should not give anyone else copies of the records or access to them. Determining who should have that access is the function of the FOIPPA head. The head determines in the first instance whether access is available to specific local government records. Elected officials are not entitled by law to make those decisions. The records handling training should be updated regularly and newly elected officials and new staff should be immediately trained in this regard before being given access to local government records.