Faculty and staff should create records with the expectation that they could be the subject of an access request. Where feasible, organize records at the time of creation in ways that facilitate access.
Legal advice and policy recommendations are examples of items that can be withheld at the discretion of a senior manager. It is important for staff and faculty to ensure that they clearly identify such items in their correspondence, minutes of meetings, etc. If you are giving advice or recommendations, say so in the record. On the other hand, background discussions, staff and faculty opinions (not legal opinions) and other fact reporting that lead up to the policy recommendation are generally releasable. Always create records assuming someone will ask to see them.
When you create a University record:
- Create records with access in mind - assume someone will ask to see it (don't create a record with the expectation of complete and absolute secrecy).
- Create files with access in mind:
- One case - one file.
- Eliminate copies.
- Use consistent filing practices
- Make sure confidential records are kept separate from ones that are not confidential.
When keeping records:
- Follow the Records Retention Schedule if one exists for the record.
- Retain records used to make a decision about an individual for a minimum of one year.
- Retain complete, accurate and reliable records of evidence.
- Don't destroy records unless authorized under the Records Retention Schedule or without checking with the FOIPOP Administrator.
Conduct an inventory of your office files annually. Staff and faculty should prepare detailed file lists of records sent to storage. Detailed lists will make it easier to locate those records later. The Act is retroactive so it covers records created before the Act was law, at a time when staff and faculty had no idea the information would ever be released. Remember: Embarrassment is not an exemption.
Establish security standards to ensure that records containing information requiring protection are clearly marked CONFIDENTIAL and treated accordingly. Although a CONFIDENTIAL marking doesn't mean a record won't be released under the Act, it does provide strong evidence when we are defending why we wouldn't release a document. A word of caution: don't automatically stamp every record as "confidential" as this practice can work against you and your clients by lessening the defense of a "confidential" stamp when it is really needed. By handling requests for information quickly, informally and in the spirit of openness, you may be able to avoid formal FOIPOP requests which are time consuming and costly.
In the course of its activities, every office at the University produces a certain quantity of records that by their nature contain information restricted to particular individuals.
Confidential records contain information that one person entrusts to another in circumstances where there is an expectation that privacy will be maintained. The confidentiality provision of the Freedom of Information and Protection of Privacy Act applies to information that is supplied and maintained, either explicitly or implicitly, in confidence.
There must be evidence to support the assertion of confidentiality. The fact that a record is stamped confidential is an indicator of confidentiality but is not, in itself, sufficient evidence to support the assertion of confidentiality. There must be other evidence to prove that the information has been treated in a consistently confidential manner in the past. Remember that records may be in formats other than paper (electronic, audio/video tape).
Confidentiality is assessed on the following:
- an explicit statement of confidentiality,
- a written request for confidentiality,
- past practice of the university, e.g. the type of information and whether it would normally be kept confidential.
Confidential records must be:
- stored in secure cabinets (locked when not in use, not in a public area, with limited access to staff and faculty),
- provided with a file/record cover when out of the secure cabinet,
- returned to the secure cabinet if the employee is called away while working on a record,
- restricted access by staff and faculty only on a "need to know" basis (e.g. showing a reference letter to a whole department, except the person it is about, is not acceptable),
- stored, destroyed or transferred according to instructions on an approved retention schedule.