Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 3, Access to Records. Updated 5 May 2023. 8 IPC Findings In Disregard Decision 130-2021, the Commissioner considered an application to disregard an access to information request from the Rural Municipality of North Qu’Appelle No. 187 (RM). Although the matter involved The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP), the findings also apply to FOIP. While considering the application and the question of whether the applicant’s access to information requests (current and previous) were repetitious, the Commissioner noted that the applicant’s previous access to information requests pose several questions. The applicant had raised that previous access to information requests had not been completed answered or replied to. Furthermore, where the applicant was not satisfied with the answers to the questions, the applicant asked them again in subsequent requests. The Commissioner noted at paragraph [19] of the Decision that LA FOIP does not require an RM to answer questions that come in an access to information request. For example, why the RM made certain decisions. LA FOIP is about gaining access to records. Therefore, the RM was not required under LA FOIP to answer questions by the Applicant. However, the RM did have a duty to answer questions as to whether it had responsive records. Verifying Identity Government institutions should verify the identity of an applicant before giving the applicant access to the applicant’s own personal information, especially if the information is sensitive.12 Subsection 31(1)(b) of FOIP also requires that access to one’s own personal information will be provided upon giving sufficient proof of his or her identity. Authentication is the process of proving or ensuring that someone is who they purport to be. Authentication typically relies on one or more of the following: • Something you know (e.g., password, security question, PIN, mother’s maiden name). • Something you have (e.g., smart card, key, hardware token). • Something you are (e.g., biometric data, such as fingerprints, iris scans, voice patterns).13 12 Service Alberta, FOIP Guidelines and Practices: 2009 Edition, Chapter 3 at p. 89. 13 Service Alberta, Bulletin #17, Consent and Authentication at p. 2.
RkJQdWJsaXNoZXIy MTgwMjYzOA==