Bill 179 received First Reading in the Ontario Legislature on March 24, 2014. If passed, the Bill would amend the Municipal Freedom of Information and Protection of Privacy Act and the Freedom of Information and Protection of Privacy Act (M/FIPPA) in significant ways and impose more recordkeeping obligations on institutions governed by Ontario's access to information and privacy legislation.
Currently, every head of an institution is required, under FIPPA Regulation 460, section 4(3) and MFIPPA Regulation 823, section 3(3), to put in place "...reasonable measures to protect the records in his or her institution from inadvertent destruction or damage..." As well, under section 5 of these Regulations, there is a requirement for a minimum retention period for personal information. Section 5 of both Regulations states, in general, that personal information must be retained for a minimum of one year after use unless "the individual to whom the information relates consents to its earlier disposal." While institutions may have obligations to retain certain records under other government guidelines or statutes, or may have voluntarily established general records retentions schedules as part of good recordkeeping practices, M/FIPPA itself does not require the establishment of mandatory records retention periods for general records.
Notably, under the current provisions, institutions are only required to ensure the security of existing records from inadvertent destruction or damage. Moreover, without a broader requirement to establish record retention periods, the existing provisions of M/FIPPA are silent as to the duty to "preserve" records more generally. The Bill would, if passed, add section 10.1 of FIPPA and section 4.1 to MFIPPA to require institutions to develop, document and put in place "reasonable measures...to preserve the records in accordance with any recordkeeping or records retention requirement, rules or policies, whether established under an Act or otherwise, that apply to the institution."
This new provision would create a positive duty to prevent advertent destruction, in other words, intentional destruction of records. It would require institutions to consider the significance of their record holdings in light of their informational content and determine which ones need to be preserved and for how long. Therefore, in addition to the existing duty to secure records from inadvertent destruction or damage, institutions would have to consider what records they need to keep and for how long. Taking into account the content of the records and their importance, institutions would be required to develop appropriate retention schedules linked to the need to preserve the records.
To bolster this new requirement is a new offence provision. If passed, it would be an offence under section 61(1)(c.1) of FIPPA and section 48(1)(c.1) of MFIPPA to "alter, conceal or destroy a record, or cause any other person to do so, with the intention of denying a right under this Act to access the record or the information contained in the record". In light of the broad right of access under M/FIPPA, this offence could apply even if an access to information request is never made. If a record is destroyed, altered or concealed with a view to depriving others of the right to access it or its contents, then arguably the offence could be made out.
When read together, these provisions would, if passed, require institutions governed by M/FIPPA to undertake a review of the records they have in their custody or under their control and determine which ones, from a content perspective, need to be preserved and for how long in order to ensure that rights of access are not denied.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.