Introduction

Coordinators across institutions share common roles and responsibilities. The manual is designed to help Coordinators develop the foundation of knowledge and skills required to administer the legislation.

There are various aspects to the Coordinator’s position which may vary depending on institutional factors such as:

  • The institution’s mandate and size;
  • The Delegation of Authority
  • The position of the Freedom of Information and Privacy Office within the institution;
  • The number and complexity of access requests;
  • The volume and sensitivity of personal information holdings; and
  • Stakeholder relations.

Coordinators will need to build and maintain a network of internal and external contacts. For provincial ministries internal stakeholders could include the Minister’s Office, Deputy Minister’s Office, Legal Counsel, program areas, and communications staff.

For municipalities internal stakeholders could include the City Clerk, municipal councillors, Legal Counsel, program areas, and communications staff.

External stakeholders for all institutions could include individual requesters, the general public, the IPC, other institutions and other governments.

Overview of Roles and Responsibilities

The Coordinator’s responsibilities cover a broad range of access and privacy activities. More details on specific responsibilities and activities are provided throughout this manual.

In most cases, the Coordinator’s main roles include:

  • Management – administering or supervising the operations of the freedom of information and privacy program.
  • Coordination - organizing the various parts of an activity to enable collaboration and efficient communication.
  • Advisory - giving information or advice or a recommendation about what should be done.
  • Training and awareness – teaching and raising awareness of access and privacy responsibilities.

Administration

The Coordinator may be responsible for a variety of administrative activities to support the request process and the day-to-day operations of the office. Administrative considerations may include:

  • Human resources – hiring and managing staff;
  • Office accommodation and record storage – secure space for handling, reviewing and storing records, and dealing with the public;
  • Equipment (e.g., phones, computers, fax machine, copier, scanner, projectors);
  • Technology (e.g., email, software for severing records, tracking, website);
  • Payment processing; and
  • Mail and courier services.

Policies and Procedures

Coordinators develop various policies and procedures to support operational efficiency. Examples of subjects that policies and procedures will need to address include:

  • The institution’s Delegation of Authority;
  • Routine requests;
  • Handling sensitive information;
  • Publication of records;
  • Conducting privacy impact assessments;
  • Responding to privacy breaches; and
  • Rules for collecting, using and disclosing personal information.

Processing Requests

Coordinators need to have defined procedures for processing access requests. Procedures should address all aspects of responding to a request including:

  • Contacting the office (e.g., phone, mailing address, internet, email);
  • Handling inquiries;
  • Handling incoming requests and correspondence;
  • Processing applications and fees;
  • Searching and reviewing records;
  • Providing notice to affected parties;
  • Conducting research on IPC orders and case law;
  • Obtaining legal advice;
  • Documenting decisions and recommendations;
  • Preparing copies and records for release;
  • Reviewing work for accuracy;
  • Issues management;
  • Obtaining approvals; and
  • Packaging and sending records.

More information on processing requests can be found in Chapter 6: Managing the Request Process.

Case File Management and Reporting

Coordinators must manage request case files and collect data regarding the administration of the legislation. Coordinators may use electronic databases or manual systems to manage and track requests. Effective case file management enables:

  • Management of work load and assignments relating to files, appeals, and projects;
  • Tracking the status of individual requests and appeal files;
  • Information and records management relating to all of the office and request records;
  • Tracking the stages and status of responses to privacy breaches and investigations.
  • Reporting to senior management; and
  • Annual reporting to the IPC.

Research

Coordinators must conduct research to inform analysis of application of the legislation and to stay current on issues and trends. The following list includes some areas that coordinators may consult as part of the research activity:

  • IPC orders and privacy investigation reports, and case law;
  • IPC access and privacy resources;
  • MPBSDP access and privacy resources;
  • Corporate directives, policies, guidelines and standards in your organization;
  • Media reports; and
  • Relevant resources and trends in other jurisdictions.

Mediation and Appeals

Coordinators are involved in some or all parts of the intake, mediation or adjudication stages of the IPC appeal process. This may include the following activities:

  • Preparing relevant records for an appeal to the IPC;
  • Representing the institution at all stages of the appeal process;
  • Conducting in-depth research of IPC orders and case law;
  • Obtaining legal advice and legal representation;
  • Obtaining affidavits;
  • Preparing representations; and
  • Presenting the institution’s position to the IPC.

More information on IPC appeals can be found in Chapter 11: Appeals Process.

Issues Management

Coordinators should ensure Senior Management and decision makers are aware of any contentious issues that may arise from received requests or privacy matters. This may include the following activities:

  • Providing “heads up” notifications to Senior Management and other offices within the institution involved with communications and issues management when contentious requests are received;
  • Providing status updates and briefings to Senior Management as contentious requests are processed; and
  • Alerting Senior Management of any contentious issues that may occur in relation to the institution’s privacy practices.

For more information on considerations for processing contentious requests, see Chapter 6: Managing the Request Process.

Publications

Coordinators should ensure that publication requirements under the legislation are met. Publication requirements include:

  • Directory of Institutions and Directory of Records; and
  • Institution documents available for public review (e.g., public records, manuals, directives).

More information on the Directory of Institutions and the Directory of Records can be found in Chapter 4: Access Fundamentals.

Resources

IPC Backgrounder for Senior Managers and Information and Privacy Coordinators, Raising the Profile of Access and Privacy

IPC: Basics for Freedom of Information Coordinators