Chapter 4: Access Fundamentals

On this page Skip this page navigation

Introduction

The legislation provides a general right of access to government information, subject to certain exclusions and exemptions. This chapter introduces the definition of records, how to understand custody and control of records, and third party records. The sections of the legislation that limit and support access to information are explained.

The main topics covered in this chapter include classes of information excluded from the legislation (called “exclusions”), mandatory and discretionary exemptions to the right of access, information available to the public, and disclosure obligations. The exercise of discretion, harms tests, and the public interest override are also covered.

Chapter 5: Exemptions and Exclusions explains how exclusions and exemptions are interpreted and applied to records. More detail on how requests are processed and managed is discussed in Chapters 6: Managing the Request Process.

Applying the Legislation

In responding to requests made under the legislation, Coordinators take the following basic steps to assess how the legislation applies within the context of each individual access request:

Determine if the individual is seeking access to a record.
Determine if the records are in the custody or control of the institution.
Determine the relevant sections of the legislation that might apply to a record (in whole or in part).
Determine if the criteria and tests for each relevant section of the legislation are met.
Determine if additional legal tests apply and the criteria are met.

The background and considerations for each step are discussed below.

Understanding Records

FIPPA s. 2 / MFIPPA s. 2

Individual’s access rights apply to records or parts of records. Record is defined as any record of information however recorded, whether in printed form, on film, by electronic means or otherwise, and includes:

Books
Correspondence
Diagrams
Documentary material
Drawings
Films
Maps
Memorandums
Microfilms
Plans
Pictorial and graphic work
Photographs
Sound recordings
Videotapes

The definition is broad and is interpreted to include records that are not completed (e.g., working drafts) and recorded information using current technologies (e.g., voicemail, email). The definition also includes copies and any records that can be produced by computer hardware and software or any other equipment.

In general, the legislation applies to an existing record regardless of whether it was created prior to the legislation taking effect. Hospitals are an exception to this rule because the legislation only applies to records that came into the custody or control of hospitals on or after January 1, 2007.

Creating Records

Reg. 460 (2) / Reg. 823 (1)

In instances where institutions receive a request for information that may reside in an institution, but not as a record, the Coordinator must determine the feasibility of producing the record. For example, if the information resides in a database.

The legislation does not explicitly require an institution to create a record but there may be situations where it is effective to do so. There is a growing expectation that government use of information technology should facilitate, not limit, public access to information.

Under the regulations a record capable of being produced from machine readable records is not included in the definition of record where the process of producing it would unreasonably interfere with the operations of an institution.

Factors Coordinators should consider when establishing unreasonable interference may include:

Number of hours required to produce the record;
Number of staff required to undertake the work and the impact on their regular duties and responsibilities;
Technical expertise required (e.g., consultant); and
The impact on the institution’s operations and resources (e.g., disruption, delay, hinder effectiveness).

Where the institution is capable of producing a record and the production of the record would not interfere with the operations of the institution then the produced record would qualify as a record under the legislation.

Custody or Control

The right of access only applies where the records, in whole or in part, fall within the custody or control of an institution.

Custody means the keeping, care, watch, preservation or security of the record for a legitimate business purpose.
Control means the power or authority to make a decision about the creation, use, disposal or disclosure of the record.

There are a number of factors that can be considered to determine custody and control.

Custody

Questions Coordinators’ should consider when determining whether the institution has custody of a record include:

Does the institution have physical possession of the record, either because it has been voluntarily provided by the creator or pursuant to a mandatory statutory or employment requirement?
If the institution does not have possession of the record, is it being held by an officer or employee of the institution for the purposes of his or her duties as an officer or employee?

These questions are relevant for personal records of an employee that happen to be physically located in the office of an institution. While the record may be physically in the office, if the record does not relate to the employee’s duties as an employee they may not be considered in the custody of the institution. For example, generally speaking, an employee’s personal dry cleaning receipt or personal telephone bill would not be considered in the custody of the institution as they do not relate to the employee’s duties.

Control

Questions Coordinators’ should consider when determining whether the institution has control of a record include:

Was the record created by an officer or employee of the institution?
Does the record relate to the statutory or core business of the institution?
What use did the creator intend to make of the record?
Does the institution have a right to possession of the record?
Does the institution have the authority to regulate use and disposal of the record?
To what extent has the institution relied upon the record?
How closely is the record integrated with other records held by the institution?

Coordinators should be familiar with the business and records of the institution, as well as how business is conducted and information is managed.

Records of Third Parties

Institutions may legitimately obtain or have copies of records of third parties that are within their custody or control. A third party can be any one of the following:

Person;
Group;
Committee;
Organization;
Other government; or
Business.

An employee of an institution is not a third party unless acting in a personal capacity.

Government business and service delivery may result in institutions having custody or control of third party records. Some common examples where government institutions may have custody or control of third party records include:

Records that have been provided under legislated and regulatory requirements;
Records including the personal information of individuals applying for benefits or services;
Records collected as part of a procurement of products or services;
Records containing expert and legal advice,
Records gathered during public consultations,
Records created through federal-provincial-municipal initiatives, and
Records created through public-private sector partnerships.

Key questions Coordinators may ask to determine whether the institution has custody or control of records of third parties include:

Who owns the record?
Who paid for the creation of the record?
What are the circumstances surrounding the creation, use and retention of the record?
Is there a contract between the institution and the organization or individual who created the record?
Was the individual who created the record an agent of the institution for the purposes of the activity in question?
What is the customary practice of the individual who created the record in relation to possession or control of records of this nature, in similar circumstances?

Notice to Affected Persons

There are additional requirements for processing requests for access to records that contain information about third parties such as providing notice and obtaining consent where applicable.

Institutions should consider developing a policy or procedure for when third party information is frequently requested.

More information on notice requirements are provided in Chapter 6: Managing the Request Process.

Applying Relevant Sections

In processing requests, Coordinators must review responsive records to determine if any exclusion or exemption applies to a record, either in whole or in part.

Exclusions and exemptions of the legislation are categorized based on their purpose in regard to limiting or supporting access to records. Each of these categories will be discussed further below.

Exclusions: These are provisions which exclude records or parts of records from the application of the legislation.

Exemptions (general): These are provisions which exempt records or information from the general right of access. The legislation applies to a record but access can be denied.

Mandatory exemption: If a mandatory exemption applies the head must refuse access to the record unless it has consent to disclose it. In the legislation, mandatory exemptions begin with the words “shall refuse.”

Discretionary exemption: An exemption where the head may choose to deny access to a record, but is not required to do so. In the legislation, discretionary exemptions begin with the words “may refuse.”

In order to determine the relevant sections of the legislation that apply to a record, the content and context of a record are important factors. Coordinators may ask the following questions to assess the content and context of the record:

Who prepared the record?
What is the purpose of the record?
Who is the intended audience?
What is the age of the record?
What type of information is in the record?
How sensitive is the information?
How was the record shared (e.g., internally or publicly)?

Exclusions

Exclusions mean that the legislation does not apply to certain types or classes of records. Exclusions are intended to be limited in scope. The exclusions do not apply to all institutions equally. Some exclusions are specific to universities, colleges or hospitals.

The legislation does not prevent access to excluded records. If an institution decides to release an excluded record, it can do so “outside” of the legislation. However, this approach means that other rights (e.g., appeal rights) are not available to the requester.

The list below outlines the exclusions and to what institutions they apply:

Private donations to archives: Excludes records that have been donated to a public archive by a non-institution such as a private individual, corporation or association. This exclusion applies to the Archives of Ontario and archival repositories in colleges, universities and municipal institutions. FIPPA s. 65 (1) and MFIPPA s. 52 (2).

Proceedings before a Court: Excludes records prepared for a person presiding in a proceeding in a court of Ontario such as a judge. This exclusion applies to the Courts. FIPPA s. 65 (3).

Performance evaluations of judges: Excludes records and information related a judge’s performance evaluation. This exclusion applies to provincial institutions only. FIPPA s. 65 (4).

Ontario Judicial Council records: Excludes records of the Ontario Judicial Council that are deemed confidential, not made available to the public or relate to a proceeding that did not occur in the public. This exclusion applies to provincial institutions only. FIPPA s. 65 (5).

Associate judge investigations: Excludes records related to investigations into complaints against Associate judges under the Courts of Justice Act. This exclusion applies to provincial institutions only. FIPPA s. 65 (5.1)

Prosecution records: Excludes records related to prosecutions where all matters related to the prosecution have not been completed. This exclusion applies to all provincial and municipal institutions. FIPPA s. 65 (5.2) and MFIPPA s. 52 (2.1).

Ecclesiastical records: Excludes the records of church or religious organizations affiliated with an education institution or hospital. The exclusion applies only to hospitals, universities and colleges. FIPPA s. 65 (5.3).

Hospital foundations: Excludes records of hospital foundations, even when in the custody of hospitals. This exclusion applies only to hospitals. FIPPA s. 65 (5.4).

Administrative records of health professionals: Excludes records of health professionals using hospital offices for personal practice. This exclusion applies only to hospitals. FIPPA s. 65 (5.5).

Charitable donations: Excludes records related to charitable donations to hospitals. This exclusion applies only to hospitals. FIPPA s. 65 (5.6).

Labour relations and employment-related: Excludes the majority of records related to labour relations and employment. This exclusion applies to all provincial and municipal institutions. FIPPA s. 65 (6) and MFIPPA s. 52 (3).

Church or religious appointments of individuals: Extends the employment records exclusion to religious appointees in institutions. The exclusion only applies to all provincial institutions. FIPPA s. 65 (6) 4.

Hospital appointments of persons with privileges: Extends the employment records exclusion to doctors who have privileges at a hospital. This exclusion applies to hospitals only. FIPPA s. 65 (6) 5.

Adoptions related: Excludes certain records related to adoptions. This exclusion applies to all provincial institutions. FIPPA s. 65 (8).

Research and teaching materials: Excludes records related to research and teaching materials for individuals employed or associated with a college, university or hospital. The exclusion applies only to colleges, universities and hospitals. FIPPA s. 65 (8.1).

Peer evaluations of research and teaching materials: Excludes records related to peer evaluation of research and teaching materials of individuals employed or associated with a college, university or hospital. The exclusion applies only to colleges, universities and hospitals. FIPPA s. 65 (10) s. 49 (c.1).

Medical assistance in dying: Excludes identifying information of individuals and facilities associated with services related to medically assistance in dying. FIPPA s. 65 (11).

Abortion related services: Excludes identifying information of individuals and facilities associated with services related to abortion services. It applies to all provincial institutions. FIPPA s. 65 (13) (14) and (15).

Mandatory Exemptions

In general, a record that falls under a mandatory exemption cannot be disclosed unless the institution obtains the consent of the affected party. In the legislation, mandatory exemptions start with “shall refuse”.

A notable difference between the municipal and provincial legislation is that MFIPPA has a mandatory exemption for relations with other governments and FIPPA has a discretionary exemption for relations with other governments.

The four mandatory exemptions are listed below.

Cabinet records: Protects the substance of deliberations of Executive Council or its committees. FIPPA s. 12

Personal privacy: Protects against an unjustified invasion of privacy of an individual other than the requester. FIPPA s. 21, MIFPPA s. 14.

Relations with other governments: Protects confidential information received from other Canadian and foreign governments. MFIPPA s.9. Note: a similar exemption is discretionary under FIPPA.

Third party information: Protects third parties from financial or other harms. FIPPA s. 17, MFIPPA s. 10.

Discretionary Exemptions

A discretionary exemption means that refusing access to a record is permitted, but not required. In the legislation, discretionary exemptions begin with the words “may refuse”. In general, a decision to refuse access to a record requires further analysis known as an exercise of discretion discussed below. It involves weighing the pros and cons of providing access to a record or not.

Most of the discretionary exemptions are common to both FIPPA and MFIPPA. However, the discretionary exemptions specific to FIPPA are:

Defence;
Government relations; and
Species at risk.

The discretionary exemption specific to MFIPPA is draft by-laws and records of closed meetings.

The discretionary exemptions and their main purpose are listed below.

Draft by-laws and records of closed municipal meetings: Protects deliberations in closed meetings or draft by-law. MFIPPA s.6.

Advice to government/Advice or recommendations: Protects records or parts of records containing advice or recommendations used in government decision-making. FIPPA s. 13, MFIPPA s. 7.

Law enforcement: Protects various types of records and activities relating to law enforcement and security. FIPPA s. 14, MFIPPA s.8.

Civil Remedies Act, 2001: Protects records that if released could interfere with the Attorney General’s ability to conduct a proceeding under the Civil Remedies Act. FIPPA s. 14.1, MFIPPA s. 8.1.

Prohibiting Profiting from Recounting Crimes Act, 2002: Protects records that if released could interfere with the Attorney General’s ability to conduct a proceeding under the Prohibiting Profiting from Recounting Crimes Act, 2002. FIPPA s. 14.2, MFIPPA s. 8.2.

Relations with other governments: Protects confidential information received from other Canadian and foreign governments. FIPPA s.15. Note: a similar exemption is mandatory under MFIPPA.

Relations with Aboriginal communities: Protects confidential information received from Aboriginal communities. FIPPA s. 15.1, MFIPPA s. 9.1.

Defence: Protects records related to the national defence of Canada or a foreign state. FIPPA s.16.

Economic and other interests of Ontario: Protects records where disclosure could damage an institution’s economic or other interests. FIPPA s.18, MFIPPA s.11.

Closed meetings: Provides universities and hospitals with similar confidentiality provisions in the deliberative processes of their respective governing bodies. FIPPA s. 18.1.

Solicitor-client privilege: Protects records subject to common-law solicitor-client privilege and litigation privilege. FIPPA s.19, MFIPPA s.12.

Danger to safety or health: Protects records that if released could cause serious threats to safety or the health. FIPPA s. 20, MFIPPA s. 13.

Species at risk: Protects information that if released could endanger species at risk or their habitat. FIPPA s.21.1.

Information soon to be published: Protects records that are published, currently available to the public, or will be published. FIPPA s.22, MFIPPA s.15.

Exceptions

Some exclusions and exemptions include exceptions. Where the exception applies, the exclusion or exemption would not be applicable to the record.

Some exceptions relate to factual information that may be of interest or use to the public and specific types of records or reports produced in the course of government work. For example, in the advice to government/advice or recommendations exemption, subsection 2 lists a number of classes of records that the section does not apply to including: factual material, a statistical survey, a report by a valuator, and an environmental impact statement.

Other exceptions set time limits for when exemptions can be used. For example, in the Cabinet records exemption, subsection 2 (a) states that the exemption cannot be claimed on records more than 20 years old.

Exercise of Discretion

When deciding not to disclose a record the factors and reasons for the exercise of discretion should be well documented to support the decision, in the event of an appeal.

The IPC has developed a list of considerations for a proper exercise of discretion. The factors include:

The purpose of the legislation; including the principles that:
- Information should be available to the public
- Individuals should have a right of access to their own personal information
- Exemptions from the right of access should be limited and specific
- The privacy of individuals should be protected;
The wording of the exemption and the interests it seeks to protect;
Whether the requester is seeking his or her own personal information;
Whether the requester is an individual or an organization;
The relationship between the requester and any affected persons;
Whether disclosure will increase public confidence in the operation of the institution;
The nature of the information and the extent to which it is significant and/or sensitive to the institution, the requester, and any affected person;
The age of the information; and
The historic practice of the institution with respect to similar information.

In contrast, an improper exercise of discretion occurs when:

It is done in bad faith or for an improper purpose;
It takes into account irrelevant considerations; or
It fails to take into account relevant considerations.

Where an institution makes an error in the exercise of discretion, the IPC may send the matter back to the institution to re-exercise discretion.

Harms Test

Some exemptions in the legislation are harms-based. In order to apply these exemptions under the legislation, institutions or third parties may have to demonstrate the harms that could result in the disclosure of information.

In general, meeting the criteria of a harms test requires:

Detailed and convincing evidence; and
A strong connection between the harm and disclosure of the record.

More information on how harms tests are considered within the context of specific exemptions is discussed in detail in Chapter 5: Exemptions and Exclusions.

Public Interest Override

FIPPA s. 23 / MFIPPA s. 16

The public interest override provision provides another opportunity to consider whether a record should be disclosed for some exempted records.

A two-part test determines whether public interest override applies to a record:

There must be a compelling public interest; and
The compelling public interest must clearly outweigh the purpose of the exemption.

This section of the legislation states that certain exemptions do not apply when a compelling public interest in the disclosure of a record clearly outweighs the purpose of the exemption.

This section is commonly referred to as public interest override. It cannot be applied to information withheld under the following exemptions:

Cabinet records (FIPPA s. 12);
Defence (FIPPA s.16);
Draft by-laws, etc. (MFIPPA s. 6);
Law enforcement (FIPPA s. 14, MFIPPA s. 8);
Solicitor-client privilege (FIPPA s. 19, MFIPPA s. 12);
Information soon to be published (FIPPA s. 22, MFIPPA s. 15).

Factors that Coordinators should consider when determining whether the public interest override applies include:

Where there is a relationship between the record and the legislation’s central purpose of shedding light on the operations of government?
Where the record serves the purpose of informing the public to make political choices and express public opinion? or
Whether the interest in the record is public or private.

Generally, a public interest does not exist where the requester’s interests in a record are essentially private in nature.

Available for Public Review

FIPPA s. 32, s. 33, s. 35, s. 45 / MFIPPA s. 25, s. 34

The legislation requires that the Responsible Minister and institutions make certain information available to the public for review to support:

Public awareness of government information holdings;
Public access to information outside of the formal information request process, and
An individual’s ability to contact institutions and request information.

Institution Records

FIPPA s. 33

The legislation requires that certain records of institutions be available to the public for review. The requirement applies where records about the interpretation of laws and programs of the institution are necessary for the purpose of:

Determining applications by individuals for rights, privileges or benefits;
Changes to the provision or the new conditions of rights, privileges, or benefits already granted; and
General administration or enforcement.

Other such records of institutions include manuals, directives, guidelines, instructions, procedures, objectives prepared for the officers of an institution. The publishing requirement does not apply to internal operations and administration of the institution (e.g., equipment manual).

The documents required for publishing are subject to the same exemptions under the legislation. Portions can be severed if they are exempt from disclosure under the legislation. Any severing or deletion must include a statement that a deletion has been made, the nature of the information deleted and the exemption applied.

These documents must be available for inspection and copying by the public, in these locations:

On the Internet; or
In a reading room, library, or designated office.

Available for public review does not imply the record is provided to the public at no cost. Fees may be associated with accessing certain institutional records.

Directory of Institutions

FIPPA s. 31, s. 35, s. 36 / MFIPPA s. 24

The Directory of Institutions (DOI) is a compilation of all institutions covered by the legislation. The DOI sets out where a request for information should be made by providing the title, address and other contact information for the individual responsible for administering the legislation in the institution.

Publication of the DOI is a responsibility of the Minister and is coordinated by ministry staff. The DOI is published every three years.

Directory of Records

FIPPA s. 32, s. 35, s. 45 / MFIPPA s. 25, s. 34

The Directory of Records (DOR) is a publication that provides:

A description of the programs, functions or responsibilities of offices within an institution;
Information on the general classes or types of records of each institution; and
An index of the personal information banks maintained by each institution.

Publication of the DOR for Ontario Public Service ministries is a responsibility of the Minister and is coordinated by ministry staff. The head of each provincial institution is responsible for providing this information to the Minister for publication.

Hospitals, universities, some provincial agencies and MFIPPA institutions are also required to make similar information available about their institution but do so independently.

Personal Information Banks

FIPPA s. 44, s. 45 / MFIPPA s. 34

The index of Personal Information Banks (PIB) forms part of the DOR. A PIB is any collection or set of personal information where personal information is organized by:

The individual’s name;
An identifying number or symbol; or
Other particular identifier assigned to the individual.

A PIB could be an electronic database or a paper filing system.

The PIB index sets out the following for each PIB:

Its name and location;
Legal authority for its establishment;
Types of personal information maintained in it;
How the personal information is used on a regular basis;
To whom the personal information is disclosed on a regular basis;
Categories of individuals about whom personal information is maintained; and
Policies and practices applicable to the retention and disposal of the personal information; and
Exceptions to the uses and disclosures noted above.

Routine Disclosure and Open Government

FIPPA s. 63 / MFIPPA s. 50

The legislation does not prevent institutions from providing information to the public through alternative means outside of the formal request process. Institutions may proactively make records available through routine disclosure or other initiatives.

“Open Government” refers to government programs aimed at improving public access to government information and data; and increased public participation in policy development and dialogue between individuals and the government.

The IPC is a strong supporter of Open Government as it enhances transparency of government actions and decisions, improves accessibility of government services and information, and promotes public participation.

Coordinators and Legal Counsel should participate in routine disclosure or Open Government initiatives to ensure that the information and raw data being published does not reveal personal information of identifiable individuals or other sensitive information.

Obligations to Disclose

FIPPA s. 11 / MFIPPA s. 5

The legislation requires disclosure of a record that reveals a grave environmental, health or safety hazard to affected persons or the public, and where it is in the public interest.

This section overrides all other provisions of the legislation. There is no requirement that a request must be made before action is taken. While this section includes a notice provision to any person to whom the information relates, it must be practicable to do so. The record must be disclosed as soon as possible. Disclosure is to be made by announcement to the public generally or to those individuals that are particularly affected by the information in the record.

The following conditions must be met:

The information must be in record form; and
The situation must be grave meaning serious and likely to produce great harm or danger.

Resources

MPBSDP: Directory of Institutions

IPC: Accessing Information

IPC: Open Government

Updated: July 05, 2024

Published: March 09, 2023