Overview of Proceedings
Intake
To initiate a review or make privacy complaint, the applicable form must be completed (see “Making a Request for Review or Complaint to the Commissioner” above) AND submitted together with all supporting documents in one submission. Otherwise, the submission will be returned. We also enforce a 15-page limit for submissions.
Every submitted form is checked for:
- Jurisdiction – is it something the OIPC can do under one of the Acts?
- Whether it was received by the OIPC within the required time limits
- Whether there is evidence that substantiates the request for review or complaint
Any person who submits a form for making a review or complaint will be contacted at the intake stage to discuss their submission and obtain clarification. They must be available to participate in our process and respond to requests in a timely manner, usually by phone and/or email. Otherwise, a file may not be opened. Any person who cannot meet this requirement, may name an agent to represent them.
The responding public body may also be contacted at this stage, as required.
Please note our refer-back process for privacy complaints and adequacy of search reviews.
Refer-back for privacy complaints
For complaints regarding the collection, use or disclosure of personal or health information, it is a requirement under OIPC processes to make the complaint first to the public body, custodian or organization, if the complainant has not already given the entity an opportunity to resolve the complaint.
Refer-back for adequacy of search reviews
For reviews where the only concern is that an applicant believes the public body, organization or custodian holds more responsive records than what were processed in the request (an ‘adequate search concern’), the applicant must first submit the concern directly to the entity, along with supporting evidence as to why they believe additional records exist.
We require that the entity be given at least 30 business days to respond. After attempting to resolve the matter directly with the entity, if the applicant still has reason to believe the response does not comply with the relevant law they can bring the concern back to our office. At that point, our office will consider whether further investigation by the OIPC is warranted.
Issue identification
Working with the applicant/complainant, the OIPC will identify the review or complaint issues at the intake phase. Only those issues that (a) have enough evidence; and, (b) are within our jurisdiction will move forward. Those issues will be communicated to the applicant/complainant to confirm their understanding and, if applicable, to advise on the limits of our jurisdiction.
If the OIPC proceeds with a review or investigation, a file is opened, and an acknowledgment letter (containing the confirmed issues) is issued to the applicant/complainant and the public body/custodian/organization. A copy of the request for review form and any attachments to the request are included with the letter. General privacy complaint forms or related materials will not generally be provided to an organization.
In the letter to the public body/custodian/organization, it will be asked to provide a contact person who will be responsible for working with the assigned investigator to settle the matter. The contact person must have the ability to settle the issues. This means that they must have timely access to the decision-maker or directly involve the decision-maker in the conversations.
New records requirements and timelines
For access request reviews, the public body/custodian/organization will also be asked to provide a copy of the records to the OIPC with the inclusion of a records index, within 7 business days of a notification letter, in accordance with the Practice Note – Preparing Records at Issue and Index of Records. It may also be asked to provide the OIPC with a copy of the access request and any correspondence concerning the request with the applicant. The OIPC will provide a link to securely send records and any other sensitive documentation to the OIPC.
The requirement to provide records or information at issue does not apply to records or information over which solicitor-client privilege, litigation privilege, or informer privilege is being claimed. The Practice Note – Providing Affidavits and other Evidence provides an explanation as to the expected content of the submission, even though it is not usually in affidavit form at the settlement stage.
Request for Review Forms and Attachments Are Disclosed
A copy of any request for review form and any attachments submitted along with the form must be disclosed to the public body, custodian or organization. This is a requirement in these Acts. As a result, any person submitting a request for review form under any of these Acts should specify to the OIPC if there is information in the form or accompanying attachments that they want the Commissioner to consider removing before sharing with the public body, custodian or organization. In considering these requests, consideration will be given to whether the information should be disclosed for fairness purposes or if it is necessary to conduct the review.
Address for Service
Each party must provide an address for service to which all official communications will be sent for the purposes of the review/investigation.
As noted above, we must have an effective and timely means of communication with the parties. As such, each party is to provide us with an email address for this purpose. We also require a mailing address which may be used to deliver certain correspondence related to the file. We will use secure email or other forms of secure electronic transmission to send communications containing sensitive information.
Applicant/Complainant
The address for service is to be identified on the applicable form (see “Making a Request for Review or Complaint to the Commissioner” above).
Public Body/Custodian/Organization
The address for service of the public body/custodian/organization will be identified in the acknowledgement letter that the OIPC sends to each party as part of the initial notification process.
Changes or Updates
A party must use the Change of Contact and/or Address for Service Form on the OIPC website to update contact information or the address for service at any time during the review/investigation.
The address for service of each party will be circulated to all other parties.
Review and Investigation
An OIPC investigator, known as a Senior Information and Privacy Manager (SIPM) will be assigned to try to settle your request for review or privacy complaint.
The office receives a high volume of requests for reviews and complaints. As such, your file may be inactive until the SIPM has the capacity to begin to work on it. The parties will be notified when the SIPM starts actively working on the file. While the parties wait to hear from the SIPM, we encourage the parties to try to resolve the matter directly with one another.
Our new case resolution process involves us trying to settle matters under review or investigation in as short a time as is possible. That is why we try to settle matters verbally over the phone. As such, once a file is activated, we must be able to reach the parties, usually by phone, in a timely manner in order to participate in our case resolution process. If we cannot reach the applicant/complainant, we may discontinue the review or investigation. If this occurs, the parties will be notified.
The SIPM begins the review or investigation by examining the confirmed issues, the submission of the applicant/complainant and, in the case of a review of an access request, the records provided by the public body/custodian/organization. The SIPM also reviews the relevant law and any past cases that have interpreted the law against the issues to be determined.
The SIPM will contact the public body/custodian/organization (Respondent) to gather any relevant evidence necessary to form an opinion about whether the law was complied with by the respondent.
The SIPM may also need to contact the applicant/complainant for additional information. Please note that we will not accept documented evidence from an applicant/complainant unless it is requested by the SIPM. Any unsolicited evidence will be returned or deleted.
The SIPM will form an opinion about whether the Respondent has complied with the law as it relates to the issues under review or investigation. The SIPM will discuss the opinion with the parties in an effort to settle the issues. The Respondent may agree to take certain actions in order to remedy any non-compliance.
Any resolution reached will be documented in writing and sent to the parties. As applicable, the SIPM will ensure that any agreed-upon terms are followed by the Respondent.
Inquiries
If any or all of the issues are not settled and the applicant/complainant wants to proceed further in our process, the SIPM will work with the parties to determine any agreed-upon facts. The file will then be brought to the Commissioner to determine whether an inquiry will proceed, only on those unsettled issues.
Once the file is transferred to the Commissioner, the SIPM will close the file at the settlement stage.
Inquiries are formal adjudicative proceedings. The inquiry process is not an examination of the process or an evaluation of the findings and recommendations made during the review and investigation process. The inquiry gives the parties an opportunity to present their evidence “de novo” (from the beginning) and to rebut or support evidence presented by the other party.
The Commissioner may refuse to conduct an inquiry in certain circumstances:
- The subject matter has been dealt with, in an order or investigation report of the Commissioner
- The circumstances warrant refusing to conduct an inquiry (for instance, if there is no meaningful remedy)
A decision to refuse to conduct an inquiry will be issued to the parties in writing.
If any unsettled issues proceed to inquiry, a Confirmation of Inquiry letter will be issued to the parties, which will confirm the issues for the inquiry. A Notice of Inquiry will be issued at a later date which includes a copy of the Request for Review/Complaint Form and attachments and sets out a schedule of dates for the written submissions of the parties.
Affected Parties and Intervenors
Some inquiries may include “affected parties”. An affected party is any other party who, in the opinion of the Commissioner, is affected by the request for review or complaint. A copy of the relevant form (see “Making a Request for Review or Complaint to the Commissioner” above) and attachments may be provided to the affected party.
An affected party may make representation to the Commissioner at inquiry, but is not required to participate.
In certain cases, the Commissioner may give intervenor status to parties, if the Commissioner determines it is appropriate. An intervenor can be useful in bringing a broader perspective to issues than the parties involved.
Order
On completing an inquiry, the Commissioner or delegated adjudicator must issue an Order disposing of the matter.
An Order made by the Commissioner or delegated adjudicator is final. However, a party may apply to the Court of King’s Bench of Alberta for judicial review of an Order.
Timelines to complete a review
Under FOIP and HIA, the Commissioner is to complete a review within 90 days after the OIPC received the request for review or complaint unless that period is extended by the Commissioner. PIPA allows the Commissioner to complete a review or investigation within one year from the day that the request for review/complaint was received by the OIPC. PIPA also allows the Commissioner to extend that period.
Parties will be notified as to the anticipated date for completion and any extensions to the anticipated date for completion.
For estimated timelines for the settlement phase of a review, see “How long will a review take” on the OIPC website at: https://oipc.ab.ca/information-access-review and https://oipc.ab.ca/privacy-correction-complaint
Back to top of the page
