October 02, 2023 by Marko Dinic

Everything You Need to Know to Ensure FIPPA Compliance

If you are working for a Canadian government agency then you’ve probably heard of the FIPPA legislation and its effects on your compliance.

But what is FIPPA exactly and what are your rights and obligations?

In this article, we’ll walk you through the meaning of FIPPA and everything you need to know to stay compliant.

What Is the Meaning of FIPPA?

FIPPA or Freedom of Information and Protection of Privacy Act is a Canadian territorial legislation that provides individuals with the right to access government records and personal information held by government organizations.

This legislation regulates how public-sector organizations gather, use, and manage the personal information of their citizens.

It was designed to promote transparency and accountability in government operations by allowing anyone to make requests for their personal data while staying private.

FIPPA laws can vary in some details from one Canadian territory to another but are all the same in their purpose.

What Data is Recorded Under FIPPA?

While the definition can vary a bit depending on the territory, generally under FIPPA regulations a record is considered the following:

“Information in any form and includes information that is written, photographed, recorded or stored in any manner on any storage medium or by any means including graphic, electronic or mechanical means.”

This gives governments the means to collect personal information like:

  • Name, address, and telephone numbers
  • Race, color, beliefs
  • Age, sex, family status
  • Biometric information such as blood type and fingerprints
  • Information about health care history
  • Information on education, financial or criminal history, or work history

The FIPPA legislation in Ontario and other territories clearly outlines what data the government can and cannot collect from its citizens, providing transparency into the extent of data collection.

Citizens can use FIPPA regulations to request specific information they want to be retrieved.

What is a FIPPA Request?

In case an individual’s data isn’t available publicly they can file a FIPPA request for specific information. The process varies depending on the province.

To submit an FIPPA request an individual needs to fill out the FIPPA request form as specifically as possible for the process to be quick and not create a request backlog.

Usually, the FIPPA request will require the contact information, and signature, and should be mailed to the designated department the individual is requesting information from.

These requests are handled by the designated government agency by searching through the individual’s records for specific information and sending it back to them.

Government Agencies Subject to FIPPA?

Almost all public government agencies are subject to FIPPA regulations. They include:

  • schools, universities, and colleges (these can include charter schools, polytechnic communities, comprehensive community colleges, education boards, etc.
  • healthcare bodies, such as nursing homes, hospitals, regional health authorities, boards of hospital districts)
  • government agencies, such as boards, associations, commissions, or any organization designated as a government agency.

They all need to abide by specific FIPPA requirements if they want to stay compliant.

What Are FIPPA Requirements?

FIPPA requirements are a set of regulations that dictate how public bodies have to handle and manage personal information.

Here is an example of FIPPA requirements in Alberta:

  • Public bodies may collect personal information only if authorized by Alberta or Canada laws or regulations, only for law enforcement purposes, or if directly related to their programs or activities.
  • Personal information may only be used for its intended purpose or with individual consent.
  • Disclosure of personal information is permitted when:
    • Aligned with its original purpose or a consistent one.
    • Individual consents.
    • Mandated by Alberta or Canadian laws.
    • Complies with Alberta jurisdiction court orders.
    • Shared with deceased individuals’ relatives.
    • Shared with public body officers, employees, or Executive Council members as part of their duties.
  • Public bodies must ensure collected personal information’s accuracy and completeness, implementing quality assurance measures for verification.
  • Personal information must be retained for at least one year after use, allowing individuals time for access and corrections.
  • Corrections can be made to factual information upon request, excluding professional or expert opinions.
  • Retention beyond a year is possible but should not exceed the necessity to prevent unauthorized disclosure and FIPPA violations.
  • Public bodies must implement safeguards to protect personal information from unauthorized access, collection, use, disclosure, or destruction.
  • Public bodies must respond to all FIPPA requests within 30 days or less.
  • Public bodies must report unauthorized collection, use, or disclosure of personal information and promptly notify affected individuals.

How Does FIPPA Impact Compliance?

FIPPA regulations have a huge impact on the ability of a government agency to stay compliant with regulatory compliance laws.

It mandates the storage of all collected records for a specific period of time depending on the regulation of the territory at hand.

Aside from storing the data of individuals, FIPPA also mandates the storage of all communication from and inside the government agency.

This includes email as the most effective way of communication meaning that government agencies must have an email archive set up to stay compliant.

These email archives must be able to record and store all email communication and provide ediscovery abilities for record requests or any legal obligations.

How To Ensure FIPPA Compliance?

The best way to stay compliant with FIPPA is to ensure proper archiving in your government agency.

The first step towards being FIPPA compliant is to evaluate your email archiving needs.

You will need to outline your current archiving policy by noting all communication channels in your agency and calculate the average volume of requests you are receiving.

This will give you insight into what kind of email archiving solution is best for you.

The features your email archiving solution needs to have are:

  • Automatic email capture, indexing, and retention
  • Automated custom email archiving policies
  • Advanced filtering options for ediscovery
  • Records export for easy request responses
  • Email management capabilities

All of these features will allow you to retain email for long periods of time and speed up your requests.

Related: What to Look for in a Cloud Email Archiving Solution

Conclusion

FIPPA is one of the most important laws that provide the public with freedom when it comes to their information.

But this comes at a huge cost to governments as they need to be careful with this private information making it pretty hard to stay compliant.
That’s why understanding FIPPA regulations fully and taking action to secure all records is so important.

Stay compliant with FIPPA regulations and all email archiving laws with Jatheon’s cloud archiving solution allowing you to archive all communication, perform ediscovery, and protect your data.

Read Next:

Top 5 Trends in Enterprise Data Archiving and Ediscovery for 2024

Why You Need to Archive and Monitor Social Media for Complete Compliance

Email Archiving Benefits for All Your Departments: Management, IT, Legal and End Users

About the Author
Marko Dinic
As Jatheon’s CEO, Marko Dinic oversees new business development and has a leadership role in shaping the company’s vision, strategy, and product development. Outside work, he loves visiting places off the beaten path, investing, and space travel.

See how data archiving can simplify compliance and ediscovery for your organization

Book a short demo to see all the key features in action and get more information.

Get a Demo

Jatheon is a “Trail Blazer” in The Radicati Group’s 2024 Information Archiving MQ

Share via
Copy link
Powered by Social Snap