Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Home Featured N.L. privacy commissioner upholds decision not to confirm or deny existence of records involving school employee

N.L. privacy commissioner upholds decision not to confirm or deny existence of records involving school employee

by HR Law Canada

Newfoundland and Labrador’s privacy commission (OIPC) has upheld a decision by the Department of Education to neither confirm nor deny the existence of records related to a complaint against a former employee of the Newfoundland and Labrador English School District.

The decision, issued on May 29, 2024, revolves around the application of section 17(2) of the Access to Information and Protection of Privacy Act, 2015 (ATIPPA, 2015).

The complainant had submitted a request for “emails and records relating to any complaints made about [employee’s name],” specifically seeking information on incidents that resulted in discipline or were forwarded to the police. The Department invoked section 17(2) of the Access to Information and Protection of Privacy Act, 2015, which allows public bodies to refuse to confirm or deny the existence of records under certain conditions.

Initially, the Department provided limited justification for its stance, prompting the OIPC to seek further clarification. In its final response, the Department cited subsection 17(2)(b) of ATIPPA, 2015, stating: “the department is neither confirming nor denying the existence of the information you are requesting. This is in accordance with subsection 17(2) of the Access to Information and Protection of Privacy Act, 2015”​​.

Was section properly applied?

The OIPC’s investigation focused on whether the Department appropriately applied section 17(2). The Department argued that confirming or denying the existence of the records would constitute an unreasonable invasion of personal privacy.

The OIPC referenced a two-part test from Ontario, which it adopted in a previous report, A-2019-025:

  1. Disclosure of the records (if they exist) would constitute an unjustified invasion of personal privacy.
  2. Disclosure of the fact that records exist (or do not exist) would in itself convey information to the requester, such that disclosure would constitute an unjustified invasion of personal privacy​​.

In addressing the first part of the test, the Department stated, “disclosure of information about an employee outside what is permissible under section 40(2)(f) would be an unjustified invasion of personal privacy.” Section 40(2)(f) allows for the release of certain information about employees, such as their position, functions, or remuneration​​.

The OIPC agreed with the Department’s interpretation, noting that the complainant was specifically requesting information about a named individual. Confirming or denying the existence of such records would inherently disclose whether the individual was the subject of complaints or police referrals, which would be harmful to the individual’s privacy.

In conclusion, the OIPC found that the Department correctly applied subsection 17(2)(b) of ATIPPA, 2015, and recommended that the Department maintain its position.

Lessons from this ruling

  1. Privacy Protection: Employers must be vigilant in protecting the privacy of their employees, particularly when handling sensitive information that could lead to reputational harm.
  2. Clear Justifications: When invoking privacy-related exemptions in information requests, it is crucial to provide clear and detailed justifications to withstand scrutiny.
  3. Policy Adherence: Ensuring adherence to applicable privacy legislation and internal policies can safeguard against potential legal and ethical issues.

For more information, see Report A-2024-024.

You may also like