Access exceptions

There are a few exceptions to the right of access. Individuals do not have a right to access their record of personal information if:

  • it is subject to a legal privilege restricting its disclosure to the individual
  • another act or a court order prohibits its disclosure to the individual or
  • the information was collected or created primarily in anticipation of or for use in a legal proceeding which has not concluded

Additionally, individuals do not have a right to access their record of personal information if granting access could reasonably be expected to:

  • result in a risk of serious harm to any individual94
  • lead to the identification of an individual who was required by law to provide information in the record to the service provider or
  • lead to the identification of an individual who provided the information either explicitly or implicitly in confidence — if the service provider considers it appropriate to keep their identity confidential

If one of these exceptions applies, the individual does not have a right of access to that information in the record. However, you would still be required to grant access to the remainder of the record of personal information if you can sever or redact the information to which the exception applies.95

 

A children’s aid society receives an access request from a youth looking for records related to a society investigation.

The society reviews the records and finds information about a neighbour who made the initial call to the society to report that the family’s children may be in need of protection, as required by the “duty to report.”

Before releasing records to the youth, the children’s aid society removes or redacts any information which could lead to the identification of the neighbour, who was required by law to provide this information to the society.

 

In addition to these exceptions, Part X also allows service providers to refuse access if a request is frivolous or vexatious or made in bad faith.96 The IPC has found, under other privacy legislation, that a request is frivolous or vexatious if it is:

  • part of a pattern of conduct (for example, an excessive number of access requests by the same person) that amounts to an abuse of the right of access or interferes with the operations of the institution or
  • made for a purpose other than to obtain access (such as to annoy or harass the institution or to purposefully burden the system)

There is a high threshold for deciding that a request is frivolous or vexatious. Refusing an access or correction request on these grounds is not a routine matter and should not be undertaken lightly.

 

94. In determining whether granting access could result in a risk of serious harm, service providers may consult with a member of the College of Physicians and Surgeons of Ontario, the College of Psychologists of Ontario or the Ontario College of Social Workers and Social Service Workers (CYFSA, s. 312(4)).
95. CYFSA, s. 312(2). The individual has a right to access personal information that can “reasonably” be severed from the part of the record to which they do not have a right of access. The IPC has considered this question under other privacy legislation and found that personal information that would comprise only disconnected or meaningless snippets is not considered reasonably severable (see, for instance, IPC Orders PO-1663 and PHIPA Decision 73).
96. CYFSA, s. 314(6). Guidance about what constitutes a “frivolous or vexatious” request is available at www.ipc.on.ca.