This is the exact embedded text of the captured official document.
Snapshot 67e36df141fe · verified 2026-06-08 ·
original document ·
archived snapshot ·
unofficial consolidation, the official version is held by the municipal clerk.
TOWN OF HANNA
PROVINCE OF ALBERTA
BY-LAW 1042-2025
A BYLAW OF THE TOWN OF HANNA, IN THE PROVINCE OF ALBERTA, TO
GOVERN
ACCESS
TO
INFORMATION
AND
PROTECTION
OF
PRIVACY
IN
ACCORDANCE WITH THE ACCESS TO INFORMATION ACT AND THE PROTECTION
OF PRIVACY ACT
WHEREAS. _ the Municipal
Government
Act,
R.S.A.
2000,
Chapter
M-26,
the Access to Information Act (ATIA), and the Protection of Privacy Act (POPA) provide
individuals with the right to
access municipal
records and require the responsible
management of personal information;
AND WHEREAS POPA requires public bodies to protect personal information
collected and maintained in the course of delivering programs and services, including
establishing a privacy management program and appointing a privacy officer;
AND WHEREAS the Town of Hanna is committed to transparency,
accountability, and the protection of privacy in accordance with provincial legislation;
NOW THEREFORE
THE
COUNCIL
OF THE
TOWN
OF
HANNA,
IN
THE
PROVINCE OF ALBERTA, DULY ASSEMBLED, ENACTS AS FOLLOWS:
PART |
SHORT TITLE AND AUTHORITY
1.1
Short Title
- This bylaw shall be known as the "ACCESS TO INFORMATION AND
PROTECTION OF PRIVACY BYLAW' of the Town of Hanna.
1.2
Purpose
- The purpose of this bylaw is to update and replace the Town's previous
FOIP Bylaw to comply with Alberta's new Access to Information Act and Protection
of Privacy Act, which came into force on June 11, 2025.
It establishes local
practices and procedures for access to information and protection of privacy in
accordance with these Acts.
Authority
- This bylaw is made pursuant to the Access to Information Act and
Protection of Privacy Act (hereinafter "the Acts"). In accordance with the Acts, the
Head of the Town of Hanna is the Chief Administrative Officer (CAO), who has
overall responsibility for ensuring compliance with access to information requests
and privacy protection requirements. The CAO may delegate administrative duties
under this bylaw to an Access and Privacy Coordinator or other designee as
needed
PART Il
OBJECTIVES
2.1
The OBJECTIVES of this bylaw is to:
| Town of Hanna
Bylaw 1042-2025
Page...2
))
()
PART Iil
Facilitate public access to Town records in accordance with the Access to
Information Act, except where records are exempt from disclosure under
that Act::
Protect personal privacy by establishing measures to safeguard personal
information collected or held by the Town, in compliance with the Protection
of Privacy Act;
Define the local process for requesting access to records and for the
Town's response, including timelines and forms;
Ensure full compliance with the requirements and duties set out in the new
provincial Acts and associated regulations (replacing references to the
FOIP Act with the Access to Information Act and Protection of Privacy Act);
Provide clear procedures for third-party notice and consultation when
access requests involve information about third parties;
Implement a structured process for appeals of access decisions and for
responding to privacy breaches, including internal reviews and cooperation
with the Information and Privacy Commissioner.
DEFINITIONS
3.1 In this bylaw, unless the context otherwise requires;
))
"Access to Information Act (ATIA)" means the Access to Information
Act, SA 2024, c. A-6.5, and its regulations, as amended from time to time
(this Act provides the public right of access to records held by public
bodies).
"Protection of Privacy Act (POPA)" means the Protection of Privacy Act,
SA 2024, c. P-28.5, and its regulations (this Act governs the protection of
personal information held by public bodies, including privacy requirements
and breach notification).
"Applicant" means any person making a request for access to information
under this bylaw (i.e. an individual or organization submitting an official
access to information request).
"Personal Information" means recorded information about an identifiable
individual
as defined
in the Acts (for example,
an
individual's
name,
address, telephone number, age, financial information, etc., as defined in
POPA).
"Third Party" means any individual, organization, or business other than
the Applicant or the Town, whose information may be contained in a record
requested
under this bylaw.
This
includes
a
person
or entity whose
personal or proprietary information might be disclosed to an applicant.
"Chief
Administrative
Officer
(CAO)"
means
the
Town's
Chief
Administrative Officer appointed by Council. For the purposes of this bylaw
and the Acts, the CAO is the Head of the public body (the Town of Hanna)
Town of Hanna
Bylaw 1042-2025
Page...3
PART IV
responsible for overall compliance with the Access to Information Act and
Protection of Privacy Act.
"Head" means the head of the public body as defined in the Acts. Under
this bylaw, the Head is the Chief Administrative Officer of the Town of
Hanna. The Head has statutory responsibilities for responding to access
requests and ensuring privacy protection on behalf of the Town.
"Access and Privacy Coordinator" means the individual designated by
the Town (by the CAO/Head) to manage and administer requests for
access to information and to oversee day-to-day privacy compliance. The
Access and Privacy Coordinator acts as the primary contact for Applicants
and for the Office of the Information and Privacy Commissioner, and
ensures the Town's obligations under the Acts are fulfilled. (This position
was formerly referred to as the "FOIP Coordinator.")
"Formal Request" (or "Access Request") means a written request for
access to records made under the Access to Information Act, which is
submitted on the prescribed form (Schedule A
-- Access to Information
Request Form) or in another written format that meets the requirements of
the Act.
A Formal Request typically requires the payment of any applicable
application fee.
"Routine Disclosure" means the practice of disclosing certain records
proactively, without the need for a formal access request, as a matter of
course
or
on request.
Routine Disclosure includes making commonly
requested information available to the public via the Town's website or
upon
inquiry (e.g.
Council meeting
minutes,
bylaws,
basic
financial
reports), where such release
is permitted by law.
Routine Disclosure
supports the principle of transparency and the new proactive disclosure
policy encouraged under the Access to Information Act.
ACCESS TO INFORMATION
4.1
Right of Access: In accordance with the Access to Information Act, any person
has a right of access to records in the custody or under the control of the Town of
Hanna, subject to limited and specific exceptions as set out in the Act. The Town
will grant access to records or portions of records unless they contain information
that is excepted from disclosure under the Act (for example, confidential third-party
information, personal privacy, legal privilege, etc.). Exceptions to disclosure will be
applied only as necessary and in accordance with the Act's provisions. (Reference:
The Access to Information Act preserves many of the exemptions and exclusions
formerly in FOIP, such as protections for personal privacy, confidential business
info, cabinet confidences, etc.)
Town of Hanna
Bylaw 1042-2025
Page...4
4.2
Processing Requests
-- Duty to Assist: The Town has a duty to assist applicants
and shall ensure that access requests are handled in an open, accurate, and timely
manner. The Access and Privacy Coordinator (under the authority of the Head)
shall process all Formal Requests in accordance with the requirements of the
Access to Information Act and this bylaw, ensuring:
))
Assistance to Applicants: The Town will make every reasonable effort to
assist applicants, clarify the request
if needed,
and respond openly,
accurately and completely to each applicant,
as required by the Act
(commonly known as the "duty to assist").
Timely Response: A response providing access to the requested record
(or a decision refusing access, with reasons) is given to the applicant within
30 business days from the date of receipt of the Formal Request, unless
an
extension
of time
is
authorized
under the
Act.
(The Access
to
Information Act sets a 30-business-day standard timeline for responses,
which may be extended in certain cases such as large volume requests or
the need to consult with third parties.) If an extension is necessary, the
applicant will be notified in writing of the extension and the reason for it, in
accordance with the Act.
Partial Disclosure: If a record contains some information that is excepted
from
disclosure
(for example,
personal
information
or other exempt
material), the Town will provide partial access by severing (redacting) the
excepted portions and releasing the remainder of the record, whenever
possible. The Applicant will be informed of the rationale for any portions
that are withheld.
Notification of Decision: If a request is refused in whole or in part, the
Applicant will be provided with a written notice stating the reasons for the
refusal and identifying the specific exceptions or provisionsof the Act relied
upon, as well as information on the right to request a review of the decision.
Every response letter will inform the Applicant of their right to an internal
review (appeal) and/orto ask the Information and Privacy Commissioner to
review the decision.
Routine Disclosure and Proactive Release: The Town of Hanna will continue to
provide access to information through routine disclosure and active dissemination
of records without the need for formal requests, to the extent possible. The Town
shall identify categories of records that are of public interest and can be released
routinely (such as Council meeting minutes, bylaws, policies, public reports, etc.)
and make these available via the Town's website or other means. This practice
aligns with the Access to Information Act's emphasis on proactive disclosure,
whereby public bodies are encouraged to release information without requiring a
formal request. The existence of this bylaw and formal request process does not
limit the Town's ability to continue releasing information informally as long as it
does not contravene any laws.
Town of Hanna
Bylaw 1042-2025
Page...5
4.4
Correction of Personal Information: An individual who is given access to their
own personal information by the Town has the right to request correction of that
information if they believe there is an error or omission. If the individual makes a
request in writing for correction of their personal information:
The Town shall correct the information if it is satisfied on reasonable grounds that
the correction is warranted; or
If the Town does not agree that the information is in error, it will annotate the
personal information with the correction that was requested but not made.
No fee will be charged for a request for correction. The Town will respond to correction
requests within the time period set out in the applicable legislation (generally 30 days). If
a correction is made, or a note of disagreement is added, the Town will, where practicable,
notify any other public body or third party to whom that information has been disclosed
within the last year of the change (so they can also correct their records), as required by
POPA. The right of correction is provided under the Protection of Privacy Act to ensure
personal information is as accurate and complete as possible.
. PART V
THIRD PARTY NOTIFICATIONS
5
If an access request is received for a record that contains information about a Third
Party (for example, personal information about someone other than the applicant, or
a third party's confidential business information), the Town shall follow the third-party
notice requirements of the Access to Information Act before disclosing the record. In
practice, the Access and Privacy Coordinator (on behalf of the Head) will:
(a) Notice to Third Party: Notify the Third Party in writing of the request within 10
business days after the Formal Request is received (this notice will state that
a request has been made for records that may contain information about the
Third Party, and include an opportunity for the Third Party to consent to
disclosure
or to object). (The
Town's goal is to provide notice promptly,
generally within about 10 business days, to allow timely processing. The Act
specifies that notice to third parties must be given within a reasonable time.)
(b) Time for Response: Give the Third Party a reasonable period to respond to
the notice. The Third Party shall have 20 days from the date of the notice to
provide written comment or evidence as to whether the information should be
disclosed or withheld. The notice will inform the Third Party of this 20-day
period (which aligns with the timeline contemplated in the legislation for third-
party responses under the former FOIP Act).
Consideration of Objections: After the 20-day response period, the Head (or
designate) will consider any representations or objections received from the
Third Party. The Head will then decide on whether to disclose the information
in question to the Applicant, in accordance with the criteria set out in the Access
to Information Act. This decision will be made with reference to the specific
| Town of Hanna
Bylaw 1042-2025
Page...6
exceptions in the Act (for example, if the information is third-party personal
information or trade secrets, the Act may prohibit disclosure in some cases).
The Head shall issue a written decision to the Third Party, and to the Applicant,
explaining whether
the record (or part of it) will be released and giving reasons,
pursuant to the Act's requirements (analogous to the process under section 31
of the former FOIP Act).
(d) Review by Commissioner: If the Third Party objects to the Town's decision
to disclose the information, the Third Party may request a review by the
Information and Privacy Commissioner.
In such cases, the Town will not
disclose the information to the Applicant until the Commissioner's review is
concluded and any applicable appeal rights are exhausted (the Applicant will
be informed that a third-party review is underway). The Town will refer the
matter to the Commissioner if required, by forwarding the relevant records
and decision to the Office of the Information and Privacy Commissioner for a
ruling. The Town shall abide by the Commissioner's decision or any binding
order that results from the review. If no review request is received from the
Third Party within the time limit set by the Act (generally 20 days after the Third
Party is informed of the Town's decision), the Town will proceed to release the
information to the Applicant as per the original decision.
(Note: The Third-Party notification process in this Part aligns with the principles of the
Access to Information Act, ensuring that third parties' privacy and confidentiality are
protected. It replaces the similar provisions formerly found in sections 30 and 31 of the
FOIP Act.)
PART VI
PRIVACY BREACH RESPONSE
6.1
Privacy Management Program: The Town of Hanna shall establish and maintain
a privacy management program as required by the Protection of Privacy Act and
its regulations. This program will consist of documented policies and procedures
to ensure the Town's compliance with POPA in its collection, use, disclosure,
retention, and safeguarding of personal information. The privacy management
program will be designed proportionately to the volume and sensitivity of the
personal information the Town handles, and will include:
Appointment of an individual (the Access and Privacy Coordinator or another
designate) responsible for privacy management:
Privacy policies addressing topics
such
as data collection,
consent (where
applicable),
use and disclosure of personal information, records retention and
disposal, and administrative, technical, and physical safeguards;
Ongoing training and education for Town staff on their obligations under POPA
and this bylaw;
| Town of Hanna
Bylaw 1042-2025
Page...7
Regular review and updating of privacy policies and practices to reflect changes in
law and best practices; and
A process for handling privacy complaints or inquiries from the public.
Prohibition on Selling Personal Data: The Town of Hanna is prohibited from
selling personal
information
in
its custody
or under
its control,
under any
circumstances. This is a strict requirement of the Protection of Privacy Act, which
expressly forbids public bodies from selling personal information for any purpose.
All Town employees and officials shall ensure that no personal information held by
the Town is sold or offered for sale to any external party. Any willful violation of this
prohibition is an offence under POPA (see Part X of this bylaw for penalties).
Privacy
Impact
Assessments:
The
Town
shall
conduct
Privacy
Impact
Assessments (PIAs) in circumstances required by the Protection of Privacy Act
and its regulations.
A Privacy Impact Assessment is a process to identify and
address potential privacy risks that may occur in the course of new or significantly
revised projects, programs, systems, or technologies that involve the collection,
use, or disclosure of personal information. When embarking on such initiatives, the
Town will assess how personal information will be handled, ensure compliance
with POPA, and mitigate any privacy risks. Where required by POPA or the
Information
and
Privacy
Commissioner,
PIAs
will
be
submitted
to
the
Commissioner for review and comment. The Town's privacy management program
will include guidance on when and how to complete PIAs.
Definition of a Privacy Breach: For the purposes of this bylaw, a privacy breach
means any incident involving the loss of, unauthorized access to, or unauthorized
disclosure of personal information in the custody or contro! of the Town. This
includes events such as misdirected emails or mail containing personal data, theft
or loss of devices holding personal information, database intrusions, or any other
situation where personal information is compromised without proper authorization.
Privacy Breach Response: In the event that a privacy breach is suspected or
confirmed, the Town shall take immediate steps to contain and manage the breach
in accordance with POPA and the Town's internal Privacy Breach Response
Guidelines (Schedule D). The following actions will be undertaken:
(a)
Containment and Initial Reporting: Town staff or officials who become
aware of a potential privacy breach must immediately contain the breach
(e.g.,
retrieve misdirected documents, shut down systems,
or correct
security weaknesses to prevent further unauthorized access). They must
also report the breach without delay to the Access and Privacy Coordinator
or the CAO (Head). The Access and Privacy Coordinator will log the
incident and lead the response.
Assessment
of
Risks:
The
Access
and
Privacy
Coordinator
(in
consultation with the CAO/Head and any necessary technical experts) will
Town of Hanna
Bylaw 1042-2025
Page...8
promptly investigate and assess the breach. This includes determining the
nature and scope of the breach, identifying the personal
information
involved, and evaluating the risks of harm to affected individuals. Risks may
include identity theft, financial loss, hurt, humiliation, damage to reputation,
loss of trust, or any other potential harm. The Coordinator will determine
the likelihood and magnitude of harm that could result from the breach.
Notification to Affected Individuals: If, after assessment, it is determined
that the breach could result in a real risk of significant harm to one or more
individuals, the Town will notify those individuals of the breach as soon as
reasonably possible. Notification will include a description of the breach,
the personal! information involved, steps taken to mitigate the harm, and
contact information for more information or assistance. The notice will also
advise affected individuals of steps they can take to protect themselves
(such
as
monitoring
financial
accounts
or 'changing
passwords,
if
applicable).
Notification to Commissioner and Minister:
In accordance with the
Protection of Privacy Act's new mandatory breach reporting provisions, the
Town will report the breach to the Office of the Information and Privacy
Commissioner (OIPC) and the Minister responsible for POPA if the incident
meets the threshold of a real risk of significant harm. The report to the
Commissioner and Minister will contain details of the breach as required by
law (including a description of the incident, the information involved, cause,
containment
steps,
intended
notification
to
individuals,
and
future
prevention measures). This notification will be made without unreasonable
delay
once the
Town determines that the threshold
is
met.
(These
requirements implement the mandatory breach notification introduced by
POPA,
which
are
the strongest public-sector privacy protections
in
Canada.)
Prevention and Remediation: After the immediate response, the Town
will analyze the cause of the breach and implement measures to prevent
similar incidents
in the future.
This may include revising procedures,
enhancing security safeguards, providing additional training to staff,
or
other remedial actions. The Town's privacy management program will be
updatedif necessary to address any lessons learned from the incident. A
report documenting the breach and the Town's response will be prepared
and retained.
All Town employees, contractors, and agents must follow the Town's Privacy
Breach Response Guidelines (Schedule D) in the event of a breach. Failure to
report or respond to a Known breach appropriately may result in disciplinary action.
The
Town
will treat privacy breaches with the
utmost seriousness and
will
cooperate fully with the Information and Privacy Commissioner in any investigation
of a breach.
Town of Hanna
Bylaw 1042-2025
Page...9
(Note: The above procedures meet or exceed the requirements of POPA, which
imposes mandatory breach notification to affected individuals, the Commissioner,
and the Minister for breaches with risk of harm. The Town's approach aligns with
best practices for breach management as recommended by Alberta's O/PC.)
PART VII
ACCESS REQUEST APPEALS AND REVIEW PROCESS
7.1
Submitting an Access to Information Request: An Applicant seeking access to
Town records under the Access to Information Act must submit a Formal Request
in writing. The preferred method is to use the Town's Access to Information
Request Form (Schedule A), which captures all information required to process
the request. The completed form, along with the initial application fee (if
applicable), can be submitted to the Town's Access and Privacy Coordinator at the
Town Office (contact information is provided in Schedule E). Requests should be
as specific as possible to enable efficient searching of records. If an applicant
needs assistance in formulating a request, the Access and Privacy Coordinator will
provide reasonable assistance (see duty to assist in section 4.2(a)).).
7.2
Internal Review (Local Appeal): If an Applicant is not satisfied with the Town's
response to an access request
-- for example, if access to some or all records is
refused,
or if they believe the response is incomplete or the fee assessed is
incorrect
-- the Applicant may request an internal review (appeal) by the Town.
The following provisions apply:
(a) Request
to
CAO
or
Council:
The
Applicant
may
file
an _ Internal
Review/Appeal Form (Schedule B) within 30 days of receiving the Town's
decision on an access request. On the form, the Applicant should indicate
whether they are requesting a review by the Chief Administrative Officer (CAO)
or by the Town Council. The Town provides these two internal appeal options
to ensure fairness
-- for instance, if the original decision was made by the CAO
(as Head), the Applicant might choose to have Council review it. The internal
review request should state the reasons for the appeal (e.g. why the Applicant
believes more information should be released, or why a correction should be
made, etc.). There is no fee for an internal review.
(b) Conducting the Internal Review: Upon receiving
a request for internal
review, the Town
will acknowledge
it and proceed to review the original
decision. The CAO or Council (whichever is chosen by the Applicant on the
form) will consider the matter. This may involve examining the records in
question,
the
reasons for withholding
or redacting information,
and
any
arguments the Applicant has provided in their appeal form. The internal review
will be conducted impartially
-- if the appeal is to Council, Council may meet in
camera to review the records and consult with the Access and Privacy
Coordinator or legal advisors as needed. The Town will complete the internal
review and provide a written decision to the Applicant within 30 days of the
appeal being received. The internal reviewer (CAO or Council) may decide to
Town of Hanna
Bylaw 1042-2025
Page...10
uphold the original decision, or to release further information (in whole or in
part), or to adjust any fee or correction decision as appropriate. The written
outcome of the internal review will include reasons for the decision.
Notice to Applicant: After the internal review, the Applicant will be notified of
the outcome in writing. If the internal review results in additional records being
released or a change in fees, those will be provided. If the original decision is
upheld (no further information released), the Applicant will be informed of that
result. In all cases, the notice will again advise the Applicant of the right to seek
an external review by the Information and Privacy Commissioner if they remain
unsatisfied.
External Review by Commissioner: In addition to (or instead of) the internal
review process, an Applicant has the right under the Access to Information Act to
request a review of the Town's decision by the Alberta Information and Privacy
Commissioner
(an
independent
oversight
office).
The
following
applies
to
Commissioner reviews:
(a)
Time Limit to Request Commissioner Review: The Applicant must
request a review by the Commissioner within 60 days of receiving the
Town's final decision on their access request. (If the Applicant used the
internal review process first, the 60 days would typically run from when they
received the internal review decision. However, an Applicant may choose
to skip internal review and go directly to the Commissioner
-- they do not
lose the right to Commissioner review by pursuing an internal appeal first.)
How to Request a Commissioner Review: To initiate a review, the
Applicant should submit a written Request for Review to the Office of the
Information and Privacy Commissioner (OIPC). This can be done by filling
out the OIPC's form or writing a letter that includes: the Applicant's name
and contact information, a copy of the original access request and the
Town's response (decision letter), and a brief explanation of what aspects
of the decision the Applicant disputes. The Applicant should send this
request to the OIPC at the address provided
in Schedule E (Contact
Information for Appeals), or via the OIPC's email/fax, within the 60-day
timeframe. The Town's Access and Privacy Coordinator is available to
provide the Applicant with OIPC contact information or answer process
questions, but cannot provide legal advice on the appeal.
Commissioner's Review Process: Once the Commissioner receives a
Request for Review, the OIPC will typically notify the Town and any
affected third parties, and an OIPC Portfolio Officer may be assigned to
investigate or mediate. The Commissioner's office may attempt to settle
the matter through mediation between the Applicant and the Town.
If
mediation is unsuccessful or not pursued, the Commissioner may decide
to conduct an inquiry (a
more formal adjudication process). During an
inquiry, both the Applicant and the Town (and any third party, if applicable)
can make submissions or present evidence. The Commissioner will then
Town of Hanna
Bylaw 1042-2025
Page...11
issue a written decision, which could be an order. Under the new legislation,
the Commissioner has the power to make binding orders. For example, the
Commissioner can order the Town to disclose records (in full or part) or
confirm that the Town was justified in refusing access. The Town of Hanna
is required to comply with
any legally binding
order issued
by the
Commissioner.
The
outcome
of the
Commissioners
review
will
be
communicated to both the Applicant and the Town in writing.
Judicial Review: If any party (the Applicant, the Town, or a Third Party) is
dissatisfied with the Commissioner's decision or order, they may seek a
judicial review at the Alberta Court of King's Bench, as allowed by the Acts.
A judicial
review is essentially
an appeal to the court to
review the
Commissioners
decision
for
any
errors
in
law
or jurisdiction.
The
application for judicial review must be filed with the Court within 45 days of
receiving the Commissioner's decision/order. The court will then consider
the case and may uphold the Commissioner's decision, overturn it, or send
the issue back to the Commissioner for reconsideration. Judicial review is
typically used only in complex or significant matters, as it involves legal
proceedings. During any judicial review process, the Town will comply with
any court directives (and, generally, the records in question would not be
released until the court has rendered a decision if a stay is in effect).
7.4
Effect of Appeals on Disclosure: While an appeal (internal or external) is in
progress, the Town will generally hold off on releasing any disputed records until
the matter is resolved, so as not to prejudice any party's rights. However, if the
appeal relates only to a portion of the records, and other records can be released,
the Town may release the undisputed portion to the Applicant while withholding
the contested information pending the appeal outcome. The Town will follow any
directions from the Commissioner regarding the handling of records during
a
review.
7.5
Assistance During Appeals: The Town's Access and Privacy Coordinator will act
as the primary liaison for the Town during reviews by the Commissioner, providing
the Commissioner's office with the records and explanations as required. The
Coordinator will also keep Council/CAO informed of any significant appeals and
their outcomes.
(For a step-by-step guide to the review and appeal process, including internal
review and Commissioner review, see Schedule
E
-- Review and Appeal Process.
Schedule E provides a summary table of timelines and contacts for convenience.)
PART VIII
FEES FOR INFORMATION REQUESTS
8.1
Authority to Charge Fees: The Town of Hanna may charge fees for processing
,
access to information requests,
in accordance with the Access to Information
Regulation made under the Access to Information Act and as specified in this
| Town of Hanna
Bylaw 1042-2025
Page...12
bylaw. All fees charged by the Town will be consistent with the fee structure set by
the provincial regulation, ensuring that applicants are not charged more than the
allowable amounts. Schedule C of this bylaw (Fee Schedule) sets out the detailed
fees adopted by the Town, which mirror the standard rates.
Fee Schedule (Schedule C):
A summary of applicable fees is as follows:
General (Non-Personal) Information Request: $25.00 initial application fee per
request (this is a standard fee for requests that are not limited to the applicant's
own personal information).
Continuing Request (for ongoing/periodic access): $50.00 initial fee (if an
applicant requests records on an ongoing basis over a period of time, e.g., a
monthly report, the regulation provides for a higher initial fee).
Search and Retrieval: $30.00 per hour for locating, retrieving, and preparing
records (not including the first 3 hours, which are free). The Town will not charge
for the first three hours of search time, but beyond that, hourly fees may apply.
Copies of Records: $0.25 per page for paper photocopies of standard size (letter
or legal). For large size documents (e.g. maps, plans) or specialized printouts, fees
will be based on actual costs.
Electronic Records: If records are provided on electronic media (CD, USB drive)
or by email, the Town will charge the actual cost of the storage media (if any).
Providing records by email may be free of charge unless printing or significant
processing is required.
Certified Copy of Record: $10.00 per document for a certified true copy, if the
applicant requests official certification.
Other Services: For other services such as programming or data manipulation to
produce a record, or translation, the Town will charge actual costs as permitted by
regulation. The applicant will be provided an estimate beforehand if such services
are needed.
These fees
are further detailed
in Schedule
C. The Town's fees will be reviewed
periodically to ensure they remain in line with any changes to the Access to Information
Regulation. The Town may choose to waive fees in certain cases (see section 8.3 below).
All fees collected are payable to the Town of Hanna and must be received before records
are released.
8.3
Fee Waivers: The Town of Hanna may waive fees,
in whole
or in part,
in
circumstances where charging the fee would be unfair or where waiver is in the
public interest, as guided by the Access to Information Regulation. For example:
Inability to Pay (Financial Hardship): If an applicant can demonstrate that paying
the fees would cause them financial hardship, the Town will consider waiving fees.
Town of Hanna
Bylaw 1042-2025
Page...13
The Applicant may be asked to provide some evidence of hardship (e.g., proof of
income) for significant fee waivers.
Public Interest: If the requested records relate to a matter of public interest (for
example, the environment, public health or safety, or the use of public funds) and
release
of
the
information
will
benefit
the
public
or
contribute
to
public
understanding of an issue, the Town may waive fees on that basis. This aligns with
the principle that fees should not be a barrier to access when the information is for
the common good.
Personal Information Requests:
As per the regulation,
if
an
individual
is
requesting only their own personal information, the Town will not charge the $25
initial fee. Additionally, certain costs (like reviewing the individual's own personal
information) may not be charged.
Other Cases:
The
CAO/Head
or the Access
and
Privacy
Coordinator
(if
delegated) has discretion to waive or reduce fees in other situations deemed
appropriate
-- for instance, if only a small amount is owing, or if processing the
payment would cost more than the fee itself, or as a goodwill gesture for frequent
requesters when appropriate.
If
a fee waiver is denied, the Applicant will be notified and given the reason. The Applicant
may also appeal a denial of a fee waiver as part of an internal review or Commissioner
review (unreasonable fees can be considered by the Commissioner on review).
8.4
Fee Estimates and Deposits: Where the estimated cost of processing a request
(beyond the initial fee) exceeds $150, the Town will provide the Applicant with a
fee estimate before proceeding with the request. The estimate will include
a
breakdown of the anticipated charges (e.g., search time, copying costs). In such
cases, the Town may require the Applicant to pay
a 50% deposit of the estimated
amount before continuing with processing. Work on the request may be paused
until the deposit is paid, as allowed by the regulation. The time taken by the
Applicant to pay a deposit is not counted in the statutory response time.
If the
actual processing ends up costing less than the deposit, any overpayment will be
refunded. If it is more, the Applicant will be expected to pay the balance before
receiving the records. The Town will always aim to provide records most cost-
effectively to minimize fees for the Applicant.
PART IX
SCHEDULES
9.1
The following Schedules are attached to and form part of this bylaw:
e
Schedule A
--- Access to Information Request Form (form to be used by the
public to request access to records under the Access to Information Act).
e
Schedule B
-- Internal Review/Appeal Form (form to request an internal review
by the CAO or Council, or to initiate an appeal to the Commissioner).
Town of Hanna
Bylaw 1042-2025
Page...14
Schedule C
-- Fee Schedule (detailed list of fees for processing access requests,
consistent with provincial regulations, as adopted by the Town).
Schedule D
-- Privacy Breach Response Guidelines (step-by-step procedures
for Town staff to respond to privacy breaches in compliance with the Protection of
Privacy Act).
Schedule E
-- Review and Appeal Process (a user-friendly guide outlining the
steps for internal reviews and appeals to the Commissioner, including contact
information and timelines, to assist applicants in understanding their options).
These Schedules
may
be updated by
Council from time to time by bylaw
amendment to reflect changes in law, fees,
or administrative procedures. The
intent
is
to keep the forms
and guidelines
current without requiring
a
full
replacement of this bylaw's text, provided such updates remain consistent with the
Acts.
PART X
OFFENCES AND PENALTIES
10.1
Internal Discipline: Any Town of Hanna employee, officer,
or contractor who
willfully contravenes the provisions of this bylaw or the duties imposed by the
Access to
Information Act
or Protection
of Privacy Act may
be subject to
disciplinary action. This includes deliberate misuse or unauthorized disclosure of
personal information, willful obstruction of access to information processes,
or
other knowing violations. Disciplinary measures may range from remedial training
and reprimand up to termination of employment or contract, depending on severity
and in accordance with Town personnel policies. Nothing in this section limits the
ability
of external
authorities
to prosecute
an
individual
under the Acts,
if
applicable.
Offences under the Access to Information Act: The Access to Information Act
creates offences for certain unlawful actions, such as willfully concealing, altering
or
destroying
records
to
evade
an
access
request,
or
obstructing
the
Commissioner's investigation. Any person found guilty of an offence under the
ATIA is liable to the penalties set out in that Act. Penalties for offences under the
Access to Information Act have been increased and can be up to a maximum fine
of $50,000 for an individual
on summary conviction. For example,
if
a Town
employee were to deliberately destroy a record after an access request is received,
that individual could face prosecution and, upon conviction, a substantial fine. The
Town will not indemnify employees for fines resulting from willful violations of the
law.
Offences under the Protection of Privacy Act: The Protection of Privacy Act
likewise establishes offences for egregious violations of privacy, such as willfully
collecting, using or disclosing personal information in contravention of the Act, or
attempting to re-identify individuals from anonymized data in violation of the Act.
Offences under POPA carry even stricter penalties
-- an individual could facea fine
Town of Hanna
Bylaw 1042-2025
Page...15
of up to $200,000, and a public body (organization) could face a fine of up to
$1,000,000 upon conviction. In particular, selling personal information is prohibited
(as noted in section 6.2 of this bylaw), and any person who knowingly directs or
participates in the selling of personal information would be committing an offence.
The POPA also makes it an offence to retaliate against someone for making a
request or a complaint under the Act. The Town and its representatives must
strictly observe all privacy obligations; any willful breach will be dealt with under
the law.
Good Faith Actions:
No Town employee
or official shall be found to have
committed
an offence under this bylaw if they acted
in good faith and
in
a
reasonable belief that their action or inaction was lawful under the circumstances.
This bylaw is intended to encourage compliance and education; prosecution is a
last resort for willful and knowing misconduct. The Town will generally seek to
correct and educate before considering punitive measures, except in cases of
malicious or deliberate breaches.
(For reference: These penalty provisions reflect the new maximum fines set by the
provincial Acts, which are among the strictest in Canada. The Town is committed
to upholding the law, and these consequences underscore the importance of
compliance.)
PART XI
GENERAL PROVISIONS
a
Repeal of Previous Bylaws: Bylaw No. 1039-2025 of the Town of Hanna (the
"Freedom
of Information
and
Protection
of Privacy Bylaw, 2025")
is hereby
repealed in its entirety. Any other previous bylaws, resolutions or policies of the
Town of Hanna that are inconsistent with this bylaw are also hereby repealed or
rescinded to the extent of the inconsistency.
Enactment and Effective Date: This bylaw shall come into force and take effect
on the date of third reading and final passing. All access to information requests
received on or after that date will be processed under this bylaw and the new
Access to Information Act and Protection of Privacy Act. Requests already in
progress at the time of enactment will continue under the new regime as well, with
no loss of rights to applicants.
Severability: Should any provision ofthis bylaw be found invalid or unenforceable
by a court of competent jurisdiction, that provision shall be severed, and the
remainder of the bylaw shall remain in full force and effect. The invalidity of any
section, in whole or in part, does not affect the validity of the rest of the bylaw,
which can be given effect without the invalid portion.
Headings: The part and section headings in this bylaw are for ease of reference
only and do not affect the interpretation of the bylaw.
Town of Hanna
Bylaw 1042-2025
Page...16
11.5
Publication and Awareness: A copy of this bylaw, along with the schedules and
forms, shall be posted on the Town of Hanna's official website and made available
at the Town Office for public inspection during regular business hours. The Town
will also provide training and
informational materials to staff about the
new
procedures to ensure smooth implementation.
11.6
This bylaw repeals Bylaw No. 1039-2025 and any previous FOIP bylaws.
EFFECTIVE DATE
This Bylaw shall come into effect upon the dayofthird and final reading:
READ A FIRST TIME THIS 9™DAY OF SEPTEMBER 2025.
READ A SECOND TIME THIS 9™DAY OF SEPTEMBER 2025.
'eae
ayor Ddnny Povaschuk
Chief Adriinistrativea
Matthew Norburn
| READ A THIRD TIME AND FINALLY PASSED THIS 9™DAY OF SEPTEMBER 2025.
New
4dfrat
Mayor Danny
Fovaschuk
Chief'AdministStiveSir
Matthew Norburn
Schedule A- FOIP Request Form
TOWN OF HANNA
PROVINCE OF ALBERTA
FOIP REQUEST FORM - SCHEDULE A
This form is to be used forsubmittinga formal request
for access to records under the Access
to Information Act. Please complete all sections. If you have any questions about howto
fill
out this form, contact the Town of Hanna Access and Privacy Coordinator for assistance.
Note:
An initial $25.00 application fee is required for all requests for general information
(non-personal information).
Requests for your own personal information do not require an application fee.
Additional processing fees may be charged for locating, copying,
or preparing
records, as outlined in Schedule C (Fee Schedule), but a fee estimate will be provided
if fees are likely to exceed $150.
The statutory response time is 30 business days from receipt of the request, unless
an extension is authorized.
SECTION 1: APPLICANT INFORMATION
FURL Name'
oo...
eee
eee eee
cee cece eeceeeeecea
eee neecnaeereneeeedeeeeeneesueeeseeeeeeneeeed
Company/Organization (if applicable): ..............
cececee eceeeecceeeeeneceeeeeeee
Mailing ACCIresS:
..............ccescssccnscceeecescueveeeeeseeusseeaseeeseeeeseee
ens
City/TOWN:
...........2cceee Province:
............ Postal Code:
...............06
Telephone (Daytime): ................
eee Telephone (Evening):
...................-
Enmail AACIreS: 0.000...
ececeeececeneeeuaneee eee eaeeeesesceeeseeaaeseaeaeeseaaeeeesonenegs
Preferred Contact Method: UJ Email UJ Mail
Phone
If you are acting on behalf of another person (e.g., you have power of attorney or are
requesting someone else's information with consent), please attach proof of your authority
to act for that person (such as an authorization letter or legal documentation).
SECTION 2: TYPE OF REQUEST (Check one)
e
General Information Request (requesting records that do not contain your
personal information)
-- $25 application fee applies.
Personal Information Request (requesting records containing your own
personal information)
-- No application fee.
Third-Party Personal Information Request (requesting another individual's
personal information with their consent or other legal authority)
- No application
fee, but you must attach the individual's signed consent or proof ofyour legal
authority to obtain their information.
SECTION 3: DETAILS OF REQUESTED RECORDS
e
Describe the records you are requesting: Please provide as much detail as possible
about the records you wish to access. Include specific keywords, subject matters,
file names or numbers (if known), departments involved, etc. For example: "Emails
and meeting minutes between [Department] and [Company] regarding [Project] from
January 2024 to December 2024." The more details you provide, the more efficiently
we can locate the records.
Description of Records:
Timeframe of records (if applicable): If your request covers a range of dates,
please specify the time period.
From:
(YYYY/MM/DD) To:
(YYYY/MM/DD)
Format of access requested: L] Receive copies of records LJ Examine the records
in person LF Receive records in electronic format (if available, e.g., PDF via email or
USB)
(Note: Choosing electronic copies can sometimes reduce fees.
The Town will provide
records in the format requested whenever feasible.)
SECTION 4: URGENT PROCESSING (Optional)
The standard response time is 30 business days. If you require urgent processing of your
request, please indicate the reason. The Access to Information Act allows public bodies to
prioritize requests in certain situations (for example, if it involves an individual's life or
security).
Reason for urgency (if applicable):
Please note: Expedited processing is at the Town's discretion and typically will only be
granted if legislated criteria are met. You may be asked to provide evidence supporting any
urgent circumstances.
SECTION 5: FEES AND PAYMENT
Application Fee: For general information requests, a $25 application fee must be
paid before your request is processed. Personal information requests have no initial
fee.
Additional
Fees:
In
some
cases,
additional
fees
may
apply
for searching,
photocopying, etc., as per Schedule C (Fee Schedule). If the estimated fees exceed
$150, you will receive a fee estimate and may need to pay a deposit of 50%. You can
indicate an upper limit you are willing to pay without further approval if you wish
(optional).
Ol enclose the $25.00 application fee (for general information requests).
C] Not applicable (my request is only for personal information about myself).
Deposit Agreement: If estimated processing costs exceed $150, do you agree to
pay a 50% deposit to initiate processing?
Cl Yes, | agree to pay the required deposit if the estimate exceeds $150.
CX No (If no, your request will not proceed beyond the free threshold without
payment, and this may delay processing).
Maximum Fee Willing to Pay (optional): $
_
If the fee estimate is higher than this amount, we will contact you to discuss how to
proceed (you may revise your request to reduce fees, or decide whether to
continue).
Method of Payment: CF) Cash 0 Cheque CU Debit 11 Credit Card LU E-Transfer
(Do not send cash by mail. Cheques should be payable to Town of Hanna.)
SECTION 6: DECLARATION AND SIGNATURE
By signing below, you:
DO Certify that the information you have provided on this form is true and correct.
Ci Understand that the Town of Hanna will process your request in compliance with the
Access to Information Act and Protection of Privacy Act, and that some information may be
withheld or redacted under the law's exceptions.
XC Agree to pay any applicable fees associated with this request, as per Schedule C, and
understand that the Town may require a deposit for large requests before proceeding.
C1) Understand that you will be notified if an extension to the response time is needed or if
third-party consultations are required.
Signature of Applicant:
Date:
Submit this form (with the $25 application fee if required) to:
Access and Privacy Coordinator
Town of Hanna
302 2nd Avenue West, P.O. Box 430
Hanna, AB TOJ
1P0
Email: [email protected] | Phone: 403-854-4433
You can mail or drop off the form at the Town Office, or email
a scanned copy. The Town will
officially acknowledge receipt of your request and the date received.
FOR OFFICE USE ONLY (to be filled out by Town staff)
e
Date Received:
Fite/Request Number:
Received by:
(staff name)
Initial Fee Paid:
O Yes
OO NoO N/A Amount: $
Fee Estimate Provided: L Yes (date provided:
)
No (fees under $150)
Deposit Required: 0 Yes (Amount $
__)QO)No
Due Date (30 business days from receipt, or as extended):
_
_
Extended Deadline (if applicable, max +30 days without OIPC approval):
Third-Party Notice Required: CF Yes (sent on
)ONo
Date Completed:
__
Outcome: L Full access L Partial access LJ Access refused (see letter)
Date Applicant Notified of Decision:
--
Method of Notification:
0 Letter Email) Other
__
If partial/refused: Appeal information provided: LH] Yes
Records released: L Yes (date:
)C1 No (if no, explain in decision letter)
Coordinator/FOIP Head Signature:
Date:
Instructions for Submitting Your Request:
{i Mail or Drop-Off:
Town of Hanna
--- CAO
302 2" Ave West
PO Box 430
Hanna, AB, TOJ 1P0
'®@ Email:
[email protected]
# Questions? Contact 403 854 4433
Schedule B - FOIP Appeal Form
TOWN OF HANNA
PROVINCE OF ALBERTA
Internal Review
/ Appeal Form -SCHEDULE B
Use this form ifyou wish to appeal the decision on your Access to Information request. You
may request an internal review by the Town (to be conducted by the CAO or Town Council),
or you may appeal directly to the provincial Information and Privacy Commissioner.
Please complete Sections 1-7. Submit this form to the Town of Hanna's Access and Privacy
Coordinator. The Town wilt contact you to acknowledge your appeal and outline next steps.
Ifyou are appealingto the Commissioner, the Town can forward your request to the OIPC or
you may send it directly (see contact info in Schedule £).
Important: You have 30 days from the date you received the Town's decision to request an
internal review by the CAO/Council. You have 60 days from the Town's decision to appeal to
the Information and Privacy Commissioner. (If you first do an internal review, the 60 days for
the Commissioner typically run from when you get the internal review result.) If you miss
these deadlines, your appeal might not be accepted.
SECTION 1: APPLICANT INFORMATION (Person requesting the review/appeal)
COE:
) 8|; ee
Company/Organization (if applicable):
...........0 0...
ccc eceececeeeeeeeeeneeeeens
Mailing AdCCIresSs:
..................ccccceceeeceeeeccceeecanececuseceaescceeeeceec
City/Town:
...............6 Province:
............ Postal Code:
.................
Telephone:
............:::ccceeecceeeeceeeeeees Alternate Phone:
................:ccceeeeeees
Ermaiil ACCIeSS:
000...
cece
ceeceeceeeee cna teeeeesaeeeeceeeesceeeeueeeeeeeeseeseesseesenees
e
Preferred Contact Method: UO Email
Mail
Phone
SECTION 2: ORIGINAL REQUEST DETAILS
e
Access Request File Number (if known):
|
*
Date of Original Access Request:
__
e
Date of Town's Decision Letter:
e
Type of Request: (] General Information DO Personal Information UJ Third-Party
Information (check the category ofyour original request)
SECTION 3: REASONS FOR APPEAL
(Why are you appealing? Check all that apply and/or write an explanation.)
e
(OAccess Denied: | was refused access to all or part of the requested records.
C1 Incomplete Information: | believe additional records exist that were not provided
{information was missing or omitted).
CL] Excessive Redactions: Information was severed (blacked out) and | disagree with
the extent of the redactions.
[1] Correction Request Denied: | requested a correction to my personal information
and it was refused or ignored.
LI) Delayed Response: The Town's response was not provided within the 30
business day period (or any extended period) as required.
L) Fee Dispute: The fees assessed by the Town are unreasonable or were incorrectly
calculated.
L) Other: (please describe any other issues, such as a privacy complaint or other
grievance related to the request)
Explanation (optional, you may attach additional pages):
If you know specific provisions of the Act that you believe were applied incorrectly (e.g., a
certain exception), you can note them here:
(Example: "The Town cited section 17 (personal privacy) to withhold information, but! have
consent from the individual"
or "Section 25 (privileged information) was used, but | believe
itdoesn't apply because...".)
SECTION 4: PREFERRED OUTCOME
(What are you seeking from this appeal?)
e
(\Fultretease of all information requested (overturn the denial/redactions).
e
(Partial release of information (release additional portions that were withheld).
C Fee reduction or waiver (if you believe fees should be lowered/waived).
C1 Correction of personal information as| originally requested.
XC An explanation of the Town's decision (| want a more detailed rationale).
CT OTNGYL:
20...
cee
ececenceeesecee ere ces
cece cecceeeecenseenaeceeneeeeeseeeeseeesesaaesoaeeeoers (describe any
other remedy, such as improved search for records, etc.)
SECTION 5: INTERNAL REVIEW vs. COMMISSIONER APPEAL
(Choose one option for how you want your appeal handled at first instance.)
e
Option 1-Internal Review by Town:
C1 request an Internal Review of the decision by the Town of Hanna. | would like
the decision to be reviewed by (choose one):
o
[ICAO (Head) Review - (The CAO will re-evaluate the decision.)
o
(CMCouncil Review- (Council will review the matter, typically in a closed
meeting, and make a determination.)
The internal review will be completed within 30 days and a written response will be sent to
you.
e
Option 2-Direct Appeal to Commissioner:
LJ)! wish to appeal directly to the Information and Privacy Commissioner of Alberta
(OIPC), without first having an internal review by the Town.
lf you choose this option, you can submit this form to the OIPC yourself, or the Town can
forward it on your behalf. The Commissioner's office will follow up with you for any additional
information. The Commissioner's review may involve mediation or a formal inquiry, and can
take additional time.
(Note: You may pursue
an internal review first and then go to the Commissionerif unsatisfied.
Choosing an internal review first does not waive your right to
a Commissioner's review. It
may,
however,
extend the
overall
timeline.
Conversely, you may go straight
to
the
Commissioner and bypass internal review.)
SECTION 6: DECLARATION
Cl certify that the information provided in this appeal is true and correct to the best of my
knowledge.
C1 understand that the Town of Hanna and/or the Office of the Information and Privacy
Commissioner may contact me to clarify the issues on appeal and that they will receive
copies of relevant records and correspondence to conduct the review.
CL] | authorize the Town of Hanna to release any personal information about me that is
necessary for the handling of this appeal to the Alberta Information and Privacy
Commissioner (if|have requested
a Commissioner review).
Appellant's Signature:
Date:
Submit this form to:
Access and Privacy Coordinator
Town of Hanna
302 2nd Avenue West, P.O. Box 430
Hanna, AB TOJ 1P0
Email: [email protected] | Fax: 403-854-2772
The Town will confirm receipt of your appeal and the selected review option. If you indicated
a Commissioner appeal, you may also send a copy of this form directly to the OIPC (see
Schedule E for OIPC contact information). Keep a copy of this form and any attached pages
for your records.
FOR TOWN OFFICE USE (Internal Review handling)
e
Date Appeal Received:
Received by:
ee
30-day Deadline for Internal Review:
_
Internal Review to be conducted by:
J)CAO U1 Council
Date of Review Meeting/Decision:
internal Review Decision: LJ Original decision upheld U1 Information released 0
Other
Date Applicant Notified of Internal Review Outcome:
e
If Applicant unsatisfied, referred to OIPC on:
(date)
FOR OIPC USE (Commissioner Review handling, if applicable) - The O/PC will have its own
forms/process; this section is just for reference
e
OIPC File Number:
e
Date Commissioner Review Initiated:
e
Mediation: LD Yes 0 No (outcome:
Inquiry held:
0 Yes (Inquiry No.___)
No
Commissioner's Decision/Order No.:
Instructions for Submitting Your Request:
CA Mail or Drop-Off:
Town of Hanna
- CAO
302 2" Ave West
PO Box 430
Hanna, AB, TOJ
1P0
'o Email:
[email protected]
#8 Questions? Contact 403 854 4433
Schedule C
-- FOIP Fee Schedule
TOWN OF HANNA
PROVINCE OF ALBERTA
ACCESS TO INFORMATION FEE SCHEDULE - SCHEDULE C
The following fee schedule is established pursuant to Part VIII of this bylaw, and is consistent
with the maximum amounts allowed under the Alberta Access to Information Regulation and
associated Ministerial Regulation. All fees are in Canadian dollars. The Town will only charge
fees as permitted by law and will adhere to the principles of reasonable cost recovery, not
profit.
1. Application Fees:
e
General
Information
Request:
$25.00
per
request.
(This fee applies to requests for information that is notpersonal information about the
applicant. It must be paid at the time of application. Each separate request requires
a separate fee. This fee is non-refundable once processing begins, even if no records
are found or all records are exempt.)
e
Personal
Information
Request:
$0.00.
(There is no initial fee for requests where the applicant is asking only for their own
personal information. Identity verification may be required in such cases.)
e
Continuing
Request:
$50.00
per
request.
(lf you make a "continuing request"
-- i.e., a single request for records that are to be
provided on a periodic basis over a set time frame
- the initial fee is $50, as set by
regulation. This covers the entire series of releases under that continuing request.)
2. Search and Retrieval Fees:
e
Locating, retrieving, and processing records: $30.00 per hour.
(This covers staff time spent searching for the records, retrieving files from storage,
electronically searching for digital records, and preparing and reviewing records for
disclosure, including applying any necessary redactions.)
Note: The first 3 hours of search and preparation time are provided free of charge. Fees will
only be charged for time in excess of 3 hours. For example, if
a request takes 5 hours of
search/preparation time, the fee would be $30x (5-3) = $60.00.
5. Fee Estimates: If the total cost of processing your request is estimated to exceed $150,
the Town will provide you with a written fee estimate. This estimate will break down the
expected costs (e.g., hours of search, number of copies, etc.). You may be asked to pay a
50% deposit of the estimate before processing continues. The Town will work with you to
potentially narrow the request to reduce fees, if desired. The clock for responding to your
request stops while we await your decision on a fee estimate or deposit payment.
6. Waiver of Fees: As noted in section 8.3 of the bylaw, you may request a fee waiver. You
should outline the reasons (financial hardship, public interest, etc.). The CAO or designate
will consider each waiver request on a case-by-case basis. If a waiver is refused, you will be
notified of the decision and reasons, and you still have the option to proceed with the request
by paying the fees or to appeal the fee decision.
7. No GST: Currently, fees for access to information requests are not subject to GST. The
amounts listed are the total amounts payable. (Should provincial policy change regarding
taxes on fees, the Town will adjust accordingly.)
8. Example of Fee Calculation: For illustration, suppose you request 100 pages of records,
and it takes 4 hours to search and prepare them. If it's a general info request, you paid $25 to
apply. The first
3 hours are free; 1 extra hour is $30. 100 pages at $0.25
= $25. Total
= $25
(application) + $30 + $25 = $80. If, however, it was your personal info, no $25 fee, so it would
be $55. If the request was narrow and under 3 hours to process and, say, 10 pages, the only
charge would be the $25 application fee plus $2.50 for copies, i.e., $27.50. We provide these
examples to be transparent about how costs can accumulate. We encourage applicants to
be specific in their requests to reduce unnecessary costs, and we will communicate with
you if we think a modification to your request could significantly lower the fees.
9. Payment: Payment can be made by cash, debit, credit card, cheque, or money order to
the Town of Hanna. For remote applicants, credit card or e-transfer arrangements can be
made. Do not mail cash. If
a payment (like a cheque) is returned NSF, processing of the
request may halt until payment is corrected (and the bank's NSF charge may be added).
This fee schedule is effective as of the date of passage of the bylaw. The Town of Hanna will
amend this schedule if provincial regulations change the fee amounts in the future.
instructions for Submitting Your Request:
(i Mail or Drop-Off:
Town of Hanna
--- CAO
302 2" Ave West
PO Box 430
Hanna, AB, TOJ 1P0
'®@ Email:
[email protected]
& Questions? Contact 403 854 4433
Schedule D - Privacy Breach Response Guidelines
TOWN OF HANNA
PROVINCE OF ALBERTA
PRIVACY BREACH RESPONSE GUIDELINES - SCHEDULE D
These guidelines are part of the Town's privacy management program (see Part VI of the
bylaw) and are designed to ensure a prompt, consistent, and compliant response to any
privacy breach. All Town employees and contractors must follow these steps in the event of
a breach involving personal information. These guidelines incorporate the requirements of
the Protection of Privacy Act (POPA), including the new mandatory notification provisions.
Definition of Privacy Breach: A privacy breach occurs when personal information is
accessed, collected, used, disclosed, or disposed of in an unauthorized manner or by
unauthorized persons. This can happen through theft, loss (e.g.,
a misplaced file or device),
hacking or other cyber incident, accidental email to the wrong recipient, improper disposal
of documents, etc. Essentially, any situation where personal data is at risk of exposure or
misuse beyond what is permitted under POPA is considered a breach.
IMMEDIATE STEPS (CONTAINMENT & REPORTING):
1.
Secure the Information: As soon as a staff member discovers or suspects a privacy
breach, they must immediately act to contain the breach. This may include:
o
Stopping the unauthorized practice (e.g., if information was mistakenly
posted online, remove it; if an email went to the wrong person, attempt to
recall it or have the recipient delete it).
Recovering
the records or equipment if possible (e.g., retrieve documents
that were left in a public place; recover a lost laptop if possible).
Disabling or changing passwords on compromised accounts.
Revoking access permissions if an internal account is misused.
o
Securing any physical areas involved (lock cabinets, offices, etc.).
2.
Report to Coordinator/CAO: Immediately notify the FOIP Head/Access and Privacy
Coordinator of the incident. If the Coordinator is not available, notify the CAO or a
senior manager. Time is of the essence
-- even if not all details are known yet, the key
is to alert those who can initiate further response. Provide all available details,
including: what happened, when it was discovered, what types of personal info are
involved, how many people's data might be affected, and what steps have been taken
so far to contain it. The person receiving the report (Coordinator or CAO) should start
a log of the incident.
Preserve Evidence: Do not destroy or alter any records related to the breach
(including system logs). This evidence may be needed to investigate and understand
the breach.
ASSESSMENT & INVESTIGATION:
4.
Assign Investigation Leads: The Access and Privacy Coordinator will lead the
investigation, under the oversight of the CAO if appropriate. They may assemble a
breach response team including IT staff (if technology is involved), the department
manager where the breach occurred, and others as needed (e.g., legal counsel,
communications). Assign clear responsibilities for fact-finding, notifying affected
parties, etc.
Identify Scope of Breach: Determine exactly what personal information was
compromised. Key questions:
o
Whose information is involved? (How many individuals? Employees, citizens,
clients?)
What types of information? (Name, address, SIN, medical info, financial info,
etc.)
How sensitive is the info? (E.g., Social Insurance Numbers and medical
records are highly sensitive; names and business contact info are less so.)
Is the information encrypted or otherwise not readily accessible? (If a lost
device was encrypted, the risk is much lower.)
How did the breach occur? (Hack, human error, technical glitch, theft, etc.)
Is the breach ongoing or contained? (Has all lost info likely been recovered?
Could the data be further disseminated?)
6.
Risk Evaluation: Evaluate the risks of harm to individuals whose data was
breached. Consider:
Potential harms: Could individuals face identity theft or fraud? Financial
toss? Physical harm or safety risk? Damage to reputation or relationships?
Emotional harm (e.g., embarrassment, distress)?
Likelihood of misuse: Who accessed the info? For example, if an emait with
personal data was sent to a trusted partner who deleted it, the risk is low; if it
was posted publicly online, the risk is high. If
a laptop was stolen, do we
believe it was targeted for the data orjust opportunistic theft?
Number of people affected: A breach affecting many individuals might
heighten public interest and harm.
Foreseeable adverse effects: For instance, exposure of health or counselling
records could be very impactful to individuals' privacy and well-being.
Document this risk assessment carefully, as it will guide the notification decisions.
7.
Consult if needed: If unsure about whether a breach triggers mandatory notification,
the Coordinator/CAO may consult with the Office of the Information and Privacy
Commissioner (OIPC) informally for guidance, without initially identifying individuals
involved
if possible. Legal counsel can also be consulted regarding the Town's
obligations and potential liabilities.
NOTIFICATION & REPORTING:
8.
Determine Notification Requirements: Under POPA, if the Town determines that
there is areal risk of significant harm (RRSH) to an individual as a result of the breach,
the Town must notify that individual and must report to the Commissioner and
Minister. Use the risk evaluation (Step 6) to decide if the RRSH threshold is met.
"Significant
harm"
includes'
bodily
harm,
humiliation,
damage
to
reputation/relationships, loss ofemployment or opportunities, financial loss, identity
theft, negative effects on credit record, and damage to or loss of property. "Real risk"
means the probability of harm is not remote
-- consider the sensitivity of the info and
the likelihood of misuse. If in doubt, it is safer to err on the side of notification. The
Coordinator and CAO should concur on this decision if possible.
Notification to Affected Individuals:
If required, prepare notification letters or
emails to affected individuals. Notifications should include:
o
Date of breach (approximate) and date of discovery.
Description of the incident in general terms (e.g., "a laptop containing your
personal information was stolen from a staff vehicle" or "an email with your
personal data was inadvertently sent to the wrong recipient").
Description of the personal information involved (e.g., "yourname, address
and social insurance number were in the file"
- be specific so the person
knows what data of theirs is at risk, but do not include the sensitive data itself
in the letter subject line or envelope).
Potential risks or harms that could result (e.g., "there is a risk of identity
theft" or "you may receive phishing emails as a result").
Steps taken by the Town to control or reduce the harm: e.g., "we have
recovered the documents," "we have disabled the compromised accounts
and enhanced security," "police have been notified," etc.
Steps the individual can take: e.g., advice to change their passwords,
contact their bank
or credit bureau, watch for suspicious activity, etc.,
depending
on the situation.
Offer
resources such
as credit monitoring
services if appropriate and
if the Town is providing that (in some cases,
organizations
provide
affected
individuals
with
credit
monitoring
subscriptions when financial info/SiN is breached).
Contact information: Provide a Town contact (the Coordinator or a hotline)
for the individual to ask questions, as well as the OIPC's contact info in case
they want to learn of their rights or file
a complaint.
Apology: A sincere apology and assurance that the Town takes the matter
seriously and is taking steps to prevent future incidents.
Notifications should be made as soon as possible
-- undue delay could increase harm.
Typically, letters should be sent out without waiting for perfection; aim for within days or a
week of breach discovery for serious cases. If contact information for affected individuals is
outdated or unknown, consider alternative means (phone call, email, public notice if truly
no direct contact info, etc.). Document all attempts to notify. If law enforcement is involved
and tells us that notification would impede a criminal investigation, consult legal counsel
and possibly delay notification accordingly (rare).
10. Reporting to OIPC and Minister: If the breach meets RRSH, complete a breach
report to the Information and Privacy Commissioner and the Minister (Service
Alberta). The Commissioner's office may have a specific form, or you can write a
letter containing:
Asummary of the incident (what happened, when, and how discovered).
Number of individuals affected and the types of personal information
involved.
The Town's assessment of risk of harm.
Actions taken to mitigate harm (containment and planned notification to
individuals).
Contact info for the Town's breach lead.
o
Any other relevant details (like if police are investigating).
The report to the Commissioner should be submitted as soon as practicable and no later
than when individual notifications are sent out. Similarly, the Minister must be notified;
typically, sending a copy of the OIPC report to the Minister (through the designated email or
address in the regulations) is sufficient. The Town will follow any specific directions from the
regulations regarding breach report content and format. Keep a copy of all correspondence.
11. Optional Police Notification: If the breach involved any criminal activity (e.g., theft,
hacking) or if misuse of the data could lead to fraud, the Town should notify theRCMP
or local police. For example, stolen identity information
-- police can watch for cases
of identity theft. Also, if stolen devices are involved, a police report should be filed for
insurance and investigative purposes.
FOLLOW-UP & PREVENTION:
12. Investigation Report: The Access and Privacy Coordinator
willcompile a report once
the immediate crisis is handled. This internal report should include a timeline of
events, how the breach occurred, who was involved in the response, what steps were
taken,
and
all
outcomes
(including
how
many
people
were
notified,
any
communications with OIPC, etc.). It should also outline recommended remedial
actions to prevent similar breaches. The report should be shared with the CAO and
relevant department heads, and
a summary could be provided to Council in camera
if appropriate (especially for serious breaches).
. Evaluate Prevention Measures: Determine what went wrong and what measures
will prevent this type of breach in the future. Actions might include:
o
Policy or Procedure Changes: e.g., if it was human error, perhaps better
checks for sending emails, encryption of attachments, or a two-person rule
for mass emails. If it were a technical issue, update the software or change
configurations.
Additional Training:
Perhaps
staff
need
refresher training
on
privacy
protocols, such as double-checking email recipients, locking file cabinets,
using strong passwords, etc. Privacy and security training should be reinforced
across the organization.
Enhanced Security: Strengthen physical security (locks, clean desk policy),
technical
security
(encryption
of
laptops,
improved
firewalls,
access
controls), and administrative controls (limit who can access certain personal
info on a need-to-know basis).
Contractor Management:
If a contractor caused or suffered the breach,
ensure contracts have proper privacy clauses and that they took proper
actions. Possibly reconsider which contractors handle personal data
or
impose stricter requirements.
Testing and Auditing: Implement
or increase regular privacy audits
or
vulnerability assessments to catch weaknesses before a breach happens.
14. Follow-up with Affected Individuals: In some cases, the Town might issue a follow-
up communication to affected individuals, especially if significant new information
comes to light (e.g., stolen data is recovered orthe culprit is apprehended). Also, be
prepared to handle inquiries: some individuals may contact the Town or the media
may report on the breach. The Town's communications should be coordinated to
ensure consistent and accurate information, without disclosing sensitive details that
could worsen the situation.
15.Documentation
and
Continuous
Improvement:
All
breach
documentation
(incident log, investigation report, copies of notifications) should be preserved ina
confidential file. Lessons learned from the breach should be integrated into the
Town's privacy training and policies. The privacy management program (see Part VI)
should be updated if necessary
-- forexample, if the breach revealed a gap in policy,
fill that gap. The Town will treat each incident as a learning opportunity to bolster
privacy protection moving forward.
Roles and Responsibilities:
e
Employee/Contractor discovering breach: Immediately report it; attempt initial
containment if safe to do so (e.g., unplug system, retrieve document); cooperate with
investigation.
Access
&
Privacy
Coordinator:
Lead
breach
response
team;
coordinate
investigation, risk assessment, and notifications; act as primary liaison with OIPC
and affected individuals; document the incident.
Chief Administrative Officer (Head): Oversee the response; make key decisions on
notifications in consultation with Coordinator; approve public communications; brief
Council if needed; authorize resource allocation for response and remediation.
IT Department: If breach is IT-related, identify and close security vulnerabilities;
provide technical details for assessment; assist with containment (e.g., shut down
servers, secure backups); support forensic analysis.
Department
Manager
(of
area
where
breach
occurred):
Ensure
front-line
cooperation; implement any immediate fixes in departmental procedures; partake in
after-action review to improve departmental practices.
Communications Officer (if exists or CAO designate): Prepare press releases or
media lines if the breach becomes public; ensure affected individuals get clear
information; avoid public disclosure of identities or sensitive details beyond what is
necessary.
Legal Counsel (if consulted): Advise on legal obligations, wording of notifications,
liability mitigation, and any contractual or law enforcement issues.
Office of the Information and Privacy Commissioner (external): Receives breach
report; may follow up with Town for more info; can provide guidance; in serious cases,
may launch an investigation or require certain steps. We must cooperate fully with
any OIPC investigation or recommendations.
Remember: The goalin breach response is to minimize harm to affected individuals, comply
with legal requirements (which now include Commissioner and Minister notifications for
serious breaches), and to strengthen our systems to prevent future incidents. Time and
transparency are Critical--- acting fast and honestly will help maintain public trust even when
mistakes happen.
If you have any questions about these guidelines or if you are unsure whether something
constitutes a breach, contact the Access and Privacy Coordinator immediately. it is better
to ask and verify than to overlook a potential incident. The Town of Hanna is committed to
safeguarding personal information and continuously improving our privacy practices.
Instructions for Submitting Your Request:
(A Mail or Drop-Off:
Town of Hanna - CAO
302 2™Ave West
PO Box 430
Hanna, AB, TOJ 1P0
'@ Email:
[email protected]
& Questions? Contact 403 854 4433
Schedule E - FOIP Appeal Process
TOWN OF HANNA
PROVINCE OF ALBERTA
ACCESS TO INFORMATION REVIEW AND APPEAL PROCESS - SCHEDULE E
This schedule provides a user-friendly guide summarizing how an applicant can seek a
review
or appeal regarding
an
access to
information request,
under the Access
to
Information Act (ATIA) and the Protection of Privacy Act (POPA). It outlines internal review by
the Town and external appeal to the Office of the Information and Privacy Commissioner
(OIPC), along with important timelines and contact information. This is for guidance only; in
case of any discrepancy, the provisions of the Acts and the main body of the bylaw prevail.
Step 1: Internal Review (Optional Initial Appeal to Town)
e
=Initiating Internal Review: If you are dissatisfied with the Town's response to your
access request (e.g., information withheld, correction refused,
or you feel the
process was not handled properly), you have the option to request an internal review
by the Town. Submit a completed Internal Review/Appeal Form (Schedule B) to the
Town within 30 days of receiving the Town's decision. Indicate whether you want the
CAO or Town Council to conduct the review.
Town's Review Process: The Town will acknowledge your appeal and carry out the
review. If the CAO review is chosen, the CAO (who is the Head under the Act) will re-
examine the decision. If Council review is chosen, Council may delegate a committee
or handle it ina closed meetingto reconsider the matter. The reviewer will look at the
records, the reasons for denial/redaction, and any arguments you provided.
Timeline: The Town aims to complete the internal review and issue a decision within
30 days of receiving your appeal. You will be notified in writing of the outcome.
Possible Outcomes:
-- Decision upheld: The Town stands by the original decision (no additional
information released or change made).
-- Decision modified: Some additional information may be disclosed, fees adjusted,
or other changes made in your favor.
-- Decision overturned: The Town agrees to release the information or make the
correction you sought (in whole).
You will receive a letter explaining the result and reasoning.
Next Steps After Internal Review:
If you are satisfied with the internal review
outcome, the process ends here
-- the Town's decision is implemented. If you are not
satisfied, or if you did not choose to use internal review, you can proceed to Step 2.
Remember, using the Town's internal review is optional - you may go directly to the
Commissioner if you prefer.
Step 2: Appeal to the Alberta Information and Privacy Commissioner
Right to External Review: Under the Access to Information Act, you have the right to
ask the independent Information and Privacy Commissioner of Alberta to review any
decision, act, or failure to act by the Town on your access request. Common reasons
include: denial of access to records, excessive redactions, delays beyond statutory
timelines, fees that you feel are unreasonable, or a refusal to correct your personal
information.
How to Request Commissioner Review: You must request the OIPC within 60 days
of the Town's final decision on your request (this could be 60 days from the original
decision if you skipped internal review, or 60 days from the internal review outcome
letter if you used that process). The request should be in writing. You can either:
a) Send a Letter or Form to OIPC: Include your name and contact, the name of the
public body (Town of Hanna), the file number of your request (if known), date of the
Town's decision, and a brief description of what you want reviewed (e.g., "I believe
more records exist," or "Section X was improperly applied to withhold information
about...", etc.). The OIPC has a form called "Request for Review" available on their
website,
which
you
can
fill
out.
b) Through the Town (if you filled Schedule B): If you filled out Schedule B and
indicated a direct appeal to the Commissioner, the Town can forward that form to the
OIPC, but it's ultimately your responsibility to ensure OIPC receives your request in
time.
Where to Send: You can mail, fax, or email your review request to the OIPC.
Office of the Information and Privacy Commissioner (OIPC) - Alberta
Suite 2460, 801 --6 Avenue SW
Calgary, AB T2P 3W2
Email: [email protected]
Phone: 1-888-878-4044 (toll-free) or 403-297-2728
Fax: 403-297-2711
(The OIPC also has an Edmonton office; Calgary is given here for convenience. You may use
either.)
After Requesting OIPC Review: The Commissioner's office will typically send you a
confirmation and open a case file. They will notify the Town that a review has been
launched and outline what will be reviewed. An OIPC mediator or investigator may
contact you and the Town to gather information. Often, the OIPC will attempt to
mediate the dispute: the mediator may discuss with you and the Town to see if a
resolution can be reached (e.g., perhaps the Town agrees to release some additional
information, or you agree to narrow your request). Mediation is an informal and often
successful stage.
Inquiry (Formal Hearing): If mediation doesn't resolve the issue, the Commissioner
may decide to hold a formal inquiry. This is like a tribunal hearing, usually done
through written submissions but sometimes orally. You and the Town (and any third
parties, if applicable) will be asked to provide written arguments and evidence by
certain
deadlines.
The Commissioner (or
an appointed Adjudicator)
will then
consider the case and issue an Order.
Commissioner's Decision/Order: The result of an OIPC review can be a variety of
outcomes depending on the issue:
--The Commissioner may order the Town to release records that were withheld, if
they find the exemptions were applied incorrectly.
-- Conversely, the Commissioner may uphold the Town's decision that certain
information should remain confidential.
-- The Commissioner could also confirm or reduce a fee, order a correction to be
made, or require the Town to take other steps (such as a further search for records).
-- Under the updated legislation, the Commissioner's orders are binding on the
Town. This means the Town must comply with the order, subject to any further
appeal (judicial review) rights. The Town will provide you with any additional records
as directed by the Order, typically within a set time frame.
You will receive a copy of the Commissioner's written Order, which will outline the findings
and what must be done. Many Orders are also published (with personal identities removed)
on the OIPC website for transparency.
Timeline
for
OIPC
Review:
There
is
no
fixed
timeline
in
the
Act
for
the
Commissioner's process
-- some simple matters in mediation might conclude in a
month or two; formal inquiries might take several months up to a year or more,
depending on complexity and the OIPC's caseload. The Commissioner does have a
mandate to try to resolve matters expeditiously and has new powers to set binding
timelines for reviews under the modernized Act. The Town will not usually release
disputed information during the OIPC process unless both you and the Town agree or
the Commissioner orders an early release, to preserve the rights at issue.
Step 3: Judicial Review (Court) (if applicable)
If you disagree with the Commissioner's Order,
or if the Town
or a Third Party
disagrees, an application can be made to the Alberta Court of King's Bench for a
judicial review. This must be filed within 45 days of the Commissioner's Order being
issued. Note: The Commissioner's Order will include information about this right.
Judicial review is essentially a court proceeding to review the lawfulness of the
Commissioner's decision. The Court will consider whether the Commissioner made
any error in interpreting the law or in their process. The Court could uphold the
Commissioner's
decision
or send
the
matter
back
to the
Commissioner for
reconsideration (or potentially, rarely, substitute its own decision).
Judicial review is a legal process that typically requires representation by a lawyer. As
an applicant, you are not required to have a lawyer, but given the complexity of legal
arguments, it is recommended to consult one. Keep in mind, going to court may
involve legal costs (for you and potentially liability for others' costs if unsuccessful).
For the average FOIP/ATIA applicant, judicial review is not commonly pursued unless
the
matter involves significant principles
or amounts
of
information
and
the
Commissioner's ruling is seen as problematic.
The Town of Hanna, as a public body, will comply with any final court rulings.
Summary of Appeal Options and Timelines:
Deadline to
Appeal Option
Who Reviews
Outcomes
Initiate
New decision by Town
(may release more info,
Internal Review
(CAO or
30 days fromthe
Townof Hanna (CAO or
uphold denial, etc.)
Town's decision
Council)
within 30 days. Not
Council)
Commissioner
¢o days from
Review (OIPC)
and Privacy Commissioner
require Town to release
binding on applicant-
you can still go to OIPC.
Independent Information
Order issued--can
Town's decision
of Alberta
records or uphold Town's
.
Deadline to
.
Appeal Option
-
Who Reviews
Outcomes
Initiate
(orinternalreview (mediator/investigator, then actions, etc. Binding on
result)
possibly an Adjudicator)
Town.
Court judgment --- can
uphold or quash the
Commissioner's Order,
_.
.
45 days from the
;
.
;
Judicial Review
oo,
,.
Alberta Court of King's
with possible further
Commissioner's
.
.
ae
(Court)
Order
Bench
directions. Binding on all
parties (subject to any
further appeal
to the
Court of Appeal).
(References: The above timelines and authorities are drawn from the Access to Information
Act and the Protection of Privacy Act. For example, ATIA section on requesting review by
Commissioner within 60 days mirrors FOIP's provision, and POPA's provisions on judicial
review mirror FOIP's 45-day rule.)
Contact Information for Appeals:
e
Town of Hanna Access and Privacy Coordinator (Internal Appeals):
o
Address: 302 2nd Ave West, P.O. Box 430, Hanna, AB TOJ
1P0
Email: [email protected]
Phone: 403-854-4433
Office Hours: 8:30 am
-- 4:30 pm, Monday to Friday (closed statutory
holidays)
When submitting an internal review request, you can deliver it to the Town Office in person,
by mail, or emailit. If emailing, it's
a good idea to request a read receipt orfollow up by phone
to ensure it was received.
e
Office of the Information and Privacy Commissioner of Alberta (External
Appeals):
o
Calgary Office: Suite 2460, 801 6 Avenue SW, Calgary, AB T2P 3W2
Phone: 1-888-878-4044 or 403-297-2728; Fax: 403-297-2711
Edmonton Office: Suite 410, 9925 109 Street NW, Edmonton, AB T5K 2J8
Phone: 780-422-6860; Fax: 780-422-5682
Email: [email protected]
o
Website: www.oipc.ab.ca (resources and forms are available here)
You can contact OIPC for general information on the process even before filing your review.
Their staff can explain how to request a review. Remember not to include ultra-sensitive
personal info in unencrypted email to OIPC
-- stick to the basics when initiating.
Need Help?
e
If yourequire assistance at any stage
-- e.g., filling forms, understanding reasons for a
decision, or how to word your concerns for a review
-- you may contact the Town's
Access and Privacy Coordinator. The Coordinator can guide you on the process
(however, note they represent the Town's interests too, so they can't advise you on
how to argue your case, but they can clarify what the decision was and what it was
based on).
For independent advice, you might consider reaching out to the OIPC (they won't give
legal advice but can clarify your rights) or seek legal counsel, especially for complex
matters or the judicial review stage. Non-profit organizations that focus on freedom
of information or privacy rights might also offer assistance or resources.
The Alberta OIPC website has FAQs and examples of Orders which might be useful to
understand how similar cases have been resolved in the past. It can sometimes be
helpful to reference previous OIPC Orders if you think your case is similar (though
each case is decided on its own merits).
Remember: Exercising your right to appeal or review is part of the democratic process of
ensuring transparency. The Town of Hanna is committed to respecting your rights under the
Access to Information Act and the Protection of Privacy Act. We will cooperate fully in any
review by the Commissioner and strive to continuously improve our practices based on
feedback and decisions resulting from appeals.
We hope this guide helps clarify the process. Your privacy and access rights matter to us,
and we aim to make the process as straightforward as possible. If anything is unclear, please
do not hesitate to reach out for clarification.
Instructions for Submitting Your Request:
(A Mail or Drop-Off:
Town of Hanna
--- CAO
302 2"* Ave West
PO Box 430
Hanna, AB, TOJ 1P0
'® Email:
[email protected]
# Questions? Contact 403 854 4433