Managing Contracts under the foip act


Confidential Business Information



Download 0.57 Mb.
Page17/31
Date02.02.2017
Size0.57 Mb.
#16571
1   ...   13   14   15   16   17   18   19   20   ...   31

4.9
Confidential Business Information

When a public body contracts with a private-sector business to provide services, there is often a need for the business to share confidential information with the public body. This may consist of commercial, financial, labour relations, scientific or technical information. In certain cases, disclosure of this information by the public body may significantly harm the competitive position of the business, interfere with its ability to negotiate, or cause undue financial loss. It is therefore critical for the parties to the contract to have a clear understanding about what business information is supplied to the public body in confidence. This will ensure that the public body does not cause harm to a business by disclosing confidential business information in response to a request under the FOIP Act.

Where it is important to include confidential business information within a contract, a good practice is to set out the confidential information in a schedule rather than in the body of the agreement. This will facilitate severing in response to an access request. Exceptions to disclosure in response to a FOIP request are discussed in Appendix 2.

Another issue that may arise in relation to confidential business information is disclosure for the purpose of reviewing fees and charges for services to clients. Review of fees and charges stems from a decision of the Supreme Court of Canada in 1998. The Court declared in the Eurig Estate case that probate fees charged in Ontario, which had been established by regulation, were unconstitutional. The Court ruled that, since the revenue collected was much greater than the cost of providing this compulsory service, the fee should be considered a tax and must therefore be authorized by legislation.

Following that decision, Alberta established a Fees and Charges Review Committee, which released a report to the Government in 2000. In this report, the Committee established a guiding principle for the review process: where a compulsory charge is a genuine fee for service, the fee should reflect the cost of providing the service.

The Government accepted and continues to apply this guiding principle. If a contractor is authorized to charge a user fee for the services it provides to public users on behalf of the government (for example, licensing or inspection services), the fee may require Government approval. Departments must obtain approval of their Senior Financial Officer for new or amending regulations that introduce a change in fees or charges.

Where a number of organizations deliver the same service on a competitive basis, the information used to determine the fee may be considered competitive commercial information, which the public body has an obligation to protect. A public body that manages agreements involving fees and charges needs to ensure that it communicates the rationale, the review process and the protections provided for business information to the organizations concerned.

The measures that a public body may wish to consider include


  • consulting with the department’s Senior Financial Officer to determine whether the proposed method of cost recovery through user fees to be charged by the contractor will require Government approval, the process and information required to secure the approval, and the confidentiality of any cost information submitted to the committee;

  • setting out this requirement in the RFP or other communication to prospective contractors and explaining that the final contract, or at least the fee schedule of the contract, may not be executed until Government approval is secured; or

  • indicating the type of cost information that the contractor may be required to provide and the protection provided to that information in the event of an access request under the FOIP Act.

Related sections of this Guide

Chapter

  • Tendering process

5.7

6.4

5.
Pre-contracting Processes


5.1
Overview

Ensuring compliance with the FOIP Act and the RMR should begin well before the contracting process. By clearly addressing requirements relating to access to information, protection of privacy and records management early, the public body can ensure that

  • the implications of a proposal to enter into a contract are understood,

  • the contractor can make an informed assessment of the responsibilities involved in the contract, and

  • the full cost of compliance is recognized.

This chapter provides consideration of some of the pre-contracting processes that may require attention to access, privacy and records management considerations, namely:

  • development of the business case for a business initiative involving sensitive personal information,

  • the Privacy Planning Tool required for all IT projects,

  • the Privacy Impact Assessment (PIA),

  • the assessment of the privacy capabilities of smaller contractors,

  • the organization of records prior to implementing an alternative service delivery initiative, and

  • the solicitation or tendering process, from the initial stage of communicating the requirements of the contract to the final disposition of submissions.

    Table 1 provides a summary of risk mitigation strategies in tendering documentation and contracts.




5.2
Business Case

The Alberta Government has designed a business case template as a means for provincial public bodies to analyze major business initiatives such as a decision to adopt an alternative form of service delivery. Where the initiative involves the collection, use or disclosure of sensitive personal information, the public body should include an evaluation of the related risk factors, as well as the cost of compliance with the FOIP Act and the RMR. This evaluation does not replace the requirements of a more detailed Privacy Impact Assessment. It does, however, provide a high-level review of the privacy issues within the overall framework of the business initiative.

The business case should address the following questions.



  • How does the proposed form of service delivery, including any process changes to the collection, use, disclosure, and protection of personal information, affect the public body’s obligations under the FOIP Act and RMR? What mitigating measures should be included in the arrangement, and what are the costs of these measures?

  • How will the alternative form of service delivery affect the public right of access to information related to the program? What mitigating measures should be included? What, if any, are the additional costs of the measures to the public body and to the public?

  • How will routine disclosure and active dissemination of information be affected by the proposed outsourcing? Can a process be established to enable the continuation of routine disclosure and active dissemination of information?
1   ...   13   14   15   16   17   18   19   20   ...   31



The database is protected by copyright ©ininet.org 2024
send message
    Main page
private sector
various aspects
deputy head