Understanding FOIP: Interview with Rick Klumpenhouwer
Understanding FOIP: Interview with Rick Klumpenhouwer
The Freedom of Information and Protection of Privacy Act (the FOIP Act) is essential legislation that balances the public’s right to know with an individual’s right to privacy- but that doesn’t mean it’s easy to understand and implement.
Today, we’re sitting down with Cenera Partner Rick Klumpenhouwer, a Privacy and Information Governance expert with over 30 years of experience integrating FOIP compliance with real-world management.
A thought-provoking conference speaker, Rick leads Access, Privacy and Information Management training sessions for public, health and, private sectors. Rick is known for his practical, creative, and engaging approach to making complex information, concepts, and ideas accessible – so we knew he would be the perfect person to help better understand FOIP!
Hi Rick, it’s great to chat with you today! For those who aren’t sure, what is the purpose of FOIP?
Freedom of Information is an international movement. In the western world, its roots can be traced back to Sweden’s Freedom of the Press Act of 1766. At its core, it’s about the relationship between citizens and their government.
FOIP allows citizens to hold their governments and public bodies accountable and protects individual citizens’ privacy, both contributing to levelling the playing field between government and citizens. Privacy protection has perhaps now become the more pressing and challenging component of FOIP.
FOIP establishes a “right of access” – a fundamental right of a liberal democracy.
Is FOIP as confusing as it seems?
Unfortunately, yes, it is.
FOIP has a lot of moving parts, so it is inherently complicated. At time it can even seem to contradict itself. If you go straight into the details, it’s easy to get lost. The key is to break it down and take it in layers. Start by understanding what the legislation itself is trying to do.
Also, not everything is intuitive as far as what is private. Especially with the internet and social media, y ou cant nail down every situation that pertains to protecting privacy. I’ve been doing this work for over 20 years, and I’m constantly learning something new!
At the end of the day, FOIP has to interact with the real world, and while that makes it complicated, it keeps it interesting!
What are the most important things organizations need to understand about FOIP?
Right of access. Public bodies can only withhold information by reference to a specific exception in the Act. It’s not a privilege to hold this information- you have an obligation to provide it.
Personal information is a moving target. Don’t assume you can easily identify what personal information is. Treat all information as potentially personal and take it on a case-by-case basis.
Don’t equate privacy with security. Yes, security is a prerequisite for privacy, but it’s not the same thing. Security is a tool for achieving privacy and will evolve with technology.
How can an organization implement solid processes to remain FOIP compliant?
Think of it as a program. It’s not about reacting; it’s about prepared reaction.
Know the purpose of the legislation and use that as your guiding reference. FOIP is not an instruction manual.
Train your team! Don’t assume even basic concepts are intuitive (for example, what personal information actually is). Also, don’t assume FOIP only touches specific areas of your operations – in reality, likely everyone on the team will interact with FOIP in some way, especially when it comes to privacy. It’s important that everyone at least understands the purpose of FOIP and how your organization is using it.
Recognize that there will be conflicting opinions on how and when FOIP applies – social media, personal devices, and the internet add layers of complication; tie it back to the purpose – if you’re collecting information, FOIP probably applies.
What are the risks of making a mistake when it comes to FOIP?
Harm to individuals involved. It can cause shock, anxiety, and safety concerns; you never know what consequences can arise when personal information and privacy is breached.
Harm to organizations or third parties, for example, compromising proprietary information.
It can trigger an investigation from the Information and Privacy Commissioner’s Office—the regulator, which will drain significant organizational resources.
It can cause massive reputational damage because investigation details are made public.
In extreme cases, fines and financial penalties are possible, though rare.
Why did Cenera start offering FOIP training?
Cenera first began offering training through Service Alberta in 2008. We’re now offering training independently, and we take a bit of a different approach- Cenera training is all about participation and practice.
As I mentioned earlier, FOIP isn’t an instruction manual, so we feel strongly that you need to build skills to be analytical with it. We want to give organizations tools to understand FOIP, the confidence to navigate it, and the practice needed to look at questions on a case-by-case basis.
Utilizing theoretical situations is so important in this work. We teach people how to apply knowledge and understand where to look for answers when they don’t know. You won’t be able to memorize everything!
I’ve been fortunate to have good professional relationships with regulators, and the best approach to working with them is a collaborative one. FOIP is not an adversarial system; you have a duty to assist with access to information requests, for instance. And regulators are there to help you understand and implement FOIP. Fighting it will be costly and time-consuming; trying to work with them as much as possible it typically more effective.
What can folks expect from attending Cenera FOIP training?
It’s participatory We use a blended approach that includes self-directed materials and instructor-based coursework that allow you to see a FOIP problem in action and take a hands-on approach to solve it.
We’ve also significantly expanded our client services around FOIP compliance. We can be available on-call to answer questions, help clients deal with FOIP requests, or help them respond to a breach. It’s about building relationships with our clients.
How do you anticipate FOIP will continue to evolve in the future?
It has to evolve; it’s already behind!
The Act must constantly be reviewed and updated to deal with new situations. While there has been a focus on the Health Information Act, FOIP has largely been neglected.
There are a lot of questions about how costly FOIP is for public bodies to implement. FOIP is an essential public right, but we need to find a way to balance the costs and resources it takes. Whether that should come through changes to the FOIP fee schedule is a difficult question, but in short, we need to find a way to put more resources into this work.
What gets you excited about FOIP and helping organizations implement it?
This work is at the cutting edge of technology and ethical issues around technology.
Once of the biggest has been around surveillance. The scale, methods, and surveillance ability have expanded incredibly in the last decade. And there are significant challenges in analyzing and understanding how to responsibly utilize surveillance methods. That includes health surveillance, such as things like COVID vaccines. These are difficult questions, and no one has all the answers (including the regulators!).
Every day clients come to me with incredibly complex and challenging questions. And you have to be prepared to make ethical choices. But I love being able to lean into that grey area and nuance; that gets me really excited and passionate about this work.
As privacy and FOIP compliance continues to evolve, Cenera’s expert Privacy and Information Governance team are here to help. If you have questions about FOIP, we have answers.
Feel free to reach out to us anytime to discuss your FOIP needs or to learn more about our FOIP training & supports.
Share This Story, Choose Your Platform!
Let’s Connect
Never miss an update, click here to subscribe to our monthly newsletter.
Plus, follow us on LinkedIn!
