This presentation serves as an introduction to the operations and provisions f the Freedom of Information Act and the Data Protection Act in Trinidad and Tobago

1. 1
Access to Information
and
Privacy Protection
Rishi Maharaj
Executive Director
EquiGov Institute
www.equigov.com; rishi@equigov.com

2. Objectives

3. Freedom of Information Act
Chap 22:02

4. Freedom of Information Act
An Act which gives individuals the right to request information
from any public authority and the right to amend personal records
that are incorrect or misleading

5. 5
Freedom of Information
“Information is the Oxygen of democracy. If
People do not know what is happening in their
society, if the actions of those who rule them
are hidden, then they cannot take a meaningful
part in the affairs of that society”

6. 6
• The FOIA enshrines the concept that information
collected and generated by government, is a
resource of the people, for the people and is to be
accessible as freely as possible by the people.
• The Act should not displace formal procedures for
access to information but should be regarded as a
legislative “last resort.”
Freedom of Information

7. Tenets of the Act

8. Basic Principles of FOI Legislation
Principle 5 Principle 6
Processed rapidly and fairly Minimum costs
Principle 3 Principle 4
Promote open government Exceptions narrowly drawn
Principle1 Principle 2
Maximum disclosure Publish key information

9. What Bodies are covered by the Act?
Public Authority
a.If it exercises any function on behalf of the state
b.if it was established by virtue of the President, by a Minister of
Government in his capacity or by another public authority
c.an organization that is supported directly or indirectly by
Government funds and over which Government is in a position
to exercise control
Parliament
Courts
State owned
enterprise
Ministries ,THA
Regional
Authorities
Courts

10. A closer look at the
legislation

11. Accessing Information under the Act
• The Act is for accessing information that
is not readily available to the public
E.g. Board Minutes, Tender
Documents, Financial Records,
Interview Score Sheets

12. What information can be released?

13. How to Access Information
 Acquire: forms can be obtained
from any public authority or the
FOI website (www.foia.gov.tt)
 Complete: One can seek
assistance from designated
officers to complete form
 Submit: Forms can be submitted
via mail or in person
 Advise: Advise applicant of the
process and 30 day period for an
official response and inform of
further measures that can be
made if there is an unsatisfactory
response
Schedule

14. The key players
Designated
Officer
Legal Officer
Decision-maker

15. • There are ??? Exemptions under the Act
• Eleven (11)
• It is important to note that exceptions are not
absolute.
• Public authorities are required to give consideration
to the public interest in determining whether access
should be given to exempt documents.
Exemption (Part IV)

16. Exemption (Part IV)
Cabinet documents
International
Relations
Law Enforcement
Documents
affecting legal
proceedings
Internal Working
Defence and
Security documents
Trade secrets
documents
Material obtained
in confidence
Where secrecy
provisions apply
Documents
affecting the
economy and
commercial affairs
Documents
affecting Personal
Privacy

17. Public Interest Section 35
• Notwithstanding any law to the contrary a public
authority shall give access to an exempt document
where there is reasonable evidence that significant:
– Abuse of authority of neglect in the performance of official
duty; or
– Injustice to an individual; or
– Danger to the health or safety of an individual or of the
public; or
– Unauthorised use of public funds has or is likely to occur.

18. Public Interest Section 35
• An important thing to note about this test is that it
has a presumption in favour of disclosure.
• The burden is on the public authority to show that
the public interest in withholding the information is
greater then the public interest in disclosure.

19. Public Interest Section 35
•"The question of what constitutes the public interest is not a static or
circumscribed notion.” per Beezley J in Australian Doctors' Fund Ltd v.
Commonwealth of Australia (1994) 49 FCR 478 at para. 34.
•Moreover the matters must be of legitimate concern to the public. In
TV3 Network Series v. B.S.A (1995) 2 NZLR 720 at 733, a privacy case,
Eichelbaum CJ stated:
"It is necessary to draw attention to the distinction between matters
properly within the public interest, in the sense of being of
legitimate concern to the public, and those which are merely
interesting to the public on a human level- between what is
interesting to the public and what is in the public interest to be
made known."

20. Public Recourse
• Response within 30 calendar days
• Remedies Ombudsman (Section 38)
(21 days)
Judicial Review (Section 39)
(3 months)
• Correction of Personal Information (Section 36)

21. Data Protection Act 2011

22. 22
Data Protection
Whilst citizens have a right to information about
their Government, as recognised & facilitated by
FOIA, this right must be balanced with the rights of
individuals to have their personal privacy
maintained & respected.

23. 23
What does the Data Protection Act* set
out to do?
This legislation provides for the protection of
personal privacy, and the information of
individuals which is in the custody or control of
an organization, whether public or private.
* Note – the Act has been partially proclaimed.

24. 24
Why is the Protection of Personal
Information necessary?
• Privacy has long been understood to have a value
in a civil society that respects inherent rights &
values of mankind
• T&T Constitution enshrines the right to privacy
• Universal Declaration of Human Rights states that
privacy is a fundamental human right
• Privacy is an important element in the control of
electronic activities such as unsolicited marketing
& spam

25. What do these organizations have in
common

26. 26
Aim of the DP Act
The Act aims to ensure that personal
information shall not be disclosed, processed or
used other than the purpose for which it was
collected, except with the consent of the
individual and where exemptions are clearly
defined.

27. 27
• Note that the Act aims to balance
personal information needs with broader
public interest needs such as law
enforcement, security and public health,
as identified in the exemptions.
Aim of the DP Act

28. 28
Who will be affected by this Legislation?
• Every citizen and resident of T&T;
• All Public Bodies; as well as
• Private Enterprises, through either voluntary
or mandatory codes of conduct to be
developed in conjunction with the
Information Commissioner.

29. 29
What is meant by ‘Personal Information’?
Personal Information means information about an
identifiable individual that is recorded in any form.
•Info re race, ethnicity, religion or marital status
•Info re education, medical, criminal or employment
history; or info relating to financial transactions in which
the individual has been involved;
•Any identifying number or symbol e.g. Identification Card
No. or Driver’s Permit No.
•Fingerprint, DNA or blood type

30. 30
What is meant by ‘Sensitive Personal
Information’?
This refers to personal information on a
person’s:
•Racial or ethnic origins
•Religious beliefs or other beliefs of a similar
nature
•Physical or mental health condition
•Sexual orientation or sexual life; or
•Criminal or financial record

31. 31
The General Privacy Principles
These establish norms & requirements for the physical
& electronic security of Personal Information. They
mandate:
• Identification by the organisation of the purpose for
which it was collected before or at time of collection
• Individual’s knowledge & consent required for
collection, use or disclosure of the pi.
• Collection to be legal and limited to what is
necessary in accordance with the identified purpose

32. 32
• Organisations are to make available to
individuals documents re their policies &
practices related to the management of
personal info (except where otherwise
provided by law)
• To enable individuals to verify the accuracy &
completeness of their info, organisations are
to disclose on request all docs. re the
existence, use & disclosure of their pi.
The General Privacy Principles

33. 33
• Retained only for as long as is necessary for
purpose collected & not disclosed for
purposes other than purpose of collection w/o
individual’s prior consent
• It shall be accurate, complete and up-to-date
• To be protected by such appropriate
safeguards necessary in accordance with
sensitivity of the info
The General Privacy Principles

34. 34
• Individuals have the right to challenge
organisation’s compliance with the GPP &
receive timely & appropriate engagement
from the organisation
• Re foreign requests – personal information
that is requested to be disclosed outside T&T
is to be regulated. Comparable safeguards to
those under the DP Bill are to exist in
jurisdiction receiving the pi.
The General Privacy Principles

35. 35
Collection of personal information
Personal info may not be collected by a PA
unless:
•The collection of that info is expressly
authorized by or under written law;
•Info is collected for the purposes of law
enforcement; or
•That info relates directly & is necessary for an
operating programme or activity of the PA.

36. 36
PA to ensure that individual from whom it
collects personal info or causes pi to be
collected is informed of:
a) Purpose for collecting it;
b) The legal authority for so doing;
c) The title, business address & telephone no.
of official/employee/PA who can answer
individuals’ questions about the collection
Collection of personal information

37. 37
Right of Access by Individual to PI
• Every T&T citizen and resident has a right to
Personal Info about them in a personal
information bank in PA’s custody & control;
• Request to be made on a prescribed form;
• PA Head may refuse disclosure of the PI if:
a) Disclosure constitutes an unjustified invasion of
another’s personal privacy
b) It is a correctional record that could reveal info
supplied in confidence;

38. 38
Data Sharing & Data Matching
Government is subject to specific responsibilities
re data sharing and data matching that recognizes
the importance of Government as a primary
holder of info about individuals
Where a Public Body intends to share info with
other Public Body, it shall do so only pursuant to
an agreement in a manner prescribed by the
Commissioner by Order

39. PRIVACY IMPACT ASSESSMENTS
Public Bodies are required to
prepare PIAs in the prescribed
form for any:
• Proposed enactment
• System
• Project
• Programme or
• Activity

40. • PIAs are to be submitted by every Public
Body to the Commissioner for approval and
evaluation in accordance with the GPP
• Commissioner may make recommendations
to the Public Body for amendments
PRIVACY IMPACT ASSESSMENTS

41. Public Bodies are to take all reasonable steps
in accordance with its PIA to avoid
unnecessary intrusions into personal privacy
when designing, implementing or enforcing
enactments, systems, projects, programmes
or activities.
PRIVACY IMPACT ASSESSMENTS

42. 42
THANK YOU FOR
YOUR ATTENTION