Administrative Procedure

AP-324 — Access to Information

Section Three: General School Administration

Effective Date: May 26, 2026 Last Reviewed: May 26, 2026

Background

This Administrative Procedure establishes the Division's framework for providing access to information in accordance with the Access to Information Act (ATIA) and Policy 311 – Privacy and Access to Information. It defines the obligations, roles, and processes for routine disclosure, proactive publication, and formal access to information requests, and establishes the responsibilities of site coordinators and the Access and Privacy Coordinator.

Scope

This procedure applies to all records in any format that are in the custody or under the control of Grasslands Public Schools, and to all employees, contractors, and volunteers who may receive or respond to requests for information. It applies to all Division sites including schools, the Division office, and transportation and maintenance facilities.

Definitions

Terms not defined in this procedure have the meanings assigned in Policy 310 – Information Security Charter and Policy 311 – Privacy and Access to Information.

Access and Privacy Coordinator: The Associate Superintendent Business Services, designated under Policy 311 to oversee compliance with POPA and ATIA.

Formal ATI Request: A request made under the Access to Information Act for access to records in the custody or control of the Division, processed when routine disclosure is not possible or when the requestor specifically invokes ATIA.

Routine Disclosure: The release of information through normal business channels without requiring a formal ATI request.

Site Coordinator: The principal or site administrator designated under Policy 311 as responsible for the protection of personal information at their site and for directing access to information inquiries to the Access and Privacy Coordinator.

Procedures

1. Roles and responsibilities

a. Access and Privacy Coordinator

1. The Access and Privacy Coordinator is responsible for receiving and processing all formal ATI requests, applying exceptions authorized under ATIA, coordinating records searches across Division sites, and maintaining ATI request records.
2. The Access and Privacy Coordinator shall report to Senior Administration as required on the volume and disposition of ATI requests.

b. Site coordinators

3. The principal of each school shall act as site coordinator for the purposes of POPA and ATIA at their school.
4. For non-school sites (Division office, transportation, maintenance), Senior Administration shall designate a site coordinator.
5. Site coordinators are responsible for:
   1. Ensuring the protection of personal information at their site.
   2. Directing inquiries about disclosure of information to the Access and Privacy Coordinator.
   3. Coordinating records searches at their site when requested by the Access and Privacy Coordinator.
   4. Ensuring staff at their site are aware of their obligations under POPA and ATIA.
6. Site coordinators shall not release records in response to a formal ATI request without direction from the Access and Privacy Coordinator.

c. All staff

7. Staff who receive a request that appears to be a formal ATI request shall direct the requestor to the Access and Privacy Coordinator without delay.
8. Staff shall not destroy, alter, or conceal records that may be responsive to an ATI request.

2. Routine disclosure and proactive publication

a. Routine disclosure

9. The Division encourages routine disclosure of information through normal business channels wherever possible, consistent with Policy 311, Section VII. Routine disclosure avoids the need for formal ATI requests and promotes transparency and public trust.
10. The following categories of information are generally available through routine disclosure without a formal ATI request:
    1. Board meeting agendas, public minutes, and approved motions.
    2. Approved Board policies and administrative procedures.
    3. School calendars, event schedules, and newsletters.
    4. Annual reports and audited financial statements intended for public distribution.
    5. School results reports and accountability pillar results.
    6. Division organizational charts and contact information for administrative offices.
    7. Job postings and general employment information.
    8. Transportation routes and schedules (non-identifying information).
    9. School supply lists and fee schedules.
    10. Division website content.
11. Routine disclosure shall not include personal information about identifiable individuals, records classified as Restricted or Confidential under A.P. 313, records subject to solicitor-client privilege, or records that would reveal confidential business information of a third party.
12. When staff are uncertain whether information may be routinely disclosed, they shall consult the Access and Privacy Coordinator before releasing the information.

b. Proactive publication

13. The Division shall proactively publish information on the Division website to reduce the need for formal ATI requests and to support transparency. At minimum, the following shall be published and kept current:
    1. All approved Board policies and administrative procedures.
    2. Board meeting agendas and approved public minutes.
    3. Annual audited financial statements and budget summaries.
    4. School results reports.
    5. The Division's directory of Personal Information Banks (PIB Directory), published at https://governance.grasslands.ab.ca/pib-directory.
    6. Information about how to make a formal ATI request, including the Request to Access Information Form.
    7. Contact information for the Access and Privacy Coordinator.
14. The Access and Privacy Coordinator shall review proactively published information annually to ensure it remains current and complete, and shall recommend additional categories for proactive publication where appropriate.

c. Staff guidance

15. Staff may share routine information through normal channels (in-person, telephone, email) without requiring a formal ATI request, provided the information falls within the routine disclosure categories listed above or is specific to the requestor's own interactions with the Division (for example, a parent requesting their own child's report card from the school).
16. Staff shall not share information that falls outside routine disclosure categories or that involves personal information about individuals other than the requestor. When in doubt, staff shall direct the requestor to the Access and Privacy Coordinator.

3. Formal ATI request processing

17. Formal ATI requests shall be processed in accordance with A.P. 323 – Privacy Management, Section 8.

4. Records search procedures

a. Coordination

18. Upon receiving a formal ATI request, the Access and Privacy Coordinator shall identify which Division sites and departments are likely to hold responsive records and shall issue a records search request to the relevant site coordinators and department heads.
19. The records search request shall describe the information requested, the scope of the search required, the deadline for the site coordinator's response, and any instructions regarding the handling of potentially responsive records.

b. Custody and control

20. The Division's obligation to search extends to all records in its custody or under its control, regardless of physical location. Records are in the Division's custody if they are in the Division's physical possession. Records are under the Division's control if the Division has the authority to manage, direct the disposition of, or retrieve the records, even if they are held by a third party (for example, a cloud service provider or contractor).
21. When responsive records may be held by a vendor or service provider, the Access and Privacy Coordinator shall coordinate retrieval in accordance with the data processing agreement and A.P. 322 – Third-Party and Vendor Risk Management.

c. Electronic and physical records

22. Records searches shall encompass both electronic and physical records. For electronic records, the search shall include Division-managed systems, email, cloud storage, shared drives, and any system identified as likely to contain responsive records. For physical records, the search shall include filing cabinets, storage rooms, and offsite storage.
23. The Director of Technology shall provide technical support for electronic records searches, including keyword searches, metadata searches, and retrieval from backup systems where necessary and practicable.

d. Search documentation

24. Each site coordinator and department head shall document their search, including the systems and physical locations searched, the search terms or methods used, the records identified as potentially responsive, and any records that could not be located or accessed.
25. Search documentation shall be returned to the Access and Privacy Coordinator and retained as part of the ATI request file.

e. Timelines

26. Site coordinators shall complete their records search and return results to the Access and Privacy Coordinator within ten business days of receiving the search request, unless the Access and Privacy Coordinator specifies a shorter timeline to meet ATIA deadlines.
27. If a site coordinator is unable to complete the search within the specified timeline, they shall notify the Access and Privacy Coordinator immediately so that an extension under ATIA may be considered if necessary.

5. Exceptions framework

a. General principles

28. The right of access under ATIA is subject to limited and specific exceptions. Exceptions shall be applied narrowly and only where the Access and Privacy Coordinator is satisfied that the statutory criteria are met. When in doubt, the presumption favours disclosure.
29. Exceptions do not operate as blanket exemptions for categories of records. Each record (or portion of a record) must be assessed individually against the applicable exception provisions.

b. Mandatory exceptions

30. Certain exceptions under ATIA are mandatory: the Division must refuse to disclose the information if the exception applies. Mandatory exceptions include, but are not limited to:
    1. Personal information of a third party, unless disclosure is authorized under ATIA.
    2. Information subject to solicitor-client privilege.
    3. Information that would reveal confidential evaluations or opinions given for the purpose of a decision about an individual's employment, appointment, or benefit.
31. The Access and Privacy Coordinator shall apply mandatory exceptions whenever the statutory criteria are met, regardless of whether the third party or other affected person has been consulted.

c. Discretionary exceptions

32. Certain exceptions under ATIA are discretionary: the Division may refuse to disclose the information if the exception applies, but is not required to do so. Discretionary exceptions include, but are not limited to:
    1. Information that could reasonably be expected to harm law enforcement or a lawful investigation.
    2. Information that could reasonably be expected to harm the economic interests of the Division.
    3. Draft policies, recommendations, and deliberative records (advice and recommendations exception).
    4. Information subject to a confidentiality agreement with a third party.
33. When a discretionary exception applies, the Access and Privacy Coordinator shall consider whether the public interest in disclosure outweighs the reason for the exception, and shall document the rationale for exercising or not exercising the discretion.

d. Severing

34. Where an exception applies to only part of a record, the Access and Privacy Coordinator shall sever (redact) the excepted portion and disclose the remainder, as required under ATIA. Severing shall be performed so that the disclosed portion is meaningful and not misleading.
35. Severed records shall clearly indicate where information has been removed and cite the applicable exception provision.

e. Documentation of exception decisions

36. For each record or portion of a record to which an exception is applied, the Access and Privacy Coordinator shall document the specific ATIA section relied upon, a brief description of why the exception applies, and for discretionary exceptions, the rationale for exercising the discretion.
37. Exception documentation shall be retained as part of the ATI request file and shall be available for OIPC review if the applicant requests a review.

f. Legal counsel consultation

38. The Access and Privacy Coordinator shall consult legal counsel before applying exceptions involving solicitor-client privilege, before refusing an entire request on the basis of an exception, or where the application of an exception is complex or novel.
39. The Access and Privacy Coordinator may consult legal counsel on any other exception decision where guidance is needed.

g. Unreasonable invasion of personal privacy

40. When determining whether disclosure of personal information in a record would constitute an unreasonable invasion of a third party's personal privacy, the Access and Privacy Coordinator shall consider all relevant circumstances, including:
    1. Whether the disclosure is desirable for the purpose of subjecting the activities of the Division to public scrutiny.
    2. Whether the personal information is relevant to a fair determination of the applicant's rights.
    3. Whether the third party will be exposed unfairly to financial or other harm.
    4. Whether the personal information has been supplied in confidence.
    5. Whether the personal information is likely to be inaccurate or unreliable.
    6. Whether the disclosure may unfairly damage the reputation of the individual.
    7. Whether the personal information was originally provided by the applicant.
    8. The nature and sensitivity of the personal information (health, financial, employment, educational).
41. When the unreasonable invasion determination is not straightforward, including where competing interests must be balanced, where the record contains sensitive personal information such as health or financial information, or where disclosure involves a category of personal information not previously addressed by the Division, the Access and Privacy Coordinator shall consult the Division's legal counsel and may consult the OIPC's published orders and guidance for direction.
42. The Access and Privacy Coordinator shall document the unreasonable invasion analysis for each affected record or portion of a record, including the factors considered, the weight assigned to each factor, and the conclusion reached. This documentation shall be retained in the ATI request file and shall be available for OIPC review if the applicant requests a review.

6. Third-party notification

a. When notification is required

43. Before disclosing a record that may contain information affecting a third party, the Access and Privacy Coordinator shall determine whether third-party notification is required under ATIA. Notification is required where:
    1. The record contains personal information of a third party and the Access and Privacy Coordinator is considering disclosing it.
    2. The record contains confidential business information of a third party.
    3. The record was supplied in confidence by a third party.

b. Notification procedures

44. The Access and Privacy Coordinator shall provide written notice to the affected third party, including:
    1. A description of the ATI request (without revealing the applicant's identity).
    2. A description of the record or portion of the record that may affect the third party.
    3. An invitation to make written representations on whether the record or portion should be disclosed.
    4. The deadline for representations (not less than 20 days from the date of notification, or as prescribed under ATIA).
45. Notification shall be sent by a method that provides confirmation of receipt (email with read receipt, registered mail, or personal delivery).

c. Third-party representations

46. The third party may make written representations to the Access and Privacy Coordinator setting out reasons why the record or portion should not be disclosed.
47. The Access and Privacy Coordinator shall consider the third party's representations before making a disclosure decision.

d. Decision and notice

48. After considering the third party's representations (or after the deadline passes without representations), the Access and Privacy Coordinator shall make a disclosure decision and provide written notice to the third party of the decision.
49. If the Access and Privacy Coordinator decides to disclose the record over the third party's objection, the notice shall inform the third party of their right to request a review by the OIPC. Disclosure shall not occur until the period for requesting a review has expired, unless the applicant's interests require earlier disclosure and ATIA permits it.

7. Fee schedule

a. Personal access vs. general access

50. Fees applicable to an ATI request depend on the nature of the records sought:
    1. Personal access requests, where an individual is requesting access to their own personal information (or, in the case of a parent or guardian, the personal information of their minor child), are not subject to an initial application fee. Reasonable fees for photocopying or producing electronic copies may apply where the volume of records is significant.
    2. General access requests, where the records sought are not the personal information of the applicant, are subject to the fee schedule in this section, including any initial application fee prescribed by regulation.
51. The Access and Privacy Coordinator shall determine whether a request is a personal access request or a general access request, and shall apply the applicable fee structure. A request that contains both personal and general elements shall be processed with personal-access treatment for the personal portion and general-access treatment for the remainder.

b. Applicable fees (general access requests)

52. The Division may charge fees for services related to general access requests as authorized under the Access to Information Act Regulation. Applicable fees include:
    1. Initial application fee (as prescribed by regulation, if any).
    2. Search and retrieval: per quarter hour spent searching for responsive records.
    3. Preparation: per quarter hour spent reviewing, severing, and preparing records for disclosure.
    4. Photocopying: per page for physical copies.
    5. Electronic copies: actual cost of media, if applicable.
    6. Shipping: actual cost, if records are mailed at the applicant's request.
53. Fees shall not be charged for the time spent by the Access and Privacy Coordinator in deciding whether to apply exceptions.

c. Fee estimates

54. Before processing a request that is expected to result in fees exceeding $25, the Access and Privacy Coordinator shall provide the applicant with a written fee estimate. The estimate shall include the basis for the estimated fees and shall inform the applicant that they may narrow the scope of the request to reduce fees.
55. Processing of the request shall be paused until the applicant confirms they wish to proceed, narrows the request, or abandons the request. If the applicant does not respond within 30 days, the request shall be deemed abandoned.

d. Fee waivers

56. The Access and Privacy Coordinator may waive all or part of the fees where:
    1. The applicant demonstrates financial hardship.
    2. The information relates to a matter of public interest.
    3. The cost of collecting the fees would exceed the fees themselves.
    4. The fees are prescribed to be waived under ATIA or the Regulation.
57. Fee waiver decisions shall be documented in the ATI request file.

e. Payment

58. Fees shall be paid before records are released. Payment may be made by cheque, money order, or electronic transfer to the Division office.
59. If the actual fees are less than the estimated amount paid, the difference shall be refunded. If the actual fees exceed the estimate, the Division shall absorb the difference unless a revised estimate was provided and accepted by the applicant.

8. Excluded records

60. ATIA does not apply to certain categories of records. When a request involves records that fall within an excluded category, the Access and Privacy Coordinator shall advise the applicant that the records are excluded from ATIA and are not subject to the access provisions of the Act.
61. The following categories of records are excluded from the application of ATIA:
    1. Records in a court file or records of a judge of the Court of King's Bench or the Court of Appeal.
    2. Constituency records of a member of the Executive Council.
    3. Records of a committee or body that is authorized to perform a quasi-judicial function.
    4. Records of the Office of the Information and Privacy Commissioner.
    5. Published material or material that is available for purchase by the public.
    6. Records created by or for an officer of the Legislature.
    7. Questions that are to be used on an examination or test.
    8. Teaching materials or research information of an employee of a post-secondary educational body.
    9. Material placed in the Alberta Archives by or for a person or entity other than a public body.
    10. Records relating to a prosecution if disclosure could reasonably be expected to interfere with the prosecution.
62. For the Division, the most commonly encountered excluded record categories are published material or material available for purchase, examination or test questions, and records in a court file. The Access and Privacy Coordinator shall apply exclusions based on the nature of the specific records, not as a blanket exclusion of an entire request.
63. Where a request encompasses both excluded records and records that are not excluded, the Access and Privacy Coordinator shall process the non-excluded records under ATIA and advise the applicant that the excluded records are not subject to the Act.

9. Disregard of requests

64. The Superintendent may authorize the Access and Privacy Coordinator to disregard a request under ATIA where one or more of the following circumstances apply:
    1. The records requested have already been provided to the applicant, or are publicly available.
    2. The request does not provide sufficient detail to identify the records sought, and the applicant has been given a reasonable opportunity to clarify the request but has not done so.
    3. The request is for the same or substantially similar information previously requested by the same applicant (repetitive request).
    4. The request would unreasonably interfere with the operations of the Division because the request is systematic or vexatious in nature.
    5. The request is frivolous or is not made in good faith.
65. Before a request is disregarded, the Access and Privacy Coordinator shall document the basis for the disregard determination and obtain written authorization from the Superintendent.
66. Before disregarding a request on the grounds that it lacks sufficient detail to identify the records sought, the Access and Privacy Coordinator shall make reasonable efforts to assist the applicant in clarifying the request, including providing guidance on how to describe the records sought. The duty to assist the applicant applies regardless of the circumstances of the request.
67. When a request is disregarded, the Access and Privacy Coordinator shall provide written notification to the applicant that includes the ATIA provision under which the request is being disregarded, the reason for the disregard determination, and the applicant's right to request a review of the decision by the Office of the Information and Privacy Commissioner.
68. All documentation related to a disregard determination, including the applicant's request, the disregard assessment, the Superintendent's written authorization, and the notification to the applicant, shall be retained in the ATI request file.

Review

This procedure shall be reviewed every three years by the Access and Privacy Coordinator, or earlier if triggered by:

• Changes to the Access to Information Act or its regulations
• OIPC orders or guidance affecting Division practices
• Changes to the Division's governance structure
• Direction from Senior Administration or the Board of Education

Cross reference

• Policy 310 – Information Security Charter
• Policy 311 – Privacy and Access to Information
• A.P. 312 – Technology Acquisition and Use
• A.P. 313 – Data Classification
• A.P. 321 – Information Security Incident Response
• A.P. 322 – Third-Party and Vendor Risk Management
• A.P. 323 – Privacy Management
• A.P. 325 – Chain of Custody
• A.P. 505 – Electronic Surveillance
• CG-002 – Privacy Management Program Overview
• IM-009 – Records Retention Schedule
• IM-024 – Access to Information Request Processing

Legal reference

• Access to Information Act, SA 2024, c A-1.4
• Access to Information Act Regulation
• Protection of Privacy Act, SA 2024, c P-28.5
• Protection of Privacy (Ministerial) Regulation, Alta Reg 143/2025
• Education Act, SA 2012, c E-0.3