Ontario’s Information and Privacy Commission is weighing in again regarding the balance between the statutory obligation of municipalities to make Planning Act applications publicly available and the considerations of privacy in making those documents available online.
A resident of Toronto applied for a building permit. The permit required minor variance approval from Toronto’s Committee of Adjustment.
All Planning Act applications are public records. Section 1.0.1 of the Planning Act states, “Information and material that is required to be provided to a municipality or approval authority under this Act shall be made available to the public.”
The City of Toronto posts full minor variance applications online, with no redaction. Applications include personal information including a persons name, address, and email.
Following the online posting, the applicant states they received ‘a barrage of unwanted calls and/or emails from unscrupulous individuals/companies contacting her about their project as well as receiving phishing emails.’
The IPC report states because the Planning Act states applications are public records, the City is not required to redact personal information.
Nonetheless, IPC Adjudicator Alanna Maloney writes municipalities should implement “data minimization principles” to avoid posting personal information online.
The City of Hamilton already redacts personal emails and phone numbers from online CoA application postings. Additionally, the City redacts personal addresses and similar information in most public meeting documents posted online.
Original, unredacted, Planning Act documents remain available upon request.
“This office has issued guidance material related to identity theft encouraging individuals to minimize the amount of information they give out, especially online, and recommended organizations not put scanned copies of signatures on their website,” Maloney reminded the City of Toronto in their report.