What if someone requests access to a record that also includes information about a third party? Must we always remove the other person’s information before releasing the record?
It depends on whether the record is dedicated primarily to providing services to the person requesting access:
- If so, they have a right to access the entire record — even if it happens to contain information about another person
- If not, they have a right to access only their own personal information from the record
In either case, their right of access is subject to several exceptions. Part X does not include an overarching access exception that requires you to always remove third party information before providing access. But it does contain other exceptions (such as where access will lead to a risk of serious harm) that may apply to third party information in some cases.
Learn more about access exceptions, and about how to determine if a record is dedicated primarily to providing services to the requester, in our guide to providing access to information under the CYFSA.