Information & Ethics Committee on Oct. 2nd, 2006

Evidence of meeting #8 for Access to Information, Privacy and Ethics in the 39th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was requester.

A recording is available from Parliament.

On the agenda

Study on issues related to the alleged disclosure of the names of Access to Information applicants

MPs speaking

Also speaking

J. Alan Leadbeater Deputy Information Commissioner, Office of the Information Commissioner of Canada

Wayne Watson Director General, Investigation and Inquiries Branch, Office of the Privacy Commissioner of Canada

Jan Peszat Manager, Investigation and Inquiries Branch, Office of the Privacy Commissioner of Canada

4:20 p.m.

Deputy Information Commissioner, Office of the Information Commissioner of Canada

J. Alan Leadbeater

Well, I think the most recent time we mentioned it is in our open government act. I think we wanted to raise it, as we are sufficiently concerned about the frequency of this that we think it needs to be articulated in the way we suggest in the statute, because we feel that not only is it the names of individuals--which is personal information protected--but it's the names of corporations and so forth. For example, it's the little contractor who wants to do some business with a port authority and decides to put in some access requests about the port authority, and then runs into the head of the port authority at a cocktail and the guy says, “You're not getting contracts if you keep putting access requests in here”--that kind of stuff. They don't get protection because they're businesses. That needs to be remedied in the statute.

4:20 p.m.

Liberal

Stephen Owen Liberal Vancouver Quadra, BC

Maybe as a final question on that, Chair, if I may, you've mentioned, both of you, that there aren't any penalties under either statute for what may be a breach of the law. Is it your opinion, or perhaps your counsel's opinion, that this would give rise to civil liability in the case you mentioned of a contractor apparently losing a contract because of an unlawful disclosure?

4:20 p.m.

Deputy Information Commissioner, Office of the Information Commissioner of Canada

J. Alan Leadbeater

Absolutely. I think bad-faith action on the part of a government official can give rise to liability, but it's a very cumbersome way of enforcing a public duty, I think. I'm not sure that it requires a criminal penalty in the statute, but it does require, I think, some tough action by senior managers by way of discipline if they find this out, and that discipline should be made known in the system.

To this date, I know of no discipline ever meted out to anyone for disclosing identities, including Mr. Rowat after he refused to answer the question and was told by the court he had to answer the question or face contempt. He came back and said, I can't remember the name of the person who told me. He went back to the court, which laid on punitive penalties, and the government paid them. The government pays them for him.

What were the penalties, you ask? I'm not sure what the penalties were.

4:20 p.m.

NDP

The Vice-Chair NDP Pat Martin

Bruce Stanton, five minutes, please.

4:20 p.m.

Conservative

Bruce Stanton Conservative Simcoe North, ON

Thank you, Chair. It's good to have you up there today, although we will miss your excellent questions from the other side—perhaps.

4:25 p.m.

NDP

The Vice-Chair NDP Pat Martin

I miss them terribly too. I'll sneak in there now and then.

4:25 p.m.

Conservative

Bruce Stanton Conservative Simcoe North, ON

And thank you to the witnesses.

My question for both representatives of commissioners here today is really more about when the breach actually occurs. I think I heard in Mr. Leadbeater's presentation that this information could be shared within government circles except, I think you mentioned, for exempt staff, which would include ministerial political staff, for lack of a better word. But would it be true to say that it's when that information is used in a fashion that would in some way prejudice the process, or complicate the process going forward, that the breach in fact occurs? I've just been trying to draw a line on that.

For example, I note a potential example of this from the Information Commissioner's report of 1998-99. I'll quote from page 8 of the report:

The Prime Minister's department set a poor example by insisting from the beginning that the access system be sufficiently slow to enable PCO to continue to manage releases in a way most favourable to the government of the day. All politically sensitive requests require consultation with PCO before they are answered.

Is that an example of the “retribution--I think that is the term you used--or an example of when the mechanics of a request begin to have consequences, because of the sharing of that information? I wonder if you could expand on that a bit.

4:25 p.m.

Deputy Information Commissioner, Office of the Information Commissioner of Canada

J. Alan Leadbeater

On the first thing you mentioned, about whether it can be shared within a department, the Privacy Act says only if it's for the purpose for which it was originally collected, or for a purpose consistent with that. So if you get the name of an access requester—it's on a form seeking access—you can disclose it to the extent necessary to process that access request, but not to serve the communications needs of the department or the minister, and so forth. That doesn't mean you can't tell the powers that be what may be released; just don't link it up with that identity.

So when you start having a separate little process for more sensitive requests, either because it's the individual and the individual is a thorn in the side of the government, or whether it's the subject of the thorn, that's when discriminatory treatment creeps in. It takes longer to answer that because more people are being consulted, and so forth.

That is the point I was trying to make, and I'm not sure if that gets to your question or not.

4:25 p.m.

Conservative

Bruce Stanton Conservative Simcoe North, ON

It was really just to understand when the breach occurs. From what I've heard, in fact, it is a narrow view to what degree that personal information can be shared. So there could in fact be a breach of the Privacy Act, even if the information were shared for purposes not associated with the request that came forward.

4:25 p.m.

Director General, Investigation and Inquiries Branch, Office of the Privacy Commissioner of Canada

Wayne Watson

Exactly. The fact that it's the tool and it's an ATIP request is incidental. Whenever personal information is disclosed without the consent of the individual, then you have the potential for a breach.

4:25 p.m.

Conservative

Bruce Stanton Conservative Simcoe North, ON

Just for clarity, though, we've heard this has continued. This report was back in 1998-99. This is something that has continued on. I don't know if the question came up earlier, but can you put a measure on how broad this activity is within the public service?

4:25 p.m.

Director General, Investigation and Inquiries Branch, Office of the Privacy Commissioner of Canada

Wayne Watson

As far as our office is concerned, I can state that we've had no complaints in many years, and in our history we've had very few complaints on similar matters. Some have been well founded; some have not. The reason might be that people don't know they can complain to our office or they just don't know that their name was revealed, but we've had very few complaints.

4:25 p.m.

Conservative

Bruce Stanton Conservative Simcoe North, ON

In respect to going ahead now, we know that there will be consideration of amendments to the Access to Information Act coming forward. Is the Access to Information Act the right place to have those recommendations that you brought forward, or should that rather be in the amendments to the Privacy Act, as you mentioned that it's also in need of review? I'd be interested in where in fact that protection could come.

4:25 p.m.

Deputy Information Commissioner, Office of the Information Commissioner of Canada

J. Alan Leadbeater

It's in the Privacy Act now and it's insufficient as far as we're concerned, and we're concerned specifically about giving protection to information about requesters who are not individuals. There is an issue with putting that in the Privacy Act, which is designed to protect information about individuals, but I think too you have to realize that the pressure to disclose requester identities comes mainly in the access to information world and not so much the privacy world.

When people ask for their own information under the Privacy Act, the communications function of the department is not triggered, the minister's office is not interested, and there aren't Qs and As. They're asking for their own income tax file or their own disciplinary file or information about themselves. It's when you get into access to information requests about broad policy issues, actions, expense accounts, and so forth that a department becomes interested in knowing who's asking for that, what they might do with it, and how can the department get ready to react to it.

4:30 p.m.

Conservative

Bruce Stanton Conservative Simcoe North, ON

Thank you, Mr. Chair.

4:30 p.m.

NDP

The Vice-Chair NDP Pat Martin

Thank you, Mr. Stanton.

Mr. Laforest, for five minutes.

4:30 p.m.

Bloc

Jean-Yves Laforest Bloc Saint-Maurice—Champlain, QC

I have read information with respect to privacy and I note that there are exceptions under which some information can be authorized for release.

If a federal institution intends to rely on such an exception, it must inform the Commissioner, who then assesses the situation. That institution can say that the organization in question should not be allowed to benefit from such an exception, since the right to privacy outweighs the public’s right to know.

Does the Commissioner receive many requests of this type? Has she received many lately?

4:30 p.m.

Director General, Investigation and Inquiries Branch, Office of the Privacy Commissioner of Canada

Wayne Watson

Are you referring to paragraph 8(2)(m)? I just want to be sure we’re talking about the same thing.

4:30 p.m.

Bloc

Jean-Yves Laforest Bloc Saint-Maurice—Champlain, QC

I don’t have the exact wording of the legislation in front of me. I’m talking about section 29. This is from background information we obtained regarding the Privacy Act where it talks about a “tool”, rather than a “justification for secrecy”. It makes reference to subsection 8(2) of the Act.

4:30 p.m.

Director General, Investigation and Inquiries Branch, Office of the Privacy Commissioner of Canada

Wayne Watson

I see. You’re talking about paragraph 8(2)(m).

Mr. Jean-Yves Laforest

It reads as follows:

Subsection 8(2) of the Act describes the specific cases where Government institutions can release an individual’s personal information without his or her consent.

4:30 p.m.

Director General, Investigation and Inquiries Branch, Office of the Privacy Commissioner of Canada

Wayne Watson

Yes, indeed, it’s quite frequent. They are exceptional cases, however. Let me give you an example. When someone dies in prison, if the family wants information, either about the investigation that was conducted or personal information the prison may have about the individual who is deceased, we will be advised that, for humanitarian reasons, that personal information should be provided to the spouse or the family. When that happens, unless the requester is refused, we will agree to it by letter.

4:30 p.m.

Bloc

Jean-Yves Laforest Bloc Saint-Maurice—Champlain, QC

Is it necessary for the Commissioner to be informed in each and every case where an institution wishes to use that section of the Act?

4:30 p.m.

Director General, Investigation and Inquiries Branch, Office of the Privacy Commissioner of Canada

Wayne Watson

Yes.

4:30 p.m.

Bloc

Carole Lavallée Bloc Saint-Bruno—Saint-Hubert, QC

Mr. Leadbeater, I’d like to come back to the practice of releasing access to information requests to Ministers’ offices or to the Prime Minister. We recently heard about an incident where the name of a journalist who had made an ATIP request was released.

Of course, this may not be the case for Liberals and Conservatives now, but it brought to light a practice that I was completely unaware of. I find this rather worrisome in terms of what it could lead to. Indeed, when someone files an ATIP request, whether it is a Member of Parliament or a reporter, that individual can be sure that this information request will circulate inside the department and within the Cabinet. Knowing that, it seems to me that people will be far less inclined to make an access to information request. It casts a shadow over the work we do. At the very least, it is an additional obstacle, not to mention the fact that it gives an undue political advantage to whatever office happens to have that information.

The Justice Department is currently reviewing the Access to Information Act. Rather than asking public officials to be courageous, could we not just add a section to the Act prohibiting this kind of practice?

4:30 p.m.

Deputy Information Commissioner, Office of the Information Commissioner of Canada

J. Alan Leadbeater

I'm not sure that particular policy matter is something that I have much expertise on, but I actually do not agree that the government should be prevented from knowing what's being requested under access, because the government has an obligation to react as well. That's part of service to the citizens, being prepared to answer questions that may arise out of disclosures that come out under access.

So I'm not sure I would favour that it would lead to good governance to have a system whereby the political or public service leadership of a government department could never know what was being released from their department under access. I think that's going too far.