Evidence of meeting #9 for Access to Information, Privacy and Ethics in the 39th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was requests.
A recording is available from Parliament.
Liberal
The Chair Liberal Tom Wappel
Order, please.
Our witnesses apparently went to the wrong building, and that's why they're not here, so we're waiting for them. I did present the first report of the committee, as passed, in the House at 3:05 today.
Monsieur Martin, s'il vous plaît.
NDP
Pat Martin NDP Winnipeg Centre, MB
The only thing I wanted to raise, Mr. Chairman, is that I know we asked you to submit the report to the House, and I expected you to do it today, but it is unusual for the committee to make a report without circulating that report at the committee first to give us an opportunity to proofread it.
Usually the report is based on a motion, perhaps, but it also would reflect the feelings of the committee or some study the committee had made. My concern now is--and I've asked the clerk to look into it--that if that report wasn't tabled in the proper way or worded in the proper way, we might not be able to move concurrence on it. We need to investigate because we may have tripped ourselves up through our interest in getting it debated in the House of Commons. So we'll have to be aware of that.
Liberal
The Chair Liberal Tom Wappel
Okay, there are two points. The report was in the words of the motion that was passed. That is what the motion said, and that's how it was presented in the House.
If it turns out that there is some technical difficulty, then no doubt we'll find out what that technical difficulty is. I can bring it back to the committee and just let you know what the rules are. If the committee's view is that we should pass a second report, embellishing on the first or changing the wording, and if that is the view of the majority of the committee, then the committee will speak accordingly.
As far as actually presenting the report goes, it was done properly.
We have two of the three witnesses here. Are we waiting for a third, gentlemen, or are we ready to go?
Jim Alexander Deputy Chief Information Officer, Treasury Board of Canada Secretariat
We're ready to go.
Liberal
The Chair Liberal Tom Wappel
We're ready to go.
I've called the meeting to order, so pursuant to Standing Order 108(2), we're continuing a study on issues related to the alleged disclosure of the names of access to information applicants.
Today we have witnesses from the Treasury Board of Canada Secretariat: Mr. Jim Alexander, deputy chief information officer; and Mr. Donald Lemieux, executive director, information, privacy and security policy.
Mr. Alexander or Mr. Lemieux, do you have an opening statement?
Deputy Chief Information Officer, Treasury Board of Canada Secretariat
Yes, I do, thank you.
Deputy Chief Information Officer, Treasury Board of Canada Secretariat
First, Mr. Chairman, thank you for your indulgence in our being late here. We ended up in the wrong spot, and security slowed us down a bit, so I'm glad that I'm here.
Deputy Chief Information Officer, Treasury Board of Canada Secretariat
Exactly. Information management is different from access to information, it turns out.
My name is Jim Alexander, and I'm the deputy chief information officer at Treasury Board Secretariat. I'm accompanied by Donald Lemieux, who's the executive director of information, privacy and security policy division. One of our colleagues, Charles Taillefer, will also be here momentarily.
On behalf of Treasury Board Secretariat, I would like to begin by thanking the Committee for this opportunity to discuss the policy role that Treasury Board Secretariat plays with respect to access to information and privacy across the Government of Canada, specifically as it relates to the issue of disclosing the names of applicants seeking information under the Access to Information Act.
As the lead department for access to information and privacy policies, Treasury Board Secretariat takes the right of access and the privacy of all Canadians very seriously. Canada's solid foundation of privacy laws and policies has made it a world leader in privacy protection for more than 25 years, and it has had effective privacy management practices in place for some time as well.
In fact, when issues or concerns arise, Treasury Board Secretariat is quick to respond. For example, following recent allegations that the name of a requester was improperly disclosed, the secretary of the Treasury Board immediately sent a notice to his colleagues reminding them of their responsibility to protect the identity of access to information requesters. A reminder was similarly sent to the access to information and privacy communities.
When a similar situation arose in 1999, Treasury Board Secretariat acted swiftly to issue an implementation report—which is the means by which TBS provides guidance to the access to information and privacy community, the ATIP community—to treat this information as personal information.
Since then, several mechanisms have been introduced to inform and educate the ATIP community on their roles, responsibilities, and best practices. This brings us to the issue this committee is currently studying: the disclosure of names of access to information requesters.
Although this is not specifically addressed in the current Access to Information Act, it's clear that the definition of personal information contained in the Privacy Act covers the names of individuals who file requests for information under either act. The Privacy Act sets out the rules that govern the collection, use, and disclosure of such personal information. The general principle with respect to the use and disclosure of personal information is that it should only be used or disclosed for the same purpose for which it was collected or a purpose consistent with it.
It's important to note that the policies issued by Treasury Board Secretariat support and enhance the Access to Information Act, the Privacy Act, and associated regulations, the broad overview of which falls under the responsibility of the Minister of Justice.
The legislative framework at hand includes those two acts: the Access to Information Act, which provides the general right of access to information that's held by the Government of Canada, and the Privacy Act, which provides Canadians with a right of access to their own personal information, as well as protection for their personal information that's held by the government. Both were proclaimed into force on July 1, 1983.
With respect to the Access to Information Act and the Privacy Act, Canada has two parliamentary officers, the Information Commissioner and the Privacy Commissioner. These agents of Parliament investigate complaints pertaining to the act and report to Parliament annually on their investigations and related activities.
The Privacy Commissioner is specifically mandated in law to perform audits to ensure that departments are handling personal information in accordance with the Privacy Act. Similarly, the Information Commissioner conducts regular evaluations to assess departmental compliance with the Access to Information Act.
Treasury Board Secretariat does not have an audit function with respect to monitoring the administration of the acts. For its part, TBS relies on annual reports and other departmental documents to monitor compliance with the policy. Beyond this, Treasury Board policy indicates that internal audit groups are responsible to examine the institution's success in meeting legal and policy requirements.
The President of the Treasury Board is the designated minister under the act who is responsible for issuing policies and guidelines governing the operation of both the Privacy Act and the Access to Information Act and associated regulations. Treasury Board Secretariat supports the president in this role by developing policies and guidelines and providing training to the access to information and privacy community.
From a policy perspective, TBS has issued the policy on privacy and data protection, the policy on privacy impact assessments, and the access to information policy. These policies apply to institutions that are covered by the legislation, which include 185 institutions under the Privacy Act and 180 institutions under the Access to Information Act.
In addition, these policies reinforce information management principles inherent in the Management of Government Information Policy and the Security Policy. They also support the objective of “duty to inform”, “routine disclosure” and “service to the public”, which are fundamental concepts within the Communications Policy.
From a training and development perspective, the Treasury Board Secretariat is the functional lead for training the ATIP community. Throughout the years, Treasury Board Secretariat has adopted different measures to help federal institutions adhere to the policies and standards issued regarding Access and Privacy
For example, TBS provides ongoing training to the access and privacy communities. We do this through a variety of means. We develop training material and host training sessions.
Last year we held a total of 26 different ATIP training sessions with a total of 404 registered participants. That is really a significant number of participants from the community, considering the relatively modest number of about 500 public servants who make up the ATIP community around the federal public service.
We hold regular community meetings, often in conjunction with the justice, access to information, and privacy communities. At those meetings we tend to share issues of interest and best practices and advise the community of any changes to the policies or practices.
We respond to calls and written requests from ATIP practitioners who have questions or concerns or who require assistance regarding training. An average of 50 calls and e-mails a month are received for advice and interpretation on ATIP policies and guidelines, and then we prepare and distribute guidance documents to the ATIP community.
Finally, we publish an annual info-source bulletin, which contains statistics of requests made under the Access to Information Act and the Privacy Act and summaries of Federal Court cases of relevance to the interpretations of the act.
While the secretariat plays an important role in providing guidance to the ATIP community in establishing policies and guidelines, it remains the case that the heads of institutions are ultimately responsible for the administration of the acts within their respective institutions.
Heads of Government institutions are responsible for ensuring that their organizations comply with Privacy and Access to Information legislation and with the Treasury Board policies and guidelines that support the legislation to ensure access to Government information and the protection of the privacy of Canadians.
This means that each institution is responsible for putting into place a process to respond to requests in a manner that is both consistent with the policy and complies, obviously, with the legislative requirements.
The responsibility for responding to ATIP requests within institutions is generally delegated to ATIP coordinators. Last year the government's access to information and privacy community processed approximately 25,000 access to information requests and approximately 36,000 privacy requests.
In summary, TBS is committed to access to information and to its principles of openness, transparency and accountability. The Access to Information Act is an important means for the public to obtain information on government operations and decision-making and a means through which Canadians can hold their government to account.
As you can appreciate, there is a balance to be struck between providing openness on one hand and ensuring the protection of legitimate concerns, such as personal privacy, on the other. The Government of Canada's policies and guidelines enhance the legislative framework to ensure this balance is respected.
I'm confident that we have the legislative framework, policy frameworks, and tools that we need to ensure departments, agencies, and crown corporations provide Canadians with effective access to government information while protecting their personal information.
Ultimately, the government's goal with respect to access to information and privacy is to ensure the continued accessibility of information to Canadian citizens and businesses while protecting the privacy of personal information that is shared with government. This is an issue that we take very seriously.
I can assure you that the Treasury Board Secretariat is committed to supporting the administration of the Access to Information Act and the Privacy Act. We will continue to provide all 180 departments, agencies and Crown corporations with guidance on related policy issues and arising issues and concerns.
Mr. Chairman, this brings me to the end of my statement. Mr. Lemieux and I would be very pleased to respond to questions from members of the committee relating to the government's access to information and privacy policies and guidelines and, in particular, the Treasury Board Secretariat's role in that regard.
Thank you for your attention.
Liberal
The Chair Liberal Tom Wappel
Thank you very much. Some of the members of this committee went to a seminar last week on the issue of the ATIP community and everything. It's getting more and more complicated by the day and more and more difficult. So I was certainly careful to listen to what you had to say, and good luck to you, because as information becomes more complex and more readily available it becomes more difficult to administer.
Liberal
Sukh Dhaliwal Liberal Newton—North Delta, BC
I was going to ask a question about this seminar.
Mr. Chair, why were we not informed of that?
Liberal
The Chair Liberal Tom Wappel
We won't take up the time of the committee, Mr. Dhaliwal, but you can talk to the clerk about it privately. It was my understanding that you were coming. I am very sorry that you didn't get whatever information was necessary.
I should say that it was a very worthwhile conference, but that is neither here nor there to our witnesses.
We'll straighten that out, Mr. Dhaliwal, because there's another one coming up. This one is on the Privacy Act. If the committee sees fit, and we deal with this in the new year, we'll make sure you are one of the first ones to be able to go, especially since you missed this one.
Who would like to go first for the official opposition? Would anyone from the official opposition like to ask questions? No.
What about the Bloc?
Bloc
Jean-Yves Laforest Bloc Saint-Maurice—Champlain, QC
My question has to do with the role played by the Treasury Board Secretariat.
You have been telling us about the Access to Information Act. Within Treasury Board, is there a compilation of all access to information requests made by various users, whether they are members of the public or inside Government? Are there any instruments in place that allow you to collate these data? How is all of that handled?
Donald Lemieux Executive Director, Information, Privacy and Security Policy, Treasury Board of Canada Secretariat
We keep an inventory of all access to information requests. The Treasury Board policy is to encourage all departments or federal agencies that are subject to the Access to Information Act to record their ATIP requests in that inventory. It is important to specify that it does not provide the name of the applicant.
Bloc
Jean-Yves Laforest Bloc Saint-Maurice—Champlain, QC
That is consistent with what you are saying about protecting the names of requesters, but is the origin of the request also protected? In other words, is it possible to find out whether the request is from a member of Parliament, a media outlet or an ordinary citizen?
Executive Director, Information, Privacy and Security Policy, Treasury Board of Canada Secretariat
Categories of requesters are catalogued in the system, but they are extremely general -- for example, member of the public, corporation, and so on. However, it is impossible to identify the requester specifically. Of course, for a member of the public or a corporation, we do not know who is making the request. If it's the media, we are unaware of which media outlet or company is involved, just as we do not know the identity of the reporter making the request.
Executive Director, Information, Privacy and Security Policy, Treasury Board of Canada Secretariat
I believe there are five: corporations, the public, organizations, the media and academics.
Executive Director, Information, Privacy and Security Policy, Treasury Board of Canada Secretariat
Corporations, the public, organizations, the media and academics.