Information & Ethics Committee on Nov. 24th, 2009

Good morning. Mr. Chairman, thank you for inviting us to appear before your committee to discuss the Treasury Board's new “Directive on Recordkeeping” under the Policy on Information Management.

My name is Peter Bruce and I am Deputy Chief Information Officer for the Government of Canada.

With me here today is Mr. Doug Rimmer, Assistant Deputy Minister of the Documentary Heritage Collection Sector for Library and Archives Canada.

To begin, it's important to note that Treasury Board Secretariat, Library and Archives Canada, and deputy heads all have shared responsibility in ensuring effective recordkeeping. Under the Financial Administration Act, Treasury Board is responsible for issuing management policies and guidelines within the federal public service. Treasury Board Secretariat supports Treasury Board in this role by developing policies and guidelines to support effective and consistent information management across government. The policy on information management and its related directives, including the directive on recordkeeping, are under the responsibility of Treasury Board Secretariat.

Under the Library and Archives of Canada Act, the Librarian and Archivist of Canada has the authority to issue disposition authorities and has the power to delegate this authority for the disposition of information resources. Perhaps more importantly for the purpose of today's discussion, he also provides direction and assistance on recordkeeping to institutions within the Government of Canada. My colleague, Mr. Rimmer, will provide additional information on the role of Library and Archives in a few minutes.

Finally, it is important to note that deputy heads are responsible for ensuring that their organizations comply with all management policies and legislative requirements and, more specifically, that they have responsibility for the management and administration of information.

Now I would like to provide you with more information on the information management policies that fall under Treasury Board Secretariat's responsibilities. In the context of our renewal of Treasury Board policies, the policy on information management came into effect on July 1, 2007, and replaced the former management of government information policy. It clarifies the responsibilities of deputy heads for fostering informed decision-making; facilitating accountability, transparency, and collaboration; and preserving and ensuring access to information in records for the benefit of present and future generations.

Implementation of the policy on information management is supported by the newly issued directive on recordkeeping. This directive supports strengthening specific information management protocols and practices to achieve effective stewardship of government information resources. It enables departments to create, acquire, capture, manage, and protect the integrity of information resources in the delivery of mandated programs and services.

The directive also clarifies the responsibilities of the designated Senior Information Management Official within each department for: identifying information resources based on an analysis of departmental functions and activities; identifying, documenting, and mitigating risks to the protection of information resources; and establishing and implementing key methodologies and tools to support recordkeeping requirements.

Furthermore, the directive places a priority on ensuring that digital information is accessible, shareable, and usable over time and through technological change. This directive will be implemented over a five-year span.

The directive was developed in collaboration with Library and Archives Canada. Consultations were conducted throughout all levels of the federal public service and with senior departmental representatives responsible for information management and access to information. These consultations identified very strong support for the implementation of mandatory requirements for recordkeeping, as well as the need for recordkeeping tools to support program and service delivery. Mandatory requirements will ensure transparency and accountability of mandated programs and services.

Deputy heads of government institutions are ultimately responsible for compliance to information management policy and the effective management of information resources under the control of their respective institutions.

Departments are assessed annually on their compliance to information management policy through the Treasury Board Secretariat's management accountability framework. The management accountability framework sets out the Treasury Board's expectations of senior public service managers for good public service management, and assessments are completed each year across 19 different areas of management, one of which is effectiveness of information management.

Mr. Chairman, members of the committee, as you know the Treasury Board Secretariat is strongly committed to transparency and accountability. Strong, comprehensive recordkeeping protocols and practices are important to enabling departments to efficiently respond to access to information requests. The Directive on Recordkeeping and its supporting standards and guidelines reinforce the discipline and rigour needed to ensure effective recordkeeping.

Mr. Chairman, this concludes my opening remarks. I would be pleased to respond to questions relating to the directive on recordkeeping following Mr. Rimmer's opening remarks.

Merci.

Thank you, Mr. Chairman, for inviting me to address you on the issue of the directive on recordkeeping.

Under the Library and Archives of Canada Act, Parliament assigned the librarian and archivist the responsibility of providing direction and guidance to departments and agencies on the management of records and the authority to control the disposition of records within government institutions. A key part of fulfilling these roles in the 21st century is the modernization of recordkeeping. Put simply, the volume of information generated by the government is growing exponentially. The methodologies prescribed by the new directive on recordkeeping are needed for the government to be able to manage this information in a sustainable manner.

Library and Archives Canada believes the directive on recordkeeping supports its mandate to deliver effective 21st century recordkeeping direction and guidance to government departments and agencies. This in turn ensures the ability of departments and agencies to find, retrieve, and use information in support of current decision-making, while also ensuring, in the long term, that the historical records of these institutions can be readily identified and easily transferred to us, making this documentary heritage available to all Canadians.

Effective, recordkeeping establishes ways and means for organizations to capitalize on corporate information as a key business asset and enabler. This supports current decision-making, documents business activity, and satisfies stewardship, accountability and legal requirements.

Over the last few years, the work of Library and Archives Canada to address systematic issues in the management of information in the Government of Canada has made great strides. These efforts have concentrated on reducing the legacy of unmanaged paper and electronic records as well as working to build capacity to manage the ever-changing digital landscape of electronic records. Perhaps, most importantly, LAC has been helping to find policy solutions to the problem. It is these solutions that I want to discuss today.

We are working closely with the chief information officer branch of the Treasury Board of Canada Secretariat, and our two departments have developed a suite of policy instruments. These instruments support and complement our own mandate, as well as the administration of access to information.

Primary among these policies is the directive on recordkeeping issued in June of this year. The directive lays out a strong framework that will improve recordkeeping within government. It ensures that records are created, captured, used, and managed as business assets, and that they are stored properly and disposed of in accordance with the Library and Archives of Canada Act. Importantly, the directive and the tools and guidelines that accompany it are designed to anticipate and effectively manage digital work environments.

The key to effective 21st century recordkeeping lies in the identification and management of what we call information resources of business value. This concept, which is based on international standards, gives departments and agencies a sound basis from which to manage their information resources in order to support their delivery of mandated programs and services. The directive on recordkeeping supports deputy heads in instilling discipline and rigour over the creation, capture, and management of information resources, improving accountability.

The Treasury Board of Canada Secretariat is responsible for the Directive on Recordkeeping. LAC continues to support the Secretariat through the development of complementary tools and guidelines and through awareness and training sessions. Moreover, under the Library and Archives of Canada Act, the disposition (destruction or transfer) of government records is authorized solely by the Librarian and Archivist of Canada.

The timely disposition (when legal and operational needs have expired) of government information is an essential component of sound recordkeeping. Good recordkeeping thus furthers the mandate of LAC in preserving the historical record of the Canadian government.

Mr. Chairman and members of the committee, I’d like to end by stressing that, as you know, a change in culture is essential for the implementation of effective 21st century recordkeeping in government. The Information Commissioner clearly identified “challenges that the modern digital environment presents” as one of the biggest current obstacles to effective recordkeeping. The Directive on Recordkeeping will result in better management of the creation and use of information as well as reducing legacies of unmanaged electronic and paper information. This will lead to improved accountability and stewardship, and, therefore, ultimately improve ATI responsiveness.

This concludes my statement. I would be more than pleased to respond to any questions from members of the committee relating to Library and Archives Canada’s role in improving the state of recordkeeping in the Government of Canada.

The biggest exception is that the new recordkeeping directive applies to the 112 departments that are covered in sections 1 and 2 of the Financial Administration Act. So while the directive is a mandatory instrument for those institutions, it is more of a voluntary compliance instrument for other organizations.

We anticipate that they will find this leads to best practices, and that what has been developed here through a broad consultative process, consistent with the Library and Archives Canada legislation and the expectations in the Financial Administration Act, will be adopted. But that's a significant exception.

Yes, section 2.3 of the directive refers to some exceptions. Various sections of the directive do not apply to specific organizations, such as the Office of the Auditor General, the Office of the Privacy Commissioner, and a number of others that are mentioned there. Again, it is relative to certain sections of the directive that don't apply to those particular organizations, given their specific mandates.

The rules under the recordkeeping directive would require that they be properly managed, and all aspects of the recordkeeping directive apply to those documents. I think there are questions of how exceptions get handled in the access to information policy and legislation for those documents, but for recordkeeping purposes, this directive applies.

That would relate most closely to the provisions in the Library and Archives of Canada Act, so I'll have Doug answer.

I'm happy to respond to that question.

If you're asking what were the previous rules, Library and Archives Canada and its predecessor agencies go back to 1872, so we've been collecting government records since that time, and a variety of different regimes have governed that. But essentially we have been responsible for the disposition of records, which can include one of three outcomes: the records come to Library and Archives Canada for permanent storage; they're transferred outside of the Government of Canada's control, so they may be transferred to another entity entirely; or they're destroyed.

We govern that disposition through what we call records disposition authorities. These are agreements that are signed between Library and Archives Canada and each organization that is subject to our act. That identifies the records that need to be maintained and those that can be destroyed. Some records need to be maintained for a much longer period of time as business records of the active department, never mind their historical value as archival records when they come to us. So each of those records and disposition authorities is specific to the institution that governs it. Until such a records disposition authority is in place, departments are not authorized to destroy records.

There are also specific provisions in other legislation, such as the Access to Information Act, that deal with particular situations, but generally with respect to the ongoing management of government records, it's our legislation and the tool we use is the records disposition authorities.

We communicate this out to departments by contacting the officials responsible for information management within departments, reminding them that the authority rests with the librarian and archivist of Canada, and that they need to develop with us a records disposition authority, which we sign with them and which then permits them to dispose of the records that we have agreed can be disposed of.

There are many administrative and temporary documents that departments have the authority to destroy themselves under those records disposition authorities. We don't simply rely on departments phoning us up and saying, “Hey, we'd like a records disposition authority.” We're aware of which federal institutions there are; we're aware of all of those where we need to have records disposition authorities in place; and we have an ongoing process of updating and renewing those as mandates change, because as the mandate of a department changes, that generates new information needs.

I'll handle the first part of that question.

Under the Library and Archives of Canada Act, if the librarian and archivist of Canada believes records are at risk--and they might be at risk for any number of reasons, physical or other risks that they could be exposed to--we do have the ability to go and get those records. We also have the ability not only to advise, but to require that departments not destroy certain records. So the agreements that we have in place through the RDAs are a tool by which we can actively control what records get destroyed.

I'll add two quick comments on the communication and then get to the second part of your question.

The recordkeeping directive actually flows from the policy on information management, which includes a role for the Canada School of Public Service in terms of disseminating information, and they embed information about the provisions in these policies into their courses for orientation for new government employees as well as for development for senior executives and functional specialists.

On the second part of your question about moving to a more open model, we believe this recordkeeping directive will really help in terms of getting the information organized in a way that would allow something like that to happen in the future. It's a positive step in that direction, but there are currently no plans.

It's the deputy minister or the head of the institution who appoints the senior official responsible for information management in each department.

It's the deputy minister or the head of the institution.

He appoints a person who—

That depends. It's up to them to decide, but normally it's a senior manager. It's often the assistant deputy minister responsible for corporate services or the senior information manager of the department. The decision as to who is the best candidate to carry out this important information management role is left to the deputy minister.

Yes, precisely, and that person is normally responsible for the information and file management team in the institution.

Yes, but that person is normally supported by others. Depending on the size of the institution, there is a team of functional experts that works in this field. If it's the deputy minister of corporate services who is appointed senior official, a head of the file management service can handle the day-to-day aspects of this program. There can definitely also be audit and evaluation teams responsible for better policy implementation.

Yes. I agree with you that these officers must bear a fairly heavy and significant burden in relation to this policy. They must see to the implementation of policy elements and take corrective measures. The consequences are significant. The first is management within the institution, but if there are ever any obvious problems outside that institution, corrective measures must be taken by the Treasury Board Secretariat.

There are audit procedures within the department for implementing directives. This official will implement these information management programs in the context of all departmental programs. The idea is to ensure that an institution's operational programs include the functional aspect of information management, service delivery, programs and policies. It is in this context that the official must manage and oversee the implementation of standards.

Yes, but I believe that the answer—

Yes, but there are elements of oversight in the Treasury Board's Management Accountability Framework.

It's done in the context of the Management Accountability Framework, which sets out the 19 operational areas of the departments for management excellence. One of those areas, area 12, is information management. We ensure that there is good governance, a strategy and a plan.

Now that this new directive is in place, we're going to start checking to see that the practices are also in place.

There's even a specific policy on consequences: now there's a policy that describes the consequences that may be considered in the context of the Financial Administration Act, which is essentially the act that enables the Treasury Board to put these mandatory policies and directives in place.

One of the important provisions of the directive is that the IM senior official identify information resources of business value based on analysis of departmental functions and activities carried out by the department and to enable it to support its legislated mandate, the protection of information resources of business value. So within the context of the operation of any department, they have to make those decisions and apply this policy. So it would be the senior IM official in the department who would be responsible for making that call.

We've seen what's in the newspapers and we've read some of the testimony. I think we don't have enough information to answer that question, I'm sorry.

Not to my knowledge.

It would be in the first instance, certainly.

There are provisions for that and consequences. Certainly section 7.2 has consequences and allows the Treasury Board to intervene and take measures according to the context and what has happened that might be in violation of the directive or policies.

Our role would be primarily in those situations in which documents might be at risk of being destroyed, as I mentioned in response to an earlier question.

There are allegations that have been made before another committee. I understand that the process is still in place. It is still ongoing.

I think the notion of business value is tied to the idea that the records that need to be kept need to relate to those functions the department carries out. So the analytical framework is linked very much to what work the particular entity is doing.

I mentioned that this concept of information resources of business value is linked to an international standard. There's an ISO standard. I think it's 15489, but I might have my number just a little bit wrong. It speaks to this issue, and our work is consistent with that framework. Certainly, within the business of government institutions, the notion of accountability, transparency, and keeping records that support decision-making are part of the business of government institutions. That's reflected in the directive on recordkeeping, which establishes the objectives and the expected results and deals explicitly with transparency and accountability. So the goal of effective recordkeeping is to create transparency and accountability.

We're speaking of records as they're managed within departments for departmental purposes. At some point in time, Library and Archives Canada gets interested in those documents for their historical purpose, and those that are assessed by our professionals as being the appropriate records to be preserved for all time are transferred to us. That's only a small segment of the total number of records the government creates. They are different from those records that might have business value for departments. They might have business value for five years; they might have business value for 50 years.

The authorities under the Financial Administration Act give us the authority to put directives in place that apply to these institutions. Whereas the Library and Archives of Canada Act and the Access to Information Act apply to 250 institutions, our authorities under the Financial Administration Act restrict us to 112. You'll notice that it does encourage all separate agencies to adopt these practices, and we expect that there will be actually broad adoption.

That can be done, yes.

We don't have any agreements in place of this type.

Can I comment?

I was going to go back to the comment about the balance between business value and transparency and accountability. I really hope we've got it right in this directive. The expected results—5.2.1 and 5.2.2—sit there right beside each other. One says let's make sure we can connect the businesses of government, and then, let's make sure these records are kept so we can provide the transparency and accountability that's required. I think they're in a fairly good balance.

The specific requirements for the directive on recordkeeping are described in section 6 and are initially to ensure that the information resources of business value are properly identified, that a risk profile for those information resources is created, and that it is done with respect to taking into consideration access to information and protection of personal information, and then, that measures are taken to respond to those risks.

Then there is the responsibility to ensure that the methodologies and mechanisms and tools are put in place to support the management of those records of business value. Another recordkeeping requirement is that the practices are documented and also that good communication goes out to departmental managers and employees to ensure they understand what their responsibilities are under the act. A companion directive talks about information management responsibilities and lays out what an employee's responsibility is and what a manager's responsibilities are, ensuring this information is communicated.

Under section 6.2, the requirements are around the monitoring. Under the IM policy, the deputy head appoints this IM senior official, who is the person responsible for the implementation and monitoring of that implementation within a department.

I do. There was no recordkeeping directive. We had policy on information management and, previous to that, a government policy on management of government information holdings. Both of them were much like the IM policy, but even our IM policy now has more explicit requirements. With this recordkeeping directive and the related supports that are coming in, I think we're much better off now in terms of our policy framework for recordkeeping in the Government of Canada.

I certainly hope so. I think a lot of factors come into how quickly a department can respond to access to information requests, primarily the complexity of the requests and whether or not they have to go through consultations with other departments. But having the fundamentals of good recordkeeping so you know what records you have, where they are, and what their business value is, I expect, will be a significant help in making better both access to information and protection of privacy in the Government of Canada.

The objective is to ensure effective recordkeeping practices that enable departments to create, acquire, capture, manage, and protect the integrity of information resources of business value in the delivery of Government of Canada programs and services. The expected results are really making sure those records of business value are properly identified and then used and managed as strategic assets, and then, through effective recordkeeping practices, ensuring we have that transparency and accountability that is expected of a government organization.

I think the directive on recordkeeping will improve the quality of information management in departments and should ensure that the records of business value are properly there and retained. As that supports transparency and accountability, I believe it should help in terms of both of those things.

No. I have nothing to add to what my colleague says. I think he's captured it very well.

I believe Australia uses the ISO standard that I referred to as the basis for record management in their country. As we mentioned in our remarks, we support the directive, which in turn supports the broad policy, with a number of guidelines. We're developing those further guidelines now. One of them will be on the notion of business value and helping departments understand in more detail how to apply those. There's a series of tools and supports that we provide under the policy, under the directive, to enable departments to actually use these concepts and put them in place in a meaningful way.

The change in culture we're referring to is one that encourages all public servants to understand that information management and good recordkeeping is part of the core functions of government and encourages them to pay attention to that as early in the process of creating records as they can.

The point you mentioned was not the point that I was trying to make. The culture at the moment we don't believe pays sufficient attention to good records management as early in the process as is helpful to supporting transparency and accountability. We would like to strengthen the awareness of public servants of the need to do that and provide them with the tools, the policy, and framework within which they can do that, so that as early as possible, as public servants in the course of doing their daily work, they're creating records, they're understanding which records need to be kept, which have business value, which are temporary records that don't need to be preserved, and we have good management practices right from the outset. That's the culture we need to strengthen.

The concern we're trying to address is that public servants are so focused on delivering the business to Canadians, serving Canadians in whatever way they're supposed to, that they're not thinking as much as they need to about how they are creating and documenting their activities. We would like to see a renewed emphasis on that area.

We have heard that message from the Office of the Information Commissioner and from information commissioners themselves. That's one of the reasons you'll see several references to the capacity of this recordkeeping directive to support our compliance with the Access to Information Act.

If it's not identified and captured, it can't become accessible. And if you don't know where it is, and it's not structured in a way that allows you to retrieve it, it's not accessible. If we do both of those things better, then it should support the access to information.

That is a decision for parliamentarians and the government. Our job is to look at the current legislative framework and provide directives to departments on how to operate within it.

In this regard, the Government of Canada is no different from our society as a whole. Throughout the world, the sheer amount of information generated each year is growing exponentially. Part of it is due to the ease with which we can create information. When it's easy to get and store at a relatively low cost, people tend to do more of it. Even in the electronic age, we're seeing that more information is being published each year than ever before. So the government is only a small part of a broad trend.

Certainly. With respect to the cultural changes that I was referring to before, most public servants have the ability right at their desktop to create files, to store documents, and those documents are government records. They might be very well-organized on one individual's computer, but if that individual were to leave and go to another organization, are those records well linked in with the corporate management system, so those that need to be kept are kept and those that should appropriately be disposed of--so we're not needlessly storing documents--are disposed of. We think that can be strengthened through the directive on recordkeeping and its implementation in departments. That's one example of where the tools facilitate the creation of records, and what we need to support is the management of those records in a strengthened way in the future.

You asked a second question, which is about the kind of documentation that Library and Archives Canada stores in digital format. We hope very soon to begin the transfer of government records to us once they reach the point in their overall life cycle when they should be transferred to the archives for permanent storage. We will soon be able to do that electronically. We've been testing our system in that regard. We also obtain a variety of electronic publications from publishers. So there's a lot of digital material coming to Library and Archives Canada at present under our mandate to support and preserve the documentary heritage of Canada.

Certainly the roles and responsibilities directive, which I'm sorry we haven't provided, does require that employees document their business activities while in government. Assuming this directive on recordkeeping is implemented, that transition of employees and the knowledge transfer required should be significantly improved because the records of business value will be captured and organized in a way that makes them accessible not only for other purposes but to the people assuming those roles and functions going forward.

There's a tremendous team of dedicated people doing the work on developing this directive, so I certainly wouldn't want to take a lot of the credit. I think the credit really goes to the team.

But I do think that having worked at Library and Archives Canada and understanding the Library and Archives of Canada Act and what “disposition” means has been particularly helpful. Understanding the significant impact that the shift from paper records to electronic records is having is particular helpful. Of course, knowing colleagues there and being able to collaborate on files like this is critically important to being able to get good, sensible guidance out to departments.

So I think it helps.

I believe it's a proposal that could work in the medium and long terms. The requirements of this directive should be put in place so that we are really capable of providing citizens with this kind of direct access to the Government of Canada. I think it's something that can be done. That's done in other places.

Yes, but I also believe a legislative framework is provided by Parliament and the Department of Justice that will determine what is done in this area in future. We apply the acts and regulations that are in place.

We didn't wait until the directive was in place before starting our work.

We've been addressing this problem for some time now. We have a strategy and an implementation plan that are spread over five years. We are already in the second year of the implementation of that plan. One of the elements of the plan was precisely to put this directive in place. We're currently developing policy elements that support this document.

A concrete example of what has been done is the establishment of an inventory of best practices and solutions that the various departments use. We have hundreds of solutions—that can be shared among institutions or used as examples—combined in an inventory available for all persons responsible for implementing this policy.

You're talking about a plan on...?

The information management plan? We were invited to discuss the directive, but I'd be pleased to talk to you a little about the implementation plan, if you wish.

There's a specific plan for the implementation of this new directive and, at the same time, a plan with a vision for information management within the government. These two plans work together and are very closely linked.

The directive implementation plan is a plan over five years, as I mentioned in my presentation. It starts precisely with this idea of making the new policy known across the public service. Then the idea is really to provide the necessary tools for its implementation and, from there, to move toward an ongoing improvement process.

Absolutely. We have both an implementation plan for the recordkeeping directive and our five-year information management strategy and plan, both of which we could share with this committee if you would like.

Certainly.

Certainly, the former policy on information management had just four requirements; the new policy on information has nine. Then there is this directive as well as the directive on roles and responsibilities that are the companion pieces to the policy. Largely, we've gone to something that is much more explicit in terms of what the requirements are, how those requirements are to be implemented. The previous policies did not have as explicit a statement of consequences. I realize you have to go to the Financial Administration Act and the policy on consequences to interpret what that section 7 means, particularly sections 7.2 and 7.3, but those are some of the significant changes.

I can't answer that specific question right now. Could we get back to the committee with the answer to that?

We have a governance structure that gets many of these senior management officials together about every two months to discuss some of the key issues. It's our committee on information management in business. It also combines senior access to information officials to reinforce that linkage between information management and access to information. We haven't had anybody formally write us a letter saying that since our policy came into effect in June 2009 they've seen this, but we do discuss collectively some of the challenges and issues that result from the implementation of this policy.

I think the notification could be in either form, and sometimes if it's a broad issue we might discuss it. There are minutes of those committee meetings, so the types of issues we're discussing are documented through those. If it were a specific issue in a particular department that the IM senior official wanted to raise, these people in particular, I would expect, would do that in a well-documented manner.

No.

I'm just scanning my memory of the Library and Archives of Canada Act.

I do not believe that phrase is found within our act. Certainly our act speaks to government records. It assumes government records exist, but it does not specifically reference the requirement to create them, that I can recall.

Not in the Library and Archives of Canada Act. Both the policy on information management and the directive we're speaking of here today assert the requirement for government departments to document their business and decision-making processes.

There are officials within the government who are responsible for the legislative framework and for advising ministers on legislation, and ministers are ultimately responsible for deciding what the legislative framework is. What I can tell you is that within the two instruments we're dealing with today we see those concepts contained within the policy and the directive.

They're not acts, that's right.

As I said, there are other officials in the Government of Canada who are responsible for formulating legislative options and advising ministers in that regard. That's not my specific responsibility. We're really here today to focus on these instruments for which we are responsible.

Those documents exist. So we should be able to provide them to you soon.

What are the typical requirements? One or two weeks?

One consequence can be to require a department to take certain measures. That could be to request a program audit or evaluation. It could even be measures that are not included in the Financial Administration Act. It could mean managing a department's funds until it has corrected certain deficiencies in its programs.

Not in an information management context, but in other contexts.

It's impossible for me to give you a specific example.

Yes.

When a department receives an audit request from the Treasury Board under the Financial Administration Act, I believe that it is a consequence. Going even further by managing a department's funds is quite a harsh consequence.

We also acknowledge the challenge of having competent people in place, and that's a recruitment, development and training issue. There is an organization that helps us collectively recruit information management specialists within the public service. Under the Information Management Policy, the express role of the Canada School of Public Service is to provide that training, and we are working in close cooperation with the school, Library and Archives Canada, and the Treasury Board Secretariat to ensure that the content of those programs is up to date.

No, I'm not saying that everything is going well. That's why we have taken measures to improve training, to establish recruitment processes, to better define the competencies required for these functions and to be able to recruit and train qualified people.

I share the Commissioner's feeling that this is an enormous challenge. We're not experiencing it solely in the information management field. We're experiencing it in the human resources management field in the public service.

We expect the departments to reallocate, within their own institutions, the resources to implement the policies, and that's one of the reasons why this is a plan over five years. The implementation of this change will take time because we don't have any additional funding.

We're waiting for that to balance out. So the benefits of better information management will offset the necessary investment to introduce this better information management.

However, it is up to each of the departments to find the internal resources to carry out this implementation.

Yes, exactly.

Personally, I believe that the departments will take this directive seriously. There are benefits in better managing information, and they will make the necessary investments. If not, we'll know it through our assessment process.

Certainly.

Area of management number 12 is effectiveness of information management. There are 19 areas of management. Each area of management has what we call lines of evidence—we try to do evidence-based decision-making and evaluation, in this context. Until this round of the management accountability framework, there were only four. The fifth one, which we just added, is around recordkeeping practice. So there is a direct correlation between what we've done in our management accountability framework—assessment of area of management 12—and this directive.

Of the other four, the first one deals with whether there is proper governance in place. You can see how that one would have linked with the information management policy. Then we ask whether there is a strategy and plan in place, which should help to address where we are going to find the resources and how we are going to get these policies implemented in our organization.

Now we have the question, is there proper governance; is there a strategy and plan; and now we're adding practices.

The other two lines of evidence that come under effectiveness of information management are access to information and privacy compliance. That is the department's compliance with the act: whether they are tabling the report they're supposed to table in Parliament, and the like. So we have within that area of management the link between how information management can affect access to information and privacy compliance.

Are you talking about the legal context—

—or the regulatory context—

Yes, I'll give you a specific example.

Let's consider the need for good documentation so that Health Canada can make a decision on the tobacco issue. There is a risk because there is already litigation over this issue. These risk elements have to be understood because these decisions will affect the health of Canadians.

What is the likelihood that the documentation related to this kind of issue will be important in future? This is the kind of risk that will be assessed in this context.

No.

A good example is in section 8.2. It states that the Department of Public Works and Government Services will provide all departments, based on needs defined by them, with the information tools necessary to manage information and respond to needs in that context.

Precisely. Every department must decide whether or not it wants to take advantage of the services offered by Public Works and Government Services Canada. They are not currently required to avail themselves of those services.

The information management senior official in the department would have a process in place that would allow for those decisions to be made. We would expect that this decision would either be made there, or depending on the governance structure described for our management accountability framework 12.1, they would have a governance structure that would say, this is where we make those decisions.

I'll start, and maybe Doug wants to come in.

No, for many years I think we often used other terms, particularly “archival value”. I think what we've done is, in collaboration with Library and Archives Canada and their need to have documents for long-term retention, and that archival retention for future generations, we realized that up the chain, those documents are really records of business value that the Archives want the subset of. I believe, by using the term “business value” they have broadened, to some extent, the definition of what is required. Then “business value” means whether it actually supported a transaction in the context of government operations--was that grant given and what was the rationale for it?--as well as documenting the policy decisions that governments make.

Did you want to add something? Doug was there at the inception of “business value”.

Perhaps I could add to that.

Certainly it is not at all meant to be an arbitrary concept that gets applied on the fly. It's meant to be applied in a structured way to the activities of the department and to the information they collect to identify which of those pieces, in an upfront way, need to be kept, and to put in place the structures to do that. As I mentioned, we're currently working with our colleagues at Treasury Board Secretariat to develop guidelines to departments. So while they have the responsibility to make that choice themselves--understanding their business, which they understand better than anyone else--they're going to do so within a framework and with tools that we have provided to them. Again, that brings a rigour and structure to that decision-making process that we would also, in itself, expect to be documented. We would expect them to identify and document which records have a business value.

There are those contexts of whether it has business value that they would apply. If the records have a business value to government, they should be captured as part of the process. Usually in those contractual arrangements there is a duty to provide some documentation as part of either the process or the results of the process.

My sense is that if the information is being collected on behalf of government to implement a government program, then that should probably be an explicit part of the contract.

The directive governs not only the creation of records and their eventual disposition but also their good management. Departments have to ensure that records are appropriately safeguarded.

There was reference earlier to looking at it from a risk profile, which would include examining the possibilities for inadvertent disclosure. Certainly the privacy legislation and other pieces of legislation apply to that as well. So in managing their information, departments have to be aware of all those factors. If as part of their business they are sharing that information with whoever they're sharing it with, it's still their information, used for their business purposes, and they would have to conform with the policy requirements.

Again, the accountability is with the department. As I think we've explained, there are a lot of tools for us to get reporting from departments and to have an opportunity to assess what departments have done.

Thank you.