Information & Ethics Committee on March 22nd, 2016

Thank you very much, Mr. Chair. We are also very pleased to be joining you this morning.

My name is Stephanie Beck. As the chair has said, I'm the assistant deputy minister of corporate services, so among other things, ATIP is in my portfolio. My director general responsible for corporate affairs at IRCC is here beside me.

Thank you for the opportunity to speak with the committee today about the Access to Information Act and how it is applied, specifically at IRCC. I want to emphasize that there are aspects of IRCC's access to information model that are unique to IRCC and would not necessarily be applicable in other government departments.

I should note that as your study relates only to the Access to Information Act, I will not be commenting today about the work our department does in relation to the Privacy Act, although it is very significant, too.

I will start by discussing the impact of the current legislation on IRCC before moving into a discussion about our department's performance and costs with regard to ATI requests; then I will address some of the operational impacts of the recommendations put forward by the Information Commissioner in her recent report.

The ATIP division administers the Access to Information Act at IRCC and is led by a director who acts as the ATIP coordinator for the whole department. The division is divided into three units, each led by a manager. These units are operations; complex cases and issues; and the privacy, policy, and governance unit.

In addition to approximately 70 staff working within the division itself, IRCC maintains a network of access to information and privacy, or ATIP, liaison officers across the branches and regions of the department. They provide assistance in request processing by performing searches, collecting records and providing a response to ATIP requests on behalf of branches and regions.

Moreover, program officials throughout the department retrieve relevant records, and provide recommendations on disclosure of those records to the ATIP liaison officers.

In 2014-2015, our most recent reporting year, IRCC received more access to information requests than any other federal institution. IRCC accounts for roughly half of all access to information requests received by the federal government. I believe that is why we are appearing before you today.

During 2014-15, we received a record-breaking 34,066 requests, an increase of 16% from the previous year, and we are on track to receive an even higher number in 2015-16. The numbers so far are showing a 22% increase year over year.

Despite this increase in volume, we maintained a compliance rate of 87.81%. Less than 1% of all results completed during the reporting period resulted in complaints to the office of the Information Commissioner.

Roughly 95% of ATI requests are processed by our operations unit of the ATIP division and relate to immigration, citizenship, or passport case files. We are able to maintain a high rate of compliance in this area because the ATI analysts in the operations unit have access to the database that houses the case file records.

This set-up for the vast majority of our requests is unique in government and not necessarily transferable to other institutions. In order to facilitate the review of those records and the application of the law, we have given analysts direct access, so that they can respond to requests without needing to obtain recommendations on disclosure from departmental program officials. This greatly reduces the time it takes analysts to process request.

As well, because these records are housed electronically, analysts can work through a secure network, giving them the flexibility to do their work while safeguarding the client information. They do not have to rely on paper copies.

Our department also sees a surge in requests when there is a change in programs or a new one launched, as we have recently seen with the Syrian refugee operation.

We have been able to achieve a high compliance rate despite an ever-increasing number of requests by undertaking a number of initiatives to improve internal processes and client service.

Our senior officials are strong believers in the act and encourage a culture in the department of access to information, and of course, privacy. For instance, we run a number of proactive training activities, including in-person and online training, workshops, both mandatory and voluntary training courses, and awareness sessions. These are held across Canada in both online format and in classroom.

We are continuously looking for ways to improve client service delivery and find efficient ways to carry out this important work. I believe you are aware of our ATIP online access process that is held in our department. We currently manage over 30 clients who use the ATIP online process.

The duty to assist is taken very seriously at IRCC, and the ATIP division notifies requesters of possible delays in service. We hope that by acting proactively we can minimize the number of complaints.

In terms of costs associated with enforcing the acts, in 2015 and 2016, the delivery of the ATIP program in IRCC totalled $4.231 million. I can give you exact numbers if you want, but the breakdown is $3.856 million dedicated to salary and $375,000 for operations. These costs are solely the funding for the ATIP division itself to conduct the work it completes every year. They do not take into consideration the costs associated with departmental ATIP liaison officers or the departmental officials searching for and producing documents, nor the cost associated with conducting consultations both internal to the department and externally.

In terms of the recommendations put forward by the Information Commissioner, I will just highlight a few that we feel would have an operational impact on our work.

First, recommendation 2.4 proposes that institutions be allowed to refuse to process requests that are frivolous, vexatious or an abuse of the right of access.

The operational impact for our department would be the ability for our resources to focus on meeting the legislated timelines on serious requests versus spending time processing frivolous or vexatious requests.

Recommendation 4.15 would require that institutions seek the consent of the individual to whom the personal information relates wherever it is reasonable to do so. IRCC holds the personal information of literally millions of individuals, both Canadians and foreign nationals from all over the world. We have this because of the passport data that we retain, the citizenship information that we have, and of course the immigrations files, be they for temporary residents or permanent residents in Canada.

When IRCC processes an access to information request, documents collected in response to our request frequently contain personal information of individuals other than the requester. That personal information is regularly protected from disclosure. In fact, Mr. Chair, last year, IRCC protected personal information from disclosure in 14,579 access to information requests. This reflects 43% of completed requests. Therefore, the recommendation to seek consent would have operational impact on IRCC's ability to meet a vast majority of legislated timelines.

Next, recommendation 2.3 suggests extending the right of access to all persons. Currently, 70% of our requesters use a representative or third party to submit requests because they themselves are not present in Canada.

For IRCC, if individuals were to be able to submit a request without having to go through a Canadian representative, the operational impact would lie in the potential resource implications, as it could lead to a large influx of requests. A huge increase of this nature could impact our ability to meet legislated compliance deadlines.

I want to thank you again for the opportunity to provide IRCC's input into your study and for welcoming us here today.

We are ready to answer any questions.

Good morning and thank you very much, Mr. Chair and members of the committee, for the invitation to describe the framework that National Defence has put in place to comply with the Access to Information Act. It is always an honour to meet with distinguished members and colleagues before the committee and to answer your questions. This morning, I am joined by the director of access to information and privacy, Ms. Kimberly Empey.

Mr. Chair, before describing the access to information framework at Defence, I believe it would be helpful to provide a bit of context. The Department of National Defence and the Canadian Armed Forces are together the largest federal government organization. Together they form the defence team, which comprises over 100,000 employees, including 66,000 regular force members, 23,000 reserve force members and 22,000 civilian employees. Defence operates at bases and stations throughout Canada and has the largest land holdings of any organization in the Government of Canada. The Canadian Armed Forces conduct operations throughout the world. The department is involved in billions of dollars of acquisitions activities annually, including large, multi-year, major capital projects. In summary, Defence is a very large and complex organization.

Mr. Chair, I would now like to share a few statistics from Defence fiscal year 2014-15 annual report to Parliament on the Access to Information Act. Total volume of files for the year was 2,635, which was slightly lower than in fiscal year 2013-14, and this was the first decrease in four years. Of these, 2,029 were closed during the year, with 49% closed within 30 days, and an additional 17% closed within 60 days.

For this reporting period, Defence employed 38 full-time employees and three part-time employees as well as two consultants to do the access to information business, and we spent just over $3 million to manage that business.

Mr. Chair, to manage the requests it receives under the Access to Information Act, Defence has put in place a four-step framework, anchored in internal policies, instructions, and training, that identifies the procedures and processes for handling requests for information under the act.

First, requests are received and assessed by a tasking group that often works with the applicant to clearly define the request and then identify the internal organization responsible for the records in question.

Second, these organizations provide the records to specially trained staff in the directorate of access to information and privacy, who further assess the request with respect to administrative requirements, such as the need for further consultation or an extension. They validate proposed exclusions and seek legal advice where required.

In the third step, two days are given to allow the department to assess the requirements and form a communication plan to support the release of the information.

Finally, the requested records are sent to the applicant and a summary of the completed request is posted online so that other members of the public may request the same information.

For simple requests, this process is completed in 30 days. As you can see, while we absolutely respect the public's right to information and we take our responsibilities seriously and endeavour to provide information with the minimum delay possible, the size, complexity, and mandate of the Defence organization sometimes introduce complications not seen in other organizations. In fact, given the nature of our organization, I believe we perform reasonably well.

Mr. Chair, this ends my opening remarks, and I would be pleased to respond to any of the questions that the committee may have.

Thank you.

Ninety-five per cent of requests come from people who are asking questions about their application to immigrate or a visa. For example, someone may be wondering what stage their spouse's file has reached. Is the file at the end of the process? Most of the requests have to do with the status of their application.

It depends. If the information was submitted in hard copy, it's not accessible electronically. However, people who have submitted their documents more recently in electronic format can check.

The delays can sometimes be a few months, such as in the case of an immigration process. After two or three months, people start to wonder how far along their application is because the information is not really accessible electronically.

In April, we will make changes to give people an option to create their own account, even if they sent their documents in hard copy. That way, they will be able to check what is happening with their file. We hope that change will help us with request processing.

It is interesting to note that half of the complaints the commissioner has received are from one individual.

We can see that some people are satisfied with the current format. Their problems are resolved, and this format meets their needs. Therefore, the number of complaints may appear to be higher than it really is.

The cases that most often lead to delays are those that are complex or those for which documents are in foreign missions. We have to physically pick up the documents, bring them back to Canada, sort through them and consult other departments. That is what leads to delays. In those cases, the delays exceed 30 days. Complaints are often caused by the fact that the individual who submitted the request does not accept the response related to the delay.

Is there anything you want to add, Michael?

We get temporary resident applications. Often, if the applicants are refused, they want to know why. Generally, the letter that goes out to them explaining the refusal is very general, so the ATIP seeks more details on their refusal.

The more complete our electronic files are, the easier the task becomes. If people scan their documents and add them to the case management system, it is much easier for those working here in Ottawa, in ATIP management, to have access to the information at all times.

It may appear very substantial, but people send a lot of documents to explain their case and provide justifications. For example, in the case of an immigrant family, relevant information for each of the children must be added. That's a lot of documentation.

Since my answer will be technical, I will use English.

We have a global case management system that manages all of our cases. Literally millions of files are input into that process right from the beginning. The client will appear, apply, and fill out the basic information forms. The interview is held. The interview notes are added. Our security and medical checks are done. That information is added into the case management system. Any other requirements, such as diplomas and language testing, go into the gigantic case management system.

The ATIP officers have access to that. They can go in and look. They can't do anything with the information, of course. They can't change it. But they can go in and see, and then extract and send to the requester exactly the parts they're asking for. The more access to information we can give to our ATIP analysts here in Ottawa, the faster it is for them to be able to process it.

We're also looking at setting up the system the way it's formatted so that it's really clear what is accessible information and what we would not be able to release, for instance, security information. It should be clear for the analyst which portions are out and which ones aren't. The faster we can do that, the better it is for the client.

That's absolutely correct.

That's all resources combined.

Yes, I do.

The total amount for salaries was $2,756,070; for goods and services, $324,689; for professional services, $276,569; and $48,120 went for “other”.

We can provide the number.