Information & Ethics Committee on March 22nd, 2016

If you don't mind, I'll address it.

What we do is based on historical volumes of work and the complexity mix that we have. At National Defence, the first point is that most of our data is paper-based, so we have to go out and research, then get the data brought in. It needs to be scanned in so that we can then do our work. One of our challenges at Defence is that it's predominantly paper-based.

With respect to the complexity, we are also taking a look at our international agreements and third party agreements. We have to take a look at all of the exemptions that are provided for under the act to make sure that we are in fact in compliance with the act.

Based on our complexity mix and on the volumes and the indication of where the volumes are going, we will estimate how many people we need. It's basically based on that, a guess from which we work the costs forward; it depends on what has happened in the past and our attempt to project the future. There is a little bit of art involved in it.

The metrics we use are how many files an individual at a specific competency level can complete. We have those, and that's what we bear in mind. Then, if we have really complex files or ones that require a lot of investigation, or if we require input from third parties or other countries, we will often give some of them to consultants. The consultants can walk them through, and we are able to focus our staff on doing the less complex files, which they can do in a shorter period of time. We are basing it on metrics and our performance.

You will have noticed in the statistics and what we say in our annual report is that If we notice that our backlog is increasing, we will surge in a given year to drive the backlog down to a more reasonable number of files. We've just completed a year in which we have surged since December to drive our backlog down so that we can start the year at a more reasonable rate.

It depends.

A one-year decrease of a couple of hundred files is not necessarily going to change things. If we noticed that there is a downward trend, we'd do some analysis as to why. Based on that analysis, we would do an adjustment.

In our organization, we try to balance the workload dealing with the Privacy Act and that dealing with the Access to Information Act. It's often the same training that's required, but with a little different expertise. We have some flexibility to adjust between them, unless they are both growing dramatically in a given year.

Our situation is very similar. We benefit, if you will, from the fact that the case processing is much more straightforward than processing the complex files that we have. We know that we will have growth every year of probably 16% to 20%. We've done analysis of what this means, what kinds of cases these would be and thus what kinds of skills and people we would need. It's safe to say we assume generally that we won't have any more money to do this, so our focus tends to be on being more efficient and, as we were discussing earlier, on making things more electronic, on making processes more rigorous, such that we know where to go for the information, get it quickly, get it clearly, and get it out to the requesters.

It could be huge. This is the issue, isn't it? We process literally millions of applications every year. If all of those people abroad had the right to access that information, we wouldn't be looking at 40,000 requests a year, we would be looking at many more than that. We would have to rethink how we do this, because it simply wouldn't be possible to hire enough people, and it wouldn't be a good business way of dealing with it, would it? We would have to think of a completely different approach to make sure that everything was out there.

I referred earlier to the temporary resident visas that we get requests on. We get requests on why people were refused. The numbers are increasing, certainly the number of temporary resident visa applications that we get, but typically in a year we approve roughly 1.8 million, I think it is, and refuse about 300,000. It's the vast minority of people who were refused who are actually submitting requests through representatives. If the access were applied to everyone, we would anticipate a large increase in the number of requests we get. I couldn't quantify it at this point, but we would imagine a large increase.

I don't know whether the requests would be more complex. If they're related to case files, typically they're easier—not that they're easy, but they're easier to handle than other requests are. But just the volume.... We could probably anticipate a doubling of our volume in one year, possibly. We haven't done any sensitivity analysis at this point, but that would likely be the outcome.

At the moment, the immigration consultants—the third parties, the representatives—charge for those requests. If we were to permit anybody around the planet to make these requests, they would lose that business method, if I can put it like that. In many cases, immigration consultants charge literally hundreds of dollars for what is a $5 request.

On this request in particular, we were involved with another country. There was information that had to come from another country to be able to identify whether or not we could release all or part of the material. It involved a court case, so there were legal ramifications as well. We were working through the Department of Global Affairs to deal with a third party in South America. We were dealing with a legal case that was at play. We didn't know what the impact of all of this would be on what we could or could not release.

We made our best estimate of how long that would take to come forward, and were in fact able to release it before that full period of time.

This is one case among all of the thousands of cases that we deal with. Sometimes we end up with really complex cases that involve security at levels higher than secret, so we have to deal with that. They often involve international treaties and negotiations that we have with our Five Eyes partners or other members of the defence community. They will involve third parties, such as companies and other organizations. We can't release the information without checking with the individual to get a right of release. Then, we have to look at what exemptions need to be applied as we work through it.

In some circumstances we try to do a partial release to the individual, but the risk in so doing is that we don't know if there is anything in that release that the third party, another government party, or another government would have an issue with. Some of the ones we deal with are long and complex.

In this case we used our best judgment. We will be looking at future cases to try to refine the decisions that are made regarding staff. We've also escalated the authority within the department, so that if there are extensions being taken for a significant number of days, the approval for that is higher up in the organization than it has been in the past.

I understand that the Information Commissioner didn't agree with the decision we made, and in a number of circumstances we don't agree with the Information Commissioner. In those circumstances, we end up going to court, and the court ends up interpreting a law which has been around for quite a considerable period of time. It was put in place in an era that is not the current era of computers, social media, and all of that.

We're taking our disagreements with the commissioner to court to get amplification around an older law, which is actually the democratic process that we have here in Canada. On occasion, if we don't agree, we'll go to that extent so that we get some interpretation.

With the legal interpretation, we will absolutely comply with what the courts have come forward with.

We don't make the decision to take an item to court independently. We consult with our colleagues at the Department of Justice, and if the determination is made that it is a reasonable approach to take, the Government of Canada will take that approach with the Department of Justice, and we will challenge the opinion of the Information Commissioner.

We get access requests that cover a gamut of different requirements. We get them related to a major capital project in which people are looking for information on all the communication that has been done within that organization for the last six months or the last year. We have thousands of pages of documents that we're scanning in, reviewing, assessing as to whether there's third party involvement, whether there are cabinet confidences. We're taking a look within the act at what exemptions could and would be applied.

We go from that complexity to very simple cases in which people are looking for a list of all the briefing notes that have been given to the Minister of National Defence in the last month. That's a common request that we get: for all of the senior officials in Defence, people are looking for a monthly list of all the briefing notes. Then, following that, we get half a dozen requests that are for the specific briefing notes of the individuals.

This is a completely different type of access business than what has been described by our colleagues.

Closing within 30 days, or closing within the time we have available to us—because we can take extensions for specific periods of time based on volume, complexity, the amount of consultation we can do....

We can take extensions beyond the 30 days to be able to deliver the response. Those would not be completed within 30 days, but from our perspective they would be completed in the amount of time we estimated we would need to do them. When we do an extension, we advise the person who has made the application that for such and such reasons we are doing an extension and expect that the information will be coming out at a later date.

With that information put in place, we in fact are meeting what I would call our completion date in the range of 78% to 80% of the time, but in accordance with the regulation, it's 30 days. This is one of the complexities that goes around this sort of activity.

The nature of the requests often requires us to consult with other government departments. It will require us to consult with the lawyers with respect to cabinet confidences to make sure we aren't breaking them. It may require going through thousands and thousands of pages. We just sent a release out this past week on one of those more complex ones. We had more than 6,000 pages.

Just the time involved in reviewing that material at the working level at which the documents were produced in order to make a recommendation as to what can be included and what can't, and then in reviewing it a second time through our experts, and then determining whether we have to go out to anybody else to confirm that we can release the information.... That's the sort of complexity that leads to the amount of time we have to take.