ETHI Committee Meeting
Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.
For an advanced search, use Publication Search tool.
If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.
CANADA
Standing Committee on Access to Information, Privacy and Ethics
|
l |
|
l |
|
EVIDENCE
Wednesday, October 4, 2006
[Recorded by Electronic Apparatus]
[English]
Order, please.
Our witnesses apparently went to the wrong building, and that's why they're not here, so we're waiting for them. I did present the first report of the committee, as passed, in the House at 3:05 today.
Monsieur Martin, s'il vous plaît.
The only thing I wanted to raise, Mr. Chairman, is that I know we asked you to submit the report to the House, and I expected you to do it today, but it is unusual for the committee to make a report without circulating that report at the committee first to give us an opportunity to proofread it.
Usually the report is based on a motion, perhaps, but it also would reflect the feelings of the committee or some study the committee had made. My concern now is--and I've asked the clerk to look into it--that if that report wasn't tabled in the proper way or worded in the proper way, we might not be able to move concurrence on it. We need to investigate because we may have tripped ourselves up through our interest in getting it debated in the House of Commons. So we'll have to be aware of that.
Okay, there are two points. The report was in the words of the motion that was passed. That is what the motion said, and that's how it was presented in the House.
If it turns out that there is some technical difficulty, then no doubt we'll find out what that technical difficulty is. I can bring it back to the committee and just let you know what the rules are. If the committee's view is that we should pass a second report, embellishing on the first or changing the wording, and if that is the view of the majority of the committee, then the committee will speak accordingly.
As far as actually presenting the report goes, it was done properly.
We have two of the three witnesses here. Are we waiting for a third, gentlemen, or are we ready to go?
We're ready to go.
I've called the meeting to order, so pursuant to Standing Order 108(2), we're continuing a study on issues related to the alleged disclosure of the names of access to information applicants.
Today we have witnesses from the Treasury Board of Canada Secretariat: Mr. Jim Alexander, deputy chief information officer; and Mr. Donald Lemieux, executive director, information, privacy and security policy.
Mr. Alexander or Mr. Lemieux, do you have an opening statement?
First, Mr. Chairman, thank you for your indulgence in our being late here. We ended up in the wrong spot, and security slowed us down a bit, so I'm glad that I'm here.
Exactly. Information management is different from access to information, it turns out.
My name is Jim Alexander, and I'm the deputy chief information officer at Treasury Board Secretariat. I'm accompanied by Donald Lemieux, who's the executive director of information, privacy and security policy division. One of our colleagues, Charles Taillefer, will also be here momentarily.
[Translation]
On behalf of Treasury Board Secretariat, I would like to begin by thanking the Committee for this opportunity to discuss the policy role that Treasury Board Secretariat plays with respect to access to information and privacy across the Government of Canada, specifically as it relates to the issue of disclosing the names of applicants seeking information under the Access to Information Act.
[English]
As the lead department for access to information and privacy policies, Treasury Board Secretariat takes the right of access and the privacy of all Canadians very seriously. Canada's solid foundation of privacy laws and policies has made it a world leader in privacy protection for more than 25 years, and it has had effective privacy management practices in place for some time as well.
In fact, when issues or concerns arise, Treasury Board Secretariat is quick to respond. For example, following recent allegations that the name of a requester was improperly disclosed, the secretary of the Treasury Board immediately sent a notice to his colleagues reminding them of their responsibility to protect the identity of access to information requesters. A reminder was similarly sent to the access to information and privacy communities.
When a similar situation arose in 1999, Treasury Board Secretariat acted swiftly to issue an implementation report—which is the means by which TBS provides guidance to the access to information and privacy community, the ATIP community—to treat this information as personal information.
Since then, several mechanisms have been introduced to inform and educate the ATIP community on their roles, responsibilities, and best practices. This brings us to the issue this committee is currently studying: the disclosure of names of access to information requesters.
Although this is not specifically addressed in the current Access to Information Act, it's clear that the definition of personal information contained in the Privacy Act covers the names of individuals who file requests for information under either act. The Privacy Act sets out the rules that govern the collection, use, and disclosure of such personal information. The general principle with respect to the use and disclosure of personal information is that it should only be used or disclosed for the same purpose for which it was collected or a purpose consistent with it.
It's important to note that the policies issued by Treasury Board Secretariat support and enhance the Access to Information Act, the Privacy Act, and associated regulations, the broad overview of which falls under the responsibility of the Minister of Justice.
The legislative framework at hand includes those two acts: the Access to Information Act, which provides the general right of access to information that's held by the Government of Canada, and the Privacy Act, which provides Canadians with a right of access to their own personal information, as well as protection for their personal information that's held by the government. Both were proclaimed into force on July 1, 1983.
With respect to the Access to Information Act and the Privacy Act, Canada has two parliamentary officers, the Information Commissioner and the Privacy Commissioner. These agents of Parliament investigate complaints pertaining to the act and report to Parliament annually on their investigations and related activities.
The Privacy Commissioner is specifically mandated in law to perform audits to ensure that departments are handling personal information in accordance with the Privacy Act. Similarly, the Information Commissioner conducts regular evaluations to assess departmental compliance with the Access to Information Act.
Treasury Board Secretariat does not have an audit function with respect to monitoring the administration of the acts. For its part, TBS relies on annual reports and other departmental documents to monitor compliance with the policy. Beyond this, Treasury Board policy indicates that internal audit groups are responsible to examine the institution's success in meeting legal and policy requirements.
The President of the Treasury Board is the designated minister under the act who is responsible for issuing policies and guidelines governing the operation of both the Privacy Act and the Access to Information Act and associated regulations. Treasury Board Secretariat supports the president in this role by developing policies and guidelines and providing training to the access to information and privacy community.
From a policy perspective, TBS has issued the policy on privacy and data protection, the policy on privacy impact assessments, and the access to information policy. These policies apply to institutions that are covered by the legislation, which include 185 institutions under the Privacy Act and 180 institutions under the Access to Information Act.
[Translation]
In addition, these policies reinforce information management principles inherent in the Management of Government Information Policy and the Security Policy. They also support the objective of “duty to inform”, “routine disclosure” and “service to the public”, which are fundamental concepts within the Communications Policy.
From a training and development perspective, the Treasury Board Secretariat is the functional lead for training the ATIP community. Throughout the years, Treasury Board Secretariat has adopted different measures to help federal institutions adhere to the policies and standards issued regarding Access and Privacy
[English]
For example, TBS provides ongoing training to the access and privacy communities. We do this through a variety of means. We develop training material and host training sessions.
Last year we held a total of 26 different ATIP training sessions with a total of 404 registered participants. That is really a significant number of participants from the community, considering the relatively modest number of about 500 public servants who make up the ATIP community around the federal public service.
We hold regular community meetings, often in conjunction with the justice, access to information, and privacy communities. At those meetings we tend to share issues of interest and best practices and advise the community of any changes to the policies or practices.
We respond to calls and written requests from ATIP practitioners who have questions or concerns or who require assistance regarding training. An average of 50 calls and e-mails a month are received for advice and interpretation on ATIP policies and guidelines, and then we prepare and distribute guidance documents to the ATIP community.
Finally, we publish an annual info-source bulletin, which contains statistics of requests made under the Access to Information Act and the Privacy Act and summaries of Federal Court cases of relevance to the interpretations of the act.
While the secretariat plays an important role in providing guidance to the ATIP community in establishing policies and guidelines, it remains the case that the heads of institutions are ultimately responsible for the administration of the acts within their respective institutions.
[Translation]
Heads of Government institutions are responsible for ensuring that their organizations comply with Privacy and Access to Information legislation and with the Treasury Board policies and guidelines that support the legislation to ensure access to Government information and the protection of the privacy of Canadians.
[English]
This means that each institution is responsible for putting into place a process to respond to requests in a manner that is both consistent with the policy and complies, obviously, with the legislative requirements.
The responsibility for responding to ATIP requests within institutions is generally delegated to ATIP coordinators. Last year the government's access to information and privacy community processed approximately 25,000 access to information requests and approximately 36,000 privacy requests.
In summary, TBS is committed to access to information and to its principles of openness, transparency and accountability. The Access to Information Act is an important means for the public to obtain information on government operations and decision-making and a means through which Canadians can hold their government to account.
As you can appreciate, there is a balance to be struck between providing openness on one hand and ensuring the protection of legitimate concerns, such as personal privacy, on the other. The Government of Canada's policies and guidelines enhance the legislative framework to ensure this balance is respected.
I'm confident that we have the legislative framework, policy frameworks, and tools that we need to ensure departments, agencies, and crown corporations provide Canadians with effective access to government information while protecting their personal information.
Ultimately, the government's goal with respect to access to information and privacy is to ensure the continued accessibility of information to Canadian citizens and businesses while protecting the privacy of personal information that is shared with government. This is an issue that we take very seriously.
[Translation]
I can assure you that the Treasury Board Secretariat is committed to supporting the administration of the Access to Information Act and the Privacy Act. We will continue to provide all 180 departments, agencies and Crown corporations with guidance on related policy issues and arising issues and concerns.
[English]
Mr. Chairman, this brings me to the end of my statement. Mr. Lemieux and I would be very pleased to respond to questions from members of the committee relating to the government's access to information and privacy policies and guidelines and, in particular, the Treasury Board Secretariat's role in that regard.
Thank you for your attention.
Thank you very much. Some of the members of this committee went to a seminar last week on the issue of the ATIP community and everything. It's getting more and more complicated by the day and more and more difficult. So I was certainly careful to listen to what you had to say, and good luck to you, because as information becomes more complex and more readily available it becomes more difficult to administer.
We won't take up the time of the committee, Mr. Dhaliwal, but you can talk to the clerk about it privately. It was my understanding that you were coming. I am very sorry that you didn't get whatever information was necessary.
I should say that it was a very worthwhile conference, but that is neither here nor there to our witnesses.
We'll straighten that out, Mr. Dhaliwal, because there's another one coming up. This one is on the Privacy Act. If the committee sees fit, and we deal with this in the new year, we'll make sure you are one of the first ones to be able to go, especially since you missed this one.
Who would like to go first for the official opposition? Would anyone from the official opposition like to ask questions? No.
What about the Bloc?
[Translation]
My question has to do with the role played by the Treasury Board Secretariat.
You have been telling us about the Access to Information Act. Within Treasury Board, is there a compilation of all access to information requests made by various users, whether they are members of the public or inside Government? Are there any instruments in place that allow you to collate these data? How is all of that handled?
We keep an inventory of all access to information requests. The Treasury Board policy is to encourage all departments or federal agencies that are subject to the Access to Information Act to record their ATIP requests in that inventory. It is important to specify that it does not provide the name of the applicant.
That is consistent with what you are saying about protecting the names of requesters, but is the origin of the request also protected? In other words, is it possible to find out whether the request is from a member of Parliament, a media outlet or an ordinary citizen?
Categories of requesters are catalogued in the system, but they are extremely general -- for example, member of the public, corporation, and so on. However, it is impossible to identify the requester specifically. Of course, for a member of the public or a corporation, we do not know who is making the request. If it's the media, we are unaware of which media outlet or company is involved, just as we do not know the identity of the reporter making the request.
As a member of the public. An MP doesn't belong in the corporations category. In principle, an MP should not be an organization, at least that is not what we are aiming for. And he would certainly not be put in the media category, nor is he associated with a university. So, I believe he would be seen as a member of the public.
Are public reports issued about the number of ATIP requests in each category? For example, how many requests were there in this or that category?
A compilation is prepared by the Treasury Board once a year. For example, we indicate the percentage of users.
The latest statistics that I have are: 47 per cent for corporations, 32.6 per cent for the public, 8.4 per cent for organizations, 10.6 per cent for the media, and 1.2 per cent for academics.
The purpose is simply to have an idea, for statistical purposes, of who is requesting information under the Access to Information Act.
Yes, exactly. This allows us to see the categories of members of the public or institutions making ATIP requests. It's not a very sophisticated system, but it does give us an idea. It is easy to see that almost half of the requests are made by corporations. This tool was used by Ms. Andrée Delagrave of the Access to Information Review Task Force in 2000. These are the kinds of statistics that they reviewed. Once again, it's very generic.
You probably know that, according to the way Parliament works, when an MP requests information from the Library of Parliament, library researchers call the departments and make such and such a request. Are those requests subject to the Access to Information Act and are they collated?
If a researcher makes a request on behalf of an MP, I presume it would be considered as coming from the public; it is not specifically identified with an MP or a political party.
Are you asking me whether the Library of Parliament is subject to the Access to Information Act?
Mr. Lemieux, I would like to find out more about the whole process surrounding an access to information request. How does a request end up in one of your inventory categories, and how can someone in a Minister's office then identify the origin of the request and exact name of the requester?
The access to information request is sent to the Access to Information Office. A cheque for $5 is required to pay the ATIP processing fee. The Office then identifies the specific area or areas where the information may be held. It does a search, finds the documents and identifies portions to be severed in accordance with the Access to Information Act under the exceptions regime in sections 13 to 23 of the Act. There are also exclusions for Cabinet confidences. That process goes forward, and then a review is undertaken.
The Office may then consult other people or third parties who are neither institutions nor the applicant. It could be a company, an organization or other departments. After all that work is completed, the analysis is done and there is a final product. Depending on the institution -- more than 180 are subject to the Act, and some are larger than others -- the Access to Information Coordinator is then able to respond to the request.
As regards the categories mentioned earlier, there is a way of identifying these requests that may not always be used. Some institutions do it, but not all. The program is called ATIPflow. The purpose of that program used by some departments is to manage ATIP requests appropriately, in order to meet deadlines. For example, there is a 30-day deadline for a typical request.
[English]
Thank you, Chair, and thank you to the witnesses.
As you know, the purpose of our study is to find out the extent of the allegations made that there are, in fact, people finding out who filed the application or the request. So that we all start with the base level of information, it is helpful for you to walk us through the elementary steps of who you are and what you're doing. That has been very useful. But we really want to know your experience, or even what you're hearing about the administration of ATI as we know it.
The deputy information commissioner left us with the idea that he fears there is a widespread violation of the act or the spirit of the act, in that it's not unusual for ministers or ministers' offices to find out who is asking the question, and then applications are treated differently, accordingly.
Do you worry about that? Do you hear about these rumours? Do you hear about the amber lighting that we now have come to realize is the code word for red alert, a red flag on certain files, mostly based on who's asking the question? Now that you've given us this base introduction of what you're up to, what do you hear about these concerns out there?
In our dealings with the Information Commissioner and his office as well, we do hear the sorts of things that you hear as well. For example, when we do hear the allegations that were put forth a couple of weeks ago or more, we do attempt to determine some facts on them, although clearly the Privacy Commissioner is pursuing those in detail.
With anything we are hearing, though, either through our informal dealings with the ATIP community or what we're picking up elsewhere, we will be ensuring that our training material and our communications out with the ATIP coordinators again reinforce how we see this as incredibly important. The ATIP process and that the privacy of individuals who are making those requests must being upheld.
I don't want to interrupt you, sir, but I have such little time to ask questions.
Isn't the ATIP coordinator the weak link here? How does an ATIP coordinator tell a minister's assistant to get stuffed, that they don't have a right to know who made the request? Can you back that person up, or is it the head of the institution or agency that's supposed to back them up? Who says no to the minister?
There's really a two-pronged thing there. One is making sure the ATIP coordinators know what their rights are, know who they're supposed to be able to tell and for what reasons, and who they should not be telling if requests come in asking them who actually put this thing in. So part of it's knowledge, but you're right that there can be a perception of a fair amount of power being brought to bear.
One of the things that Donald's group does in the call centre that they're operating, in that community that they're in there, comes from a policy centre perspective. They make sure the people have the backing of the policy centre.
Now if there is undue--
We are, but as individual public servants, whether it's on this or whether it's on any other management policy or legislation that public servants are sworn to uphold, they have recourses that they can go to in each department.
The recourse is generally to deal with the values and ethics person in each organization. That's a very confidential process that can be done. I know who it is within Treasury Board Secretariat. You can go to that person very anonymously and say you're being pressured to do something you're not comfortable doing, and that you don't think it's right—
Isn't that a career-ender? I'm talking about the minister's special assistant who comes barging into your office. You're an ATIP coordinator, and the special assistant says, “Who was asking about those CSIS spy planes? Who wants it?”
You have a deputy minister there who generally, usually, in all of my experience, has been extremely strong in backing up departmental officials on this. There's no question that there are.... I mean, one hears of—
But without whistle-blowing legislation, who's going to come forward? Who would even go to their deputy and jeopardize their career path?
We're not even hearing the “quiet conversations”, I'll call them, through the back channels on there being a whole bunch of information like this going out. Any investigations that are carried out, done through the Privacy Commissioner and so on.... I mean, there are investigations under way, like the one currently under way, and if the information on that is released, then we can take action on it.
We don't believe there are systemic issues like this, but if we get a hint of systemic issues, then we'll look at what we can do to make sure public servants are supported, to make sure they know what their rights are and what their obligations are under this legislation. Like this committee, we take the administration of this legislation extremely seriously.
Perhaps I could ask about costs. I heard grousing around my own table earlier today, at our caucus meeting, that they tried to file an access to information request and couldn't come up with the $1,200 to get the information, so they dropped it.
Who sets the prices? When you say it's $5 to make the application, how does somebody end up getting told it's going to be as high as, in some ridiculous cases, $26,000?
No, absolutely not. I believe it's $15 an hour per search. There is some search and preparation time required. It depends too on the amount of the records that have to be reviewed.
So again, it depends on the magnitude of the access request. I don't know the specifics of the one you're referring to, but typically, if you look at the costs of requests, for the most part they tend to be small. In certain cases there is a provision to even waive the costs of requests.
I'd like two clarifications, please, on Mr. Martin's line of questioning.
Just so we know what's rare and what isn't, name release is rare, correct? Is that your evidence? And what about amber lighting itself?
We've seen that term, “amber lighting”, in the press, but it's not one that we use, from a policy centre, whatsoever.
What does happen, in dealings with the Information Commissioner...and I think in the Information Commissioner's, or deputy's, testimony in various spots, it's been made very clear that at the same time as an information request is going forward, if there are communications issues involved with this particular information request, we will involve our communications organization within an individual department. We do this because we see under the legislation not only the right of Canadians to receive the information but also the duty of government to inform in terms of the whole context that is there.
So at the same time as there would be an access to information request being processed, there would likely be, in some cases, some information or communications materials being prepared that would be ready to go forward. I'd really like to emphasize, though, that those are going on in parallel. The ATIP coordinator is the one who's responsible for upholding the timelines, the release, and so on. The fact that there is communications material being prepared in parallel is not something that is ever supposed to be slowing down the release of that information under the legislation.
Thank you, Mr. Chair.
Through you, I'd like to thank our witnesses for attending this afternoon.
You mentioned in your opening remarks, and I wonder if you could just expand on it a little bit, the size and scope of the ATIP “operation”, if I can call it that, across government. You mentioned some 180 organizations.
What we have here is an allegation, essentially an incident, that is now the subject of investigation under the Privacy Act. Just give us some idea of the context in terms of the volume of activity that's going on here.
I can start on some of that, and Donald will likely be able to come in on it as well.
If we look at the period from April 2004 to March 2005--that fiscal year--we had 25,000 requests that were received during that reporting period. We would track the number where all the information was disclosed, where it was disclosed in part, or where some of the information was excluded, and so on.
We'd also track the source of the requests, and I think Donald indicated that about half of the requests actually came from businesses.
We'd also look at which institutions did the bulk of the work. And it's interesting to note that well over one-third of all of the requests received in 2004-05 were processed by one organization--that being Citizenship and Immigration Canada. That was 35.8% of it.
Very clearly, the size of the access to information community within Citizenship and Immigration would be very substantial, even compared to the next largest, which was Canada Revenue Agency at only 7.4%. That would also indicate that regarding the nature of who was doing the access to information processing, where the ATIP staff were, it would probably be quite distributed among various sectors within something like Citizenship and Immigration, as opposed to some of the small organizations that would receive only one or two or three in a year.
We also have a sense as to the time required to complete requests, and close to two-thirds of them are done within zero to 30 days--61.7% are done within that timeframe.
In terms of the community itself, generally individuals would come into the community at a lower officer level, possibly even clerical, within an organization, working in that area. Then through a series of on-the-job training, experience, and the training courses that we offer or that are offered through other institutions like the Canada School, they would develop their competency and their experience and would, through a series of competitions, possibly end up as the ATIP coordinator for an institution. It's generally a pretty tight community.
And as you indicated, Mr. Chair, it's getting increasingly complex, so we're very much looking at the community management overall to make sure that as the complexity increases, as we consider adding more institutions that are subject to access to information, there's actually a cadre of well-trained professionals who can discharge their obligations under this.
Just to put it in context, what we have here are literally thousands upon thousands of requests. In our last meeting of this committee we heard of a couple of incidents that were specifically reported in the Information Commissioner's report, I believe in 1999, and another one in 2000.
But in context, out of all of that activity, what would be the incidence of revelation of the requester's name?
If we look at a handful, which is what we're getting an indication of, a handful out of 25,000, if I do the math it's a fraction of a percentage of those that have issues with them.
That being said, there's still an individual who is involved who has put in an access request in a case like that, and the fact that even one is subject to that is an issue we take really seriously. But we don't see it as a systemic issue; we would see it as a point issue that needs to be addressed here, needs to be addressed there, to figure out what's going wrong in a case like that where the procedures, the legislation, the regulations haven't been followed.
Thank you, Mr. Chair.
I have just one brief question.
You referred to the ATIP community. Just so we understand what that means, is that the ATIP officers or directors across all departments?
Yes, it is, and we think there are about 500. That would be our sense. It's not as though we track that in excruciating detail, but we know what the large departments are, and we know that every institution needs someone who is working in ATIP. From that we have a sense as to what we would call the access and the privacy community, the professionals who are working in that across the system.
Thank you.
If we wanted to annoy our witnesses, we could put in an access to information request to find out how many ATIP people are in the ATIP community.
Let me ask a couple of questions, if I might.
We had some hearings on Monday, and the representative of the Privacy Commissioner made the following statement:
In other words, there is nothing in the Access to Information Act that specifically indicates that the name of a requester cannot be disclosed. Since there is nothing that says you cannot name the requester, on the surface it would seem that it is not likely a contravention of the Access to Information Act. That said, however, the matter could be a violation of the Privacy Act.
Do you agree with that statement?
Yes, we do.
The joint administration of those two acts then causes us to say that when an individual requests something under the Access to Information Act his or her name should not be divulged, except as necessary to actually process that particular work. The two acts work together.
Following that, we got some information from the Information Commissioner's office as well, and in tab 4 of their information they have something dated March 25, 1999, entitled “Interim policy and guidelines on section 67.1 of the Access to Information Act”.
Now, that was 1999. Is there now a policy that is not an interim policy, or is this interim policy still the policy guideline?
I understand, Mr. Chairman, that it says “interim”. I'm not sure whether or not it's just a mistake that hasn't been finalized. I think we're assuming that it's finalized. So maybe it's just an update that needs to be done. We can certainly look into that.
The only reason I'm asking is that I want to refer to “guidelines on treating the identity of a requester as personal information”. These are TBS's guidelines. It says: “The identity of an individual who has requested information under the Access to Information Act or the Privacy Act is considered to be personal information, and should be treated as such in the course of processing a request...”. You went through your reasoning for that—because you feel that it's under the definition of personal information under the Privacy Act.
It then goes on to say, “In some circumstances it is appropriate to disclose the identity of a requester to a departmental official...”. There is nothing else in the TBS guideline that indicates that it's appropriate to disclose it to anyone else. The guideline says, in some cases, it's appropriate to disclose it to a departmental official.
So what is TBS's definition of a departmental official?
What we're talking about is that the departmental official would be, for example—and I think this might be an example, Mr. Chairman, that was used by the deputy information commissioner—a pay clerk who would have to know the name of a requester, because the name of the requester is on the cheque, for example. Someone who would be in the ATIP office, for example, who is processing that access request would be the departmental official in question. Anyone who, for example, is on what we call “the delegation tree” would be authorized to know the name of the requester. For example, depending again on the institution, depending on how complicated the institution is, it would potentially be the ATIP coordinator who has delegation. As well, a government institution may have chosen to delegate that authority, that power, to an ADM in the chain and the deputy, again depending on how that would be carried out.
But I take it that the departmental official is an official of the department. So to use your example, if there is a request from Citizenship and Immigration, then the release of the name of the requester could be made to departmental officials within Citizenship and Immigration. Is that correct?
That's correct.
If, for example, it was “I need information that you may have relative to my particular application”, clearly the person who is involved in responding to that access to information request, somewhere within that particular sector of Citizenship and Immigration, would have to know that they were looking for information on Jim Alexander.
I understand.
Let me explain my question. If it is appropriate to release the name in certain circumstances of a person requesting information under the Access to Information Act, according to the Treasury Board guideline as I read it, it has to be within the department that is concerned, and cannot be outside the department. Is that correct?
It's within the department concerned. Because the chain of delegation goes through the minister, it is also possible that the minister would be able to get access to it because of that chain of delegation.
It's the minister in charge. For example, if it was within the Treasury Board Secretariat, it would be the President of the Treasury Board, as the minister responsible for that institution.
Under the legislation, the delegation flows to the minister of the department and down. By saying “the minister", it does not include individuals within the minister's staff, for example.
It would not go to other ministers who are not responsible for that particular institution. There's a minister responsible for each institution. It goes up to one minister, and it does not go sideways into cabinet, under the legislation.
Thank you, Mr. Chairman.
I apologize for being a little late, but that's the maritime weather, and I missed part of your presentation.
Mr. Chairman, I want to thank the witnesses for being here.
I caught the part of your presentation where you discussed the 1999 incident, when there was a similar situation to what's under discussion at present. You indicated in your presentation, as I would guess you did orally, that you issued an implementation report.
Am I correct in understanding that you issued some kind of similar broadcast across the system, if you will, to remind people this situation has happened or has been alleged to have happened, and we want to be careful that you feel there are existing protections in place, and you only wanted to make your civil service aware of the issue? Is that correct?
Yes, Mr. Chairman, the member is exactly correct in that.
We gave a reminder from the secretary of Treasury Board to all the heads of departments and agencies, the 180 or so across there. It was a reminder of that and that their ATIP coordinators had the information on it. We then gave a similar reminder on the implementation report and a restatement of it for the benefit of individuals on that particular issue. We sent both out almost two weeks ago now.
Thank you, Mr. Chairman.
I want to ask the witness, when you heard about this incident that was obviously brought to everyone's attention by the media, were you surprised?
I was surprised at the allegations that there was a name being broadly shared across departments, and so on. I was surprised to hear it.
I was also energized. As the policy authority for that, when you hear it in the morning news or wherever, you know you're going to have a busy day getting to the bottom of it and responding to it.
Not to carry it further, but I'm curious as to whether you were surprised. As the senior administrator in this area, does it worry you? Has your worry now in fact been abated?
The fact that our committee is even discussing it, does that throw “the cold light of day” on a practice that might or might not have been going on?
Mr. Chair, as I've indicated, we really do not believe this is widespread. That being said, one incident is still worthy of a good response to make sure there's a really good understanding, whether or not it's here in this committee, among public servants who will be watching this and tracking what's going on. I think it's a positive thing to actually make sure there's a very good awareness of public servant responsibilities under these two important pieces of legislation.
I see it as a good thing. It brings attention to it and makes sure there's real clarity not only among the ATIP community, because we believe they get it, but more broadly among all public servants in terms of a good reminder on how this works among all the other management policies.
If I could characterize this incident, with a new government coming in would you just describe it as a rookie's mistake?
I'll be interested to see what the results of the investigation that is under way are and see what the response to it is. When you look at the number of public servants who are involved in this and the possibility that individuals may not be fully following the policy, I wouldn't put it down to a change of government or anything like that. I would put it down, really, to this being a complex area in which there are 25,000 things that happen per year. One or two may go wrong, and those we had better fix to make sure it doesn't in any way become systemic.
Yes. I was just inquiring whether we could get a copy of the e-mail I tabled the other day, which provoked the story.
Thank you to our witnesses for appearing before us—
On a point of order, I don't think those have been circulated, Mr. Kenney. I would be interested in seeing it too.
I tabled it so that it could be circulated, but I'm told by the clerk it hasn't been translated, so that's why he couldn't.
[Translation]
[English]
When something comes to the committee in one of the official languages, it is automatic that it proceeds to translation before it is distributed to the members of the committee. It's just an automatic thing, so that no request needs to be made. When Mr. Kenney gave the piece of paper to the clerk, the clerk would have automatically begun the process of translating the document prior to distributing it.
When I looked at the document after Mr. Kenney had tabled it, I noted that there were only about six words in the e-mail that were pertinent to what we were doing, so I asked Madame Lavallée if we could dispense with the translation. She said no, get it translated.
Then you did do what you were required to do, which was to find out whether it needed to be translated. So now it's in the process of being translated.
It's in the process of being translated; however, that doesn't prevent Mr. Kenney from referring to it when he's asking his questions. It's his document.
None of that took any of your time away. Go ahead, Mr. Kenney.
Voilà. Merci. Thank you.
Insofar as Mr. Zed was just asking you to comment with your views of the issue that brought us to this study, the particular case, this is an e-mail.... Are you familiar with the e-mail? It's from Mr. Gregory Jack to various officials.
All right. “Jack, Gregory”; I think the name is Gregory Jack, in any event. I think he's a public servant at the public safety ministry. All members will have a chance to see this, and they've already read summaries in the media. It's effectively just minutes of a conference call between officials of the public safety ministry on March 15 dealing with a number of issues, particularly related to security. It's called the “security and pandemic” call.
The one operative line here that has caused so much concern says: “Noted there will shortly be another Bronskill/CIA Planes article, as new ATIP info is going out from PSEP.” I gather that means Public Safety and Emergency Planning. “The info essentially reiterates that normal procedures were followed and nothing abnormal was discovered.”
This e-mail was then circulated to departmental staff and communications officials on the politically exempt staff side of both PMO and the Minister of Public Safety's office.
When the government made inquiries about this, we were told that the circulation of these minutes of conference calls of officials on communications issues was a standard practice, and that political staff had not requested this information and certainly hadn't requested Bronskill's name, and furthermore, according to the deputy secretary of cabinet at the Privy Council Office, that the officials who used Bronskill's name did not actually know for certain that he was the requester but simply made a deduction or drew an inference from the fact that he had written a series of stories on this issue.
I'm just asking you, if you accept the facts as they've been presented to us and have been presented publicly, is that a plausible explanation of how this name could have ended up being circulated?
I don't know the details, really, beyond what you've read out there, and now that you read the e-mail.... I didn't remember who had actually sent it, but I actually did see a copy of that e-mail.
What does happen, if I can speak to the generalities around it, is that there are a limited number of journalists who write on fairly predictable subjects time after time. And so you know that this journalist writes on these particular things, whether it be pandemic issues, general public service management issues, whatever, and that there are a number of journalists who work in that area.
There also is—and I guess this is what happens—an awareness that, yes, access to information requests come in, articles then get generated one, two, or three weeks later, or whatever, sometimes referring to access to information, and in that context there are individuals who make the supposition that an individual ATIP request that's in, on looking at pandemic or something, may actually be Fred again, who always seems to write on this. So there is that supposition that happens. In any particular case, and I assume the investigation probably will get down to it, is the linkage of the name with a request, which I'll call general knowledge--that Bronskill writes on this; Kathryn May writes on this, and so on--the nature of the linkage, or was there something else that was released there?
To the best of your knowledge, at least in this instance, there was no request from any political staff for the dévoilement of the name?
We've not attempted to gather information on that, in that the Privacy Commissioner had initiated something there at the behest of or after discussions with the President of the Treasury Board. From that perspective, I don't know the details on that one at all, and so I really couldn't speak to that, Mr. Chairman.
You testified moments ago to the effect that the practice of circulating names of requesters was very limited and wasn't a general practice or problem. This doesn't correspond to the testimony given us by Mr. Leadbeater of the Office of the Information Commissioner, who suggested that it is a fairly widespread practice, a long-standing one. He brought to us the Rowat case in 2001. I mentioned to the committee, of course, the Eggleton case in 1999. We had CBC quoting a former Liberal staffer saying that “access requests were routinely obtained during the Jean Chrétien government” by political staff. So we have some evidence, some testimony, that this has been a long-standing practice, and you seem to be contradicting that.
Could you address why you think there might be a contradiction?
The cases you've gone through are the ones that we're aware of as well, and out of 25,000 per year--25,000 in the fiscal year 2004-05--that's the sort of number that we're seeing. In our role in administering the access to information policy, we at Treasury Board Secretariat actually do not know what the sum total of all of the complaints are that are filed with the Information Commissioner. Those go to the Information Commissioner. He reports to Parliament in his annual report, in terms of the administration of the act and how things are going broadly there, and we carefully look at those and deal with officials in his office there.
To the best of our knowledge, and in our experience in dealing with that and looking at those reports year after year, looking at departmental reports, there are very, very isolated incidents like you've described that do happen, but in no way do we see it as widespread, and a widespread practice. We have no indications of that from where we sit in administering the policy or any of the information that we have.
Thank you, Mr. Kenney.
Following up on Mr. Kenney, I haven't seen the document, but in your testimony you said that you had seen it. Does that mean you had seen it at the time that it was originally circulated?
Mr. Chair, I saw it after the media articles. I asked to see if I could see a copy of this particular e-mail to look at exactly what it did say and how it was phrased and what's happening on this--so we can actually figure out how we should respond as a policy centre.
The concern, I guess, was already raised. By the time I saw it, I believe the President of the Treasury Board and the Privacy Commissioner had already talked, and they had indicated that there was an investigation under way. Therefore, I knew someone was going to get to the bottom of it who had the resources and the responsibility for it.
Thank you very much, Mr. Chairman.
Did you hear the exchanges that occurred in Question Period between members of the Liberal Party and Conservative members, yes or no?
[English]
[Translation]
In fact, it was very interesting to listen to those exchanges between the two parties that have held office in the last year, and who have therefore been in power and had ministers' offices with political staff. They both seemed to be saying that it was a well-established procedure for political staff to get together with officials to look at all the access to information requests. As far as I can recall, no one mentioned any names, but I will do my homework and re-read the record of those exchanges.
The fact remains that there seems to be a well-established practice, which neither one denied, involving an exchange of information about ATIP requests in order to determine who is doing what and how, identifying the different categories.
Also, you say that there are very few complaints. It's quite obvious that there aren't many. Personally, I have made access to information requests, but I have no way of knowing whether my name was disclosed. I have no way of knowing whether someone might have disclosed my name. So, it's obvious that there are not going to be many complaints, because people simply are not aware.
On the other hand, you say that you are aware of five cases out of 25,000. You may be right, but you only know about five. However, is it possible that there is a well-established practice that involves going through the most sensitive ATIP requests and simply disclosing the names -- in other words, the names are not necessarily the product of people's suppositions? In fact, I find this whole theory of people simply guessing or assuming that it's a particular person -- I wouldn't want to say far-fetched, I would never say that -- rather strange.
Is it possible that the practice of exchanging this information is well established, that there aren't many complaints because people don't know what's going on, and that you are only aware of five cases because this is a well-established practice and no one ever complains.
Finally, should I not file an access to information request to find out whether there are other e-mails similar to the ones Mr. Kenney tabled here, last week, before the Committee?
Mr. Chairman, I'm going to try and answer those questions.
To my knowledge -- and here I'm referring to Mr. Alexander's and my branch -- there is no such well-established practice. Your comments relate to exchanges between politicians. Personally, I am not aware of the details. I believe Mr. Alexander said that he was not aware of them either. So, I really can't comment on that.
In terms of complaints, of course we are aware of cases brought to our attention, including the one reported that involved Mr. Rowat and others, such as Mr. Eggleton. Indeed, we acted quickly as soon as we learned there was an alleged violation. We issued an implementation report in 1999. That was how we responded.
I don't recall our mentioning specifically that there were five cases; however, we did say there had been a handful.
From the perspective of its role, does Treasury Board see that? Well, our answer would have to be no, we do not see that. On the other hand, if there were 25,000 ATIP requests in 2004-2005 and about 1,500 or 1,600 are subject to further research, the Information Commissioner will report on some of them in his report. That report does not deal with the 1,500 cases per year. With each one, if I understood what Mr. Leadbeater said, the complaint is not the reason for the disclosure of an applicant's name. It may be through investigating another complaint that he realizes that information has been disclosed or that people have talked about it. But the way the system is currently structured, the Commissioner does not report on every complaint. We do not have access to all his investigations and reports, because that is a confidential process. It's a little difficult for us to know as much about this as the Commissioner, because he is really on the ground. He investigates, he can use pressure, he can go in and investigate in a specific area, for example, or about a specific complaint, and then determine whether there is anything else involved; or he may go off in a different direction. I hope that answers your question somewhat.
[English]
Thank you.
Mr. Alexander, you mentioned that your secretariat distributed an e-mail to people throughout the government following the revelation of this e-mail. I have here an e-mail dated September 21 from Wayne Wouters, secretary of the Treasury Board, to deputy heads, copied to ATIP coordinators, reminding them of their obligations under the Privacy Act.
Is this the e-mail you're referring to?
I appreciate that. This is dated September 21. I think the article that provoked this was dated September 20, so it was fairly prompt action.
I understand that the President of the Treasury Board asked officials to remind people throughout the government of their legal obligations. Is that your understanding?
That is correct. The President of the Treasury Board asked that we do so. Fortunately we were in the process as well, but that is why it was out on September 21.
We were very much on the same track. As Mr. Lemieux said, he has worked in this area for quite a while. I've been in the chief information officer branch for a while. This legislation is something we value a lot, and we value the professional administration of it as well.
I'd like to table the e-mail we're referring to. It has been translated.
I referred earlier to Mr. Leadbeater's testimony. He told us—I refer here to the blues of the testimony—there was clearly a case of violation of the Privacy Act in the Rowat case in 1999, which resulted in intimidation by a former deputy minister of a requester of information. Mr. Leadbeater was asked what did he did following this and he said, “... we also found more subterfuge, the use of post-it notes to transmit the identity of the requester. It wouldn't appear on the actual transmittal slips of the file that went forward, but it would be on yellow post-it notes, to be removed later, and so on.”
Is this a practice with which you're at all familiar?
This is not a practice we are in any way familiar with. This is something that is clearly in violation of the Privacy Act and all of the guidelines and directions we have put in place. Privacy coordinators and ATIP coordinators in departments know full well that a practice like that would not be condoned.
We have no evidence or awareness that this practice is under way. We would address it directly if we ever heard of it, likely with the deputy minister if we needed to escalate it beyond the ATIP coordinator. But I would state that it is very hypothetical that such a case exists. It's not something we have any awareness of, and it is contrary to anything we believe in with the administration of this.
Thank you, Mr. Chair.
I appreciate that.
Mr. Leadbeater also testified. I can't find the precise reference here, but I'll paraphrase. He said that it was his understanding that not infrequently requesters of information were intimidated or harassed by government officials following their requests. He made specific allusion to journalists not being allowed to board the Prime Minister's Challenger, or something, because they had been identified as a requester of embarrassing information in the past.
Are you familiar with any instances like this, of requesters of information being harassed as a result of their names being shared?
Beyond the case that was raised in testimony on Monday by Mr. Leadbeater, I'm not aware of any cases that have taken place in the administration of this.
Thank you, Mr. Chair. And thank you also, Mr. Chair, for opening up what I think has been a very useful line of questioning. In fact, I think your questioning was an absolute bombshell here.
I learned something, perhaps the most useful thing so far in this meeting. Under the Treasury Board guidelines, personal information--which includes personal identity, perhaps the most personal information associated with an applicant--could properly get into the hands of the minister. In other words, the authority for ensuring compliance and administering the access to information regime is with the head of a department, but the delegation of authority flows both ways. Ultimately, the person who is responsible is the minister. Therefore, we've just opened the door and may have found the root of the problem.
If there are people reading these Treasury Board guidelines, to say that it's okay for the minister to find out.... And you'd have to be a Pollyanna to think that if one minister knows, the rest of cabinet or at least the PMO doesn't know. Their first loyalty and obligation are to the government they serve.
This is horrifying, frankly. Now I see how the scope and scale of this thing could be epidemic and consist of more than just isolated incidents, if anybody is interpreting it the way we've just seen it.
I'll make a comment, and I'm sure Mr. Lemieux will want to comment, as well.
There is a right to know, just because of the way delegation flows. There is a need to know. That right to know is a right to know that exists for that individual as a minister of that particular department and agency.
He has a right to know, and if he wishes to exercise it and say that he has a need to know, then that could happen.
What we're not aware of and what we don't hear of when we talk to ATIP coordinators is that information of requesters is being shared on any sort of regular basis. In fact, we're not aware that the name of the requester goes to the minister. Theoretically, it is possible that it could go there.
It should not ever go through the minister or go through the minister's staff on the way to the minister, for example.
In our experience--and I think Mr. Lemieux could expand on this a bit more--this is not something that in any way is a widespread practice. But Mr. Lemieux--
I would like Mr. Martin to conduct his own questioning. If he wants to hear from Mr. Lemieux, he will.
Yes, I've been waiting patiently. And I always run out of time.
But I'm starting to see why Mr. Kenney is willingly taking us down these roads. As of this moment, I bet a chill has just gone over the whole ATIP community.
Who would file an access to information request if you can't be guaranteed anonymity? We've just realized that it's completely within the Treasury Board guidelines to tell the minister who filed. What else are we to conclude here? You no longer have any problems with ATIP nuisance requests, Mr. Kenney, because the bombshell has just gone off in the community: no one is safe, no one is protected, and ministers have a right to know who asked. You'd have to be an idiot to think a minister is not going to share that with other ministers.
If I can add to what Mr. Alexander has said, the policy and guidelines on access to information and privacy follow the legislation. Under the legislation it says that the head of the institution--in this case, the minister--has the right to know.
I always thought the head of the institution was some lower-level person, but you're right, ultimately the head is the minister, or his assistant.
That's right. So the minister does not get rid of his right to process a request, or whatever. So whether or not he or she does, just with the workload given CIC, for example, which gets so many requests, they may not choose to exercise that.
So when the minister gets this red-flagged ATIP that says, amber alert, caution, this is really a potentially dangerous request here, and he sends his assistant running down the stairs to the ATIP coordinator saying, “Who filed this goddamned request?”, that's completely okay by what you've just outlined, because that's all within the chain of command and the responsibility of the head of the institution and their right to know who filed the request.
I can clarify on that. The delegation instruments go to individuals and not to offices and support staff, so the individual who has a right to know is the minister. The special assistant who comes down asking does not have a right to know.
The delegation instruments are available, but the delegation--and I can't speak across the 180, and Mr. Lemieux may be able to clarify for me--as far as we know, does not ever go into the minister's staff. It is there with the minister, with the individual there, and then it goes to the ATIP coordinator or to the variety of ATIP coordinators, depending upon the structure there, but it does not flow through to political staff.
Thank you, Mr. Chair.
And thank you, Mr. Alexander and Mr. Lemieux, for coming out and giving this presentation.
I was looking through your presentation. On page 2, at the fourth bullet, would you please clarify what this issue is that we are talking about? You talk about the recent allegations. Could you explain which case that is, because there might be some members here who might not be familiar with it.
Mr. Chair, that particular paragraph raised by the honourable member is referring to the e-mail and the subsequent press coverage and so on that Mr. Kenney raised in that particular e-mail there.
In all of our experience we see this as a very remote case, and the Privacy Commissioner is doing the investigation into that.
How many times do you think that has happened under the new minority Conservative government in the last nine months?
This is the only case that has been brought to our attention in our role of administering the policy.
Then I am a little troubled with the conflicting information that Mr. Alexander is bringing to us and the Privacy Commissioner. He said that this is the routine process in the present Conservative government under Mr. Harper.
Order, please, through me.
I just want to clarify your question, Mr. Dhaliwal. You're referring to whom when you say that the--
It was the Privacy Commissioner. He said that this is a process, that these types of requests are shared with the government on a regular basis. Isn't that true?
You're likely referring to Mr. Leadbeater, who is from the information commissioner's office. He's the deputy information commissioner.
Mr. Jason Kenney: I have a point of order.
The Chair: And the point of order probably is that he didn't say that.
Yes, Mr. Kenney.
Well, he did not say what Mr. Dhaliwal paraphrased in his original question. Mr. Leadbeater definitely did not describe this as a regular practice limited to the current government; he did generalize and say that this was a practice he had seen under five administrations.
Whatever he said is available in the blues and will be available in the original record. What he said, he said, and we'll be able to check that.
Now, given that, and given that you had an opportunity to make your comment, Mr. Dhaliwal, what question flows from that?
We believe that training, communication, and working with our professional ATIP community and reminding them of their obligations and the procedures through which they happen are the best ways, from where we sit within Treasury Board Secretariat, of ensuring that the legislation and the various regulations and guidelines under it are respected.
From that perspective, when an item pops up like this issue--the Bronskill e-mail and so on--that's something we'll take very seriously. We'll send out a reminder, make sure that our guidance and the training we have on that is really clear. For the 500 people out there working on this, it's really developing a body of knowledge and a practice. That's what we see as really being the most effective.
The role of the privacy and information commissioners in reporting to Parliament and bringing visibility to cases that are actually happening we see as extremely useful, as well. That allows us to refine and pinpoint any gaps there might be in the professional body of knowledge on this.
Thank you, Mr. Chair.
All right, good.
We now go to anyone on the government side, if they have any questions. Feel free not to ask a question if you don't want to.
Thank you, Mr. Chair, and through you to our witnesses.
On the point that Mr. Martin raised, I want to go back to your earlier testimony, specifically to the Privacy Act. You outlined that the general principle with respect to the use and disclosure of personal information is that it essentially needs to be contained within the same purpose for which it was collected and/or for a purpose that's consistent with that. So the mere revelation of that personal information, even to the minister, wouldn't necessarily be inconsistent with the scope of the Privacy Act.
Could you comment on that?
The minister is the head of the institution and has the right to know, basically, what's going on with the access requests, including the name, if he or she chooses. The provision you're referring to is section 8 of the Privacy Act. Section 8 contains the disclosure provisions. Generally speaking, the way the framework of the act works is that you're allowed to disclose with the consent of the individuals. It then lists a series of instances when you can share without the consent of the individual concerned, including the one you referred to, which is a consistent use.
There are a lot of others. For example, there's paragraph 8(2)(e), which says that you can disclose the name of an individual to legal services for a specific purpose. Public interest is another one--subparagraph 8(2)(m)(i)--where you may want to disclose personal information, and that's perfectly correct within the regime that exists.
The comment made by another honourable member about the minister who is in a position to disclose it, for example.... He or she may be able to disclose it under another provision of subsection 8(2), which would be perfectly legitimate for the purposes of the Privacy Act.
So there may be instances when personal information comes in--I'm not just talking about the identity of the requester--when it is appropriate to share it if you can fit it into the provisions. The Privacy Commissioner, as well, in 1997 I believe it was, indicated that there were instances when it was perfectly legitimate to release the information if it fell into those section 8 provisions.
I hope that helps.
Thank you for that.
One other theme you talked about in your earlier testimony is the responsibility that the Treasury Board Secretariat has for training. Could you give us an idea of how broad a program that is, how much training activity in fact goes on in the ATIP community across these 180 organizations and 500 ATIP coordinators? Could you give us a sense of that?
Mr. Chair, we would be very pleased to respond to the honourable member's question on that.
There were, we believe, over 400 people--some of them possibly multiple attendees--who last year attended some of the regular training courses that we put on. We have a cycling series of subjects. We would have what we call just “lunch and learn”, two to three hours, where if you particularly want to learn about this section, the administration of that section, then we would be running those.
They're basically happening pretty well every week and are available for the access officials throughout the community. We see that as a really key thing in making sure we have a very good, strong professional group there who are very well aware of their obligations under this and how to administer this effectively and promptly.
Thank you, Mr. Stanton.
Going back, if I may, to the guidelines that you have, and reading further than I did, because I don't want to leave any particular impressions necessarily, your guidelines say, “In some circumstances”--I say, in some circumstances, not all circumstances--“it is appropriate to disclose the identity of a requester to a departmental official for a consistent purpose such as...”. And then some examples are given.
Now, putting aside the minister, who is at the head of the department and presumably could know whatever the minister wants to know and is under secrecy and whatever, I'm concerned about the wording. It says “for a consistent purpose”. I looked at that and didn't quite figure out what “consistent purpose” means.
I looked at the French version. The French version says,
[Translation]
“for a consistent purpose”.
[English]
It makes sense to me, if you have a logical purpose for giving the information to the departmental official. I think “logical” makes more sense than “consistent” in the English term, and I'd suggest that you consider that.
But in any event, your guideline makes it clear, it would seem to me, that you just can't willy-nilly give the information or the name to a departmental official. It has to be for some logical purpose in following up the access to information request. And then you give some examples, but that's not exhaustive.
Am I more or less understanding the guideline correctly?
Absolutely, Mr. Chairman, that is the case.
Mr. Alexander referred to the training that's given on a consistent basis. We have people who answer cold calls on both the access and the privacy side--and the security side, too, I might add--and we have service standards. We are diligent in getting that information out.
For example, we will have 100-level courses for new members of the ATIP community where they get the basics, but we will have specific courses tailored, for example, on personal information, in which case, of course, this issue would be front and centre. But there are others, where there is a need, such as on advice and recommendation or on solicitor-client privilege, and so there are some tailored courses that are given there.
What I'm getting at is, according to the guidelines that I am reading, it is anticipated by TBS that there are some circumstances in which the disclosure of the identity of the requester is appropriate, but by no means all or indeed most of the time. Am I reading it correctly that way?
That's correct, Mr. Chair. You're entirely correct to say that "consistent" , as you read it there, is sort of a loaded word. That probably means something, and your highlighting of the translation brings that to the fore.
One of the purposes then of the training we do for new coordinators, and that would happen on the job.... When you see "consistent” used there, it means that it's really only for the purpose for which it was first gathered. So it's the examples that are listed. There may be examples that are more specific to a particular department and the sorts of requests that are there. The head ATIP coordinator would be responsible for making sure the administration of that was done entirely appropriately.
But if I can summarize, it is for a consistent and therefore a very restricted use that it's there. It is not in any way broadly shared. Just because you know, guess what, we can share it, in no way is it that. It is very restrictive, and ATIP coordinators are very well trained to know what that phrase means.
Not to prolong this, but I'm a lawyer. There is a professional helpline in the Law Society of Upper Canada. If a lawyer has a problem or a potential ethical dilemma, there's a hotline they can call and ask an independent third party for some opinion.
Is there such a hotline where an ATIP person who encounters something they might not exactly know how to deal with can immediately call, on a 24/7 basis, or something like that?
Yes, absolutely. We do have individuals whose task it is, among others, to field calls from the ATIP community on various issues. That is ongoing.
We have service standards. We have for example, 24 hours to respond to the calls. We're quite rigid, recognizing that there are time delays here. This is a discipline where we need to sort out a bunch of issues so you're in a position to respond within 30 days. That's not a lot of time when you consider weekends, etc. We're quite proud about the service we provide in that regard, in addition to our timelines that we follow.
Okay. Thank you.
I have Mr. Peterson, Mr. Martin, and Mr. Dhaliwal. Does anybody else want to speak?
[Translation]
Mr. Chairman, I was listening to Mr. Martin earlier talk about some major soul searching being in order in relation to what we have just learned.
But when you look at the origins of the Access to Information Act, it seems to me that the goals were all focussed on transparency. The idea was for the Government to be more transparent and enhance public trust.
It's funny, but when I look at the examples, and specifically situations such as these, I have the feeling that we're actually dealing with the reverse situation. If the public were to find out what is going on, I'm not sure that their confidence would be greater; it seems to me it would decline.
We were also talking about the amber light process whereby, when ATIP requests are filed, all across Government there is an analysis of the requests that have been filed under the Access to Information Act. As a result, people look at them and prepare strategies for responding to them that, in a way, are specifically tied to the information request in a specific department, even though this is a process that normally occurs under any government.
By the way, I should mention that I drew my information from an article written by Mr. Allister Roberts, a university professor, and published in Public Ethics; he carried out a number of studies and filed access to information requests with a view to proving his assertions. At the Privy Council level, he says that the amber light process should not delay requests for answers. But in actual fact, based on his studies, the response time for ATIP requests is not always met. That is the case for 40 per cent of requests from political parties, for 38 per cent of requests from the media, and only 17 per cent of requests from other sources. It seems to me that this is fairly important information to look at as we try to determine why it is that ATIP requests from the media and political parties are delayed. Is it to allow time to develop an appropriate strategy or prevent the media from accessing the information too quickly?
That's my question. Are you aware of this?
Mr. Chairman, we are aware of the studies carried out by Mr. Roberts. If you look at the analysis, in terms of his references to ATIP requests -- and I want you to know I'm not questioning his credentials as a university professor -- you often see that requesters, reporters and the media ask questions on subjects that may not be routine. Is it necessarily because it's a reporter, a politician or someone else making the access request that there is this delay, or it is because it may be a complex issue?
The other thing I would like to add is that, under the Access to Information Act, the Information Access Office has 30 days to process the access request or, under section 9 of the Access to Information Act, it can ask for extensions. The coordinator has to ascertain the complexity of the file request within a 30-day timeframe. Under the current regime set out in the Act, we cannot say, after 45 days, for example, that we improperly established the timeframe for a response. We said it should take 60 days, but really it's going to take 90 days. We have to consult an embassy in another country or go through another process. So, it becomes very complicated. And based on the regime that is currently in place, we are somewhat bound by the extension that we request right from the outset. That may be one of the factors contributing to the fact that the Access to Information Office makes mistakes or may be late responding, where very complex files are concerned. That is one of the important factors.
In other jurisdictions, that may not be the case. But we cannot come back after the fact and say that we realized it was much more complicated than we originally thought, that there is a whole avenue we didn't see initially, and ask for a second opportunity to revise our estimate. That is not the case. So, as I say, we are somewhat bound by the timeframe that we set at the beginning of the process.
[English]
We have no statistics on that whatsoever. It's not information we have tried to gather and it's not information that comes our way. We're not aware that it's a regular practice. On the other hand, it's not something we are surveying on.
But you've informed all your ATIP community that they do have a right to pass this information on to the minister.
If I can clarify, Mr. Chair, in terms of the delegated instruments, the delegation and how it flows there, it's very clear that because the person higher on the chain is the one who's actually responsible and accountable, even if it's been delegated, then implicitly there's a knowledge of it. To my knowledge--and Mr. Lemieux has a longer history than I do--we have never informed that it's.... I'll call it that “positive communication” that you indicated. We have never gone forward to ATIP coordinators to say it's okay. The communication that we sent out was very pointed, to say that the information is there and is governed by the Privacy Act, and if they have questions about that, they're the coordinators--or come to us.
All the ATIP officers would know exactly what Mr. Martin knows. What you told us today is that the ministers do have a right to find out the identity of the requester.
The ATIP officers very clearly would know what their rights and obligations are under the access to information legislation and the privacy legislation.
They would know they have the right to indicate to anyone in the delegation chain if asked who the requester is, because that person up top is the one who is accountable for the administration of it. That includes the administration and the safeguarding of the information. Even if that minister does get it, that minister is still bound by the privacy legislation that exists.
I'm sorry, Mr. Peterson, are you asking the witness for his personal opinion? Because he's here as a department head.
Treasury Board runs this whole program, and I think we can benefit a great deal from your experience. One of the reasons for not disclosing the name of a requester is that there could be retribution taken against this individual in many ways. I'm sure ministers wouldn't, but the potential is there.
So I'm asking you, based on your experience in administering this, with a view to allowing access without retribution, do you feel it would be a good idea to preclude any of the minister's staff or the minister from learning the name of a requester?
Mr. Chair, in response to that, as a public servant, my duty and my obligation is to administer the laws and the legislation as passed by Parliament.
I guess what Mr. Peterson is asking you is whether in your personal opinion you think the act should be amended in some way to indicate that the personal name of a requester should not be made available to the minister. If you don't have a personal opinion, don't hesitate to say so.
Mr. Chair, on a subject like that, I don't have a personal opinion, and I think that's really a policy decision that the government and parliamentarians can and do, from time to time, engage in.
It's certainly an issue we've identified here, and we, as a committee if we chose to, could make certain recommendations, obviously.
Go ahead, Mr. Peterson.
If the minister for the Treasury Board, Mr. Baird, came to you and said we want the best law possible, I can't imagine there's anybody better qualified than you are, as the people responsible for this whole area, to suggest changes to the minister.
There is a very good, strong ATIP community, and with our colleagues in Justice we provide advice to the minister when we are asked about things like this. We have in the past and will continue to do so.
I guess you would agree with Mr. Peterson's characterization that you're one of the very best people to give advice to the minister on this subject.
Thank you.
Chair, I'd simply say that the anonymity of the applicant is a fundamental cornerstone of freedom of information laws. That has to be our starting point, the premise, the foundation of everything that we stand for and believe in, if we're fighting for the right to know and for freedom of information. What you've told us today changes everything.
I used to think I was somewhat of an authority on this issue, as I've been engaged in it for at least the last four or five years. But I didn't know that. To me, life as we know it will never be the same in the access to information community, as you put it.
In fact, I think as of this moment there's going to be a chill on freedom of information requests based on what we've learned at this meeting. This is devastating. We, as a committee, should be really concerned. It's shocking to me, because the retribution can go both ways too. It's not just the applicant who has to fear retribution; it's the access to information coordinator who may say no to a minister because he thinks it's morally or ethically repugnant to disclose the name of the applicant.I think we've opened up a real can of worms here.
I want to thank you for your testimony today and for your interpretation of it. In your presentation on page 6, you say, “Heads of government institutions are responsible for ensuring...” access to government information, etc. It never occurred to me for a minute that that goes all the way up to a minister's right to know who the applicant is.
I don't know if I even have a question, Mr. Chair, other than to say that I thought we were in for a dry, boring presentation, a statement of the status quo and the law as it stands, so we could all start with the same base-level information. In actual fact, our committee has a lot of work to do if that's the status quo. Freedom of information laws in this country are in tatters.
Mr. Martin, it goes beyond that, because I began my questioning by quoting the privacy person, and the privacy person said clearly that there's nothing in the Access to Information Act that specifically indicates that the name of a requester cannot be disclosed. That's what shocked me, that Parliament passed an act 20 or 25 years ago—whenever it was—and either didn't deal with that issue, didn't think of it, or implicitly rejected protecting the identity in that act. That may be something we as a committee will want to make a recommendation on later. Maybe they thought it would be sheltered under the Privacy Act—
That's the answer we got yesterday, Mr. Chairman. I asked the same question of the Information Commissioner's deputy when he was here, saying, do you mean there's nothing in the ATI act that specifically precludes or protects the privacy of the applicant? They said no, it's the Privacy Act that protects the privacy of the applicant.
Just for the record, the Privacy Act is clear in the sense that the revelation of a requester can only be disclosed, in the context of the act—and I can't remember the section, I'm sorry—expressly for the same purpose for which it was collected or a purpose that's consistent with that purpose. We heard very clearly in our last meeting that in fact there is a scope within which that name can be used, within the context, within the department. That was very clear to me. However, it's only when the revelation of that requester goes beyond that scope that in fact the Privacy Act has been breached.
Just a minute; I'm dealing with a point of order, which isn't necessarily a point of order.
The privacy person specifically said, “That said, however, the matter could be a violation of the Privacy Act.” They didn't say it “would be” a violation of the Privacy Act. That's why there's an investigation to examine all of the circumstances.
I don't think it's a point of order, but I think your point is right.
Mr. Martin.
Madame Lavallée, and that's it.
Oh, I'm sorry, Mr. Dhaliwal. I'm going to give you two minutes, so that we'll have Madame Lavallée for two minutes.
Thanks, Mr. Chair. I'll make sure I'm within two minutes.
Mr. Chair, it's very disturbing to hear today that these five groups Mr. Lemieux mentioned.... If we look at the spirit of the act, if the identity of a requester of information is disclosed to the minister and his staff, then these five groups will lose confidence and trust in the system, and nobody will be coming forward to enable access to the information. In fact, I echo Mr. Martin's comments here as well, that we have to do something about it so that we can regain the confidence and trust of those people who want to access the information, under the Privacy Act.
[Translation]
I have two very brief questions that you can answer with a yes or a no.
Are there subcategories in your inventory or just categories? For example, under the media category, there is no subcategory.
That answers my first question. Second, could we consider providing the ATIP requester with the list of people who asked to know his identity? For example, when the information is provided, there would be a form with a list of people who wanted to know the requester's identity. Of those people, there would be the Minister's staff, the Minister, and so on.
In answer to your second question, the Access to Information Act deals with existing documents. If a document existed -- in whatever institution you care to choose -- and you filed an access to information request with that department or institution, a list of the type you have just described would be subject to the Access to Information Act. In other words, that document would be recovered by the Access to Information Office and reviewed to see whether any exceptions apply under the Act. Where appropriate, that information would be disclosed to you and there would be portions severed from the document.
Perhaps my question wasn't clear. What I was asking was whether it would be possible to provide the requester with a list of the names and titles of any individuals who wanted to know his identity.
Mr. Chairman, it's not that I'm trying to be obstinate here, but the list you have referred to has to exist. The document must exist. To my knowledge, no such document actually exists. Of course, I am not in a position to go and check that in every single institution.
[English]
[Translation]
[English]
Thank you very much, Mr. Alexander and Mr. Lemieux. It has been a very interesting meeting, truly, and we appreciate your effort to answer our questions directly. Hopefully we'll work together to make sure that access to information request privacy is protected.
Thank you very much. We're adjourned.