Department of Justice Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Breadcrumb trail

  1. Home
  2. Information and Privacy

Institutional links

The Laws Site
Laws
Search Canada's consolidated statutes and regulations

THE OFFICES OF THE INFORMATION AND PRIVACY COMMISSIONERS: THE MERGER AND RELATED ISSUES

Part III: Challenges of the Current Model

Introduction

I have concluded that merging the offices of the Information and Privacy Commissioners or cross-appointing one person to preside over both offices would likely have a detrimental impact on the policy aims of the federal access to information and privacy statutes. If the Government and Parliament nevertheless decide to adopt the one commissioner model, I have recommended that the transition take place gradually, and only after the challenges facing the current access and privacy regimes have been thoroughly studied and addressed. As I have stressed, the limited confines of this review preclude anything other than cursory comment on these challenges. In any event, many of the them are well-known and have been raised, discussed and debated by others, including the federal Access and Privacy Commissioners, the Access to Information Review Task Force, academics, and various advocacy groups. I nevertheless believe that it may be helpful to outline a few of the most important challenges in this Report, and in so doing I have not hesitated to borrow heavily from the existing literature.

Cultivating Access and Privacy Values in Government

Perhaps the most important lesson to be gleaned from 22 years of experience with federal access to information and privacy legislation is that the greatest progress in furthering the goals of the legislation is achieved when government institutions (and in the context of PIPEDA, private organizations) internalize the values of privacy and access and devise mechanisms to promote those values in every relevant aspect of the institutions' activities. While effective complaints resolution processes are indispensable to achieving the legislation's objectives, they are limited in their ability to effect transformative change.[101] Such change requires a genuine commitment by government to openness and transparency in the service of democratic accountability and a similar commitment to the principle that information collected about individuals is private and should, with a minimal number of overriding reasons, be used only for the purpose for which it is collected.

These rights are not likely to be adequately respected by bureaucracies, government or otherwise, unless they are nurtured. This is an especially challenging task on the access to information front. Federal government institutions have traditionally been very reluctant to expose themselves to external scrutiny.[102] There is often a pervasive fear of the embarrassment that such exposure may cause to the institution, its employees, and its political masters.[103] Moreover, in doing their jobs, public servants are primarily interested in performing the tasks assigned to them in the most expeditious manner possible. They may consequently consider access demands as impediments to the efficient performance of their work. [104] Managers may also be concerned that releasing sensitive information will chill the kind of vigorous and frank internal communication necessary for effective public administration.

There is undoubtedly a need for certain kinds of government information to remain confidential. This need is reflected in the many exemptions to access set out in the Access to Information Act. The Act itself proclaims, however, that as a general rule "government information should be available to the public," and that "necessary exceptions to the right of access should be limited and specific."[105] If this legal principle is to have its full effect, however, the bureaucracy must experience a profound cultural shift. As stated in the Delagrave Report:

Since the Act came into force in 1983, debate has centred largely on the design of exemptions, interpretation of the various provisions, and denouncing instances of non-compliance. Government efforts have focused mainly on publishing implementation guidelines, recruiting and training access officers and putting in place processes and systems needed to handle a growing volume of requests, and meet legislated deadlines. Neither at the time the Act came into force, nor since, has there been a comprehensive strategy to raise awareness of, and support for, access to information in the federal public service.[106]

Though some progress has been made toward cultivating a culture of access,[107] much more remains to be done. The Government should make it clear to its senior officials that access should be provided "unless there is a clear and compelling reason not to do so," as the Premier of Ontario recently instructed his Ministers and Deputy Ministers.[108] There is also a need for government institutions to develop sound information management systems,[109] ensure adequate training for access officials,[110] and create proactive dissemination policies encouraging institutions to publish information before it becomes subject to formal access requests.[111] Perhaps most critically, incentives should be put in place rewarding employees for complying with access requests and recognize the importance of facilitating access to the department's success.[112]

A cultural shift is also required on the privacy side. Though the federal government has made significant strides in incorporating privacy concerns into the legislative and policy development process,[113] more attention needs to be paid to the implications of its myriad programs involving the sharing, matching, and outsourcing of personal information.[114] And as with access to information, better training and the development of privacy management frameworks will also aid in fostering what the federal Privacy Commissioner has called a "culture of compliance" in the public service.[115] As the Commissioner stated in her excellent submission to this review, these initiatives "should be designed to help departments protect the personal information they control by identifying the inherent risks and how to mitigate those risks" and ensure that "privacy management is better integrated with mainstream management practices."[116]

Legislative Reforms

In the main, the challenges to the access and privacy regimes mentioned so far call out for extra-legal solutions; that is, solutions stemming from administrative and cultural innovations. There is also a need, however, for extensive legislative reform. The Government has committed itself to introducing a package of reforms to the Access to Information Act,[117] and in 2006 Parliament will undertake a mandatory statutory review of PIPEDA.[118] In addition, Privacy Commissioner Stoddart has called for a comprehensive review of the Privacy Act and has made a number of specific suggestions for reform.[119] This Report is not the place to explore the multitude of issues surrounding these initiatives. What may be useful, however, is to highlight some of the reform proposals, related to the roles of both the Information and Access Commissioners, that have come to prominence in the course of this review.

Advising on Policy and Legislation

As discussed, both the Information and Privacy Commissioners have considered it to be part of their mandates to comment on the potential impacts of various legislative and policy proposals. The Privacy Commissioner has been particularly active on this front in recent years. Unlike the legislation in some of the provinces,[120] however, neither the Access to Information Act nor the Privacy Act refers to this important function. I, therefore, recommend that both statutes be amended to specifically empower the commissioners to comment on government programs affecting their spheres of jurisdiction.[121] Ideally there should be a corresponding duty imposed on government to solicit the views of the commissioners on such programs at the earliest possible stage. To ignore the commissioners until they raise the issue or it otherwise becomes public serves the interests of neither the commissioners nor the government.

  • [101] See generally Canadian Human Rights Act Review Panel, Promoting Equality: A New Vision ( Ottawa: The Panel, 2000), ch. 5, "Internal Responsibility Model."
  • [102] See Delagrave Report, supra note 2 at 157-58; Alasdair Roberts, "New Strategies for Enforcement of the Access to Information Act" (2002), 27 Queen's Law Journal 647. The federal Information Commissioner has gone so far as to say that there is an entrenched "culture of secrecy" in government. See Delagrave Report, ibid. at 3; Information Commissioner of Canada, supra note 69 at 4.
  • [103] See Roberts, ibid. at 648.
  • [104] See Delagrave Report, supra note 2 at 159.
  • [105] Access to Information Act , s. 2(1).
  • [106] Delagrave Report, supra note 2 at 158.
  • [107] See ibid. at 159.
  • [108] See Information and Privacy Commissioner/ Ontario, Annual Report 2004 ( Toronto: The Commissioner, 2005) at 1.
  • [109] See Delagrave Report, supra note 2 at 141-55. A sound information management system would include, for example, a requirement to document and substantiate justifications for invoking exemptions to access and privacy obligations. See Information Commissioner of Canada, supra note 69 at 27. Such a system would also demand that records be kept in a manner that facilitates their disclosure. Notably, s. 16 of the Quebec public sector access and privacy statute, supra note 55, requires public authorities to classify their documents "in such a manner as to allow their retrieval," establish and keep up to date "a list setting forth the order of classification of the documents," and ensure that the list is "sufficiently precise to facilitate the exercise of the right of access."
  • [110] See Delagrave Report, supra note 2 at 128-129. Recently, the Faculty of Extension at the University of Alberta, with the support and participation of the Information Commissioner of Canada, has developed a comprehensive, online certificate program for access and privacy administrators. I urge the federal government to make greater use of this resource and second Information Commissioner Reid's call for the development within the public service of knowledge standards, codes of conduct, and professional accreditation for information rights specialists. See Information Commissioner of Canada, supra note 69 at 8. The Information and Privacy Commissioners, I would add, also have a strong role to play in educating public servants about their responsibilities under the Acts. See Delagrave Report, supra note 2 at 93.
  • [111] See Delagrave Report, supra note 2 at 94 and 134-35.
  • [112] Ibid. at 161.
  • [113] See Privacy Commissioner of Canada, supra note 37 at 9.
  • [114] See ibid. at 7, 19-20, 23.
  • [115] See ibid. at 23, 27. See also Privacy Commissioner of Canada, supra note 71.
  • [116] Privacy Commissioner of Canada, supra note 71.
  • [117] See Department of Justice, Canada "A Comprehensive Framework for Access to Information Reform: A Discussion Paper" (April, 2005). The Information Commissioner has also written a draft Bill for Parliament's consideration. See Information Commissioner of Canada, "Opening Remarks to Standing Committee on Access to Information, Privacy and Ethics" (25 October, 2005), available at www.infocom.gc.ca/speeches/speechview‑e.asp?intSpeechId=116.
  • [118] PIPEDA, s. 75.
  • [119] See Privacy Commissioner of Canada, supra note 37 at 17-26.
  • [120] See e.g. B.C. FIPPA, supra note 55, s. 42(1)(f)-(h); Alberta FIPPA, supra note 55, s. 53(1)(f) and (g); Ontario FIPPA, supra note 55, s. 59(a).
  • [121] The Access to Information Task Force recommended that the Access to Information Act be amended to explicitly provide the Information Commissioner with a mandate to provide advice to government on access issues. See Delagrave Report, supra note 2 at 94.
Date Modified: 2012-08-03

Top of Page
Important Notices