Date of decision: February 23, 2026

Summary

An institution submitted an application seeking the Information Commissioner’s approval to decline to act on an access request under subsection 6.1(1) of the Access to Information Act. In the institution’s opinion, the access request is an abuse of the right of access.

The Commissioner finds that the institution did not establish that the access request at issue is an abuse of the right of access.

The application is denied.

Application

Under subsection 6.1(1) of the Access to Information Act, the head of a government institution may seek the Information Commissioner’s written approval to decline to act on an access request if, in the head of the institution’s opinion, the request is one or more of the following:

• Vexatious;
• Made in bad faith;
• An abuse of the right to make a request for access to records.

Institutions may not decline to act on access requests for the sole reason that the requested information was already proactively published under Part 2 of the Act (subsection 6.1(1.1)).

The institution bears the burden of establishing that the access request meets one or more of the requirements under subsection 6.1(1).

If the institution establishes that one or more of the requirements of subsection 6.1(1) apply, the Commissioner must exercise her discretionary power to either grant or refuse the application.

In exercising her discretion, the Commissioner will consider all relevant factors and circumstances, including:

• The quasi-constitutional nature of the right of access;
• The public interest in the records sought;
• Whether the institution met its obligations under subsection 4(2.1) to make every reasonable effort to assist a requester in connection with their request.

Access request at issue

On September 23, 2025, the institution sought the Commissioner’s approval to decline to act on an access request it had received on August 27, 2025. The access request is the following:

1. all Microsoft Teams messages sent during the noted timeframe (EX-1 and up). Exclude personal information and messages related to IT support; release all otherwise severable material.
2. Any official Microsoft Teams usage and/or retention policies or guidelines.
3. The “Teams usage report” and “Teams user activity report” for specified time period.

Timeframe: May 26, 2025 to present day (August 27, 2025).

The institution claimed that the access request is an abuse of the right of access.

Is the access request an abuse of the right of access?

The Act provides requesters with a right to access information under a government institution’s control—a right that should not be abused.

The Commissioner considers an abuse to have occurred when an access request exceeds the limits of the legitimate exercise of that right. When determining whether a request is abusive, she focuses on the scope, nature and cumulative effect of the request, including the following:

• Whether the request is repetitive or overly broad;
• Whether the request was made with a purpose other than obtaining documents or information;
• Whether acting on the request would overburden the institution and/or obstruct the institution’s ability to respond to other access requests (and, therefore, affect other requesters’ right of access) or both.

The Commissioner may also consider the institution’s efforts, if any, to help the requester determine what information they want and/or narrow the scope of their request. She may also consider the requester’s responses to such efforts, including the extent to which they have demonstrated a willingness to work with the institution.

The institution argued that the access request at issue is an abuse of the right of access because it would overburden it.

The institution explained that it has eleven staff whose positions are EX-01 and above and that, according to statistics published by Microsoft in June 2025, the average worker receives 153 Teams messages per day. The institution calculated that from May 26, 2025, to the date the request was received (August 27, 2025), there were 66 workdays, which amounts to 10,098 Teams messages per employee or 111,078 messages in total. The institution then doubled the amount to account for outgoing messages, for a total of 222,156 Teams messages, which will have to be compiled, reviewed for recommendations, redacted and sent for consultation. The institution explained that, even if it were to reduce the amount by 50% to account for duplicates (such as messages sent internally between two executives who are subject to the request), it could not process the request; processing the request would be “operationally catastrophic.”

The institution anticipates that there would be significant consultation required, as every program area has executive staff who work on a variety of initiatives that would likely be discussed over Teams. The institution claimed that operations in these areas would be stalled as executives would need to dedicate considerable time to retrieving and compiling their Teams logs; it would be unable to accommodate this request while also completing existing taskings from the Minister of the Environment. The institution also claims that the Director Generals and President have already committed to travel, meetings and public engagements which would make fulfilling this request within the legislated time limit impossible.

As to its access to information and privacy (ATIP) office, the institution explained that it has existed as an independent institution for less than a year, and has not yet had the opportunity to build its ATIP capacity to a point where complying with such a broad request would not overburden it and/or obstruct its ability to respond to other access requests (therefore affecting other requesters’ right of access). The institution’s ATIP unit consists of two employees, namely one indeterminate full-time analyst and one casual full-time lead analyst. The institution explained that it currently has two open ATIP requests that both encompass a large volume of records. The first consists of 400 pages and requires five external consultations, and the second is estimated to consist of 700 pages and requires ten external consultations so far. The institution explained that it does not have a case management software set up, and so that it is extremely limited in how quickly it can process requests (as it must manually collect and compile all the documents before review can even begin). According to the institution, the access request at issue would take away valuable processing time from its other requesters who are already waiting for their documents. The institution’s ATIP unit also has other operational tasks it fulfills daily, such as coordinating and collecting the institution’s documents for proactive disclosure and developing ATIP-related policies and procedures. These operations would also be obstructed by the access request at issue.

The institution explained that it does not have precedence to draw upon to demonstrate its processing capacity, as it did not fulfil any access requests during the 2024/2025 fiscal year (as is demonstrated in its Annual Report to Parliament). The first request was received during the reporting period but was carried over into the current fiscal year due to the volume of records. However, based on the number of affected employees and the average number of Teams chats sent per day, the institution considers that it is inevitably beyond what it is capable of processing without either a lengthy time extension or setting aside all other work to focus solely on this request.

The institution also stated that, while the requester has made some efforts to narrow the scope of their request, it simply remains too broad to respond to without causing a significant impact on its legislated timelines for other ongoing access requests, which it is already struggling to meet. The institution attempted to have the wording of the request amended to include or exclude subject matter, either of which would make the request more manageable, but the requester was firm on the scope after their first and only amendment. The only subject matter they agreed to exclude was messages related to IT support as part of this amendment.

Discussion

The Commissioner will now examine whether the institution has convinced her that the access request at issue is an abuse of the right of access.

In their response, the requester pointed out that the institution used a global report from Microsoft as the basis for its estimate and that it is unclear how this survey translates to the Canadian federal government—especially considering that most departments say Teams should only be used for transitory communications. The requester also asserted that Teams can quickly issue reports that show the actual number of messages sent by employees and that these reports were obtained from other federal institutions, showing that the average federal government employee sends between 12 and 23 messages per day, including weekends.

The Commissioner agrees with the requester on these issues. It is unclear to her why the institution decided to rely on a global report to estimate the number of responsive records, when Teams can issue the actual number of messages. An application under subsection 6.1(1) is a serious matter and requires clear and compelling evidence. The Commissioner finds that the evidence provided by the institution is not up to par.

Moreover, she also agrees that the number of responsive records appears to be inflated. In addition to the points mentioned by the requester, the Commissioner notes that the institution’s calculation is based on the number of messages received, which the institution claims it must double to account for outgoing messages and then reduce by 50% to account for duplicates. This calculation lacks merit, as it does not logically flow from the actual scope of the request, which seeks only messages sent. Moreover, the institution’s estimate does not appear to take into consideration the possibility that employees may receive significantly more messages than they send, particularly in group chat settings where an employee may receive numerous messages for each one they send.

As the institution’s estimated number of records cannot be relied upon, the impact of the request on the institution’s operations cannot be reliably assessed. This is sufficient for the Commissioner to conclude that the institution has failed to meet its onus to show that the request is an abuse of the right of access. However, the Commissioner will briefly address other deficiencies in the institution’s arguments and evidence.

The institution argued that the request would have an important impact on its executive employees, given that they would have to provide recommendations and “dedicate considerable time to retrieving and compiling their Teams logs”. While the executive staff would likely need to provide recommendations, the institution has offered no explanation as to why they – as opposed to the institution’s Information Technology employees – would also have to retrieve and compile the Teams logs. The institution also argued that its ATIP capacity is limited because it has been subject to the Act for only slightly more than a year, employs only two full-time employees, and has received in total two other requests representing approximately 1100 pages of responsive records. These facts are neither contested nor consequential: it is the responsibility of the institution to ensure that it has the operational capacity to comply with the requirements of the Act when it is subject to it. A request does not constitute an abuse of the right to make an access request simply because the institution has not yet implemented its case management software or developed the capacity to process the request. Additionally, the current combined workload of 1100 pages shared between two analysts does not suggest that the institution’s resources are at capacity.

Based on the above, the Commissioner concludes that the institution has not demonstrated that the access request at issue amounts to an abuse of the right of access.

While the institution has not demonstrated that responding to the request would overburden it, the Commissioner encourages the parties to continue collaborating to narrow the scope of the request, as proposed by the requester in their representations.

Decision

The institution has not established that the access request met one or more of the requirements of subsection 6.1(1).

Therefore, the application is denied.