WxT Language switcher

Canada Post (Re), 2025 OIC 33

Date: 2025-06-06
OIC file number: 5823-03707
Access request number: A-2023-00044

Summary

The complainant alleged that Canada Post had improperly withheld information under subsections 19(1) (personal information) and 18.1(1) (trade secrets of Canada Post), and paragraph 20(1)(b) (confidential third-party financial, commercial, scientific or technical information) of the Access to Information Act in response to an access request. The request was for the final version of a health and safety strategy report for Canada Post delivered by DuPont Sustainable (DSS) and any related invoicing. The allegation falls under paragraph 30(1)(a) of the Act.

The third party deferred to Canada Post’s position about the application of paragraph 20(1)(b). Canada Post could not show that certain information met all the requirements of subsection 18.1(1) and paragraph 20(1)(b). With respect to paragraph 20(1)(b), it did not show that some of the withheld information was not publicly available, that it was supplied by the third party, or that there was a reasonable expectation of confidentiality.  Under subsection 18.1(1), Canada Post did not show that the information was a trade secret or that it was the confidential financial, commercial, scientific or technical information of Canada Post.

The Information Commissioner ordered that Canada Post disclose certain information.

Canada Post gave notice to the Commissioner that it would implement the order.

The complaint is well founded.

Complaint

[1]        The complainant alleged that Canada Post improperly withheld information under subsections 19(1) (personal information) and 18.1(1) (trade secrets of Canada Post), and paragraph 20(1)(b) (confidential third-party financial, commercial, scientific or technical information) of the Access to Information Act in response to an access request. The request was for the final version of a health and safety strategy report for Canada Post delivered by DuPont Sustainable (DSS) and any related invoicing. The allegation falls under paragraph 30(1)(a) of the Act.

[2]        During the investigation, the complainant decided it was no longer necessary for the Office of the Information Commissioner (OIC) to investigate routine banking information. Specifically, the routing number, bank account number and SWIFT code which appear in the invoice on page 30 are not at issue in this investigation.

Investigation

[3]        When an institution withholds information that includes information related to a third party, the third party and/or the institution bears the burden of showing that refusing to grant access is justified.

[4]        The OIC gave DSS the opportunity under paragraph 35(2)(c) to provide representations showing why the information should not be disclosed. In its representations, DSS deferred to Canada Post’s position that the information withheld under paragraph 20(1)(b) and subsection 18.1(1) should not be disclosed. DSS also provided representations which it believes demonstrate that subsection 19(1) (personal information) applies to the withheld information in the invoice record.

[5]        During the investigation, Canada Post provided its initial reasoning for withholding portions of the records based on subsection 18.1(1), subsection 19(1), and paragraph 20(1)(b). However, when asked by the OIC to provide additional representations in support of its refusal of access, Canada Post failed to respond.

[6]        The OIC notified DSS pursuant to subsection 36.3(1) of my intention to order Canada Post to disclose the information at issue. DSS did not respond to the notification

Subsection 19(1): personal information

[7]        Subsection 19(1) requires institutions to refuse to disclose personal information.

[8]        To claim this exemption, institutions must show the following:

  • The information is about an individual—that is, a human being, not a corporation.
  • There is a serious possibility that disclosing the information would identify that individual.
  • The information does not fall under one of the exceptions to the definition of “personal information” set out in paragraphs 3(j) to 3(m) of the Privacy Act (for example, business contact information for public servants).

[9]        When these requirements are met, institutions must then consider whether the following circumstances (listed in subsection 19(2)) exist:

  • The person to whom the information relates consents to its disclosure.
  • The information is publicly available.
  • Disclosure of the information would be consistent with section 8 of the Privacy Act.

[10]      When one or more of these circumstances exist, subsection 19(2) of the Access to Information Act requires institutions to reasonably exercise their discretion to decide whether to disclose the information.

Does the information meet the requirements of the exemption?

[11]      Canada Post applied subsection 19(1) to withhold information on page 30, which is an invoice billed from DSS to Canada Post for consultation services rendered in support of a Canada Post Safety Culture project. It is the understanding of the OIC that the only information claimed to fall within the scope of subsection 19(1) is the name of the contact person, their email, and telephone number on page 30.

[12]      I am satisfied that the information which Canada Post redacted under subsection 19(1) on page 30 is:

  1. about an individual;
  2. there is a serious possibility that disclosing the information would identify that individual; and
  3. the information does not fall under one of the exceptions to the definition of “personal information” set out in paragraphs 3(j) to 3(m) of the Privacy Act.

[13]      Consequently, I conclude that the information meets the requirements of subsection 19(1).

Did the institution reasonably exercise its discretion to decide whether to disclose the information?

[14]      Since the information meets the requirements of subsection 19(1), Canada Post was required to reasonably exercise its discretion under subsection 19(2) to decide whether to disclose the information when one or more of the circumstances described in subsection 19(2) existed when it responded to the access request.

[15]      Upon considering the information at issue, as well as the totality of representations made by DSS and Canada Post, I am satisfied that the name, email and personal phone number of the DSS contact person, as found on the DSS invoice (at page 30 of the responsive records), is not publicly available, consent was not provided to release this information and disclosure would not be consistent with section 8 of the Privacy Act.

[16]      I conclude that the circumstances set out in subsection 19(2) did not exist when Canada Post responded to the access request. There is no need to examine the issue of discretion.

Paragraph 20(1)(b): confidential third-party financial, commercial, scientific or technical information

[17]      Paragraph 20(1)(b) requires institutions to refuse to disclose confidential financial, commercial, scientific or technical information provided to a government institution by a third party (that is, a private company or individual, but not the person who made the access request).

[18]      To claim this exemption, institutions must show the following:

  • The information is financial, commercial, scientific or technical.
  • The information is confidential.
  • The third party supplied the information to a government institution.
  • The third party has consistently treated the information as confidential.

[19]      When these requirements are met, and the third party to whom the information relates consents to its disclosure, subsection 20(5) requires institutions to reasonably exercise their discretion to decide whether to disclose the information.

[20]      In addition, when the requirements are met, subsection 20(6) requires institutions to reasonably exercise their discretion to decide whether to disclose the information for public health or public safety reasons, or to protect the environment, when both of the following circumstances (listed in subsection 20(6)) exist:

  • disclosure of the information would be in the public interest; and
  • the public interest in disclosure clearly outweighs any financial impact on the third party, any prejudice to the security of the third party’s structures, networks or systems, or competitive position, or any interference with its contractual or other negotiations.

[21]      However, subsections 20(2) and 20(4) specifically prohibit institutions from using paragraph 20(1)(b) to refuse to disclose information that contains the results of product or environmental testing carried out by or on behalf of a government institution, unless the testing was done for a fee for an individual or an organization other than a government institution.

Does the information meet the requirements of the exemption?

[22]      Paragraph 20(1)(b) was applied to the following information on an invoice billed by DSS to Canada Post (see page 30 of the responsive records):

  • Canada Post’s Invoice Number and Customer Account Number;
  • A Project Number, Consulting Agreement Number, Customer PO Number;
  • Payment Terms;
  • DSS’s Invoice Subtotal, Tax, and Grand Total; and
  • DSS’s GST/HST number.

Is the information financial, commercial, scientific or technical?

[23]      In the decision Merck Frosst Canada Ltd. v. Canada (Health), 2012 SCC 3, the Supreme Court of Canada stated that the terms “financial, commercial, scientific or technical” should be given their ordinary dictionary meanings.

[24]      I am satisfied that the information at issue is financial and / or commercial information, as those terms are ordinarily understood. The first requirement for exemption under paragraph 20(1)(b) is therefore met.

Is the information confidential?

[25]      In order for paragraph 20(1)(b) to be applied, the information must be objectively confidential. In Air Atonabee Limited v. Canada (Minister of Transport), [1989] F.C.J. No. 453 (F.C.T.D), the Federal Court outlined three specific sub-criteria, each of which must be met, for the information to be considered confidential:

  • the information is not otherwise available from public sources;
  • the information originates and is communicated with a reasonable expectation of confidence that it will not be disclosed; and
  • the relationship between the government and third party is not contrary to the public interest and will be fostered for public benefit by keeping the information confidential.

[26]      Considering the first sub-criterion for confidentiality, I find that some of the information at issue is available from public sources. In particular, the first part of DSS’s GST and HST numbers can readily be found online on Canada’s Business Registries and the Innovation, Science and Economic Development website.

[27]      I conclude that portions of the HST and GST number that reflect what is available online are publicly available and therefore do not meet the first sub-criterion of objective confidentiality. I accept that the remaining information is not publicly available, meeting the first sub-criterion for objective confidentiality.

[28]      Considering the second sub-criterion for confidentiality, I find that it has not been demonstrated that any of the information withheld under paragraph 20(1)(b) was provided to Canada Post with a reasonable expectation of confidence that this information would not be disclosed. DSS indicated in its representations that pricing information for its services is treated as confidential consistently with the provisions of the agreement it had with Canada Post. Following receipt of these representations, Canada Post was asked for a copy of this agreement for my assessment of confidentiality provisions but failed to provide it.

[29]      Even if a confidentiality agreement were shown to cover information supplied by DSS to Canada Post, it would not be determinative of whether the information meets the requirements of paragraph 20(1)(b), as all other requirements of the exemption must also be met.

[30]      As noted in Merck, while the proponent(s) of the exemption must establish the exemption applies on a balance of probabilities, “what evidence will be required to reach that standard will be affected by the nature of the proposition the [proponent of the exemption] seeks to establish and the particular context of the case.” (para. 94)

[31]      In these circumstances, I have received no objective evidence demonstrating Canada Post had any obligation of confidentiality regarding the consultation services it contracted for. I required objective evidence demonstrating this sub-criterion was met with regards to the information at issue. The parties failed to provide such evidence.

[32]      Finally, the third sub-criterion requires the relationship between the government and the third party to not be contrary to the public interest, and the relationship be fostered for public benefit by keeping the information confidential. In its representations, DSS offered that disclosing the information would not be in the public interest, as the purpose of the information is to allow for the proper administration of a government-procured contract.

[33]      I am unconvinced by this position, given that in the present situation, DSS provided a service to Canada Post in exchange for payment. When public funds are involved, the Courts have found there may be less expectation of confidentiality, and that disclosure is often in the public interest (see: Canada Post Corp. v. Canada (Minister of Public Works and Government Services), 2004 FC 270 at paragraph 40; AstraZeneca Canada Inc. v. Canada (Health), 2005 FC 189, para. 76, aff’d in 2006 FCA 241).

[34]      Neither party offered compelling representations to demonstrate the relationship would be fostered for public benefit by keeping the information confidential.

[35]      In light of the above, I conclude that the conditions of objective confidentiality have not been shown to be fully met for any of the information at issue. As a result, the second requirement for paragraph 20(1)(b) to apply has not been met.

Was the information supplied by a third party to a government institution?

[36]      Turning to the third criterion of paragraph 20(1)(b), I agree that the invoice itself was produced by the third party and supplied to Canada Post. However, in its representations, DSS acknowledged that some of the information in the invoice originated with Canada Post, within the context of its contractual relationship with DSS. DSS indicated that information originating from Canada Post includes the invoice number, the customer account number, the project number, the consulting agreement number and the customer PO number.

[37]      Information contained within an invoice can be a result of negotiation between parties. The question of whether information has been supplied by a third party to a government institution is focused on the content of the information, rather than its form (Merck Frosst Canada Ltd. v. Canada (Health), 2012 SCC 3, paras. 156-159). The case law under the Act demonstrates that negotiated terms do not constitute information that is supplied by a third party (Canada Post Corp. v. National Capital Commission, 2002 FCT 700, para. 14; see also: Halifax Developments Ltd. v. Minister of Public Works, (1994) FCJ No. 2035 (QL) (F.C.T.D.).

[38]      Apart from the contact information pertaining to the DSS employee, which meets the criteria for subsection 19(1), as well as the payment terms, the GST and HST number, and the invoice total, the remainder of the withheld information appears to have originated from Canada Post or could be the result of negotiation. I therefore conclude that the third requirement for exemption is not met.

Has the third party consistently treated the information as confidential?

[39]      The final requirement for paragraph 20(1)(b) requires that the information has consistently been treated as confidential by the third party.

[40]      While DSS made reference to confidentiality provisions, it did not provide significant representations to indicate how it safeguards this information within or outside its own company, other than to indicate that the information is “typically” not shared with the public. I have therefore not received sufficient representations to conclude that the information is consistently treated as confidential.

[41]      With regard to DSS’s GST and HST numbers, DSS did not establish that it consistently maintains the confidentiality of these numbers. During the investigation, DSS conceded that this information could be disclosed.

[42]      In light of the above, I conclude that none of the information meets all the requirements for exemption under paragraph 20(1)(b).

Subsection 18.1(1): trade secrets of Canada Post, confidential financial, commercial, scientific or technical information of Canada Post

[43]      Subsection 18.1(1) allows institutions to refuse to disclose trade secrets or confidential financial, commercial, scientific or technical information belonging to the Canada Post Corporation, Export Development Canada, the Public Sector Pension Investment Board and VIA Rail Canada Inc.

[44]      To claim this exemption with regard to trade secrets, institutions must show the following:

  • The information is a trade secret—that is, a plan or process, tool, mechanism or compound that possesses all four of the following characteristics:
    • It is secret—that is, it is known only by one or a relatively small number of people.
    • The institution intended to treat the information as secret.
    • The information has industrial or commercial application.
    • The institution has an interest worthy of legal protection (that is, an economic interest).
  • The trade secret belongs to one of the four above-named institutions.
  • That institution has consistently treated the information as confidential.

[45]      To claim this exemption with regard to financial, commercial, scientific or technical information, institutions must show the following:

  • The information is financial, commercial, scientific or technical.
  • The information belongs to one of the four above-named institutions.
  • That institution has consistently treated the information as confidential.

[46]      When these requirements are met, institutions must then reasonably exercise their discretion to decide whether to disclose the information.

Does the information meet the requirements of the exemption?

[47]      Canada Post relied on subsection 18.1(1) to concurrently withhold information contained within the invoice on page 30 as described in the analysis of paragraph 20(1)(b). It also relied on this subsection to withhold the substance of much of the contents of a PowerPoint presentation on pages 2, 9, and 11-28, dated October 3, 2023, prepared for Canada Post by DSS.

[48]      Having reviewed the information at issue and considered the representations received, I am not satisfied that any of the information at issue is a “trade secret” within the ordinary meaning of the term. More specifically, it is not clear how any of the information withheld under paragraph 18.1(1)(a) constitutes “a plan or process, tool, mechanism or compound” that is not only secret and intended to be treated as such, but also has industrial or commercial application over which Canada Post has an economic interest worthy of legal protection. In this regard, I note that while the information at issue makes reference to plans and / or the development of plans, it does not include details that could give rise to an industrial or commercial application for which Canada Post would have an economic interest worthy of protection. In turn, it is my view that not even the first criterion of a “trade secret” is met.

[49]      Canada Post indicated that the records are sensitive, strategic financial and commercial records of a substantial value to the corporation. I have gone on to consider whether any of the information at issue is financial, commercial, scientific or technical information, that belongs to and has consistently been treated as

[50]      confidential by Canada Post, thereby still falling within the scope of paragraph 18.1(1)(a).

[51]      In doing so, I accept that some of the information appears to be financial, commercial, scientific or technical in nature, such as the subtotal, tax amount, and grand total on the invoice, as well as the information on pages 9, 16, 18, 21, 25 and 27 of the records.

[52]      However, some of the information does not appear to be financial, commercial, scientific or technical, on page 2, 12, 9 and 14-28 (headings), p. 15 (first, second, seventh bullet), p. 22 (fourth and fifth bullet), p. 23 (first bullet), and p. 24 (first bullet).

[53]      Turning to the next requirement of paragraph 18.1(1)(a), it is clear that the invoice amounts, withheld on page 30 of the responsive records, were prepared by DSS and do not belong to Canada Post.

[54]      As for the remaining information, given that the deck was prepared and presented by DSS, it is also not clear that this information “belongs to” Canada Post. [55] For example, while DSS’s comments on page 28 appear to provide insight or guidance into summarizing key points of the health and safety plan, these comments themselves appear to have been provided and summarized by the third party. Canada Post noted in its initial representations that it worked with DSS for 9 months to develop the plan using DSS’s proprietary concepts, tools and experts. This suggests that the information is co-created, and does not necessarily belong solely to Canada Post.

[56]      I am also not satisfied that all of the information withheld under paragraph 18.1(1)(a) has consistently been treated as confidential by Canada Post. In this regard I note that details pertaining to some of the information on page 9 is publicly available in the Canada Post Corporation 2019-2023 Corporate Plan.

[57]      Canada Post noted that only one small part of the Health and Safety strategy is shared broadly within Canada Post, entitled the “Health & Safety Improvement Plans”, to ensure that the plans are deployed and achieved. While Canada Post indicated that the responsive records outline a current and future Health & Safety Strategy which has never been shared with anyone other than the Board and the Members of Executive Council (MEC), Canada Post indicated that it spoke with hundreds of employees when it was putting the plan together with DSS. This suggests that the existence of the plan and varying details of its implementation carry less of an expectation of confidentiality given that it’s an analysis of Canada Post’s overall Health and Safety strategy which, presumably, will be implemented by managers and leaders across Canada Post.

[58]      Canada Post raised the concern that the records, generally, show where “gaps” exist in the company, which is not for public knowledge. It should be noted, however, that Canada Post openly identified risk areas in its 2022 and 2023 Annual Reports, including risks pertaining to a lack of employee knowledge and competency, inconsistent application of standards, employee turnover, and lack of rule enforcement. Canada Post has ergo publicly identified where some of these gaps exist.

[59]      Finally, subsection 18.1(2) specifically prohibits institutions from using subsection 18.1(1) to refuse to disclose information that relates to the general administration of Canada Post. As per the Treasury Board Secretariat (TBS) manual, since the term “general administration” is not further defined in the Act, it takes its ordinary meaning: the management functions associated with administering an organization.

[60]      Therefore, information that relates to the general administration of the four Crown corporations and their wholly owned subsidiaries includes information related to human resources, training and development, information management and technology, management activities (including strategic planning and performance management, audits and evaluations), management of assets, security and any other information related to the management of the institution. Information within the slides, as described above, appears to pertain to policies and procedures for information management, emergency responses, and incident responses. Such information appears to be related to the general administration of Canada Post Corporation as described by TBS.

[61]      In light of the above, and in light of the lack of response to my office’s request for representations from Canada Post to support the application of subsection 18.1(1), I conclude that the information does not meet the requirements of the exemption.

Outcome

[62]      The complaint is well founded:

[63]      Canada Post did not demonstrate that paragraph 20(1)(b) applied to:

  • Some of the withheld information that is publicly available.
  • Records for which not all of the withheld information was supplied by the third party to Canada Post.
  • Records for which Canada Post and DSS did not demonstrate that there was a reasonable expectation of confidentiality for all of the withheld information. For more details, see the analysis under paragraph 20(1)(b) in my initial report – “Is the information confidential” and “Has the third party consistently treated the information as confidential?”

[64]      Canada Post did not demonstrate that subsection 18.1(1) applied to:

  • Records that were not demonstrated to be confidential trade secrets.
  • Records that were not demonstrated to have industrial or commercial application.
  • Records where it was not demonstrated that the institution has an interest worthy of legal protection (that is, an economic interest).
  • Records that were not demonstrated as containing financial, commercial, scientific or technical information.
  • Records that were not demonstrated to have been consistently treated as confidential by the institution.

Orders

I order the President of Canada Post to disclose some information for which the following exemptions were applied:

Paragraph 20(1)(b)

  1. Disclose the information on page 30 with the exception of the information described under subsection 19(1) and the information that the complainant has agreed is not at issue (banking information).

Subsection 18.1(1)

  1. Disclose the information on pages 2, 9, 11, 12, 14, 15-28, and 30.

Initial report and notice from institution

On May 30, 2025, I issued my initial report to the President of the Corporation setting out my order.

On June 3, 2025, the Director of Access to Information and Privacy gave me notice that Canada Post would be implementing the order.

Review by Federal Court

When an allegation in a complaint falls under paragraph 30(1)(a), (b), (c), (d), (d.1) or (e) of the Act, the complainant has the right to apply to the Federal Court for a review. When the Information Commissioner makes an order(s), the institution also has the right to apply for a review. The complainant and/or institution must apply for a review within 35 business days after the date of this report. When they do not, third parties may apply for a review within the next 10 business days. Whoever applies for a review must serve a copy of the application for review to the relevant parties, as per section 43. If no one applies for a review by these deadlines, the order(s) takes effect on the 46th business day after the date of this report.

Other recipients of final report

As required by subsection 37(2), this report was provided to DSS.

Date modified:
Submit a complaint