WxT Language switcher

Public Safety Canada (Re), 2026 OIC 5

Date: 2026-01-14
OIC file number: 5822-06512
Access request number: A-2022-00177

Summary

The complainant alleged that Public Safety Canada (Public Safety) had improperly withheld information under subsection 19(1) (personal information) and paragraph 20(1)(b.1) (third party emergency management plans) of the Access to Information Act. This was in response to an access request for user agreements to issue or accept emergency alerts through the national public alerting system since 2009. The allegation falls under paragraph 30(1)(a) of the Act. During the investigation, the complainant decided it was no longer necessary for the Office of the Information Commissioner (OIC) to investigate the application of subsection 19(1) or the information withheld on pages 1-12. Neither Public Safety nor the third party was able to demonstrate that the information met the requirements of the exemptions as the records consist of negotiated agreements and therefore are not considered to have been supplied to a government institution by the third party. The Information Commissioner ordered Public Safety to disclose the records at issue in their entirety, other than the information withheld under subsection 19(1). Public Safety gave notice to the Commissioner that it would implement the order. The complaint is well founded.

Complaint

[1]The complainant alleged that Public Safety Canada (Public Safety) had improperly withheld information under subsection 19(1) (personal information) and paragraph 20(1)(b.1) (third party emergency management plans) of the Access to Information Act. This was in response to an access request for user agreements to issue or accept emergency alerts through the national public alerting system since 2009. The allegation falls under paragraph 30(1)(a) of the Act.

[2]During the investigation, the complainant decided it was no longer necessary for the Office of the Information Commissioner (OIC) to investigate the application of subsection 19(1) to withhold information. The complainant further decided it was not necessary for the OIC to examine the exemptions applied to withhold information on pages 1-12.

Investigation

[3]When an institution withholds information related to a third party, the third party and the institution bear the burden of showing that refusing to grant access is justified.

[4]The OIC sought representations from the third party, Pelmorex Communications (Pelmorex) and Public Safety pursuant to section 35 of the Act. Pelmorex maintained that the information should remain withheld under paragraph 20(1)(b.1) and suggested that paragraph 20(1)(b) (confidential third-party financial, commercial, scientific or technical information) also applies.

[5]Public Safety stated that there could be some intellectual property and competitive position considerations which would be more pronounced now that the government (in Budget 2025) plans to renew the model for the National Public Alerting System and disclosure could provide potential competitors with insights into the design of the Pelmorex product. Public Safety conceded that all of the information on page 28 and portions of the information on pages 28-31, 34 and 36, including subheadings, signatures and portions of the notice requirements do not meet the requirements of the exemptions. Public Safety also invoked subsections 16(2) (facilitating the commission of an offence) and 19(1) (personal information) to withhold information previously withheld under paragraph 20(1)(b.1).

[6]The OIC also notified Pelmorex, pursuant to subsection 36.3(1), of my intention to order Public Safety to disclose the information at issue. Pelmorex did not respond.

Paragraph 20(1)(b.1): third-party emergency management plans

[7]Paragraph 20(1)(b.1) requires institutions to refuse to disclose information that is supplied in confidence to a government institution by a third party for the preparation, maintenance, testing or implementation by the government institution of emergency management plans within the meaning of section 2 of the Emergency Management Act and that concerns the vulnerability of the third party’s buildings or other structures, its networks or systems, including its computer or communications networks or systems, or the methods used to protect any of those buildings, structures, networks or systems.

[8]To claim this exemption, institutions must show of the following:

  • The information concerns critical infrastructure information—that is, information about the vulnerability of the third party’s buildings or other structures, its networks or systems (including computer or communication networks or systems) or the methods used to protect that infrastructure.
  • The information was supplied to a government institution by the third party.
  • The information was supplied in confidence—that is, with the understanding that it would be treated as confidential.
  • The information was supplied for the preparation, maintenance, testing or implementation by the institution of emergency management plans, as defined in section 2 of the Emergency Management Act.

[9]When these requirements are met, and the third party to whom the information relates consents to its disclosure, subsection 20(5) requires institutions to reasonably exercise their discretion to decide whether to release the information.

[10]In addition, when the requirements are met, subsection 20(6) requires institutions to reasonably exercise their discretion to decide whether to release the information for public health or public safety reasons, or to protect the environment, when both of the following circumstances exist:

  • disclosure of the information would be in the public interest; and
  • the public interest in disclosure clearly outweighs any financial impact on the third party, any prejudice to the security of the third party’s structures, networks or systems, or competitive position, or any interference with its contractual or other negotiations.

Does the information meet the requirements of the exemption?

[11]Public Safety withheld two agreements between Pelmorex and the government of Canada, in their entirety, pursuant to paragraph 20(1)(b.1).

[12]Paragraph 20(1)(b.1) requires, among other things, that the parties demonstrate the information at issue was “supplied … to a government institution by a third party”. While there is no caselaw interpreting paragraph 20(1)(b.1), the courts have interpreted analogous wording set out in paragraph 20(1)(b). According to this jurisprudence, to be supplied to a government institution by a third party, it must be shown that the information originated from the third party and was conveyed or provided to a government institution. This requires a consideration of the content of the information, rather than simply its form (Merck Frosst Canada Ltd. v. Canada (Health), 2012 SCC 3 at paras. 156-158 (Merck Frosst)).

[13]In addition, information that consists of negotiated agreements or mutually agreed upon terms generally cannot be considered to have been supplied by the third party. (American Iron & Metal Company Inc. v. Saint John Port Authority, 2023 FC 1267 at para 48-49 (American Iron); Canada Post Corp. v. National Capital Commission, 2002 FCT 700 at para. 14; Halifax Developments Ltd. v. Minister of Public Works, [1994] FCJ No. 2035 (FCT). The exception is when it can be shown that disclosure of a negotiated agreement or mutually agreed upon term would permit an accurate inference to be drawn regarding information actually supplied by a third party (Clowater v. Canada (Industry), 2024 FC 916 at para 59; see also: Aventis Pasteur Ltd. v. Canada (Attorney General), 2004 FC 1371, at para 25-26).

[14]In this case, the information at issue consists of two agreements between Pelmorex and the government of Canada for the provision of specific services by Pelmorex.

[15]When asked to explain the basis upon which Pelmorex asserted that it had supplied the information found in the Agreements to the government institution, Pelmorex stated that only the user agreement between Public Safety and Pelmorex can be considered as being supplied to a federal government institution by Pelmorex.

[16]Pelmorex did not further elaborate on its position. Nor did Public Safety explain how negotiated terms could be considered supplied by Pelmorex in this instance.

[17]While Pelmorex may have supplied specific information that informed the terms of the Agreements, it has not been established that any portions of the agreements reflect any information actually originating from the third party and conveyed or provided to a government institution.

[18]On its face, the agreements consist of mutually agreed upon terms. As neither Pelmorex nor Public Safety offered any cogent explanation of how the disclosure of any portions of the agreements would permit any accurate inferences regarding information supplied by a third party to a government institution, it has not been shown that any of the information can be considered to have been “supplied …to a government institution by a third party”, so as to meet this requirement of paragraph 20(1)(b.1).

[19]As paragraph 20(1)(b.1) is conjunctive, meaning each requirement must be met, I conclude that information cannot be withheld under paragraph 20(1)(b.1). (See American Iron at para 54).

Paragraph 20(1)(b): confidential third-party financial, commercial, scientific or technical information

[20]Paragraph 20(1)(b) requires institutions to refuse to disclose confidential financial, commercial, scientific or technical information provided to a government institution by a third party (that is, a private company or individual, but not the person who made the access request).

[21]To claim this exemption, institutions must show the following:

  • The information is financial, commercial, scientific or technical.
  • The information is confidential.
  • The third party supplied the information to a government institution.
  • The third party has consistently treated the information as confidential.

[22]When these requirements are met, and the third party to whom the information relates consents to its disclosure, subsection 20(5) requires institutions to reasonably exercise their discretion to decide whether to disclose the information.

[23]In addition, when the requirements are met, subsection 20(6) requires institutions to reasonably exercise their discretion to decide whether to disclose the information for public health or public safety reasons, or to protect the environment, when both of the following circumstances (listed in subsection 20(6)) exist:

  • disclosure of the information would be in the public interest; and
  • the public interest in disclosure clearly outweighs any financial impact on the third party, any prejudice to the security of the third party’s structures, networks or systems, or competitive position, or any interference with its contractual or other negotiations.

[24]However, subsections 20(2) and 20(4) specifically prohibit institutions from using paragraph 20(1)(b) to refuse to disclose information that contains the results of product or environmental testing carried out by or on behalf of a government institution, unless the testing was done for a fee for an individual or an organization other than a government institution.

Does the information meet the requirements of the exemption?

[25]Although Public Safety did not apply paragraph 20(1)(b) to withhold the Agreements, Pelmorex is of the view that it applies to the records in their entirety.

[26]As with paragraph 20(1)(b.1), paragraph 20(1)(b) specifies that the information must be supplied to the government institution by the third party. As noted above, while Pelmorex may have supplied information that informed the negotiations and the development of the Agreements, the information in the Agreements itself consists of negotiated terms developed and agreed upon by both parties and therefore does not consist of information supplied by the third party.

[27]As such, I am not satisfied that this criterion has been met. As a result, I do not need to assess whether the information meets the requirements of the remaining criteria for paragraph 20(1)(b) to apply.

Subsection 16(2): facilitating the commission of an offence

[28]Subsection 16(2) allows institutions to refuse to disclose information that, if disclosed, could reasonably be expected to facilitate the commission of an offence.

[29]To claim this exemption, institutions must show the following:

  • Disclosing the information (for example, information on criminal methods or techniques, or technical details of weapons, as set out in paragraphs 16(2)(a) to (c)) could facilitate the commission of an offence.
  • There is a reasonable expectation that this harm could occur—that is, the expectation is well beyond a mere possibility.

[30]When these requirements are met, institutions must then reasonably exercise their discretion to decide whether to disclose the information.

Does the information meet the requirements of the exemption?

[31]During the investigation, Public Safety invoked subsection 16(2) to withhold the DocuSign envelope identification number at the top of the agreement at pages 29-31, 34 and 36. Public Safety stated only that, in its view, this identification number can be used to access the document. No additional information was provided to demonstrate that there is a reasonable expectation that this could occur.

[32]I note that, according to the DocuSign website, an individual can only access a document using the envelope identification number if they were the sender or recipient of the document or if the document was shared with them. As a result, I am not convinced that disclosing the DocuSign envelope identification number could reasonably be expected to facilitate the commission of an offence

[33]I therefore conclude that the information does not meet the requirements of the exemption.

Outcome

[34]The complaint is well founded.

Order

I order the Minister of Public Safety and Emergency Preparedness to disclose the records at issue in their entirety (pages 13-41), other than the information withheld under subsection 19(1).

Initial report and notice from institution

On January 2, 2026, I issued my initial report to the Minister of Public Safety and Emergency Preparedness setting out my order.

On January 5, 2026, the Manager of the Access to Information and Privacy Operations Unit gave me notice that Public Safety would be implementing the order.

Review by Federal Court

When an allegation in a complaint falls under paragraph 30(1)(a), (b), (c), (d), (d.1) or (e) of the Act, the complainant has the right to apply to the Federal Court for a review. When the Information Commissioner makes an order(s), the institution also has the right to apply for a review. The complainant and/or institution must apply for a review within 35 business days after the date of this report. When they do not, the third party may apply for a review within the next 10 business days. Whoever applies for a review must serve a copy of the application for review to the relevant parties, as per section 43. If no one applies for a review by these deadlines, the order(s) takes effect on the 46th business day after the date of this report.

Other recipients of final report

As required by subsection 37(2), this report was provided to Pelmorex Communications.

Date modified:
Submit a complaint