2009-2010 2. Effectively investigating to ensure requesters’ rights are respected

Access to information is essential to government transparency and accountability. It informs citizen participation and contributes to a healthy democracy. Through our developing expertise and streamlined approach, and by using the full range of tools we have available to us, we made effective interventions on behalf of citizens seeking information from the federal government. As a result, Canadians gained access to more—and more complete—information.

Our focus on investigations brought clarity to our approach. The analysis we performed of our caseload allowed us to develop administrative strategies to complete more investigations efficiently and effectively. Beyond this, however, we acknowledged that we had to make the best possible use of all the tools we have at our disposal to encourage institutions to live up to their obligations under the Access to Information Act and to take strong action when required. To that end, we made it clear that we would, if necessary, compel institutions to provide records to us. The Information Commissioner initiated a number of complaints and made formal recommendations to the heads of institutions, all in an effort to produce maximum compliance. This year also marked the first time ever that the Commissioner referred a case to the Attorney General of Canada for review and possible prosecution (see “Without a trace”). At the same time, we also dedicated ourselves to collaborating with all stakeholders—complainants and institutions alike—to resolve access issues.

Below are some examples of noteworthy investigations we completed in 2009-2010 that feature both of these approaches.

Making full use of our powers

We have strong investigative powers under the Access to Information Act, and we invoke them as needed when addressing complaints. For example, we may be required to compel an institution to provide the records we need to carry out a proper investigation—or at least remind it that we have the power to do so (see “Missed Commitments”). After arriving at a finding, we might be required to make a series of formal recommendations to the head of an institution regarding the complaint (see box, below). When we suspect serious legal wrongdoing, we also have the power to refer a case to the Attorney General of Canada for review and possible prosecution.

By using our full range of powers, we make effective interventions on behalf of requesters to ensure that institutions comply with the Act. For example, in four cases this year, the Commissioner had to issue a report of a well founded complaint with recommendations to the head of the institution concerned. As shown in the case summaries below, three of the four cases were ultimately resolved but one was not. (See also “Justification is required” and “Missed commitments” in Chapter 3.)

When a “hair scrunchie” is a state secret


National Defence received a request in July 2007 for a list of personal grooming items found in the possession of Afghan detainees, “such as combs, razors, cosmetics, hair scrunchies, etc.” National Defence refused to release any information on the grounds that doing so would threaten national security (section 15), and in order to protect personal information (section 19). The requester then complained to us about this denial of access.

During the investigation, National Defence claimed another exemption related to protecting individuals’ safety (section 17) as justification for withholding some information.

Resolving the complaint

We did not agree with National Defence’s assessment of the risk to national security should the list be released. However, we did support its decision to withhold the detainees’ names and assigned numbers, as well as the names of the Canadian Forces members identified on the list to protect their safety and that of their families. We also agreed that the detainees’ names and assigned numbers were personal information.

The institution stood firm in its position to not release the grooming items. This left the Commissioner no choice but to issue a report to the Minister informing him that she considered the complaint to be well founded and recommended that National Defence release the grooming items. The institution accepted our recommendation. It released not only the list of grooming items but also the information relating to the military personnel, since it no longer considered such information to be a threat for these individuals.

Lessons learned

Several institutions apply the national security exemption with a broad brush. This should not be an institution’s default response to requests that touch on national security issues (or even those only tangentially related). Institutions have a responsibility to exercise their discretion carefully, and to sever and release information that cannot be legitimately withheld under the Act. We will continue to challenge institutions’ blanket use of the national security exemption.

What is a section 37 report?

Although we successfully resolve most complaints by working with an institution’s access to information coordinator and senior-level officials, there are situations when that is not possible. In such situations, the Commissioner may issue a report to the head of the institution under section 37 of the Access to Information Act, stating that the complaint is well founded. This report would contain the following information: the Commissioner’s findings, specific recommendations to remedy the issue, and when appropriate, a specific timeframe within which she expects notice of any plan to implement her recommendations. The institution must then decide whether to accept her recommendations or not.

Without commitment, nothing gets done

This is the only complaint that we were not able to resolve this year.


In February 2008, Industry Canada received a request for records related to a report posted on its website on the topic of music downloads and P2P file sharing on the purchase of music. Due to the scope of the request (it involved 1,300 pages), Industry Canada took a 150-day time extension to respond. However, Industry Canada missed the deadline for claiming this extension and, as a result, the extension was not valid. Moreover, even with the extra time, it failed to provide the requester with the records. Frustrated, the requester complained to us about the delay.

Resolving the complaint

By the time we got involved a year and a half later, we discovered that Industry Canada access officials had done very little to process the request. For example, they had not even begun the consultations that they had to carry out with other institutions and third parties.

Industry Canada also put the request on hold twice for short periods of time over holidays. The institution received permission from the requester to do this. Nonetheless, the Act does not recognize accommodating holidays as a valid reason to put requests on hold.

As part of our investigation, we asked Industry Canada to commit to a date when it could provide a response. Upon learning that this would be sometime in June 2010, we attempted to negotiate a more reasonable date, without success.

Finding this complaint to be well founded, the Commissioner issued a section 37 report to the Minister with three recommendations:

  • that all the requested information not requiring consultation under the formal third-party notification process (sections 27 and 28) be disclosed by January 2010;

  • that interim releases be made as soon as they were ready; and

  • that the final response be provided to the requester by the end of February 2010.

Industry Canada replied that, if the consultation process went smoothly, it might be possible to complete the entire request by the end of February 2010. We were disappointed with this response. By not committing to a firm release date and indicating only the possibility of interim releases, we believed it to be inadequate and unreasonable under the circumstances. We found the complaint to be well founded and not resolved—an unfortunate outcome since, in the end, the institution did meet the final response deadline the Commissioner had recommended.

Lessons learned

Although the Access to Information Act allows institutions to claim time extensions under specific circumstances, they are of little value when the institution does not do the work required to respond to the request. In addition, these extensions must be claimed during the first 30 days after receiving the request. In failing on both counts, Industry Canada did not live up to its legislated duty to make every possible effort to provide timely access to requested information and, consequently, compromised the rights of the requester.

Without a trace


Media reports appeared in the press in the summer of 2008 concerning litigation related to a wrongful dismissal action filed in court against the National Gallery of Canada (NGC). Those reports, based on documents filed with the court, suggested that records were destroyed and/or individuals were counselled to destroy records that may have been responsive to an Access to Information Act request.

Section 67.1 of the Act makes it an offence to destroy, mutilate or alter a record, or direct, propose, counsel or cause any person in any manner to do such things with the intent to deny a right of access under this Act. A person who contravenes this section of the Act is guilty of an indictable offence and liable to imprisonment for a term not exceeding two years or a fine not exceeding $10,000 or both; or an offence punishable on summary conviction and liable to imprisonment for a term not exceeding six months or to a fine not exceeding $5,000 or to both.

In light of the serious nature of these allegations, the Information Commissioner initiated a complaint against the National Gallery of Canada, and we launched an investigation into the matter.

Resolving the complaint

The NGC cooperated fully with our investigation. We examined two issues. First and foremost, we looked at whether, in fact, records had been destroyed that related to an access request and whether some individuals had been counselled to destroy those records. Second, we looked at all the possible factors giving rise to those events, including corporate leadership, e-mail and access to information policies in place at the time of these events, and the availability of training for employees and senior management at the time of this incident.

It should be noted that upon learning of the incident involving the destruction of records, the NGC immediately took remedial action. In recognizing the seriousness of the incident, it adopted a number of measures to address deficiencies to ensure that similar incidents do not take place in the future. Since it adopted these measures before our investigation got underway, we did not make any specific recommendations. We did, however, make a number of observations in arriving at our findings.

Our investigation found as a fact that records responsive to the access to information request were destroyed and individuals were counselled to destroy records during the course of the processing of the request. While we found these to be the facts of the matter, we did not investigate nor did we make any findings regarding whether these actions were done “with intent to deny a right of access under [the] Act” as set out in section 67.1.

Our mandate is to conduct administrative investigations into federal institutions’ compliance with the Act and to make findings of fact. We cannot conduct criminal investigations nor can we assign civil or criminal liability. That said, in conducting an investigation, we may uncover evidence of a possible commission of an offence which may lead us to refer the matter to the Attorney General of Canada as provided under the Act.

In this case, we did find evidence of an offence having been committed under section 67.1. As a result, the Information Commissioner has referred this matter to the Attorney General of Canada.

In finding this complaint to be well founded and resolved, we made the following observations to the NGC.

First, despite the existence of policies such as the “Computer equipment – E-mail – Internet Access – Electronic documents (2005)”, we found that there was a general lack of computer use and e-mail training for the majority of non-information technology staff. This contributed to employees being unaware of both the proper use of e-mail, as well as their retention and disposal policies.

Second, we observed that at the time of the incident, employees had the ability to erase all traces of e-mails thereby enabling employees to permanently delete these records. Following the incident in question, the NGC disabled this function so that henceforth only certain employees in the Information Technology Branch would be able to perform this function.

Third, after the incident, the NGC amended its “Policies and Procedures: Computer equipment – E-mail – Internet Access – Electronic documents (Nov. 2008)”, the “ATIP Policy (Nov. 2008)”, and “E-mail Etiquette (Nov. 2008)” and made all such policies available on the Intranet. It also directed management to familiarize themselves with the policies, and directed management to educate employees of such policies. Furthermore these policies are now part of the orientation training presented to all new employees.

Finally, although some training was given to employees, we found that at the time of the incident, leadership and guidance from the corporate sector was lacking with regards to access to information and privacy (ATIP) training. Such training was not provided on a consistent basis to existing employees, nor was it offered in sufficient detail to new employees as part of their orientation. Also, the training for employees (particularly senior management) on such ATIP policies, and on the duties and responsibilities therein was lacking. There should have been continuous training on the subject, and mandatory training for any new employee. The policies and procedures in place concerning access to information and privacy were, likewise, deficient.

The NGC asked us to review its ATIP and e-mail usage policies. We will work with the NGC to clarify those policies outside the ambit of this investigation.

Lessons learned

It is the responsibility of institutions to fully train employees on its ATIP and information management policies and practices so that they know and understand their legal obligations under the Act. By not providing the knowledge and support, institutions run the risk of their staff making decisions that may lead to serious consequences when handling access to information requests.

Preventing fraud?


In 2004, Public Works and Government Services Canada (PWGSC) received a request for a list of all uncashed cheques of more than $2,000 it had issued to corporations from 1996 to 2003. PWGSC responded that the information did not exist. It also claimed that the records did not need to be produced because their creation would unreasonably interfere with the operations of the institution. The requester complained about this response.

Resolving the complaint

When we asked how the production of the information would interfere with its operations, PWGSC decided that it would no longer rely on the argument of interference, and agreed to come up with an arrangement to extract the available data for a fee. In addition, the requester agreed to modify the original request for the information, starting in 1999.

An initial fee estimate of $12,480 ($6,930 to cover the time to access the institution’s mainframe and $5,550 to cover the time to develop a program to retrieve the requested information) was sent to the requester, for which he paid a deposit of $6,240 in 2005. At that time, we found the estimate to be excessive and intervened. In response, PWGSC provided a revised estimate of $4,050 to the requester. More discussions were held regarding the amount of mainframe time being charged, resulting in a second revised estimate ($1,485 instead of $6,930).

After several consultations with other federal institutions, PWGSC disclosed some information to the requester on five different dates between December 2005 and July 2006. However, PWGSC exempted other information under the Access to Information Act for several reasons: international affairs (section 15), commission of an offence (subsection 16(2)), personal information (section 19), confidential third party information (section 20) and section 24, which references other laws that restrict disclosure.

We then began our investigation into whether PWGSC properly claimed these exemptions. While we agreed with PWGSC about some of the exemptions (personal information, third-party information, other restrictive disclosure provisions), the investigation turned out to be a lengthy one. We went back and forth several times with PWGSC as officials tried to demonstrate the harm that would probably result if the names and addresses of the corporate cheque recipients were disclosed. PWGSC maintained that release of the names and addresses, in combination with the information already disclosed to the requester (such as the amount of the cheques), would facilitate the commission of fraud against the Crown.

From the start, we accepted that, by having access to the payment reference numbers (PRN or cheque number), a fraudster could forge a cheque, cash it and never get caught. However, we were not convinced that this scenario would occur if the names of the payees and addresses were released. We asked PWGSC to provide real examples of fraud cases so that we might understand the process allegedly used by fraudsters. Unfortunately, the examples we received did not explain how those same fraudsters could bypass the security measures put in place by financial institutions.

Coincidentally, we found out that at least one provincial government was already releasing the same type of information, including the names of payees and the amounts of the cheques.

In assessing all the evidence, we concluded that PWGSC did not satisfy the “reasonable expectation of possible harm” test required to justify the commission of an offence exemption. The Commissioner issued a report to the Minister under section 37 of the Act that the complaint was well founded and recommended that the corporate names and addresses be released. She also recommended that, as a public interest issue, PWGSC contact the individual government institutions on whose behalf it issued cheques so that they make efforts at getting in touch with the payees of uncashed cheques.

The Minister accepted the Commissioner’s recommendations and released the names and addresses of the recipients. The Minister also informed the Commissioner that PWGSC had taken action to reduce the number of uncashed cheques issued to individuals and corporations by advising the chief financial officers of all departments to address the situation.

Lessons learned

At first glance, it may seem logical that the disclosure of such information would create vulnerabilities for the Government of Canada. There is no doubt that there are real fraud cases involving government cheques that have been discovered by PWGSC. However, when an institution is unable to properly demonstrate how disclosure of information will result in probable harm to a particular interest, it must disclose the information.

Whose call is it?


Library and Archives Canada received a request for all records in a file concerning an individual involved in an important event in the early 20th century (the Halifax Explosion disaster in 1917). The institution refused to disclose certain records in this file, stating that it was still subject to solicitor-client privilege, as per section 23 of the Access to Information Act.

The requester complained to us about the denial of access.

Resolving the complaint

The requester is a professional historian and author in need of the requested information for an upcoming publication. As such we asked the institution if it would exercise its prerogative as client to waive solicitor-client privilege and release the records to the requester in the public interest.

We learned during the investigation that Library and Archives Canada consulted with the Department of Justice Canada, who confirmed that the requested information was still covered by solicitor-client privilege and recommended that it be withheld.

Based on that recommendation, Library and Archives Canada withheld the records. However, it did not consider disclosing the records in the public interest, as we had requested. We asked Library and Archives Canada again to carry out this assessment.

During a second consultation with the Department of Justice, Library and Archives Canada was advised that the documents in question were actually under the control of either Transport Canada or Fisheries and Oceans Canada, even years after the event to which they refer occurred. This effectively made one of these two institutions the actual “client” and, as such, responsible for exercising the required discretion.

Fisheries and Oceans Canada replied that the records were not under its control. Transport Canada reviewed the information and, after careful consideration, determined that it held no litigation value and waived the solicitor-client privilege. Library and Archives Canada subsequently released all records to the requester.

Lessons learned

Even though information may fall under the solicitor-client privilege, an institution still has the discretion to disclose it. Since the privilege belongs to the client and not the lawyer, the institution can decide to waive the privilege, particularly where there are no consequences or effect to be expected in disclosing the information.

Collaborating for results

This year, we have committed to working with institutions to resolve complaints, and to provide them support and guidance when needed. In addition, our investigators have been routinely working with requesters to clarify and refine their complaints. They have also been negotiating with access to information staff on the best way to resolve issues in a timely manner.

The case summaries below highlight instances of such collaboration. (See also “Proper assessment for proper fees”)

Learning the ropes (number 1)


The Saguenay Port Authority is a very small and geographically isolated institution that normally receives only a very few requests in a given year. Two years ago, it received ten requests within a very short period of time. Although the institution was able to respond in a timely fashion to the first four requests, it could not cope with six additional requests and four complaints resulting from its initial four responses. The requester then made several additional complaints to us.

Resolving the complaint

This investigation presented a number of issues that no amount of phoning and letter writing could resolve, including incomplete searches, improper fee estimates and the inappropriate application of exemptions. Moreover, the institution refused to give us access to the records we needed to investigate the complaints, saying that since they were held by its external legal counsel, the records were not under its control.

In an attempt to work with the institution to resolve the complaints, the investigator travelled to the institution’s offices. During the course of the visit, the investigator successfully worked through the various outstanding issues with the institution’s staff and the lawyer. By investing some time onsite to give their officials a crash course on the Access to Information Act, the institution’s legal obligations and our role in the process, we obtained the records that we needed to complete our investigation. In addition, the institution was left with a better understanding of what was required to comply with the Act. As a result, they responded to the requester (albeit two years after the first requests were made).

Lessons learned

This investigation highlights some of the challenges for small institutions in meeting their obligations under the Access to Information Act, while having to comply with other legal obligations and respond to competing interests. These institutions may lack knowledge of the Act and have little experience and limited resources for handling access requests, since this is usually an add-on to their other responsibilities. They should be aware of and rely on the resources that are available to them. For example, they can turn to the Treasury Board of Canada Secretariat for guidance on access policies and guidelines, network with other small institutions in similar circumstances (such as other port authorities), or engage the services of access to information experts for advice and assistance on processing requests. When complaints are involved, we stand ready to assist small institutions in gaining more knowledge of their legal obligations so that they are better prepared to respond to future requests. The bottom line, though, is that they must accept and meet their responsibilities under the Act. To do otherwise has a serious and negative impact on the public’s right of access.

Learning the ropes (number 2)


The Toronto Port Authority (TPA) received a request for detailed records related to employee expenditures. The TPA provided the requester with a fee assessment of $750 and asked for 75 percent of it to be paid up front. The institution also offered to send the requester summary documents related to the request for only $10. The requester persisted in the original request, however, and promptly paid the fees. He nevertheless complained to us because he believed the fees to be excessive.

Resolving the complaint

During the course of our investigation, we discovered that there were other significant problems with how the TPA processed the request, beyond the fee assessment.

First, the institution was late in advising the requester that it would need a 30-day time extension to process the request. Second, it seriously miscalculated the amount of time it would actually take to process the request. In the end, it was nearly a year after the extended due date that the institution was able to provide the requested records.

Our investigator, through discussions with both the TPA and the complainant, was able to broker an arrangement whereby the institution agreed to refund the fees paid and waive the remaining fees owed. In addition, both the CEO and legal counsel apologized to the requester for their processing errors and promised an immediate release of certain documents. The institution committed to a final release date, and promised regular interim releases as information was processed.

Lessons learned

The TPA is another example of a small organization facing challenges in responding to access requests. As in the case of the Saguenay Port Authority, this institution does not receive many requests in any given year and has limited experience and resources for handling them. The TPA’s decisions in this case were a consequence of that inexperience and had a negative impact on the requester’s right of access. However, the TPA’s willingness to work with us and take corrective action puts it in good stead for the future and sets a good example for other institutions to follow.

Duty to assist

Institutions have a legislated duty to make every effort to help requesters with their access to information requests. We work with institutions to ensure they are living up to that commitment, and provide guidance when such efforts fall short.

Application fee times three


The Correctional Service of Canada (CSC) received a request that listed three distinct items. Since they were part of one request, the requester paid a single $5 application fee.

After splitting the request into three separate requests, however, CSC asked the requester to pay two more application fees. He strongly disagreed, stating that he had submitted a single request and should pay only one fee.

In response, the institution processed one item on the request and placed the other two on hold until the requester paid the two additional charges. The requester complained to us.

Resolving the complaint

Our investigation revealed that CSC does indeed have an internal policy regarding splitting multiple items on a single request. The intent of the policy is to ensure that requesters can take full advantage of the five non-chargeable processing hours allowed for each request, as set out in the Access to Information Act.

In this case, by splitting the request into three, CSC was attempting to provide the requester with 15 free processing hours (five per item), which would significantly reduce the total fees the requester would have to pay.

Unfortunately, CSC access staff failed to explain any of this to the requester or to get his agreement to proceed as they did. Although the institution’s intentions were good, we believe that by not informing the requester, it failed to fulfill its obligation to provide the best service possible.

As a result of our intervention, CSC revised its position and processed the remaining two items under the original request.

Lessons learned

Apart from the $5 application fee per request, the Access to Information Act is silent as to how many items can be included in one request. Administratively, institutions may deal with requests in the manner they see fit. However, they cannot charge a requester additional fees without the requester’s consent. To fulfill their duty to assist obligations, institutions should make every reasonable effort to assist a requester to ensure access rights are respected.

No need to reinvent the wheel


Foreign Affairs and International Trade Canada (DFAIT) received a request for a list of the occupants of the Government of Canada Official Guest House over two years.

DFAIT refused to provide this information, contending that the only way to do so would be to create a record from various sources of information, since the list didn’t exist. DFAIT also claimed that there was no system that could perform such a task. The requester complained to us about DFAIT’s refusal.

Resolving the complaint

We pointed out to DFAIT officials that if various sources contained information that was responsive to the request, and if those sources could produce machine-readable records, then under subsection 4(3) of the Access to Information Act, DFAIT was legally obliged to produce the information.

To address DFAIT’s alleged difficulty in producing a single record from various sources, we advised that it simply print the related records and then disclose only what the requester wanted. Following our advice, DFAIT was able to collect the required information and provide it to the requester. This is a vast improvement over their original response, in which officials claimed such efforts were simply not possible.

Lessons learned

Information pertaining to a request may not necessarily exist in a single record, yet may still be accessible via other sources under the control of the institution. It is the institution’s obligation under the Act—and, indeed, under the legislated duty to assist—to take the necessary steps to provide access to that information.

Decide now or pay later


A requester submitted two requests to Foreign Affairs and International Trade Canada (DFAIT) that officials deemed to be “larger than normal.” As a result, they asked the requester to narrow the scope of both requests. However, they failed to inform the requester of the amount of fees that would be required to process such large requests.

The requester declined the offer to re-scope the request, and DFAIT subsequently provided the requester with fee estimates totalling more than $16,600, half of which was payable in advance. In response to such large fee assessments, the requester asked the institution to re-scope his requests, as originally suggested. DFAIT refused, stating that its policy is that, after a requester declines to re-scope a request, it will not accept any changes to the request once it has issued the fee assessment. The requester complained to us about DFAIT’s handling of his request.

Resolving the complaint

DFAIT maintained throughout the investigation that its policy met its duty to assist obligations. We did not agree. In our view, DFAIT was deliberately flouting its responsibilities, since its policy did not allow “every reasonable effort to assist the person in connection with the request” (subsection 4(2.1)). Consequently, we suggested that DFAIT revise its position, which it did and allowed the requester to re-scope his requests.

Lessons learned

Institutions can process a request in any manner they see fit, under the rubric of the legislation. They do not, however, have the right to implement policies that contravene provisions of the legislation. Institutions have an obligation to assist requesters throughout the processing of the request, including informing them of any amount required to be paid before access is given (which DFAIT failed to do in this case).

Proactive disclosure

Under proactive disclosure policies, institutions make information available to the public as a matter of course, without the public having to resort to the Access to Information Act to get it. Indeed, a fundamental principle of the Act is that it complements and does not replace existing means to obtain federal government information. Proactive disclosure is a fundamental aspect of freedom of information and open government, and we strongly encourage institutions to consider its value.

Keep it accessible


Industry Canada received a request from a journalist, seeking an electronic copy of the most recent version of the online database maintained by the Lobbyist Registration Branch. He would use this data in the context of Computer Assisted Reporting (CAR), a form of journalism whereby reporters sift through spreadsheets and databases looking for newsworthy stories.

Industry Canada responded it did not have to release the requested information, since it was already contained in the database and available to anyone with Internet access (paragraph 68(a)).

The requester complained to us, pointing out that the database’s search function limited his ability to obtain this information in a format useful for CAR. As such, he was unable to truly access the information.

Resolving the complaint

In an early attempt to resolve the complaint, we suggested that Industry Canada try to provide the requested information in the format required. Instead, officials offered to train the requester on the use of the database, but this never happened. In addition, although the institution updated and modernized the database during the course of our investigation, the required information remained difficult to retrieve online.

At this point, we intervened and organized a meeting with the requester and the Office of the Commissioner of Lobbying of Canada, who had become the new custodian of this complaint. In this meeting, the requester clearly indicated what information he wished to obtain. The institution agreed to extract the raw data and provided it to the requester at significant cost.

Lessons learned

When government institutions make their databases available to the public, regular software updates become essential, so the published data remains truly accessible and retrievable, based on the public’s needs. Moreover, institutions should not impose a method or format that may not be conducive to either regular or more computer savvy users. Open government principles include proactive disclosure and the practice of providing data to the public in reusable form based on open standards and formats.

Date modified:
Submit a complaint