Frequently asked questions: Implementation of Bill C-58

When the Information Commissioner finds a complaint to be well-founded, she may issue any order she considers appropriate “in respect of a record,” including the following:

• refusals of access, including that records be released or that an institution reconsider its decision to refuse access
• fees
• time limits
• the format or language of records
• institutions’ publication of their inventory of information holdings (i.e. Info Source).

When the Commissioner decides to issue an order, it is because she is not satisfied that the institution has properly applied the Access to Information Act. In these cases, the order reflects the fact that a resolution could not be reached. In order to close a complaint, the Commissioner will not hesitate to issue an order when a resolution cannot be reached.

The Commissioner may also issue recommendations to institutions as a result of investigations.

When, after investigating a complaint, the Information Commissioner finds a complaint to be well founded, she will send an initial report to the government institution. The initial report may contain an intended order or a recommendation. The initial report replaces the section 37 letter.

All complaints are closed with a final report, replacing the report of finding. The final report includes the results of the investigation. The final report may also contain the Commissioner’s order and/or recommendations.

The complainant and institution will receive a copy of the final report. Third parties and the Privacy Commissioner of Canada may also receive a copy in certain circumstances.

We generally send final reports about complaints that are not well founded or resolved to the Access to Information and Privacy (ATIP) Coordinator or the ATIP general mailbox (or whomever the institution has previously indicated should receive reports of finding).

We send final reports about complaints that are well founded to the head of the institution, with a copy to the ATIP office.

Orders issued by the Information Commissioner are legally binding, pursuant to section 100 (formerly section 76) of the Access to Information Act and the rule of law.

The Access to Information Act sets out two options for institutions when they receive an order:

• implement the order; or
• apply for court review of any matter that is the subject of the order, which has the effect of staying the implementation of the order.

Several dates are important, depending on what parties were involved in the investigation:

• Date the institution is deemed to have received the final report
  • Fifth business day after the date of the final report
• Date the complainant and the institution may apply for court review
  • Within 30 business days after the institution is deemed to have received the final report 
• Date third parties and the Privacy Commissioner may apply for court review
  • Within 10 business days after the initial 30 business days for institutions and complainants to apply for court review has expired
• Date the Commissioner’s order takes effect
  • The 31st or 41st business day after the day the institution is deemed to receive the final report, when no court review has been initiated

There will always be a final report when we investigate a complaint, even when it is resolved. However, reports for complaints that have been resolved will not contain an order or recommendation.

No, orders will be included in final reports. However, not all final reports will include orders.

Final reports will generally be formatted under headings such as “Facts”, “Issues”, “Analysis”, “Conclusion” and, when warranted, “Order” or “Recommendation”. As is currently the case with reports of findings, final reports will be written such that no information will be disclosed where an institution would be authorized to refuse to disclose or indicate whether that information exists.

It is a priority for us to ensure our work is open and transparent. To the greatest extent possible, the reasons and principles behind our decision will be made public.

The Access to Information Act was amended to provide two opportunities for the Privacy Commissioner to become involved in investigations when the exemption for personal information is contentious:

• During an investigation, the Information Commissioner may, at her discretion, consult the Privacy Commissioner.
• We must give the Privacy Commissioner a reasonably opportunity to provide his position on the matters (known as representations) any time the Information Commissioner intends to order the disclosure of information the institution considers to be “personal information”.

No, third parties may not complain to the Information Commissioner about an institution’s application of exemptions to their information. The process for institutions to notify and consult with third parties while processing a request under sections 27 and 28 of the Act did not change under Bill C-58. Section 44 still gives third parties the right to apply for Federal Court review after they have received notice under section 28 from an institution of its decision to disclose information that relates to them.

Institutions must notify requesters when they are seeking approval from the Information Commissioner to decline to act on their request. This must be done at the same time that the institution initially communicates with us.

We will share with the requester all the arguments and evidence (known as submissions) the institution provides to substantiate its application to decline to act on the request when the Information Commissioner determines that the application merits consideration for approval. This is for fairness reasons, to allow the requester the opportunity to fully respond. Similarly, if the Information Commissioner deems it necessary, the institution will be able to see all the requester's submissions. Sharing of submissions will be facilitated through ePost Connect.

If the institution disagrees with the Information Commissioner’s decision, it should seek legal advice on its options.

If an institution refuses to act on a request, despite having been denied approval from the Information Commissioner to do so, the requester may complain about this refusal to us.

For the time being, there is no form or template to make an application to the Information Commissioner for her approval to decline to act on a request. In the future, we may introduce an online form.

A process document has been created that sets out how to apply to the Commissioner for permission to decline to act on a request.

All applications to decline to act on a request must include the following:

• a copy of the access request at issue;
• the requester’s name and contact information;
• the date the institution received the access request;
• the institution’s access request file number;
• confirmation that the institution gave written notice to the requester at the same time as they communicated with the Information Commissioner to seek approval to decline to act on the access request, as required by subsection 6.1(1.3) of the Act;
• all submissions and any supporting evidence the institution wishes to rely on to demonstrate that the access request meets the relevant criteria set out in subsection 6.1(1) of the Act; and
• submissions and any supporting evidence that demonstrate the institution’s efforts to fulfill its duty to assist obligations in relation to the access request.

This is up to the institution to decide. We will communicate with the e-mail address from which the application was originally sent, regardless of who is administering this account.

Institution’s should seek legal advice to determine whether the personal information they wish to share with us in an application to decline to act on a request is in compliance with the Privacy Act and Treasury Board of Canada Secretariat’s guidance on consistent use.

Yes, evidence from before June 21, 2019, may be submitted, as long as the evidence relates directly to the access request at issue. However, institutions may only apply for the Information Commissioner’s approval to decline to act on access requests made on or after June 21, 2019.