Remarks to Canadian Access and Privacy Association

OTTAWA, ONTARIO

[2003-10-28]

I am delighted to be here today to be part of CAPA’s celebration of twenty years of access and privacy legislation. These are exciting and challenging times for all of us involved in the field of information rights. I use that term, "information rights", advisedly as, over the five years that I have been Information Commissioner, I have come to realize how intertwined are these two laws which, together, set out the rights of individuals vis-à-vis all types of information held by government institutions.

And, too, I have come to realize how fortunate we are to have had strong information rights in Canada for two decades. Some institutions of government may not always appear attractive, as a result of transparency, but our democracy is, ultimately, stronger and healthier. Our privacy may, at times, appear expendable in the war on terrorism, but it has never been higher on the public agenda and Canada is doing better than most at minimizing privacy intrusions.

Throughout the world, in both mature and struggling democracies, Canada’s information rights are much studied, greatly admired and frequently emulated. All Canadians, not just those of us who administer these rights, have reason to be proud of what their Parliament gave them in 1983, and reason to want to keep their information rights vibrant and meaningful in the face of changing technologies, economies, structures of governance and security concerns.

For that reason, I want to resist the temptation to look back over 20 years, to identify accomplishments and to recognize the many individuals who are owed a debt of thanks for making the system work. Rather, I want to dream, for a time, about how we, as a country, can keep our leadership position on the field of information rights; how we can improve our record and overcome our past mistakes.

Oversight Models

Let me turn, first, to the matter about which I know the most—the oversight or complaint mechanism under the Access and Privacy Acts.

On July 7, 1980, the Honourable Francis Fox, Minister of Communications in the Liberal Government of Pierre E. Trudeau, introduced Bill C-43, containing both the present Access to Information Act and the Privacy Act. Parliament passed Bill C-43 in June 1982, and it was proclaimed in force on July 1, 1983. Francis Fox put it this way, in his introduction of Bill C-43: "Combining access to information and privacy legislation in one bill has permitted the complete integration of these two complementary types of legislations"¹ Together, the component parts of Bill C-43 constitute the information rights of Canadians vis-à-vis federal government institutions. (These information rights were augmented on January 01, 2001, with the passage of the Personal Information Protection and Electronic Documents Act (PIPEDA), which created rights with respect to personal information held in certain private-sector institutions.)

From the beginning, then, of the legislative history of the Access to Information and Privacy Acts, the rights and obligations created thereunder have been intertwined in concept and administration.

In each and every government institution covered by the Access to Information and Privacy Acts, the laws are administered by one access to information and privacy coordinator. Some of you may recall that in the early days, a few departments had separate access and privacy coordinators. That separation in administration no longer exists. There is one minister of the Crown (the President of Treasury Board) designated as the minister responsible for the implementation and administration of these two laws across government. There is one responsibility centre within the Justice Department (Information Law and Privacy) to provide legal advice on the matters of interpretation and legal policy under the two laws.

This unified structure has been chosen because neither Act can be administered without reference to the other, and giving full effect to both rights (the right of access and the right to privacy) requires that, in interpretation and administration, these two acts must be harmonized.

Yet, the federal system does not unify these values when it comes to the first level of oversight (the second level of review does unify these values, i.e. at the Federal Court). Parliament chose, as the first level of oversight, two specialized ombudsmen, who would have strong powers to investigate complaints, the mandate to make recommendations to government for remedial action and the authority to bring instances of alleged infringements of information rights to the Federal Court.

At the federal level, then, there is a Privacy Commissioner to whom Canadians may make complaints about denials of their privacy rights, and a separate Information Commissioner, to whom individuals may make complaints about denials of their access to information rights. Since the beginning, the two commissioners’ offices have comprised a single department for purposes of the Financial Administration Act (FAA). They have, nevertheless, operated as largely separate entities, with separate groups of investigators, lawyers, managers, policy researchers and communications officers. However, during the period 1983 to 2002, the two commissioners shared a common corporate management branch, providing services such as: finance, personnel, library, records management, mailroom, receptionists, procurement, telecommunications and information technology support.

In other words, although the laws themselves are intertwined and the administration of them unified throughout the federal government, the two specialized ombudsmen — to whom individuals, governments and members of Parliament look for independent advice — are champions of single values. The theory of the federal design in this area, is that from the single issue advocacy of the two commissioners, all stakeholders will be better able to decide how best to find harmony between these two Acts. By contrast, in all provinces and territories, access and privacy complaints are handled by a single commissioner or ombudsman. The single commissioner model is based on the theory that the independent oversight body should itself be mandated to find harmony and balance between access and privacy rights.

The wisdom of the federal approach — given its encouragement of single-value advocacy rather than dual-value harmony — was in question from the outset. In fact, Parliament designed the two laws so that it would be possible, without legislative amendment, to move from the two-commissioner model to the one-commissioner model.

In this regard, the Privacy Act contains the following provision:

"s.55(1) The Governor in Council may appoint as Privacy Commissioner under section 53 the Information Commissioner appointed under the Access to Information Act.

(2) In the event that the Information Commissioner is appointed in accordance with subsection (1) as Privacy Commissioner, the Privacy Commissioner shall, notwithstanding subsection 54(2), be paid the salary of the Information Commissioner but not the salary of the Privacy Commissioner."

[Since, for the purpose of PIPEDA, "commissioner" is defined as "the Privacy Commissioner appointed under section 53 of the Privacy Act’", the above-quoted section also operates to authorizing the Information Commissioner to be appointed as the PIPEDA Commissioner].

In its February budget of 1992, the Conservative government announced its intention to adopt the single-commissioner model. The decision was taken as part of a larger program of downsizing and rationalizing a multitude of agencies. The budget announcement made it clear that the proposal to move to the single-commissioner model was not designed primarily to achieve greater administrative efficiency. "More importantly", the announcement stated, "from a public policy point of view, it [merging the two offices] will encourage a balancing of interests between the two objectives of privacy and access to information. This balancing becomes increasingly necessary as Canada moves away from a single-interest approach in a wide range of policy and program areas."

In fact, no action was taken by the government after the 1992 budget announcement, to actually implement the single-commissioner model. Since 1992, there has been no further Parliamentary review of the access and privacy laws and the 2002 report of the government’s Task Force on the operation of the Access to Information Act (the Delagrave Report) does not address the single-commissioner vs dual-commissioner matter.

However, the issue continued to resurface with regularity before the Justice Committee, in the Commissioners’ reports and in ongoing, governmental reviews of the access and privacy laws. Ministers and officials expressed particular frustration about conflicting advice from the two commissioners with respect to the degree of protection which should be accorded to the personal information of public officials. In his 1994-95 Annual Report, the Information Commissioner asked Parliament "to consider the wisdom of the single commissioner model for both access and privacy as used in the provinces."

The most influential shift in thinking about the relationship between the Access to Information and Privacy Acts came about as a result of the decision of the Supreme Court of Canada in the case of Dagg v. Minister of Finance². In that decision, the court made it clear that the access and privacy laws are not "conflicting" laws but "complementary" laws designed to be interpreted and applied harmoniously so as to give effect to the purposes of each.

"Recognizing the conflicting nature of governmental disclosure and individual privacy, Parliament attempted to mediate this discord by weaving the Access to Information Act and the Privacy Act into a seamless code. In my opinion, it has done so successfully and elegantly."³

That principle was reaffirmed by the Supreme Court of Canada in 2002 in the case of Information Commissioner v. RCMP⁴.

This judicial direction of the Supreme Court is clearly reflected in recent decisions at the Federal Court—for example in the case of Joan Van Den Bergh v. National Research Council Canada Justice O’Reilly said:

"The Access to Information Act and the Privacy Act are two sides of a single coin. Together they set out the rules governing disclosure and protection of information held by the federal government. They are equally important statutes and, when applying them, judges must read them together. As Justice Gonthier has stated, these statutes contain "a seamless code with complementary provisions that can and should be interpreted harmoniously".

The recent events which led to the resignation of the former Privacy Commissioner, George Radwanski, have again caused members of Parliament, the government and the public to consider whether or not they are well-served by the two-commissioner model. The interim Privacy Commissioner, Robert Marleau, has communicated to Parliament and the government his views that the dual-commissioner model should be maintained. In recent letters, Mr. Marleau acknowledges that, while there "may be fiscal advantages to merging the OPC and OIC," a merger could "diminish" or "dilute" the profile of privacy at a time when there are profound privacy challenges—including the impending roll-out of the PIPED Act on January 1, 2004.

With the greatest of respect to a valued and capable colleague, the available evidence does not show that privacy gets "short changed" when privacy and access rights are enforced by a single commissioner. The strongest, most influential privacy advocates in Canada and internationally have been provincial commissioners whose role it is to serve both values. In this regard, Dr. David Flaherty (the former Access and Privacy Commissioner for BC), Dr. Ann Cavoukian (the current Access and Privacy Commissioner of Ontario) and Dr. Paul-André Comeau (the former Access and Privacy Commissioner of Quebec), deserve special mention as acknowledged world leaders in furthering privacy rights. Their passion and tenacity in the service of privacy rights has been in no way "diluted" by virtue of their role in ensuring that public access rights are respected.

Special mention is also due to the Quebec Access to Information and Privacy Commission which not only champions both access and privacy rights vis-à-vis the provincial government, with great focus and wisdom, it has also, for a decade, ensured that private sector firms under provincial jurisdiction respect personal data protection rules. In Great Britain, too, a single commission is charged not only with protecting privacy and access rights vis-à-vis governmental institutions, but also with protecting privacy rights in the private sector.

It is important to note that the Privacy Act is, in part, an access to information statute. Individuals are given a right of access to their own personal information subject to a number of exemptions designed to protect other important interests (such as, privacy, national security and law enforcement). In fact, the exemptions contained in the Privacy Act are virtually identical to those contained in the Access Act. When it comes to complaints about the use of the exemptions under these Acts, the Privacy Commissioner and the Information Commissioner have identical roles, are governed by the same jurisprudence, and have the same investigative powers.

The two commissioners also have similar roles in encouraging good information management practices in order to make it possible to deliver on the rights set out in the Access and Privacy Acts. Both the right of access and the right of privacy depend on there being: government records which are accurate, complete and up-to-date; records that are kept for a sufficient period to permit exercise of access and privacy rights; records that are kept secure and disposed of properly and information management systems that enable records to be easily located.

With regard to access rights and fair information practices, both the Privacy Commissioner and the Information Commissioner have very similar roles and the skill sets they require in their employees are virtually identical.

In summary, the single-agency model of oversight of access and privacy rights is a proven approach. On the other hand, the dual-agency, federal model, has given rise to real problems, among them: conflicting advice to Parliament, government, the courts and the public; emphasis on single values rather than a balanced consideration of multiple values; an adversarial relationship between single-issue commissioners and public officials who must balance many factors in making decisions on secrecy and disclosure; unnecessarily inflated administrative costs and public confusion over how to seek redress for infringements of their information rights.

I feel that Canada should seize the opportunity to merge access and privacy oversight under a single commissioner by taking advantage of section 55 of the Privacy Act. The goal and effect of such a merger would be to reduce costs and to make oversight of information rights more effective by building an institutional incentive toward balance in decision-making about privacy and public access rights. Such a structure will not end disagreements, in government or in society, about the outcomes of the balancing in particular cases. However, such a structure will improve the perceived legitimacy of decisions about access and privacy and that, of course, is a hallmark of a mature, democratic society.

I confess to coming late and reluctantly to the view that the single-commissioner model is to be preferred. During the Parliamentary hearings which led to my nomination as Information Commissioner, I expressed the view that the best way to serve these two rights is to have separate, strong advocates for each. In that regard, I was in step with views expressed by every previous access and privacy commissioner. However, one former commissioner, Dr. John Grace, came to change his position from supporting the dual-commissioner model to advocating the single commissioner model. In this regard, I refer you to Dr. Grace’s 1991-92 Annual Report.

It is particularly persuasive, it seems to me, that the only person in 20 years to have served as the Privacy Commissioner under the Privacy Act and the Information Commissioner under the ATIA, has challenged us to see the world, not in terms of access vs. privacy, but in terms of complementary information rights.

I’d like to turn now to my second dream. Here I will be much more brief, but the dream is the more important of the two.

There are two problems in the system, the resolution of which would take us a quantum leap into the reality of open government in Canada. First, we desperately need a tangible commitment by government leaders to a culture of respect for information rights and, second, we need a commitment to return to a professional tradition of documenting decisions, actions and advice, and of ensuring that government documents are well managed throughout their life-cycle.

I, and my predecessors, have shared a consistent theme over 20 years—one of the biggest barriers to a healthy access to information régime is tacit support from the top for a culture of suspicion of our information rights. This, along with a lack of adequate information management structures, is probably the biggest obstacle to full realization of our information rights. Ministers and senior managers must realize that the attitude which they express towards both access and privacy rights becomes highly contagious throughout their departments. If employees feel that compliance is not a priority for their leaders, increasing instances will be seen of delays, inflated fees, antagonism towards requesters, inadequate searches and increasing numbers of complaints.

When the leaders decide not to keep minutes of meetings, and advise others not to write things down, when they perpetuate the myths about abusive requesters, when they tolerate giving the Minister’s needs priority over legal rights, when they do not foster a culture of respect for information rights in general — their employees get the message loud and clear.

No matter how well crafted an access or privacy law may be, it will only be a good law if public officials make it work.

The second aspect of my dream of better leadership is solving the crisis in information management. I, and others, have been emphasizing the urgent need for reform of the federal government’s information management practices since I began my term as Information Commissioner. The newspapers have been full of stories over the last few years about information management shortcomings at such government institutions as Human Resources and Development Canada, the Firearms Registry and Public Works and Government Services. All of these instances, and many others, have been documented and decried by the Auditor General.

Over the years, I have made observations to Parliament about what I feel to be the reasons for this crisis and some avenues for solving it. I don’t propose to repeat them here today. Instead, today, I want to celebrate with you a success story – one that is ongoing. It involves the Department of Finance.

After the Access to Information Review Task Force released its report in June of 2002, the Department of Finance decided to undertake a review of its own, internal access to information processes. To this end, Yvan Roy, the Assistant Deputy Minister, Law Branch, and Legal Counsel, commissioned Consulting and Audit Canada to do the review. Three main elements were focused upon: 1. the governance structure, i.e. the policies and practices that determine the way that access to information is operationalized; 2. culture, i.e. the prevailing attitude regarding access and how it impacts on the process and 3. information management. This review was completed earlier this year and the results were recently shared with my office.

What impressed me about this initiative at Finance is that management is seizing the initiative to give the message that a true access culture is one where ATI is not viewed simply as a compliance issue; rather it is a basic principle that underlies the way departmental business is to be done. Through the priority-setting and budget allocation process, senior management are committed to making compliance with information rights laws part of the core function of every employee.

Having found that there was a growing culture of openness in the Department of Finance, the report went on to make recommendations to continue this progress and to solidify the progress already made. These included regular communication from the Deputy Minister regarding his support for and encouragement of access, a support of the philosophy with time, tools and resources, training and rewarding of access work.

The study recognized that Finance, too, is experiencing many of the same information management problems which are prevalent throughout government. For example, the number of file locations and structures make it difficult to find requested documents and managing electronic documents (including e-mail) is problematic. Information collections inside the department were found to be fragmented and information was hard to find. As well, Finance has recognized that there has been a trend towards minimizing record-keeping in favour of oral transactions. The department is committed to reversing this trend.

So, you must be thinking: What’s to celebrate about this, it sounds just like my department! Well, it is worth celebrating when any department—especially a central agency of government—makes it a priority to make a cultural shift towards embracing and delivering the rights contained in the access and privacy laws.

Finance Canada is not the only institution taking positive steps to foster a culture of respect for information rights. It is just the most recent example which has come to my attention and it is a very influential example.

Twenty-years on, there is much to be optimistic about. For example, only this morning, John Bryden, Liberal Member of Parliament, announced his intention to introduce a new version of his Bill to amend the Access to Information Act. This development is good news for all Canadians who are anxious to keep the right of access strong into the 21^st century. Our information rights have stood up rather well and credit is due to you in this room who toil everyday—with inadequate resources, stringent deadlines, suspicious requesters, demanding investigators and cautious managers—to deliver to Canadians their information rights. The work you do is vitally important to the health of our democracy and you have my deep respect and gratitude.

Thank you for your kind attention. I will be happy to answer any questions you may have.

1 House of Commons debates, vol. XVI, 1st Session, 32nd Parliament at p. 18 853 (June 28, 1982).
2 Dagg v. Canada Minister of Finance [1997] 2 S.C.R. 403.
3 Information Commissioner v. The Commission of the RCMP, S.C.C., March 06, 2003.
4 Sep. 29, 2003.