Access to Information Review Report to Parliament

Information Management and Access to Information

Effective information management is foundational, not only to ATI, but to all aspects of government services, program areas and business practices. Information management covers a spectrum of the set of activities related to information governance and planning, storage and organization, and the disposition of records. The practice of security classification and declassification of records is part of a lifecycle approach to information management and is discussed in its own section elsewhere in this report. Digital tools also increasingly rely on and generate significant volumes of data and metadata, which need to be considered at all stages of managing information. The following sections discuss each of these elements.

Building ATI Community Capacity

ATIP professionals are a long-established community of practice in the Government of Canada. As noted throughout this report, the concerns of the community tend to focus on immediate and practical needs. For example, the community is concerned with having appropriate tools and resources to fulfill their legislative obligations. The community is supported by a formal ADM-level committee, and a quarterly meeting open to all community practitioners.

Unlike some other communities of practice such as human resources or information management communities, the ATI community’s core competencies and roles are not as well-understood and defined across the community. The ATI Manual defines only one role, for instance: that of the ATIP coordinator, who is intended to act on behalf of the head of the institution and the deputy head responsible for ATIA compliance. The Manual also lists the main responsibilities expected of an ATIP office, such as processing requests, reporting, and collecting statistics related to the administration of the ATIA. It does not, however, provide guidance on best practices in assigning or organizing those responsibilities. Institutions therefore implement those responsibilities and, importantly, may expand upon them.

In fact, ATIP offices are increasingly doing work beyond supporting the administration of the ATIA and its directly related functions. This includes work such as supporting non-ATI related judicial processes, reviewing other information and data disclosures, and responding to Parliamentary disclosure processes. A professional framework for ATIP offices and their staff would help establish clear responsibilities. Furthermore, this professional framework would benefit the Government of Canada’s training regime for the ATI community, allowing for greater centralization and consistency across the Government of Canada.

The Chief Information Officer of the Government of Canada has established an Access to Information and Privacy Communities Development Office (the development office). The development office has crafted an action plan to address these challenges. The plan includes work to build and strengthen the ATI community through career and leadership development and community generics such as refreshing existing and developing generic human resources products (e.g., job descriptions and competency profiles) for hiring managers and ATIP practitioners. There remains, however, ample room to continue advancing related initiatives, especially in supporting recruitment and retention activities, and providing ATIP professionals with additional training and development programs. A stronger community presence can also improve service delivery by increasing the profile of the ATI community among other communities of practice. A better integration with relevant stakeholders across the Government of Canada and facilitating more open dialogue on mutual challenges can provide benefits to the ATI community.

ATI Workforce Planning

Adequate human resources capacity is a precondition for Government of Canada institutions to be able to successfully deliver ATI services in an efficient and timely matter. The heads of government institutions are responsible for the administration of the ATIA within their respective institutions. Pursuant to section 95 of the ATIA, heads may decide whether and how to delegate their powers, duties, and functions. In larger institutions, this usually results in the creation of a dedicated ATIP office, though roles of ATIP officials and the coordinators who head the office can vary widely. Smaller institutions, which receive few and sometimes no requests in any given year, may only have one ATI official on staff and they are likely to be performing those functions alongside other responsibilities. Each institution head has autonomy over how resources are allocated to ATIP offices, which can result in significant variation in how roles are defined and maintained.

Institutions face the challenge of anticipating the number and complexity of requests they will receive to inform staffing decisions regarding ATI operations, which can vary year to year due to unexpected major events (e.g., natural disasters, terrorism, pandemics, etc.). The COVID‑19 pandemic, for example, introduced new operational and administrative challenges as ATI officials adapted to teleworking arrangements. The nature of the pandemic led to a surge of ATI requests for certain institutions, such as Health Canada and the Public Health Agency of Canada, which were not equipped to handle the significant increase in volume.

In a 2008-2009 report by the Information Commissioner, 17 of 24 institutions surveyed reported shortages of ATIP staff as contributing to access request delays. In 2012, TBS released a report identifying staff shortages as a contributing factor to delays in processing information requests. More recently, the Information Commissioner’s 2020-21 Annual Report asserted the “urgent government-wide need to adequately invest in human resources in the field of ATI, by creating pools, hiring sufficiently qualified staff and developing appropriate ongoing training for employees.” The Interim What We Heard Report for the ATI Review, released December 2021, echoed these sentiments noting that ATIP offices could be better resourced.

These reports and statistics indicate that the ATI community could benefit from a long-term plan and broader coordination of the ATI community’s needs. Such a plan could assist in building a more sustainable and skilled ATI community, which is also more responsive to both institutions and the Government of Canada’s needs overall rather than an institution-by-institution basis.

Accessibility and Official Languages

Accessibility and official language considerations factor into both request processing under Part 1 and proactive publications under Part 2 of the ATIA. In Part 1, subsection 4(2.1), the head of an institution is subject to several obligations collectively referred to as the “duty to assist.” The duty asserts that the head must:

• make every reasonable effort to assist the person in connection with the request,
• respond to the request accurately and completely, and
• provide timely access to the record in the format requested.

Under Part 1, in addition to this general duty to assist, section 12 of the ATIA requires institutions to provide a requester with records in their preferred official language if requested and the record already exists in that language, or if it is in the public interest to translate the record. Also, where considering it reasonable to do so, institutions may provide an alternative format to requesters. For example, if the requester has a visual impairment in the case of accessibility. Unless requested otherwise, most institutions use ATI processing software to provide requesters with a package responsive to their request in a pdf format and in the language in which the records exist. Under Part 2 of the ATIA, institutions must meet the same publication requirements of all online content published by the Government of Canada, including meeting accessibility standards and being published in both official languages.

There is now also an opportunity to further enhance accessibility within the ATIA regime in a manner that supports the mandated commitment under the Accessible Canada Act for federal government institutions and Crown corporations to become barrier free by 2040.

One approach to both official language and accessibility checks is to leverage rapidly improving automated tools to enhance human capacity. While accessibility tools are still far from meeting all requirements, newly available ATI processing software holds promise. The performance of AI-assisted contextual translation tools is tied to the writing quality of the source material. Such tools crawl authoritative source materials across the web, including the official translations on Government of Canada web pages and publications to locate common syntax and expressions. Many now include phrasing options at the click of a button. The sophistication of these tools is continuing to evolve and remains subject to scrutiny around the ability of any technological tool to meet translation quality associated with human expertise.

The steady stream of requests in the current system for the responsive records to previously completed ATI requests would be unnecessary if all records disclosed under the ATIA could be made immediately available for access by the public.

Extensions

The ATIA does not set specific time limits for extensions, relying instead on criteria for when an extension may be taken, while the length is determined based on reasonableness. As government institutions have wrestled with capacity challenges in ATI, they have trended toward taking increasingly lengthy extensions. Section 7 of the ATIA requires government institutions to respond to access requests within 30 calendar days of its receipt. Institutions may extend the legislated time limit if any of the following circumstances are met under subsection 9(1):

• request is for a large number of records or necessitates a search through many records and meeting the original timeline would unreasonably interfere with the institution’s operations;
• consultations are necessary and cannot be completed within the 30-day time limit; or,
• if a request requires a notice be sent to third parties of the potential release of information.

An extension must be for a “reasonable period,” given the specific circumstances. This is assessed on a case-by-case basis, with additional guidance offered to institutions in the Access to Information Manual. Institutions must inform the Information Commissioner of any extension that goes beyond 30 additional days, pursuant to subsection 9(2) of the ATIA.

A “reasonable period” is not defined in the ATIA. Institutions rely on policies and guidance developed by TBS to help make that determination, as well as relevant jurisprudence.^{Footnote 1} The Directive on Access to Information Requests directs institutions to ensure that the length of an extension taken is as short as possible and can be justified. Institutions must also establish a process that would ensure justifications for extensions are documented and supported by evidence. During the ATI Review’s engagement process, some government institutions specifically mentioned the need to have more guidance on extensions along with clearer requirements for applying them. A lack of clarity contributes to varied interpretations of what is “reasonable,” which in turn produces inconsistent service across the Government of Canada. That then leads to significantly more complaints to the Information Commissioner, with complaints about extensions forming one of the largest categories of complaints received.

The ATI and Privacy Statistical Report for 2020-21 shows that in recent years there has been a government wide annual decline in responding to requests within the legislated timeframes. Only 51 percent of government institutions in 2020-21 (excluding Immigration, Refugees and Citizenship Canada) were able to complete at least 90 percent of their ATI requests within those timelines. While this problem can be attributed to multiple factors, a general lack of understanding of the extensions provision is a contributing factor. This is also a problem of non-responsive offices of primary interest and third parties. Recent reports of the Information Commissioner have shown that deliberations on disclosure of information within institutions delayed responses and that deadlines for internal responses were not clearly communicated to offices of primary interests.

The COVID‑19 pandemic has shone a spotlight on these challenges, as ATIP employees were teleworking and still relying on records that were sometimes only accessible from the institution’s main offices. ATIP offices were generally not included in the business continuity planning or critical services inventories of institutions, meaning ATIP staff were unable to access their office spaces.

While the COVID‑19 pandemic is unprecedented in the history of the ATIA, temporary losses of access to ATIP offices are not. Extreme weather events, and threats of violence or terrorism have and will continue to temporarily close office buildings, and ATIP offices along with them. The ATIA does not have a provision that allows institutions to extend or pause the legislated timeframe in such extraordinary circumstances, even when the safety of employees is at risk.

Other jurisdictions have capped extensions, including similar international environments as well as Canadian provinces. For instance, in Quebec, ATI legislation permits an institution to extend a response by a maximum of 10 days, except where third party information is involved in a request. Similarly, British Columbia’s (BC) ATI legislation sets the maximum to 30 days in specific circumstances and requires the BC Information and Privacy Commissioner’s permission if an extension is to go longer. In the international context, both the United States of America and Australia have set maximum times for extensions. In the USA, it is 10 days, except in certain circumstances, and 30 days in Australia. In Australia, both the Information Commissioner and the requester must consent to the extension.

ATI operations support a legal right of access. Plans must be in place in case of disruption to operations and/or to remove any potential barriers to access. Setting stricter limits on extensions with appropriate consequences for missing deadlines, while allowing for obvious protections for staff and property, is becoming more the norm internationally.

Consultations

The ATIA allows institutions to consult one another on ATI requests, and to take extensions for a reasonable period to do so. Consultations between institutions are sometimes necessary to respond to a request for records. This is particularly when information held by one institution was created by another, meaning the subject matter expertise is located elsewhere in the Government of Canada. There is no hard cap, however, on the number of days allowed to complete those consultations. Section 4.1.31 of the Directive on Access to Information Requests states that institutions should undertake inter-institutional consultations only under two circumstances:

• when the processing institution requires more information for the proper exercise of discretion to withhold information; or
• when the processing institution intends to disclose potentially sensitive information.

Section 4.1.32 also states that consultation requests from other government institutions are to be processed with the same priority as access to information requests. The President of the Treasury Board issued an implementation notice on September 27, 2022, to reinforce these matters, while providing additional guidance.

Section 7 of the ATIA requires that institutions respond to ATI requests within 30 days. However, institutions may extend this time limit when consultations are necessary, provided the extension is reasonable in the circumstances described under paragraph 9(1)(b) of the ATIA. The ATIA does not specify a time limit within which a consulted institution must respond. However, section 4.3.9.6 of the Policy on Access to Information states that any consultations are to be undertaken promptly and section 4.1.28 of the Directive on Access to Information Requests states that any extension taken must be as short as possible and must be reasonably justified.

Reasonableness is not defined in the ATIA. Additionally, there are no defined obligations for the recipient of a consultation request in the ATIA. There are also no consequences for failing to respond since the consulting institution is responsible for meeting the legislated timelines. This issue is compounded by the tendency to be deferential to the views of the consulted institution, which delays decision-making by the consulting institution if deadlines are not met. As a result, in practice, consultations are often not given the same priority as ATI requests and contribute to delays in responding to requests. These delays can be exacerbated should consultations involve multiple institutions.

The Information Commissioner’s recent report to Parliament has identified inter-institutional consultations as a broad challenge faced by Canada’s ATI regime. The Information Commissioner has also published other reports recommending more efficient consultation processes, which would reduce extensions taken by institutions when there is a need to consult on a request. A large proportion of all complaints registered annually by the Information Commissioner relate to time extensions. As the Interim What We Heard Report for the ATI Review highlighted, the Canadian public is aware of this access barrier and concerned with the use of lengthy extensions, even years in length.

Capping consultation extensions has become the norm in modern ATI (also known as Freedom of Information) regimes, using both hard and soft caps. Hard caps set a strict limit, while soft caps make the extension reviewable by an oversight body like the Information Commissioner prior to being taken. In Canada, for instance, section 10 of BC’s Freedom of Information and Protection of Privacy Act sets a cap of 30 additional days for consultations with other institutions, which may be extended with permission from BC’s Information and Privacy Commissioner.

As the Government of Canada looks to modernize its service delivery, including in ATI, the delays associated with consultations also need to be examined in the context of streamlined digital services and leveraging existing platforms, such as ATIP Online.

Administering Complex Requests

Section 6 of the ATIA sets out the general criteria for submitting a valid request. Under the ATIA, a request must be made in writing to the institution that holds the record and that the request must provide sufficient detail to enable an experienced employee to identify the records with a reasonable effort. Requesters must also pay an application fee not exceeding $25 per request, though it is currently set at $5 by regulation. Only a request for access that is vexatious, made in bad faith, or is otherwise an abuse of the right of access can be declined, by the head of the government institution, with the Information Commissioner’s written approval.

Most requesters are quite specific, often identifying a single subject area and record type, or a date range for records, which can make it easier to process a request. Not all requesters are as precise, while others may be extremely precise but are seeking all records on a particular subject, which can make it difficult to assess records for relevance and slow the processing time. Whether a request generates 10 or 10 million pages, institutions must respond to the request unless it is an abuse of the right of access, as described above. Moreover, certain requests may not produce a voluminous set of records in response, but they may require specialization – of both tools and training – to be processed efficiently (e.g., audio-video and photographic records).

Whether requests produce a significant volume of records, or they are of a type requiring specialized tools and training to process, these types of complex requests can pose significant challenges to institutions. ATI regimes use multiple strategies to manage the challenges such requests create. Most commonly, and used both provincially and internationally, processing fees may be applied to limit the scope or complexity of a request. Other regimes exclude draft records or certain types of data, or they apply more specific criteria to determine what is a valid request.

Requests generating multi-million pages of responsive records have become an annual occurrence (e.g., 2017-18, 2019-20 and 2020-21), which are a significant burden on institutions due to the resources required to process them in a timely fashion. The proliferation of digital records – drafts and multiple versions of a single document, for instance – can contribute to the complexity of requests. Technologies producing audio-visual media also have proliferated in recent years.

While there will always be a need for institutions to work with requesters to administer complex requests, the tools at their disposal can also play a role. Best practices can be baked into the government’s ATIP Online portal, which will help requesters with their precision and institutions better interpret their requests. Optional fillable fields in the request form, for instance, could produce more consistent results. Automated decision-making, too, can support search, retrieval and review of records. Request processing fees were also discussed in ATI Review submissions and during engagement activities. However, there was no consensus on an approach to use fees as a means of reducing request volumes or scope.

Declassification

Government officials assign a security rating to records based on the risks associated with the record being disclosed. These categories range from risks to an individual’s privacy and personal dignity, to those related to Canada’s national interests and security. Security categorization is based on the risks that exist at the time they were applied and dictate how government officials handle and store the information. As such, maintaining classified records over the long-term can lead to ongoing financial, technical and physical burdens. Declassification involves re-assessing the risks that existed when a record was first created, considering the passage of time and its effect on reducing or removing those risks. This process may or may not result in downgrading the security category, but often does.

TBS’s Directive on Security Management requires institutions to define and document the requirements for protecting government information against threats throughout its lifecycle (Appendix B.2.2.1.3). This includes assigning the shortest possible period for the protection of information, taking into account risk, privacy, legal, or other policy considerations (Appendix E.2.2.2.2). The Directive does not provide for compulsory declassification. It notes that the security category applied to records may be downgraded “when the expected injury is reduced.” This leaves the decision at the discretion of deputy heads regarding the application of the policy within their respective institutions.

Currently, departments and agencies do not regularly assess their records for declassification purposes. As a result, records are classified indefinitely at the security level they were assigned when they were created. In a few institutions, the only practical trigger for reviewing these records for public release is an ATI request. Having a large volume of historically classified information results in lengthy delays in processing ATI requests, and it may place a substantial burden on the ATI regime. They must then turn to internal subject matter experts, and often enough, experts in other institutions to conduct the appropriate risk assessments prior to disclosure. Both steps slow ATI responses due to the considerable time spent on consultation, research, and review and the specialized subject matter expertise required in handling this type of information.

These challenges are acute among Canada’s National Security and Intelligence institutions. This is due to the common usage of Secret, Top Secret and Special Intelligence security categories associated with the potential injury to the national interest if such records are disclosed without authorization. Canada is the only Five Eyes nation (including the USA, United Kingdom, New Zealand and Australia) that does not have a systematic, risk-managed approach to declassification that enables scheduled reviews, downgrading, or declassifying records. LAC is the repository for millions of pages of historical records that remain classified indefinitely without a means to proactively review and downgrade or declassify records that no longer contain sensitivities. The challenge is compounded by the age of the records. Moreover, the unavailability of subject matter experts with both historical records and subject matter expertise is a significant gap within ATI areas across government departments that limits the capacity to review and address classified records within the Government of Canada. To assist with the declassification process, some national programs use a forward marking approach, which is a process of tagging records with a scheduled or expected review time. This approach to forward marking can create a foundation for systematic review, while also lowering the risk of adding to record sets that will need to be reviewed in the future.

In recognition of these challenges, Public Safety Canada has concluded a collaborative pilot project with LAC, Privy Council Office, and the National Security and Intelligence community to declassify historical records of the Joint Intelligence Committee. The pilot was intended to evaluate a national security and intelligence-specific framework for declassification and downgrading. The pilot is a first step in determining how a largescale review of classified historical records might be undertaken, and the manner and extent to which declassification can be actioned in a meaningful way.

On April 26, 2022, the Information Commissioner released two reports, a systemic investigation regarding LAC’s delayed responses to access requests and a special report to Parliament that highlighted this issue along with the need for a declassification program. The special report highlighted that more rigorous declassification could play a significant role in reducing LAC’s ATI burden by allowing for more proactive disclosure of Canada’s National Security and Intelligence history. The Information Commissioner also noted that LAC and the National Security and Intelligence institutions’ consultation burden would be lessened. This is because LAC would not need to consult the National Security and Intelligence community as frequently on what information could be disclosed if it were proactively declassified or downgraded. The special report builds on a theme that has been developing for several years at the Information Commissioner related to declassification.

Obligation to Document Decisions

Although there are many requirements to create and maintain specific record types in the Government of Canada, ATI stakeholders have long advocated for a comprehensive, reviewable, and enforceable “duty to document,” without which the consistent and thorough recording of decisions cannot be assured. These types of decision-related records are often sought through access to information requests.

The Policy and Directive on Service and Digital sets out the requirements of proper recordkeeping, supported by the Guideline on Service and Digital and Directive on Security Management. These instruments provide advice, security considerations and best practices for their implementation for recording decisions and activities of business value. The Directive on Service and Digital, for instance, is subject to the TBS Framework for the Management of Compliance, but information is not collected on compliance. There are neither clear obligations for institutions to audit and report on their recordkeeping responsibilities, nor a mechanism in place to measure reporting efficacy. As a result, there are no consequences for non-compliance and no information on the issues or problems faced by institutions in fulfilling their obligations. The instruments also only apply to 78 of the approximately 265 institutions subject to the ATIA, representing a large policy coverage gap, even if those 78 institutions receive most ATI requests.

Most countries comparable to Canada have a legislated duty to document, as do some Canadian provinces. These are occasionally articulated in the country’s ATI legislation; internationally, they are more often found in legislation dealing explicitly with official records or archives. Canada’s Library and Archives Canada Act (LACA) is like other official records-type laws. It sets out requirements for LAC to preserve Canada’s documentary heritage and to help government institutions manage their information. The ATIA confers a right of access to records, while also empowering the President of the Treasury Board to cause to be kept under review the way information under institutions’ control is maintained in support of that right. Neither the ATIA nor LACA, however, has a legislated requirement to create records.

The ATIA has compliance mechanisms through both the Information Commissioner’s investigative and reporting authorities, coupled with the possibility of federal court review. If a duty to document were considered for either the ATIA or the LACA, a significant amount of work would be required to identify the scope and application of a duty to document, consistent with other legislative obligations to create and maintain specific records (e.g., the register of vessels in the Canada Shipping Act) and with a view also to developing compliance authorities.

Enhancing Open Government

Improving Proactive Publications

The passage of Bill C-58 in 2019 introduced a requirement under Part 2 of the ATIA to proactively publish specific types of government information drawn from topics that have been consistently represented in ATI request pipelines. Some proactive publication requirements apply to all the institutions currently covered by Part 1 the ATIA. Part 2 legislates specific proactive publication requirements for the Prime Minister’s and other Ministers’ offices, senators, members of the House of Commons, and administrative institutions that support Parliament and the courts. The types of publication, each with defined publishing timelines. This includes among others:

• ministers’ mandate letters;
• certain briefing materials and memoranda titles and tracking numbers;
• travel and hospitality expenses;
• grants and contributions over a specified amount; and
• contracts over a specified amount. 

The objective of Part 2 of the ATIA is to proactively publish information that is of interest to the public without the need to request it under Part 1. A recent Evaluation of Proactive Publication conducted by TBS’s Internal Audit and Evaluation Bureau recommends engaging users to gain insight into the relevance of proactive publications to users, which in turn aligns with section 4.3.2.9 of the Policy on Service and Digital , which requires user need to be a primary determinant in prioritizing proactive disclosures to be published on the Open Government Portal.

Throughout the engagement process, the public expressed interest in certain types of materials to expand the current requirements. One suggestion that was supported by some government institutions, public servants, and the public alike, was to expand Part 2 of the ATIA to include frequently requested records. The 2022 update to the Directive on Access to Information Requests, section 4.1.44, speaks to this suggestion: it requires institutions to regularly review requests received under Part 1 of the ATIA with a view to making frequently requested information available by other means. This approach mirrors some international trends, too. For instance, Australia’s Freedom of Information Act 1982 requires institutions to publish information to which the institution routinely gives access in response to requests. As one sees with open data advocates, other public interest areas include government research, regulatory data, surveys, and assessments (e.g., environmental impacts), and other public health and safety information. Generally, ATI Review participants were supportive of a far broader, open by default approach to government information disclosure.

Beyond the content of proactive publications, input received during the ATI Review noted two other areas for improvement: reporting and independent oversight of Part 2. At present, there is a lack of reporting on Part 2 of the ATIA, with a consequent lack of insight into whether government institutions and entities are meeting their obligations and what resources are required for institutions to administer their Part 2 responsibilities. Section 94 of the ATIA requires institutions to report on their administration of the ATIA, including Part 2 of the ATIA. However, while the President of the Treasury Board has the legal authority in paragraph 70(1)(d) to cause statistics to be compiled on compliance with Part 1 of the ATIA, the same authority does not exist for Part 2. TBS is developing a policy framework for Part 2 of the ATIA, following from a recommendation made by TBS’s Internal Audit and Evaluation Bureau. The benefits of more comprehensive and structured reporting on Part 2 could help develop greater monitoring of the usefulness of Part 2, in addition to improving business processes.

The public also noted that there is no direct independent oversight of Part 2 of the ATIA by the Information Commissioner, a power sought by the Commissioner. Currently, oversight is available through the ability to make a request under Part 1 of the ATIA for the records containing the proactively published information and to complain about the response to such a request. This process adds additional steps and administrative costs to both requesters and institutions, who must submit and process the request, respectively.

Right of access and exception to the right of access

The goal of the ATIA is to enhance accountability and transparency of government institutions by providing access to government records. Institutions must therefore follow the principle that information should be available to the public, with necessary exceptions to that right being limited and specific. It is notable, however, that this right of access is limited to Canadian citizens, permanent residents, and individuals and corporations present in Canada.

The following sections of this report discuss various aspects of the right of access, including the exceptions to the right of access, which are intended to protect certain information from disclosure. These sections also examine the information institutions publish to support requesters, who can make a request and, when exceptions are applied, any time limits on when those exceptions may apply.

Universal Access

Section 4(1) of the ATIA defines who has a right of access to Government of Canada records. These are currently limited to Canadian citizens and permanent residents. The Governor in Council has extended access to all individuals and corporations present in Canada, by order issued pursuant to subsection 4(2) of the ATIA.

Despite the extension, many persons who have legitimate business with the Government of Canada cannot directly request records from federal government institutions. Canada is a significant destination for non-resident and non-Canadian travelers and migrants, about whom decisions are made every day. As a result of the COVID‑19 pandemic, Immigration, Refugees and Citizenship Canada (IRCC) committed to improving in various areas, including its service standards and transparency for migrants, who frequently use ATI to access their files. Decisions made by the Government of Canada also have impacts globally in various sectors, both humanitarian and economic. Those parties must rely on local intermediaries to assist with their needs (e.g., immigration lawyers), adding both substantial cost to the individual requester, and reducing the intended accountability on the conduct of government institutions to those served by those institutions.

Canada has already decided that universal access is essential when it comes to personal information requested through the Privacy Act. The Privacy Act Extension Order, No. 3, has extended the right of access to personal information to include all individuals outside Canada. Adopting a universal right of access at the federal level would bring the Government of Canada in line with the rest of Canada as each provincial and territorial ATI legislation offers universal access. In addition, by global comparison, 76 countries have universal access built into their respective ATI laws. Among Canada’s closest international partners, only New Zealand similarly restricts access.

Public Interest and the ATIA

A public interest override provision exists in many jurisdictions. The intent is to encourage and permit institutions to disclose information considered by the head of an institution to be of public interest, even if that information would normally be exempted from disclosure. This pushes information disclosure beyond the interests of individual requesters, furthering the broader aims of open government and general accountability.

While Canada’s ATIA has no general public interest override provision, the ATIA has two provisions that speak to the public interest:

• Paragraph 19(2)(c) allows for the disclosure of personal information in accordance with s.8(2)(m)(I) of the Privacy Act, where a public interest in disclosure clearly outweighs any invasion of privacy; and,
• Subsection 20(6) allows for the disclosure of third-party information, where a public interest in disclosure related only to public health, public safety, or the protection of the environment exists, or if the public interest in disclosure clearly outweighs any financial loss or gain to the third party, or any prejudice to its security, competitive position, or negotiations.

Each of these provisions apply to mandatory exemptions, of which there are several others that have no public interest provision. These include section 13 (information from other governments), and paragraph 16(1)(a), covering investigative bodies’ records (e.g., Royal Canadian Mounted Police). Other exemptions to disclosure are discretionary, meaning the head of the institution may decide to disclose the information even if it might normally be exempted from disclosure. When exercising discretion, the institution head must consider all relevant factors for and against disclosure. Though this may include public interest as a factor, it is not an explicit requirement to weigh the public interest. If there were a complaint, the Information Commissioner may raise the public interest as a factor. For their part, the federal courts have avoided raising specific factors of discretion for the institution head’s consideration, beyond generalities.

International jurisdictions vary in terms of legislating the public interest. Some, such as Ireland and the United Kingdom, use a model where public interest overrides apply to some, but not all exemptions. Other jurisdictions, including India and some Canadian provinces, like Alberta and BC, have a public interest override that applies to all exemptions. In addition, in Ontario (Public Safety and Security) v. Criminal Lawyers’ Association, 2010 SCC 23, the Supreme Court of Canada ruled on a public interest override test embedded in discretionary exemptions in Ontario’s freedom of information legislation. The Court concluded that the exercise of discretion must consider the public interest in open government, public debate, and the proper functioning of government institutions, even if in some instances it may have limited application. During the ATI Review’s engagement process, a public interest override was identified as an area in which improvements should be made.

Examining the Exemptions Regime

Exemptions in the ATIA are one of two exceptions to the right of access; the other exception is called an exclusion and is discussed below. Exemptions are a mainstay of every ATI regime, both internationally and domestically, and they often cover similar topics, such as defending a nation against hostile activities, safeguarding the integrity of judicial processes, or protecting individuals’ safety or privacy, among others. Exemptions are considered to be significant protections, both in the public and the national interest. In Canada, exemptions under the ATIA are always a combination of each of the following categories:

• either class-based or injury-based, with the former requiring that the information be of a defined type, and the latter requiring that an injury or prejudice would occur if the information were to be disclosed; and,
• either mandatory or discretionary, with the former requiring that the information be withheld from disclosure, and the latter requiring a weighing of factors for and against disclosure prior to the exemption being applied.

An exemption could therefore be a class-based exemption that is mandatory (e.g., personal information) or it can be discretionary (e.g., advice to a minister). Likewise, an injury-based exemption can be either mandatory (e.g., prejudice to a third party’s competitive position) or discretionary (e.g., injury to the conduct of an investigation).

The complexity of the ATIA’s exemption regime can take years to learn and apply properly for ATIP professionals. Public stakeholders have long criticized the breadth of Canada’s exemption regime, arguing most often that there are many class-based provisions that do not require institutions to demonstrate any harm in disclosure. Since the ATIA was created in 1983, the ATIA has added more categories and sub-categories of exemptions.

There are various ways to approach exemptions, both domestically and internationally. Some regimes employ a similar approach to Canada’s, but they have defined when those exemptions do not apply. This can be done in the legislation, like in Ontario’s Freedom of Information and Privacy Protection Act, which lists circumstances where exemptions cannot be applied. Alternatively, this can be done in policy and guidance, or via an Implementation Notice pursuant to s. 70(1)(c) of the ATIA, in which specific instances of non-application could be expressed. These approaches do not necessarily resolve the issue of complexity or breadth. They may even add to those issues, by requiring multiple parallel readings and considerations.

More recently revised or crafted ATI laws have distilled exemptions down to simple, injury-based categories. This approach describes all forms of valid exemptions in broad terms while tying them explicitly to the likelihood of harm the disclosure could cause. Canada’s regime has many instances where harm must be considered, but many more where it does not. Exempting information based on classes or record types assumes harm in every instance. Stakeholders have argued that adopting sufficiently general, harms-based exemptions would encourage more disclosure of information when there is no harm in doing so.

TBS is in the process of developing a plain language guide, which is intended to enhance understanding of the ATIA, including exemptions. Greater knowledge and understanding of why exemptions exist will better equip those exercising their right of ATI, while promoting more consistent application of exemptions across government.

Exclusions

The second type of exception to the right of access is called an exclusion. Unlike exempted information, if information is subject to an exclusion, it is not subject to disclosure under the ATIA. As excluded records are not subject to the ATIA, they are equally not subject to the same type of oversight as for exempted information.

Participants in the engagement process indicated they did not understand the purpose of exclusions and wanted to see them either removed or converted to exemptions. Moreover, stakeholders have observed that the exclusions are sometimes applied differently or not at all. Public stakeholders and the Information Commissioner have singled out the exclusion of Cabinet confidences, which they believe to be overly broad. For instance, many stakeholders, including government institutions, noted that the wording in paragraph 69(1)(g) can be read to encompass any information put before a Minister as being “related” to a Cabinet confidence, since a Minister may discuss it with colleagues.

The Information Commissioner has also suggested that all exclusions should be reviewable to ensure due diligence and accountability within the process. The Federal Court has ruled that the Information Commissioner may review whether the Canadian Broadcasting Corporation’s exclusion has been correctly applied. That exclusion covers all the Canadian Broadcasting Corporation’s information related to its journalistic, creative or programming activities, except information pertaining to general administration. The same review process not been extended to all exclusions, however, provoking stakeholder complaints of inconsistent application. For instance, if a requester complains about the application of Cabinet confidences to the Information Commissioner, the review process by the institution is for the ATIP coordinator to consult with their departmental legal services and to confirm to the Information Commissioner that the exclusion was correctly applied.

Internationally, most Cabinet, or functionally similar bodies are both subject to their domestic ATI legislation, and independently reviewable. In some rare instances, like the United Kingdom, the independent review of Parliamentary privilege, which in the United Kingdom encapsulates Cabinet discussions, can be subject to ministerial veto. In the United Kingdom, that veto has come under scrutiny since 2010. In Canada, Cabinet confidences are entrenched across federal legislation, meaning any review of its application necessarily goes well beyond the ATIA.

Sunset Clauses for Exemptions and Exclusions

A “sunset clause” is a provision in legislation that acts as an expiry date for when a legal matter ceases to apply. In the ATIA, a few exemptions and exclusions are nullified due to the passage of time. These include:

• Paragraph 16(1)(a) sets 20 years for information obtained or prepared by specified investigative bodies (e.g., Royal Mounted Canadian Police) during lawful investigations relating to breaches of law or to threats to the security of Canada.
• Subsection 21(1) sets 20 years for information that (a) relates to advice or recommendations, (b) contains an account of consultations or deliberations, (c) contains positions or plans developed for negotiations, or (d) has plans relating to the management of personnel or the administration of an institution that have not yet been implemented.
• Subsection 22.1(1) sets 15 years for drafts or working papers of internal audits.
• Paragraph 69(3)(a) sets 20 years for Confidences of the King’s Privy Council.
• Subparagraph 69(3)(b)(ii) sets four years from the date a decision was made, where the decisions have not been made public, on discussion papers related to background explanations for Cabinet decisions.

The passage of time is assumed to reduce the sensitivity of protected information, particularly in instances where decisions have been made or where events have concluded. Lengthy sunset clauses may add to operational burdens in ATIP offices since exceptions to the right of access must be considered for at least the duration of the sunset clause.

Throughout the ATI Review engagement process there was broad agreement that sunset clauses of 20 years for exemptions and exclusions is too long. In some instances, the sunset clauses are longer than the retention period for the information itself.

Internationally, there is significant variation in how much time needs to go by before information can safely be disclosed by default, and variation in the treatment of different categories of information. For example, in a North American context, Mexico sets five years as a benchmark for some types of records, while the USA has up to 25 years for its national security records. In the latter case, the 25-year sunset clause on national security records is also linked directly to the USA’s declassification program.

Indigenous Control of Information and Data

For many years, Indigenous groups and governing bodies have stated that the way information is managed going forward will play a key role towards Indigenous self-determination and recognition as nations. This view was advanced by the Assembly of First Nations, Native Women’s Association of Canada, Congress of Aboriginal Peoples, the National Claims Research Directors and Union of British Columbia Indian Chiefs, and the Tsawwassen First Nation prior to the passage of Bill C-58, and it has been re-stated as a priority during this ATI Review. Organizations like the First Nations Information and Governance Centre, who were funded in 2018 to develop a framework for First Nations information and data sovereignty, have asserted that self-determination cannot be achieved without control over First Nations communities’ own data. The Inuit Tapiriit Kanatami is similarly undertaking a broad information and data access, ownership and dissemination strategy.

Indigenous claims of many types rely on information that are regularly obtained through ATI requests, often within the constraints of legal or government process timelines. Alternative processes to acquire records have similar constraints according to researchers. First Nations claims researchers, for example, report that key dates in claims processes are missed because of delays, and time-limited research funding runs out, which can impose significant financial hardship on both researchers and the organizations they support. The National Claims Research Directors and Union of British Columbia Indian Chiefs state that this is out of step with the UN Declaration, which they interpret as ensuring access to redress of historical grievances. The National Claims Research Directors have advanced specific recommendations, noting that these “rely on Canada upholding the honour of the Crown and acting on its reconciliatory mandate by recognizing its conflict of interest in controlling information held by government institutions that First Nations require to proceed with historical claims against the Crown, and taking immediate steps to eliminate it.” The First Nations Information and Governance Centre as well as other Indigenous organizations and governments like the Manitoba Métis Federation have echoed this view, noting that there is a conflict of interest for the Government of Canada in managing Indigenous efforts to access these records.

This conflict is asserted in several areas, both in terms of ownership, access to and control of information, as well as the competing responsibilities of federal institution heads. Firstly, Indigenous peoples assert that the records they need ought to belong to and be under the control of Indigenous peoples instead of the Crown. Secondly, the institution head responsible for processing access to information requests in support of Indigenous claims or requests is also responsible for supporting the Crown’s position in response to these claims or requests.

Indigenous organizations participating in this review acknowledge that significant time and resources are required for the transfer of Indigenous data and information to Indigenous control. Engagement input included a variety of approaches, including interim solutions such as shifting the decision-making authority to Indigenous peoples for the records they require, while maintaining the present custodianship of the Government of Canada. They may also better advance distinctions-based approaches to information management between the First Nations, Inuit and Métis peoples.

Indigenous organizations also recognize that the ATI regime is a component of the Government of Canada’s broader information management framework. There are opportunities to advance Indigenous information and data ownership, control and access beyond the ATIA.

Culturally Appropriate Services

Fulfilling the purposes of the ATIA for Indigenous requesters requires an understanding that the Government of Canada recognizes First Nations, Inuit and Métis as the Indigenous peoples of Canada, consisting of distinct, rights-bearing communities with their own histories, including with the Crown. It also means understanding that a distinctions-based approach is needed to ensure that the unique rights, interests and circumstances of the First Nations, Inuit and Métis are acknowledged, affirmed, and implemented. However, Indigenous individuals and organizations participating in this review have reported a lack of this understanding in their interactions with government officials. Indigenous requesters express considerable frustration at receiving incorrect responses or responses that apply to Indigenous people other than themselves because they were dealing with individuals who did not understand what information they were looking for or why.

During the ATI Review’s engagement process, Indigenous users of the ATI regime identified issues with the process of submitting a request. Many records under the control of government institutions relating to Indigenous matters have been improperly stored which results in records of poor quality that are sometimes unreadable, missing, or difficult to identify, leading to gaps in information. Information is not always available or provided as a digital record in machine-readable and searchable format, making it difficult or impossible to use for research or analysis. Indigenous users also report barriers to technology, which can make it harder to submit requests electronically, especially in remote areas lacking stable internet service. Additionally, requesters may have difficulty paying the application fee, which requires access to banking services at a minimum, and often credit cards.

For Indigenous requesters who are seeking information on estranged, missing, or deceased loved ones, dealing with the bureaucracy can be especially challenging. Informal processes have sometimes enabled Indigenous requesters to pursue access to information in a way that facilitates personal contact and enables collaborative problem-solving and discussion between requesters and ATIP professionals. At the same time, Indigenous requesters report that informal requests can also be an experience of non-cooperation and long delays, which pushes them to rely on formal ATI requests that are equally unresponsive to their needs.

To advance reconciliation efforts, there is a need for the co-development of practices between Indigenous peoples and the Government of Canada to ensure Indigenous peoples are receiving culturally appropriate services with no barriers to access. The Manitoba Métis Federation states, “it is important that personnel handling Access to Information requests are well trained in access standards, and experienced in distinguishing between Métis, First Nation, and Inuit organizations, groups and governments.” Increased training and awareness across federal institutions can contribute to addressing this gap.

Independent Oversight

This report presents three key themes in relation to accessing and asserting control over information relevant to, or about Indigenous peoples: the definition of “aboriginal government” in the ATIA, Indigenous control of data and information, and developing culturally appropriate services to support Indigenous access to information. The latter two themes include the view that an independent, Indigenous-specific oversight mechanism is essential to achieve greater equity for Indigenous requesters and greater control over information and data. The First Nations Information and Governance Centre, the National Claims Research Directors and the Union of British Columbia Indian Chiefs, among other Indigenous stakeholders, recommend a mechanism that the Government of Canada is not in a conflict of interest while resolving claims against themselves, as indicated in a preceding section of this report. It has been recommended that this mechanism go beyond the ATIA, and this issue has been similarly raised during engagement on the Privacy Act Modernization initiative led by the Department of Justice. For example, some organizations have long advocated for a wholly independent claims resolution process, which would be a significant element of a broad independent oversight mechanism. Oversight and accountability are critical components of the First Nations Information and Governance Centre’s framework on First Nations information and data governance. Within that framework, an oversight mechanism would be responsible for reviewing decisions of institutions where First Nations requesters, or First Nations data and information control are at issue, as well as having the ability to make recommendations on how to improve access for First Nations users.

The Information Commissioner currently serves as the oversight mechanism for ATI practices of the Government of Canada. Through subsection 30(1) of the ATIA, the Information Commissioner has the obligation to investigate many issues across the ATI regime, including those commonly experienced by Indigenous requesters. These include when requesters are refused access to records, face administrative delays or time extensions, receive incomplete responses, or any other matter related to requesting or obtaining records.

Further engagement with First Nations, Inuit and Métis peoples will be needed, in collaboration with the Information Commissioner as an independent agent of Parliament, to propose a longer-term way to address questions of oversight and accountability.

Definition of “aboriginal government” in the ATIA

Section 13 of the ATIA requires the head of a government institution to refuse to disclose information obtained in confidence from:

• a government of a foreign state;
• international organizations of states (e.g., the European Union);
• provincial and municipal governments and their institutions; and certain specifically named “aboriginal” governments.

Indigenous peoples have pointed out that “aboriginal government,” in the English version of the law, is outdated and non-inclusive of First Nations, Inuit and Métis governments and governing bodies. The definition only lists nine First Nations governments and councils, as well as band councils as defined in the Indian Act. Many have also requested that the word “aboriginal” in the English version of the ATIA be replaced by “Indigenous.”

The limited definition means Indigenous peoples lack the ability to appropriately safeguard information of a social, political, cultural, spiritual, environmental, or traditional nature. Currently Indigenous governments and other governing bodies are sometimes required to share certain information with the Government of Canada to receive services for their peoples. Other governments usually control their data and can share it with the assurance of confidentiality, but ownership, control and authority are not currently extended to all Indigenous governments or governing bodies.

In the absence of such authority, however, many Indigenous governments must instead rely on other provisions for confidentiality, such as the third-party provisions under section 20 of the ATIA. Third party protections, however, are intended to protect commercial or other proprietary information; those provisions do not cover the full spectrum of information shared with or by Indigenous governments and other governing bodies.

Three provinces (Ontario, British Columbia, and Alberta) and two territories (the Northwest Territories and Nunavut) have more expansive definitions of their equivalents of “aboriginal government” in their ATI legislation. Federally, since 2017, Parliament has been updating this language in numerous statutes, moving away from “aboriginal government” and adopting “Indigenous governing body.” This is found in, among several others, the Fisheries Act, the Indigenous Languages Act and An Act respecting First Nations, Inuit and Métis children, youth and families. The term “Indigenous governing body” is defined in these statutes as any council or other authorized entity that acts on behalf of an Indigenous community, group, or people that holds rights recognized and affirmed by section 35 of the Constitution Act, 1982. The Fisheries Act also notably includes a section on Indigenous Knowledge and requires the Government of Canada to receive written consent to disclose or make public any Indigenous knowledge shared in confidence. Canada’s adoption of the UN Declaration Act will require that Canadian laws are consistent on these matters relating to Indigenous rights.

ATI in the Digital Age

This section examines several digital innovations, or opportunities for further innovation in a succinct format without drawing conclusions in the same way as previous sections:

• ATIP Online platform
• Request Processing Software Solution
• Misinformation, disinformation and malinformation
• Artificial intelligence and machine learning