IPC/Ontario addresses legibility and the duty to accommodate FOI requesters

On December 23rd, the Information and Privacy Commissioner/Ontario issued an order that illustrates the Ontario law governing the legibility of records and institution’s duty to accommodate freedom of information requesters with disabilities.

These issues are governed by section 48(4) of the provincial act and section 37(3) of the municipal act. They read as follows:

Where access to personal information is to be given, the head shall ensure that the personal information is provided to the individual in a comprehensible form and in a manner which indicates the general terms and conditions under which the personal information is stored and used.

The IPC has held that these sections require institutions to provide reasonable quality copies, though not to transcribe or provide records in an alterative format subject to a duty to accommodate. Regarding accommodation, the IPC has held that institutions have a duty to provide disabled requesters with their personal information in a format that is comprehensible or intelligible to them. This duty is to be informed by the duty to accommodate in respect of service provision as established by the Human Rights Code, and presumably has a similar scope.

As with accommodation requests made under the Code, requesters who seek accommodation have a duty to establish the existence of a disability and their related medical needs. In its December order, the IPC dismissed an appeal that claimed a university had a duty to provide handwritten notes in an alternative format because the requester’s disability rendered the notes illegible. The requester did not provide sufficient evidence of his medical needs to establish a right to accommodation.

McMaster University (Re), 2022 CanLII 123506 (ON IPC).

Alberta CA interprets intergovernmental relations FOI exemption broadly

On December 6th, the Court of Appeal for Alberta held that a record supplied by a local police service to another local police service is amenable to withholding under the intergovernmental relations exemption in the Alberta Freedom of Information and Protection of Privacy Act.

The document at issue was a threat assessment report supplied by the RCMP to the Edmonton Police Service. The RCMP was acting under contract to provide local police services, which led the Alberta OIPC to find that it was an agency of the province. The OIPC relied on the heading “disclosure harmful to intergovernmental relations” and held that information supplied to a public body by an entity within Alberta could not qualify for exemption.

The Court held that the OIPC erred in its narrow interpretation of the exemption and by finding that the RCMP was an agency of the province. In the circumstances, the RCMP was to be treated as any other police service – a “local government body” – and one who could benefit from the exemption in disclosing information to another local public body. The OIPC put too much weight on the “intergovernmental relations” heading, it said, and ignored the plain wording of the Act.

Edmonton Police Service v Alberta (Information and Privacy Commissioner), 2022 ABCA 397 (CanLII).

Recent cyber presentations

Teaching is the best way of learning for some, including me. Here are two recent cyber security presentations that may be of interest:

A presentation from last month on “the law of information” that I delivered to participants in the the Osgoode PDP program on cyber security
Last week’s presentation for school boards – Critical Issues in School Board Cyber Security

If you have questions please get in touch!

The current state of FOI

Here is a deck I just put together for the The Osgoode Certificate in Privacy & Cybersecurity Law that gives a high-level perspective on the state of FOI, in particular given (a) the free flow of information that can eviscerate practical obscurity and (b) the serious cyber threat that’s facing our public institutions. As I said in the webinar itself, I’m so pleased that Osgoode PDP has integrated an FOI unit into into its privacy and cyber program given it is such a driver of core “information law.”

For related content see this short paper, Threat Exchanges and Freedom of Information Legislation, 2019 CanLIIDocs 3716. And here’s a blog post from the archives that with some good principled discussion that I refer to – Principles endorsed in Arar secrecy decision.

Understanding the Employment-Related Records Exclusion

Here is a copy of the presentation I delivered yesterday at the at the PISCC’s 2020 Ontario Connections Conference. As I told the audience, I’m a confessed FOI nerd. The exclusion is such a unique, important and misunderstood part of our Ontario FOI law that it was good to dive deep on it while in good company.

ALSO, BLG is launching a new webinar series for the provincial public sector called “nuts and bolts.” The first webinar will run in late November, please sign up here, or if you can’t attend in November and want me to put you on our mailing list please DM me.

View this document on Scribd

“Employee’s” signature accessible to public – NLCA

On June 3rd, the Court of Appeal for Newfoundland and Labrador held that the signature of an “employee” who authorized a vacation leave payout to a senior administrator at a college campus in Qatar was accessible to the public even though the individual was hired by Qatar, and not the College.

The matter turned on the meaning of “employee” under Newfoundland’s now repealed and replaced FOI statute, which at the time exempted all personal information from the right of access subject to an exemption for “information… about a third party’s position, function or remuneration as an officer, employee or member of a public body.” The Court held that the term employee is broad enough to include some independent contractors. It explained:

The statutory context and the purpose of the Act, however, would appear to limit including independent contractors only to those who, by virtue of their contract, are required to perform services for the public body in a manner that involves them as a functional cog in the institutional structure of the organization. It is those persons whose personal information about position and functions which can be regarded as employees and still promote the purpose and object of the legislation. To restrict the definition further would be to shield information about certain aspects of the public body’s operations and functioning from potential public scrutiny. To expand the definition further would equally not promote the object and purpose of the Act because it would allow for disclosure of personal information that does not elucidate the institutional functioning of the public body which is to be held accountable.

The Court’s affirmation of the public’s right of access here is no surprise. For one, the record suggested that the College and Qatar were common employers. More fundamentally, the privacy interest in the signature that would justify the outcome sought by the College was simply too minimal to give its interpretation argument principled force. In Ontario, signatures made in one’s professional capacity are not even considered to be one’s personal information.

College of the North Atlantic v. Peter McBreairty and Information and Privacy Commissioner of Newfoundland and Labrador, 2020 NLCA 19.

BC Supreme Court quashes decision ordering identification of RFQ evaluators

On December 9th, the British Columbia Supreme Court held that the British Columbia OIPC erred in its handling of a claim that the identities of BC Hydro employees who had evaluated an RFQ for services at a controversial hydroelectric project should be withheld. Hydro argued that identifying information may be withheld due to the potential harm to the employees’ physical and mental health.

The Court held that the OIPC improperly elevated the test for harm set out in the Supreme Court of Canada’s Merck decision – more than a possibility but less than a probability. Helpfully, it said the OIPC was wrong to suggest that Hydro “had to establish some employees were physically hurt or employees suffered from mental health issues before bringing itself within the [applicable exemption.” It also said, “I am also troubled by the Delegate’s comment that there was no evidence proffered from employees regarding how the disclosure of their names might threaten their mental health… It was unreasonable to expect such evidence in the circumstances.”

British Columbia Hydro and Power Authority v British Columbia (Information and Privacy Commissioner), 2019 BCSC 2128 (CanLII).

Federal Court says firearm serial numbers not personal information

On October 9th, Justice McHaffie of the Federal Court held that firearm serial numbers, on their own, are not personal information. His ratio is nicely stated in paragraphs 1 and 2, as follows:

Information that relates to an object rather than a person, such as the firearm serial numbers at issue in this case, is not by itself generally considered personal information”since it is not information about an identifiable individual. However, such information may still be personal information exempt from disclosure under the Access to Information Act, RSC 1985, c A-1 [ATIA] if there is a serious possibility that the information could be used to identify an individual, either on its own or when combined with other available information.

The assessment of whether information could be used to identify an individual is necessarily fact-driven and context-specific. The other available information relevant to the inquiry will depend on the nature of the information being considered for release. It will include information that is generally publicly available. Depending on the circumstances, it may also include information available to only a segment of the public. However, it will not typically include information that is only in the hands of government, given the purposes of both the ATIA and the personal information exemption.

This is not a bright line test, though Justice McHaffie did say that the threshold should be more privacy protective than if the “otherwise available information” requirement was limited to publicly available information or even information available to “an informed and knowledgeable member of the public.”

Canada (Information Commissioner) v Canada (Public Safety and Emergency Preparedness), 2019 FC 1279 (CanLII).

Sask CA says Commissioner’s request for privileged communications unnecessary

On May 16th the Court of Appeal for Saskatchewan held that the Office of the Information and Privacy Commissioner, Saskatchewan should not have required the University of Saskatchewan to produce communications that it claimed were subject to solicitor-client privilege.

The Commissioner began by inviting the University to provide evidence that supported its privilege claim. The University filed an affidavit from a non-lawyer stating that legal counsel had advised that “some” of the withheld documents are subject to solicitor-client privilege. It did not file an index of records.

This led the Commissioner to immediately request the records. Although the Commissioner had asked the University for a index of records, it did not ask again – an omission that the Court held to breach the principle that demands an adjudicator only review solicitor-client communications when absolutely necessary to assess a privilege claim.

This fact-specific decision illustrates how strictly the absolute necessity principle will be enforced. The Court also spoke about what privilege claimants ought to be required to present in support of their claims. In doing so, it suggested that an index that identifies records will ordinarily provide an adequate basis for assessing a privilege claim in the absence of any evidence suggesting a claim is “ill founded”.

University of Saskatchewan v Saskatchewan (Information privacy Commissioner), 2018 SKCA 34.

BCCA addresses public right of access to “a record of a question”

On April 13th, the Court of Appeal for British Columbia held that a rubric for an undergraduate admissions test administered by UBC was excluded from British Columbia’s public sector access and privacy act as a “record of a question.” It interpreted this phrase purposely, as encompassing “anything that is inregral to the question such that disclosure would defeat the purpose of the question for future use.”

University of British Columbia v. Lister, 2018 BCCA 139 (CanLII).