THE OFFICES OF THE INFORMATION AND PRIVACY COMMISSIONERS: THE MERGER AND RELATED ISSUES
- Cultivating Access and Privacy Values in Government
- Legislative Reforms
I have concluded that merging the offices of the Information and Privacy Commissioners or cross-appointing one person to preside over both offices would likely have a detrimental impact on the policy aims of the federal access to information and privacy statutes. If the Government and Parliament nevertheless decide to adopt the one commissioner model, I have recommended that the transition take place gradually, and only after the challenges facing the current access and privacy regimes have been thoroughly studied and addressed. As I have stressed, the limited confines of this review preclude anything other than cursory comment on these challenges. In any event, many of the them are well-known and have been raised, discussed and debated by others, including the federal Access and Privacy Commissioners, the Access to Information Review Task Force, academics, and various advocacy groups. I nevertheless believe that it may be helpful to outline a few of the most important challenges in this Report, and in so doing I have not hesitated to borrow heavily from the existing literature.
Perhaps the most important lesson to be gleaned from 22 years of experience with federal access to information and privacy legislation is that the greatest progress in furthering the goals of the legislation is achieved when government institutions (and in the context of PIPEDA, private organizations) internalize the values of privacy and access and devise mechanisms to promote those values in every relevant aspect of the institutions' activities. While effective complaints resolution processes are indispensable to achieving the legislation's objectives, they are limited in their ability to effect transformative change. Such change requires a genuine commitment by government to openness and transparency in the service of democratic accountability and a similar commitment to the principle that information collected about individuals is private and should, with a minimal number of overriding reasons, be used only for the purpose for which it is collected.
These rights are not likely to be adequately respected by bureaucracies, government or otherwise, unless they are nurtured. This is an especially challenging task on the access to information front. Federal government institutions have traditionally been very reluctant to expose themselves to external scrutiny. There is often a pervasive fear of the embarrassment that such exposure may cause to the institution, its employees, and its political masters. Moreover, in doing their jobs, public servants are primarily interested in performing the tasks assigned to them in the most expeditious manner possible. They may consequently consider access demands as impediments to the efficient performance of their work.  Managers may also be concerned that releasing sensitive information will chill the kind of vigorous and frank internal communication necessary for effective public administration.
There is undoubtedly a need for certain kinds of government information
to remain confidential. This need is reflected in the many exemptions
to access set out in the Access to Information Act. The Act
itself proclaims, however, that as a general rule
should be available to the public," and that
to the right of access should be limited and specific." If
this legal principle is to have its full effect, however, the bureaucracy
must experience a profound cultural shift. As stated in the Delagrave
Since the Act came into force in 1983, debate has centred largely on the design of exemptions, interpretation of the various provisions, and denouncing instances of non-compliance. Government efforts have focused mainly on publishing implementation guidelines, recruiting and training access officers and putting in place processes and systems needed to handle a growing volume of requests, and meet legislated deadlines. Neither at the time the Act came into force, nor since, has there been a comprehensive strategy to raise awareness of, and support for, access to information in the federal public service.
Though some progress has been made toward cultivating a culture of
more remains to be done. The Government should make it clear to its
senior officials that access should be provided
"unless there is a
clear and compelling reason not to do so," as the Premier of Ontario
recently instructed his Ministers and Deputy Ministers. There
is also a need for government institutions to develop sound information
management systems, ensure
adequate training for access officials, and
create proactive dissemination policies encouraging institutions to
publish information before it becomes subject to formal access requests. Perhaps
most critically, incentives should be put in place rewarding employees
for complying with access requests and recognize the importance of
facilitating access to the department's success.
A cultural shift is also required on the privacy side. Though the
federal government has made significant strides in incorporating privacy
concerns into the legislative and policy development process, more
attention needs to be paid to the implications of its myriad programs
involving the sharing, matching, and outsourcing of personal information. And
as with access to information, better training and the development
of privacy management frameworks will also aid in fostering what the
federal Privacy Commissioner has called a
"culture of compliance" in
the public service. As
the Commissioner stated in her excellent submission to this review,
"should be designed to help departments protect the
personal information they control by identifying the inherent risks
and how to mitigate those risks" and ensure that
is better integrated with mainstream management practices."
In the main, the challenges to the access and privacy regimes mentioned so far call out for extra-legal solutions; that is, solutions stemming from administrative and cultural innovations. There is also a need, however, for extensive legislative reform. The Government has committed itself to introducing a package of reforms to the Access to Information Act, and in 2006 Parliament will undertake a mandatory statutory review of PIPEDA. In addition, Privacy Commissioner Stoddart has called for a comprehensive review of the Privacy Act and has made a number of specific suggestions for reform. This Report is not the place to explore the multitude of issues surrounding these initiatives. What may be useful, however, is to highlight some of the reform proposals, related to the roles of both the Information and Access Commissioners, that have come to prominence in the course of this review.
As discussed, both the Information and Privacy Commissioners have considered it to be part of their mandates to comment on the potential impacts of various legislative and policy proposals. The Privacy Commissioner has been particularly active on this front in recent years. Unlike the legislation in some of the provinces, however, neither the Access to Information Act nor the Privacy Act refers to this important function. I, therefore, recommend that both statutes be amended to specifically empower the commissioners to comment on government programs affecting their spheres of jurisdiction. Ideally there should be a corresponding duty imposed on government to solicit the views of the commissioners on such programs at the earliest possible stage. To ignore the commissioners until they raise the issue or it otherwise becomes public serves the interests of neither the commissioners nor the government.
- Date modified: