THE OFFICES OF THE INFORMATION AND PRIVACY COMMISSIONERS: THE MERGER AND RELATED ISSUES

Part III: Challenges of the Current Model

Introduction

I have concluded that merging the offices of the Information and Privacy Commissioners or cross-appointing one person to preside over both offices would likely have a detrimental impact on the policy aims of the federal access to information and privacy statutes. If the Government and Parliament nevertheless decide to adopt the one commissioner model, I have recommended that the transition take place gradually, and only after the challenges facing the current access and privacy regimes have been thoroughly studied and addressed. As I have stressed, the limited confines of this review preclude anything other than cursory comment on these challenges. In any event, many of the them are well-known and have been raised, discussed and debated by others, including the federal Access and Privacy Commissioners, the Access to Information Review Task Force, academics, and various advocacy groups. I nevertheless believe that it may be helpful to outline a few of the most important challenges in this Report, and in so doing I have not hesitated to borrow heavily from the existing literature.

Cultivating Access and Privacy Values in Government

Perhaps the most important lesson to be gleaned from 22 years of experience with federal access to information and privacy legislation is that the greatest progress in furthering the goals of the legislation is achieved when government institutions (and in the context of PIPEDA, private organizations) internalize the values of privacy and access and devise mechanisms to promote those values in every relevant aspect of the institutions' activities. While effective complaints resolution processes are indispensable to achieving the legislation's objectives, they are limited in their ability to effect transformative change.[101] Such change requires a genuine commitment by government to openness and transparency in the service of democratic accountability and a similar commitment to the principle that information collected about individuals is private and should, with a minimal number of overriding reasons, be used only for the purpose for which it is collected.

These rights are not likely to be adequately respected by bureaucracies, government or otherwise, unless they are nurtured. This is an especially challenging task on the access to information front. Federal government institutions have traditionally been very reluctant to expose themselves to external scrutiny.[102] There is often a pervasive fear of the embarrassment that such exposure may cause to the institution, its employees, and its political masters.[103] Moreover, in doing their jobs, public servants are primarily interested in performing the tasks assigned to them in the most expeditious manner possible. They may consequently consider access demands as impediments to the efficient performance of their work. [104] Managers may also be concerned that releasing sensitive information will chill the kind of vigorous and frank internal communication necessary for effective public administration.

There is undoubtedly a need for certain kinds of government information to remain confidential. This need is reflected in the many exemptions to access set out in the Access to Information Act. The Act itself proclaims, however, that as a general rule "government information should be available to the public," and that "necessary exceptions to the right of access should be limited and specific."[105] If this legal principle is to have its full effect, however, the bureaucracy must experience a profound cultural shift. As stated in the Delagrave Report:

Since the Act came into force in 1983, debate has centred largely on the design of exemptions, interpretation of the various provisions, and denouncing instances of non-compliance. Government efforts have focused mainly on publishing implementation guidelines, recruiting and training access officers and putting in place processes and systems needed to handle a growing volume of requests, and meet legislated deadlines. Neither at the time the Act came into force, nor since, has there been a comprehensive strategy to raise awareness of, and support for, access to information in the federal public service.[106]

Though some progress has been made toward cultivating a culture of access,[107] much more remains to be done. The Government should make it clear to its senior officials that access should be provided "unless there is a clear and compelling reason not to do so," as the Premier of Ontario recently instructed his Ministers and Deputy Ministers.[108] There is also a need for government institutions to develop sound information management systems,[109] ensure adequate training for access officials,[110] and create proactive dissemination policies encouraging institutions to publish information before it becomes subject to formal access requests.[111] Perhaps most critically, incentives should be put in place rewarding employees for complying with access requests and recognize the importance of facilitating access to the department's success.[112]

A cultural shift is also required on the privacy side. Though the federal government has made significant strides in incorporating privacy concerns into the legislative and policy development process,[113] more attention needs to be paid to the implications of its myriad programs involving the sharing, matching, and outsourcing of personal information.[114] And as with access to information, better training and the development of privacy management frameworks will also aid in fostering what the federal Privacy Commissioner has called a "culture of compliance" in the public service.[115] As the Commissioner stated in her excellent submission to this review, these initiatives "should be designed to help departments protect the personal information they control by identifying the inherent risks and how to mitigate those risks" and ensure that "privacy management is better integrated with mainstream management practices."[116]

Legislative Reforms

In the main, the challenges to the access and privacy regimes mentioned so far call out for extra-legal solutions; that is, solutions stemming from administrative and cultural innovations. There is also a need, however, for extensive legislative reform. The Government has committed itself to introducing a package of reforms to the Access to Information Act,[117] and in 2006 Parliament will undertake a mandatory statutory review of PIPEDA.[118] In addition, Privacy Commissioner Stoddart has called for a comprehensive review of the Privacy Act and has made a number of specific suggestions for reform.[119] This Report is not the place to explore the multitude of issues surrounding these initiatives. What may be useful, however, is to highlight some of the reform proposals, related to the roles of both the Information and Access Commissioners, that have come to prominence in the course of this review.

Advising on Policy and Legislation

As discussed, both the Information and Privacy Commissioners have considered it to be part of their mandates to comment on the potential impacts of various legislative and policy proposals. The Privacy Commissioner has been particularly active on this front in recent years. Unlike the legislation in some of the provinces,[120] however, neither the Access to Information Act nor the Privacy Act refers to this important function. I, therefore, recommend that both statutes be amended to specifically empower the commissioners to comment on government programs affecting their spheres of jurisdiction.[121] Ideally there should be a corresponding duty imposed on government to solicit the views of the commissioners on such programs at the earliest possible stage. To ignore the commissioners until they raise the issue or it otherwise becomes public serves the interests of neither the commissioners nor the government.


Date modified: