Frequently asked questions: Implementation of Bill C-58

Investigations, order making and publication of reports

The Information Commissioner now has the authority to issue binding orders. Under what circumstances will she issue an order?

When the Information Commissioner finds a complaint to be well-founded, she may issue any order she considers appropriate “in respect of a record,” including the following:

  • refusals of access, including that records be released or that an institution reconsider its decision to refuse access
  • fees
  • time limits
  • the format or language of records
  • institutions’ publication of their inventory of information holdings (i.e. Info Source).

When the Commissioner decides to issue an order, it is because she is not satisfied that the institution has properly applied the Access to Information Act. In these cases, the order reflects the fact that a resolution could not be reached. In order to close a complaint, the Commissioner will not hesitate to issue an order when a resolution cannot be reached.

The Commissioner may also issue recommendations to institutions as a result of investigations.

What documents will you use during investigations under Bill C-58’s new oversight model and what do they replace?

When, after investigating a complaint, the Information Commissioner finds a complaint to be well founded, she will send an initial report to the government institution. The initial report may contain an intended order or a recommendation. The initial report replaces the section 37 letter.

All complaints are closed with a final report, replacing the report of finding. The final report includes the results of the investigation. The final report may also contain the Commissioner’s order and/or recommendations.

Who will receive a copy of final reports (including final reports with orders)?

The complainant and institution will receive a copy of the final report. Third parties and the Privacy Commissioner of Canada may also receive a copy in certain circumstances.

We generally send final reports about complaints that are not well founded or resolved to the Access to Information and Privacy (ATIP) Coordinator or the ATIP general mailbox (or whomever the institution has previously indicated should receive reports of finding).

We send final reports about complaints that are well founded to the head of the institution, with a copy to the ATIP office.

What options does the institution have when it receives an order from the Information Commissioner?

Orders issued by the Information Commissioner are legally binding, pursuant to section 100 (formerly section 76) of the Access to Information Act and the rule of law.

The Access to Information Act sets out two options for institutions when they receive an order:

  • implement the order; or
  • apply for court review of any matter that is the subject of the order, which has the effect of staying the implementation of the order.
When deciding what to do after receiving a final report, what dates are important?

Several dates are important, depending on what parties were involved in the investigation:

  • Date the institution is deemed to have received the final report
    • Fifth business day after the date of the final report
  • Date the complainant and the institution may apply for court review
    • Within 30 business days after the institution is deemed to have received the final report 
  • Date third parties and the Privacy Commissioner may apply for court review
    • Within 10 business days after the initial 30 business days for institutions and complainants to apply for court review has expired
  • Date the Commissioner’s order takes effect
    • The 31st or 41st business day after the day the institution is deemed to receive the final report, when no court review has been initiated
Will resolving a complaint avoid a final report?

There will always be a final report when we investigate a complaint, even when it is resolved. However, reports for complaints that have been resolved will not contain an order or recommendation.

Will final reports and orders be sent separately?

No, orders will be included in final reports. However, not all final reports will include orders.

What will final reports and orders look like?

Final reports will generally be formatted under headings such as “Facts”, “Issues”, “Analysis”, “Conclusion” and, when warranted, “Order” or “Recommendation”. As is currently the case with reports of findings, final reports will be written such that no information will be disclosed where an institution would be authorized to refuse to disclose or indicate whether that information exists.

The Information Commissioner now has the authority to publish her final reports upon completing an investigation. What criteria will be used to determine what gets published?

We close more than 2,000 complaints a year. It will not be possible to publish all final reports.

Initially, most final reports that include an order will be published. Eventually, we may choose not to publish orders related to procedural or administrative matters.

In addition, most complaints we find to be well founded or not well founded (i.e. those complaints that are not resolved), will be published initially. Again, we may choose not to publish findings related to procedural or administrative matters.

In general, anything that may involve a legal precedent, or be of interpretive value, will be published. The goal is to publish final reports that will be useful, provide guidance to both institutions and complainants, and address specific principles of the law.

With time, as a body of case law develops, we may find fewer final reports need to be published. If that occurs, we may refine our criteria for publication and make these publicly known.

It is a priority for us to ensure our work is open and transparent. To the greatest extent possible, the reasons and principles behind our decision will be made public.

What happens if the Privacy Commissioner does not agree with the Information Commissioner about the application of the exemption for personal information (section 19)?

The Access to Information Act was amended to provide two opportunities for the Privacy Commissioner to become involved in investigations when the exemption for personal information is contentious:

  • During an investigation, the Information Commissioner may, at her discretion, consult the Privacy Commissioner.
  • We must give the Privacy Commissioner a reasonably opportunity to provide his position on the matters (known as representations) any time the Information Commissioner intends to order the disclosure of information the institution considers to be “personal information”.
The Privacy Commissioner also has a right to ask the Federal Court to conduct a review relating to section 19, once the investigation is concluded, or to join an application that has already begun, when he has been involved in an investigation.
May third parties complain to the Information Commissioner about an institution’s application of exemptions to their information?

No, third parties may not complain to the Information Commissioner about an institution’s application of exemptions to their information. The process for institutions to notify and consult with third parties while processing a request under sections 27 and 28 of the Act did not change under Bill C-58. Section 44 still gives third parties the right to apply for Federal Court review after they have received notice under section 28 from an institution of its decision to disclose information that relates to them.

Declining to act on a request

When an institution seeks approval from the Information Commissioner to decline to act on a request, what information will be shared with the parties involved?

Institutions must notify requesters when they are seeking approval from the Information Commissioner to decline to act on their request. This must be done at the same time that the institution initially communicates with us.

We will share with the requester all the arguments and evidence (known as submissions) the institution provides to substantiate its application to decline to act on the request when the Information Commissioner determines that the application merits consideration for approval. This is for fairness reasons, to allow the requester the opportunity to fully respond. Similarly, if the Information Commissioner deems it necessary, the institution will be able to see all the requester's submissions. Sharing of submissions will be facilitated through ePost Connect.

What happens when an institution disagrees with the Information Commissioner’s decision about an application to decline to act on a request? Is there a way to challenge the Information Commissioner’s decision?

If the institution disagrees with the Information Commissioner’s decision, it should seek legal advice on its options.

If an institution refuses to act on a request, despite having been denied approval from the Information Commissioner to do so, the requester may complain about this refusal to us.

Is there a form or template an institution must complete when asking for the Information Commissioner’s approval to decline to act on a request?

For the time being, there is no form or template to make an application to the Information Commissioner for her approval to decline to act on a request. In the future, we may introduce an online form.

A process document has been created that sets out how to apply to the Commissioner for permission to decline to act on a request.

All applications to decline to act on a request must include the following:

  • a copy of the access request at issue;
  • the requester’s name and contact information;
  • the date the institution received the access request;
  • the institution’s access request file number;
  • confirmation that the institution gave written notice to the requester at the same time as they communicated with the Information Commissioner to seek approval to decline to act on the access request, as required by subsection 6.1(1.3) of the Act;
  • all submissions and any supporting evidence the institution wishes to rely on to demonstrate that the access request meets the relevant criteria set out in subsection 6.1(1) of the Act; and
  • submissions and any supporting evidence that demonstrate the institution’s efforts to fulfill its duty to assist obligations in relation to the access request.
Is there a designated person within an institution who should make the application seeking approval to decline to act on a request and continue to correspond with you? Does it need to be the same representative for the entirety of the application process?

This is up to the institution to decide. We will communicate with the e-mail address from which the application was originally sent, regardless of who is administering this account.

Do institutions need to seek consent of the requester before sharing personal information with you in an application to decline to act on a request?

Institution’s should seek legal advice to determine whether the personal information they wish to share with us in an application to decline to act on a request is in compliance with the Privacy Act and Treasury Board of Canada Secretariat’s guidance on consistent use.

May evidence from before the date Bill C-58 came into effect be submitted to support an application to decline to act on a request?

Yes, evidence from before June 21, 2019, may be submitted, as long as the evidence relates directly to the access request at issue. However, institutions may only apply for the Information Commissioner’s approval to decline to act on access requests made on or after June 21, 2019.

Date modified:
Submit a complaint