New procedures in response to the passage of Bill C-58
A number of targeted amendments were made to the Access to Information Act by the passage of Bill C-58. Some of these amendments add new responsibilities and authorities for the Information Commissioner and, in turn, the Office of the Information Commissioner (OIC).
Below are initial details on these changes. These apply only to requests institutions receive and complaints the OIC receives on or after June 21st, 2019. The OIC will continue to treat complaints received before that date according to the terms of the pre-Bill C-58 version of the Act.
The OIC will publish follow-up process and interpretation guidance for complainants and institutions on these and other changes stemming from Bill C-58 on its website in the coming weeks.
Applying for the Information Commissioner’s approval to decline access requests
Institutions may now ask the Information Commissioner for approval to decline access requests that are vexatious, made in bad faith or otherwise an abuse of the right of access.
Institutions have the obligation to justify why an access request should be declined. In general, institutions will have one opportunity to explain why the Commissioner should or should not grant approval to decline the access request. Requesters will also be given an opportunity to reply to institutions’ arguments where the Commissioner determines the application merits consideration for approval.
The Commissioner’s goal is to decide these applications within 20 business days. The OIC will use Canada Post’s epost Connect service to facilitate the application process. (If the requester asks for an alternate process to that offered through epost Connect, arrangements will be made to accommodate.)
The period for the institution to respond to the access request is suspended from the day the institution communicates to Commissioner, to the day it receives the Information Commissioner’s written decision. If the Commissioner does not approve the application, the time period to respond to the access request resumes the following day.
When the OIC wishes to decline an access request, the Commissioner asks the Information Commissioner ad hoc for approval to do so.
For more information
- Process: Seeking the Information Commissioner’s approval to decline to act on an access request
- Interpretation: Seeking the Information Commissioner’s approval to decline to act on an access request
Consulting the Privacy Commissioner during investigations
The Information Commissioner may now consult with the Privacy Commissioner during investigations that involve personal information. When the Commissioner intends to order an institution to disclose information to which the exemption for personal information has been applied, she must consult the Privacy Commissioner.
Involving third parties during investigations
The Information Commissioner will continue to seek representations from third parties where their information may be at issue in investigations. The Commissioner will now be required to give notice to affected third parties and give them an opportunity to make representations where she intends to make an order requiring an institution to disclose information to which the exemption for third party information has been applied.
Refusing or ceasing to investigate complaints
The Information Commissioner may now decline or cease to investigate complaints she considers to be trivial, frivolous, vexatious, made in bad faith or otherwise unnecessary having regard to all the circumstances of the complaint.
If the OIC considers that the criteria for refusing or ceasing to investigate apply, we will advise the complainant in writing. The complainant will be given the opportunity to provide their view regarding why the investigation should be conducted.
If the Commissioner decides to refuse or cease to investigate a complaint, she will notify the complainant and provide reasons for refusing or ceasing to investigate, and notify any other parties as required.
Issuing orders to conclude complaints
The Information Commissioner may now order that institutions take specific actions at the conclusion of a well-founded complaint.
Complaints made under the Act are concluded with a final report. These reports can include:
- a finding that the complaint is not well-founded;
- a finding that the complaint is well-founded, with recommendations; or
- as a result of Bill C-58, a finding that the complaint is well-founded, with an order from the Information Commissioner.
Final reports, including those that contain orders, must be provided to the complainant and institution. If third parties and/or the Privacy Commissioner were involved in the investigation, they also receive copies of final reports.
The Commissioner may also publish her final reports.
An order from the Commissioner takes effect 31 business days after it is received by the institution if the complaint only involved the institution and the complainant, or 41 business days after it is received from the institution if the complaint also involved third parties and/or the Privacy Commissioner.
Reviewing matters before the courts
If an institution does not want to follow an order from the Information Commissioner, it must now apply to the Federal Court for a review of the matter that is the subject of the Commissioner’s order. Complainants, third parties and the Privacy Commissioner may also apply for review by the Federal Court in certain circumstances.
The Federal Court will not review the Commissioner’s investigation or the outcome of the investigation, but will rather undertake a de novo, or fresh review with new evidence, just as was the case prior to Bill C-58 coming into effect.