Review the Freedom of Information and Protection of Privacy Act — Issue No. 11

SPECIAL COMMITTEE TO REVIEW THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT

Present: Don McRae, MLA (Chair); Doug Routley, MLA (Deputy Chair); Kathy Corrigan, MLA; David Eby, MLA; Eric Foster, MLA; Sam Sullivan, MLA; Jackie Tegart, MLA; John Yap, MLA

2. The following witnesses appeared before the Committee and answered questions regarding the report entitled Implementing Investigation Report F15-03: Recommendations to the Government of British Columbia

The following electronic version is for informational purposes only.
The printed version remains the official version.

REPORT OF PROCEEDINGS
(Hansard)

SPECIAL COMMITTEE TO
REVIEW THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT


CONTENTS
Page
Response to Recommendations on Investigation Report F15-03	163
C. Wenezenki-Yolland
C. Lowe
D. Curtis
S. Plater
E. Denham

D. McRae (Chair): Good morning, everyone, and welcome to the Special Committee to Review the Freedom of Information and Protection of Privacy Act.

It is Wednesday, March 16, nine o’clockish. Before we begin, I just wanted to draw the committee members’ attention. Susan and Helen have very nicely distributed on the table April dates, and I noticed that some individuals have already expressed a little bit of concern about their timing. That being said, I wanted to get a group of dates to individuals as quickly as possible for a review.

You don’t have to answer or comment right now, but if you can, if you haven’t already, let us know if those dates will work or not work for you, and we can then plan accordingly. If you could do so preferably by tomorrow, that would be much appreciated. That is the formal stuff of the meeting today — of the things I had to do.

Today we also have visiting us the Ministry of Finance, so I was wondering, if possible, Cheryl, if you could introduce yourself and your staff, and then we’ll turn the floor over to you. Thank you very much for coming.

C. Wenezenki-Yolland: It’s great to be here today. I’m Cheryl Wenezenki-Yolland. I am the chief records officer for the government of British Columbia — the first chief records officer — and the associate deputy minister for Finance.

I’m joined here today with a number of my team members in our newly formed office that is responsible for corporate information and records management. David Curtis is our new ADM for our newly created office. Then we have Sharon Plater, our executive director for privacy and training. And we have our executive director for strategic policy and initiatives, Charmaine Lowe, on the side here.

We were asked to come today and speak to the committee to share with you, I would say, an update and some information on what has been happening in regards to corporate information and records management. Along with my colleagues, I guess what I’d first like to say is that we have created a new division. There’s been quite a bit of change since the last time that you had visit from government.

Bette-Jo Hughes, the government’s chief information officer, had come and spoken to you in November. Since that time, there has been a reorganization and some new accountabilities assigned, with the corporate records and information functions all transferring over to the Ministry of Finance.

This is a really great opportunity for us. With that transfer came a very strong mandate for the office to affect change in regards to records and information management. I can say that since that happened at the end of December, we’ve been very busy bringing that team together, as these are various parts that had resided in different places in government. It’s the first time that they have been brought as a full team under a single leadership.

We’ve been forming that team, and we’ve been formulating a strategy and the mandate and the actions for that team going forward based on other information that government has received that I’ll talk to you about shortly.

We did provide the committee with a written submission. When Bette-Jo was here in November, she had indicated that government would come back and would follow up with a written submission. That was provided to the committee. It has taken us some time to pull that together because, as I said, there is a lot that has happened. The written submission that we have provided for you really lays out our action plan in regard to information management and information management practices in the B.C. public sector.

Specifically, it includes government’s response to the David Loukidelis recommendations, and I know those were mentioned to the committee the last time that government visited you. We’ve since received that report, so the plan that you have that we’ve laid with you includes our actions and how we plan to move forward on those recommendations.

It also describes additional actions that government has taken in regard to privacy, which was not a focus of Mr. Loukidelis’s report, and reiterates other themes that Bette-Jo would have spoken to you about in November and, at the end, provides some recommendations for the committee’s consideration as you undertake your work and complete your report.

Specifically today, though, I really do want to focus on what the themes were that have come out of the David Loukidelis report and the key themes that you’ll see in our action plan when you have an opportunity to read the written submission.

The emphasis that we have on information management — we are really looking at revitalizing an entire service culture around information management. This is a significant change management agenda that we have. It is really looking at the provision of information to people as a public service, as opposed to just a legislated responsibility.

We are really looking at how we can drive that change and that way of thinking within my own team and the people who administer those — it would be access to information, privacy or records management — on a day-to-day basis but also how ministries and government agencies respond in that regard.
[ Page 164 ]

There is a theme around improving access to information. I’ll go into that in some more specifics throughout the presentation. We have some very specific actions that we’re undertaking and things that we are implementing in that regard. We’re also looking at much stronger proactive disclosure of information and leveraging a lot of the work that we have done around open information and open data. I will talk to you a bit about that.

Again, our focus is on enhancing privacy. While we have access to information and we have all of this information, we have a huge responsibility to ensure we have the appropriate protection for privacy and that we retain the right balance. That still remains a key priority. I will talk a little bit about that and the privacy management accountability policy framework that was implemented since Bette-Jo last visited you.

Also, we’re looking at increased oversight and compliance. Many of these were themes within David Loukidelis’s recommendations and the Information and Privacy’s recommendations to government in the past.

We are also looking at improving records management practices and the appropriate creation of government’s records. A lot of people have referred to this as a duty to document. We’ll provide you a little bit more background about that and where we’re looking to go with that in the future.

What we have done is we’ve made a significant commitment for my team and for government. The guiding principle, as we work forward, that is really going to guide our direction is that we want to really enhance and really breathe a service excellence culture when it comes to information and records management.

We want to improve information and records management practices across the entire public sector. There are a lot of good reasons to do that. We want to enhance transparency and accountability. Obviously, that will come with how we do our records management, how we work with the public, the kind of information we put out in regard to what you can expect when you’re dealing with government and asking for information — just being a lot more transparent about the process and how it works, in all respects.

Then, of course, it’s maintaining that strong protection of privacy and security of information, which is the foundation of ensuring that we have the trust from the public when we capture some of their information and we have it in our possession.

A little bit of background. In November, as I mentioned, Bette-Jo, our chief information officer, had come to address the committee. At that time, David Loukidelis was undertaking his review of Commissioner Denham’s report and was working on providing some very specific advice and guidance to government on how we may approach implementing those recommendations.

In December of 2015, government received David Loukidelis’s report. Surprisingly, I was appointed as government’s chief records officer shortly after that as part of the conclusion of that. He did make 27 recommendations in total. We have provided those for you as appendices to the submission that we have given you so that you can see the full extent of his recommendations. I would encourage you, if you have an opportunity, to read his report. He was very, very thorough and very detailed in his report and gave some very good guidance to us, as we move forward, that we are considering in everything that we do.

Government is absolutely committed to adopting those recommendations — and I have a clear mandate to do so — and improving information access in general.

Program alignment with Finance is a significant shift. We’ve certainly had the question as to why Finance. I think there are a lot of good reasons why Finance — if we look at information management and we’re looking at a different type of discipline around how we approach it, if we think about how we manage financial assets. I know Commissioner Denham has used this reference in the past herself. She and I have had this conversation. As well, she’s had it with the minister. We have a lot of discipline in regard to how we manage financial resources. It’s been built over a very long period of time with a professional discipline and a professional practice, and we want to bring that same kind of discipline to information management. Also, we are looking to really change behaviour and build a customer service focus and approach to everything we do.

The Public Service Agency is part of the Ministry of Finance, so having this team aligned within the Ministry of Finance certainly helps to bring together the resources to help support change management and the training and communication that we will need to do across the public service at large.

If you look at information, it is certainly a strategic asset, and we want to manage it in that way, with the same diligence and the same regard and same respect.

As I mentioned earlier, since your last meeting, government has now appointed the first chief records officer and has brought together all of the information management practices from across government. The mandate for myself and my office is defined within the Information Management Act, which, when it comes into force, will provide a very strong foundation for us to move forward in the work that we are being asked to undertake.

It is really the first time that we have been able to integrate records management, access to information, privacy and the ongoing training, control, legislation, etc., into one place. With that, we will have all the tools that we need to drive the change that government is asking us to lead on behalf of the public service.

The Information Management Act has not yet been brought into force. We are expecting that to be brought into force this spring. It will replace the 80-year-old Document Disposal Act and significantly modernizes the legislation and allows for a much more streamlined and effective information management framework.
[ Page 165 ]

As I mentioned, it defines the mandate for myself and my office and provides for what is going to be called the information management advisory committee. David Loukidelis talked about this committee at some extent in his report and suggested some additional responsibilities and activities that this committee may undertake. We are currently looking at the committee structure and what that might mean, what that might look like and how that would work with the office.

The most important thing that the Information Management Act will do. We do have a significant backlog of information management schedules that have been sitting under the old legislation. This will allow us to be more adaptive and more flexible, respond to new needs around information management schedules and really bring those up to date so that the public service at large has very clear direction around what records they should be developing and retaining. That will guide them in what they do.

We thought it might be helpful to just put information management in context, given that the committee is looking at the Freedom of Information and Privacy Act, because the pieces of legislation work together as a whole. We’ve provided this little bit of a picture for you.

It’s important to appreciate that different parts of information management are governed by different pieces of legislation. If we look at the creation, retention and disposal of information, that will be governed under the Information Management Act. That is the new act that we were speaking to.

If we look at freedom of information or access to information and privacy, these are governed under FOIPPA. We wanted to share that with the committee. It’s important to appreciate how these pieces of legislation work together and how they work together in looking at information management as a whole and from a unified governance structure.

Now, the reason that’s important is we’ve given you a picture here that really talks about the life cycle of information management. The committee may have had presentations on this from other people sooner, I’m not sure. But this is how we are now looking at information management. Rather than looking at it in the siloed and piecemeal approach we would have before, we are really looking at it as a unified whole over the life cycle of records.

When we look at creation of records, we’re talking about what records government should be creating, retaining and for what purposes. When we’re looking at retention and storage of records, we would be looking at the IMA and what are those retention schedules and, quite honestly, the destruction schedules, because disposing of information and how you dispose of it is equally as important as what you create and what you retain. Those would be governed under the IMA.

Then we’re looking at: while we have that information, how do we access and use that information? That is governed under FOIPPA.

I think that it’s important to appreciate this as a continuum and a life cycle. One of the things that we’re wanting to do through our policy and our training is bring all of these elements together so that when we are training public servants, they understand information as a whole and their responsibilities for information as a whole, through the life cycle.

The foundation for accessing information and having good information to make decisions is really about how you’ve actually collected the information, retained the information, in the first place. If you are not capturing and collecting your information, it’s very hard to have good information to make decisions in the future.

When we are training public servants, we’ll be talking about their accountabilities over the scope of the whole life cycle. It provides a much more fulsome understanding, as opposed to just an information access request. In many cases, for many public servants, the extent of their interaction with information management is that they get a request from an FOI or through some source. We really want to make sure that they understand the full cycle of information.

We’ve made a commitment to improve access to information. British Columbia’s Freedom of Information and Protection of Privacy provides for the broadest privacy access coverage in Canada, covering 2,900 public bodies. It is significant.

David Loukidelis highlighted several areas for improvement in his report, specifically in regard to freedom-of-information processes. At the core of the changes that we are making in that regard is to really revitalize the service culture that I talked about earlier.

We’ve defined a number of key principles that will be the basis for this service culture. Those are transparency, accountability, subject-matter expertise, timeliness, fairness and just a general more-improved service orientation and experience for people.

These principles are critical in how we will build some of the change management strategies as we go forward and making sure that people understand the importance of these principles.

They’ll be supported by executive committees. We’ve already been having conversations with the deputy ministers in the B.C. public service to talk to them about this service culture change and what it means and what it might mean for changes within their ministries and in their departments.

In regard specifically to freedom of information and access, we’ve made a commitment to improve timeliness. Government has tracked timeliness in regard to freedom-of-information and access requests for a long time. We
[ Page 166 ]
do have a history. We have very good benchmarks to see how we’re doing.

There’s been a commitment to look at reducing the number of “no records” responses. This in and of itself is not only about changing how the public service may look at an information request. Some of this also means how we help to educate the public when they’re requesting information. Sometimes, a “no records” response is simply because somebody didn’t know where the information resided. They may have made a request to an incorrect department or time frame.

Part of what we’re looking at there is marrying that with the duty to assist. When applicants are looking for information, there’ll be a different type of interaction with the applicants to really try to support them and provide a service.

Currently the information access office will interact with applicants. The information access office is a central agency under my responsibility. Sometimes they may not know the nature of a ministry’s records. If a person is coming and asking for information in a particular ministry, the person in my office may not be the best person to help that individual find the information they’re looking for.

What we’re looking at is how we can refer that request to a ministry that could then contact the applicant and have a conversation with them. In my personal experience with information access requests, many times when you receive these, you think: “Well, if I could just have a conversation with the person, I’d be able to help them get what they need a lot faster.”

That’s part of what we’re talking about when we’re talking about a change in a service experience. It’s having a conversation, really trying to understand what the person is looking for and finding a way to help them get the information that they’re looking for. That’s as opposed to receiving an information request, which may be very broad in scope or very narrow, that you know there may be other information that would help that person get the information they’re wanting.

We’re really looking at duty to assist. David Loukidelis talked about this quite a bit in his report: how we can use that to advance the service culture that we’re looking to build around information management and information access.

We’re looking at some significant changes in and around the processes in regards to supporting minister’s offices in regards to information access, which will also improve the service experience for people requesting information but will also help to support those offices in providing appropriate information back to the public.

We’re also looking at documentation around searches and how we can improve that documentation to provide better guidance to ministries when they’re searching — to make sure that they are searching broadly enough and that they are providing all appropriate records for a response.

Specifically, I mentioned we were looking at the processes around minister’s offices. I’ll just share a little bit about what we’re doing there to improve and change the processes. We will be designating a contact in each deputy minister’s office. David Loukidelis went to some length to explain how this might be done. We have taken to heart his advice.

His recommendation was that it be a career public servant to be responsible for searches within minister’s offices. So we will be designating a contact within each deputy minister’s office who will be responsible for coordinating and overseeing the record searches in ministers’ offices. They will be given expedited training in freedom of information and records management. In addition to overseeing information access requests, they will also be responsible for supporting the minister’s office in records management practices: how do you set up your records? What records do you retain? How do you retain those?

They will also be responsible for being the liaison with my office and will have the ability, if necessary, to seek additional guidance from us in their support of the ministers’ offices. They also have the ability…. There will be a two-way escalation process. If, during an information access request, there is any concern that the full extent of records has not been identified, there will be an ability for that person to escalate the process, and then I would be able to intervene and help ensure that all of the information is compiled.

We’re also looking at proactive disclosure in the context of transparency and putting more information out into the public realm. We’re looking at ways that this can be done efficiently. I would say that a freedom-of-information request is probably not the most ideal way to get information. The more that we can put out on a proactive basis that is helpful to the public, then an information request becomes more of a last resort, as opposed to a first resort.

There is a very strong commitment from government to looking at this. Already, all freedom-of-information requests are posted publicly — non-personal ones. We have to retain the personal ones.

Deputy ministers’ and ministers’ travel expenses. There has already been a commitment made to expand the amount of information that is provided regarding ministers’ travel expenses, and that will be coming soon. We have over 2,000 data sets on our open data site, and that information is available. We’re going to also be looking at how we can make more people aware of the information that is already available.

The freedom-of-information process. There are a lot of resources that are currently supporting that process in government. We are really looking to see if there are other ways we can get more information out that are not so labour-intensive and that really help to provide the information to the public.
[ Page 167 ]

In a proactive release, we’re looking at a number of other options that are currently under consideration — purchase card information, deputy ministers’ and ministers’ calendars. I know that these are recommendations the Privacy Commissioner has made in the past. We’re looking at government contract information, and we’re looking at direct-award summaries. Now, some of these things are things where we get freedom-of-information requests on a regular basis. There’s obviously an interest in this information.

We are looking for other opportunities as well. There’s a deputy ministers committee, which I’m currently in the process of forming. That will be looking at other opportunities for open government.

In regard to privacy and protection, B.C. is currently a leader in privacy practices. We have the strongest data residency protection in Canada. We are the first province to legislate privacy impact assessments, and we remain one of the only jurisdictions with this type of obligation. I know from the statistics that I’ve seen from Sharon that the volume of privacy impact assessments is increasing at exponential levels.

With the introduction of our privacy management and accountability policy and the new individuals that have been appointed in each ministry, we expect that that will increase even more as the awareness and the requirement for these assessments grow.

B.C. has mandatory training for privacy for all public sector employees and service providers. I know that this is certainly, by far, the farthest-reaching program of any other jurisdiction — to require mandatory training, not only for your public servants but also for individuals contracting with government. There are very few jurisdictions that publish their personal information directory. Certainly, in the case of B.C., we do that, and it is available on the Data B.C. website.

We also have a privacy breach response line that is available to all public servants on a 24-7 basis, and I can tell you that they use that line.

We’re continuing to enhance privacy management, accountability and oversight, building on our leading practices. As I mentioned, we launched our privacy management, accountability and oversight framework in February to coincide with the privacy and security conference here in Victoria.

It is the cornerstone for our privacy framework in the public sector, and it requires every ministry to have a privacy officer. At this point, every ministry has designated those privacy officers.

Those privacy officers will be responsible for a number of accountabilities. Their primary one is to ensure that ministries have the proper information and have proper policies in regard to privacy, that ministry employees are receiving appropriate training and the mandatory training is delivered, that privacy impact assessments are completed and then, also, to conduct self-assessments in regard to compliance for their ministries in regard to privacy.

In addition to the ministries doing their own self-assessments, my office will be conducting ad hoc reviews of compliance and gather up their self-assessments so that we have a collective view of how we’re doing in government at large.

We’re also increasing the oversight in regard to information management, broadly. This is part of the opportunity that is afforded to us under the integrated framework.

I talked to you earlier about the fact that we would be bringing the Information Management Act into effect. When that comes into effect, we will be able to action a number of the policies that we have been building and researching. It will provide a comprehensive view of information management and allow us to look at an integrated approach to our compliance programs.

Currently, when we are looking at compliance, we do look at the different aspects of information management separately — so privacy, records management, FOIPPA. We’ll be able to actually look at our compliance program as a whole and be able to do overall assessments in regards to information management to support ministries and also to support government as we continue to improve this program.

We will have mandatory training. This was a very significant focus in David Loukidelis’s report. Throughout his report, you’ll see many, many references to training and the fact that we have many aspects of training, but it is not integrated. So we’ve been taking a serious look at our training plan.

What we will be doing is we will be rolling out some new training. It will start in April of this year. The objective is to have all public servants trained on the new training by the end of the fiscal year. That training program will be adapted over time and will be continually updated, based on changing dynamics in our context and new and emerging information. There will be a requirement that everyone renews their training every two years, and that will also be mandatory.

We will have core training that will be mandatory for all staff. We will also provide advanced training that would have more specifics for those individuals who have specific roles such as — I mentioned earlier — the privacy officers within ministries or the freedom-of-information contacts that would be our leads in the deputy minister’s office. They will need more in-depth training, perhaps, than an employee who is not dealing with this on a day-to-day basis.

We are continuing to look at how we can improve the management and our practices and advance our duty to document. Needless to say, there is more information. I’d say information or data, because data isn’t always information. There is so much information with the advances
[ Page 168 ]
in technology. I can’t remember the quote, but it’s something like: “In two days, we generate all of the information between….” I don’t know. I’m sure they could tell you. It’s like between the 1980s and now. In two days, we generate the same kind of information. It’s ridiculous, and it’s exponential and growing.

Certainly, it is a changing society. If I only think about my time in the public sector, which I joined in 1985, and I think about what information was like in 1985 versus what it is today, it has grown exponentially. I’m sure, back at that time, we couldn’t possibly have anticipated the kinds of changes that we have actually seen.

Daily use of email and social media has resulted in an information explosion, and information in a way that we couldn’t have imagined. Email and social media, from my perspective, have also…. I would say there would have been more formalization around information and around communications. But with the advent of email and social media, you see what would have been a lot of formal information becoming far less formal.

It does create some interesting challenges from an information management perspective. What are good records for government? What should we be keeping? What is it that we need to retain on an ongoing basis?

We need to continually modernize our practices. If we were doing what we did when I was here in 1985, we’d still be filing cards in a catalogue in the Legislative Library. It has definitely changed, and we need the flexibility and need to continue to keep up with the times and modernize our practices.

David Loukidelis had something to say, also, in regard to the amount and volume of information. We’ve put the quote up here on the slide. He noted that there are over 350 emails sent and received by government every year — 350 emails. That results in 53 terabytes of storage annually. This presents significant challenges for government’s recordkeeping. The solution is not to keep….

C. Wenezenki-Yolland: Sorry. It’s 350 million. That’s correct. Did I say 350? It’s 350 million emails. That’s why there are 53 terabytes. Sorry about that.

The solution definitely is not to retain every one of the those emails. He went on at quite some length. This was his quote in his plea to government: “At all costs, the provincial government should not entertain any notion that all electronic records, regardless of their value, must be retained. This would be completely contrary to modern records and information management principles. It would also be damaging to both public administration and, perversely, freedom of information and privacy.”

Documenting and retaining valuable information. All other jurisdictions that have a legislated duty to document…. We’ve been looking across different jurisdictions. I know that the Information and Privacy Commissioner has raised the duty to document, as well, in her recommendations to the committee.

I would highlight that currently, the Information Management Act requires the retention of all information that documents key decisions. Also, as we evolve the new records management schedules that I mentioned earlier, they will provide very sound guidance to government on the documentation and records that are required.

Government’s core policy and procedures manual reinforces the value of good records management, including the creation of records. I would also say that government has several hundred pieces of other legislation that require the creation of records for various purposes.

I am most familiar with the Financial Administration Act — when I was the comptroller general — and the extent of information and records that we were required to retain as a matter of legislation. There are many other similar types of pieces of legislation that guide the public sector in the nature of records that they are required to retain and document. We can always do more in providing guidance, though, to the public sector, about what this means and how they interpret that.

For ourselves, our next step is to really emphasize the duty to document principles in updating our records management policies. I know that we are working with our minister, and there are considerations of the legislated duty to document.

I would highlight for the committee that in the case of the legislated duty to document, though, when we look at other jurisdictions, they do typically place this requirement in their information management legislation versus their access legislation, because that is the piece of legislation where we’re talking about the creation of records versus access to records.

In conclusion, government is taking action on all of Mr. Loukidelis’s recommendations. We’re committed to going further by revitalizing the service culture across the B.C. public service in regard to access to information. We are working on creating comprehensive training and compliance programs that will support the public service in advancing our practices in this regard. We are looking at how we can provide more information on a proactive basis to the public through the various mechanisms that we have available to us.

We are hoping that the committee finds this helpful in the conduct of their work. I’m happy to answer any questions that you may have.

D. McRae (Chair): Thank you very much, Cheryl. You did very well. You spoke for about 45 minutes.

Out of respect for Member Corrigan…. Kathy has to leave in a few minutes. To the committee members: if we could, I’d like to throw the ability to Kathy to ask a couple of questions.
[ Page 169 ]

We’ll have your staff and yourself for another few minutes after that, obviously.

It is about 12 minutes to ten, Kathy. So if I give you three questions, see how it goes from there, if you have that? Then I’ll open it to others.

Thank you very much, Cheryl, for that overview. I do want to make a comment first, though.

We have a very damning report that came from the Information and Privacy Commissioner. It seems to me that what has happened is that we have a damning report, and then it’s a little bit like when you have a bunch of garbage on the ground, and then on top of that you sprinkle a little bit of snow — which would be the Loukidelis report — and you can’t really see the garbage on the ground anymore. Now we have a plan that’s supposedly going to restore the public confidence, and that’s a whole bunch more snow. I’m worried about what it’s going to look like when the snow melts.

We do have a report that talks about deleting emails, willfully or negligently failing to produce records, failing to keep sent emails, failing to tell the truth to the commissioner’s office under oath, failing to clarify requests, implementing a verbal process, flaws in the configuration of government’s email system. I mean, there is a lot that has to change.

I guess my first question is: given the background, and given the fact that we now have charges against George Gretes, how can we be sure that the culture of government is going to change so that we don’t continue to have these types of scandals that have recurred with regard to information?

C. Wenezenki-Yolland: First, I’d like to say: I take the responsibilities and the mandate that I have been asked by government to fulfil extremely seriously. We have been asked to really lead a change — to put in place the strategic direction, the leadership, the policies, the processes, the communication, the training that could effect some change.

There are many, many good things that government has done in the past in regard to information management. We have some very strong policies. We have very strong legislation. Really, our focus, at this point, is: how do we provide better information, education and guidance to the public sector at large so that they can fulfil those obligations and responsibilities?

Change takes time. I have led change and culture changes in many, many different organizations. Change is not something that happens overnight. If I thought it did, I can surely tell you that we probably wouldn’t succeed. Change is something that takes a lot of time. It takes consistency in the tone from the top, from the senior leadership in the government. It takes consistent training. It takes consistent policy. It takes consistent practice. It means watching what we’re doing, and it means learning from our practice. It means sharing what we’re learning back with the public sector and identifying opportunities to continue to improve.

Can I give you a 100 percent guarantee that every single person of the 28,000 public servants will all act accordingly? I don’t think anybody could ever give that assurance. As long as we are human beings, we will continue to make mistakes. What I can do is tell you that we are committed to putting in place everything that is required to succeed in that change. We will continue to move forward and continue to make improvements to achieve that.

K. Corrigan: I have a question about the process of producing this report and, in the spirit of change, just wanted to know whether or not this report was written in-house or whether there was a contract for somebody else to write it. If so, how much did it cost?

C. Wenezenki-Yolland: The report that we gave you? I can assure you 100 percent that I and my staff wrote that report. We spent many, many hours doing it in order to provide that to you.

K. Corrigan: I do have another question. I want to ask you a specific question about your report. It’s about protecting the identity of the applicants. You didn’t go over that piece in the presentation. You do speak about it on page 9 of your report and express some concerns about protecting the identity of applicants, largely by saying that you believe that you won’t be able to provide the same level of service.

I’m wondering if you would acknowledge that it would be possible for the identity of applicants to be protected if you put in the legislation or in regulation some provisos — where, for example, the identity is necessary to identify responsive records or some of the other exceptions that you talked about. You could do that and still provide the level of service. It doesn’t negate the possibility of protecting the identity of applicants.

C. Wenezenki-Yolland: What we have currently is by matter of policy in government. We only do share the identity of the applicant when it is necessary to assist them in regard to their information request. We do that as a matter of policy already. We have done that based on previous conversations that we’ve had with the Information and Privacy Commissioner and concerns that she had raised previously.

I think one of the areas where we want to make sure we have the flexibility is that we really do want this to drive a service. We really want the public accessing information to be seen as a public service and a service that we pro-
[ Page 170 ]
vide. In doing that, you do want to make sure that you’re able to share that information with people in the ministry who might be able to assist the person in their request.

As we’re clarifying and we’re talking about duty to assist, it may be specifically in response to the words that they wrote on a paper for an information access request. It may be, also, something broader. There may be times when you want to consult with another person in government and say: “Okay. I’ve got this request. This is what the person is looking for.”

On occasion, sometimes it’s helpful to know who the person is. They may have been a person who had requested information before. You may have given them information in the past, and you may be able to actually facilitate the request much more quickly if you know who they are, because you can give them the same information they’ve had before. If that became restricted, that would make it more difficult. We just want to make sure that we have the flexibility enough that we are able to actually take that service approach that we were talking about.

The concern about protecting the identity is, I think, legitimate. I know, from the opposition point of view, there is a feeling often, and I’ve heard it expressed several times, that when there are requests, certainly, from the opposition — and I’ve heard the same thing from the media — the requests are treated differently. That’s not consistent with what you’re saying, which is that it’s on a need-to-know basis now and there’s a policy. If that’s the case, then perhaps…. I don’t know whether that’s true or not, but it is a concern.

It raises another question that I had, which is similar. Can you just explain a bit more about what the process is expected to be? You talk about it coming to your office, essentially, but then it’s going to go to the ministry. It’s going to be the ministry, then, which will handle the request because the ministry is expected to have more information about that request? Is that correct?

C. Wenezenki-Yolland: I should probably tell you how it works now. It’s not that much different than how it works now.

Right now an information request comes into the information access office. The information access office will get that request. We do have analysts assigned to ministries with the hope that they will learn those ministries, but there are changes. They can’t possibly know all the detail and information in the operation of the ministry, so they work with people in the ministry.

When that information request comes in, if it is obviously extremely broad and the information access analyst is able to determine that the ministry would have difficulty interpreting it, they will go back to that applicant right away on their own and help the applicant try to be clearer in the scope of what they’re requesting so that the ministry can be more responsive.

Once that’s done, already the current process is that that information access request is forwarded to the ministry from the information access office. It goes into a contact in the ministry. We want a different contact than some ministries currently have as their FOI contact because we really want to make sure we’re improving that service, and that means timeliness. We’re asking for more discipline on behalf of the ministries around the timeliness of processing those requests.

It does go into the ministry now to an FOI contact. That FOI contact will distribute the information access request to different parts of the ministry they believe would have records that are responsive. Then what happens is that those departments gather up the records that they believe are responsive, and they will identify, based on the FOIPPA legislation, any harms or any redactions that they believe are required under FOIPPA. Then it goes into the information access office. The information access office will then apply severing, based on the high-level harms that have been identified by the ministry.

Then what happens, once the access office applied that, is it goes back into the ministry to the program area that is ultimately responsible. They review the recommended severing and redaction and may request some changes based on what they review. That record would be subsequently signed off, returned to the information access office, where it could then be returned to the applicant.

It is a very long process. What we’re suggesting is that rather than IAO perhaps having that extra conversation in there to clarify the information access request, if it needs to be clarified, it might be better for an appropriately trained contact in the ministry to have that initial conversation. It may be a more valuable conversation for the applicant, rather than having two or three conversations to try to clarify the request.

D. Routley (Deputy Chair): I won’t be too long. I have to add the comment that…. I thank you for the report. I understand the tensions of representing the ministry in this context and the current political context that has arisen out of some of the failures to protect information or failures to create documents. All of those things have been scandalous. I have empathy for my colleagues on the panel. It’s a difficult thing to defend. But that’s, I think, what this report does. It defends and apologizes for that.

I’m reminded of…. In professional cycling, if you’re not aware — I think most people are aware — there’s been a huge scandal of drug use, performance-enhancing drug use. For years and years, mechanisms have been put in place to control that and to detect it and to limit it. But there’s a culture. There’s a culture in the sport of cheating, and there’s also something that’s been referred to as the
[ Page 171 ]
omertà. It translates as an agreement to be silent.

I detect that in government right now. There’s this culture of oral government, and this culture of a lack of openness is surviving all the efforts of legislators and the independent officer, Ms. Denham, and previous officers to control this problem and to force government to, in fact, create a culture of openness, which was the original intent of the act when it was passed in the ’90s.

I think we’d all be doing better if we were just to say, “We have a serious, serious problem, and these are the steps we’re taking” and realistically say, “This is an embedded cultural problem. It’s going to be very difficult to correct” and not apologize by saying, “We’re the leader in proactive disclosure and open data,” when, in fact, there are so many complaints. Yes, maybe in quantity of data, we’re proactively disclosing, but not quality. We’re not getting the information that is politically sensitive.

Then, in terms of B.C. being a leader in privacy protection, well, maybe we have leading rules, but cycling has leading rules in drug controls. The fact is we just lost 3½ million students’ personal information, and we’ve had successive breaches that have been almost impossible to imagine if this system was really working.

I understand that the ministry is presenting on behalf of the government, but I really am disappointed. Not in you personally, but just in this. This is a reflection, I think, of this damaging culture that has evolved where everyone knows that the guy who won the race in the Alps was using drugs, and the guy who was second and the guy who was third. They all were tested, but they all passed. Everybody knows, though. I think we’ve got to take a more open approach.

In the form of a question. One of the difficulties that was brought to the committee was issues around archiving, that efficiencies could be brought to archiving that would make the process quicker and less expensive simply by standardizing forms, standardizing information fields in forms so that personal information can be redacted much more quickly and efficiently — that sort of thing. What is the ministry doing in order to increase the efficiency of archiving?

C. Wenezenki-Yolland: At a high level, I can tell you…. Within the IMA, there is reference to a digital archive. I had my first meeting with the provincial archivist just last week. She was talking to me as well, and I know that they are working on some changes. So there is a recognition of a need for changes in that regard.

I think moving to…. Our ultimate goal and vision is to move to a digital archive, which would facilitate, absolutely, what you are talking about. But that is going to take some time. We are looking at what some different technology options are to support that. I know that our corporate records management office works very closely with the provincial Archives in that regard. They’ve been looking at how they transfer information and how they can improve that process.

As to the specifics of the forms, I can’t respond to that directly today. But I do know that that is absolutely one of the strategies and the goals that we are working towards.

D. Eby: On page 3 of your report, you talk about the administration of access-to-information requests. There’s a five-step process that’s set up. I’m curious about a decision that was made in step 5. I understand that you’re the head of this new office that will be receiving freedom-of-information requests. You’ll be processing them. Then they go to the ministry responsible, which will do the search and make decisions about redactions.

What I’m curious about is step 5. When the ministry comes back to you, when you’ve had your discussions about redactions, about what documents have been found, and so on, and you say to them, “You’ve got a legislated duty to disclose this passage of the document,” and they say to you, “Listen. We are redacting this. End of story,” it appears as though the structure that you’ve set up here and that government is proposing is that the deputy minister who has a conflict of interest…. There might be something embarrassing if they’re saying, “We’re going to redact this,” and you, as the independent office responsible for FOI, are saying: “No, you’ve got a legal duty to disclose this.”

I don’t understand why you would let the person who’s in the conflict of interest, the deputy minister, make the final call instead of your office making the final call. Why is it that the decision has been made to let the deputy minister make the decision about the redaction instead of your office?

C. Wenezenki-Yolland: In regard to the accountability under the current legislation, the head of the public sector organization is identified under the legislation as being responsible for the freedom-of-information processes within their organizations. The legislation, by definition, gives that authority to the deputy minister.

However, in the context of my role, if there is a concern in regard to the breadth of the records that have been captured in regard to an FOI request, I am certainly not a person who’s known to have any fear in having a very direct conversation with that deputy minister to raise those concerns and express those with that individual. Also, certainly if we’re particularly concerned, we always have an ultimate escalation with our minister, who is ultimately responsible for the act.

The escalation process is discussed a little later in the document. I wanted to ask you about that. I’m trying to find the page; maybe you can find it before me.
[ Page 172 ]
Somewhere in here you say there’s a two-way escalation process, and you mentioned it just in your answer there. Can you tell me what that means?

Oh, pardon me. It’s on page 7. It’s in that little light-blue box at the top. It says: “A two-way escalation process will be established between your office and deputy ministers’ offices to ensure that searches for records are thorough, well documented and carried out in a timely and effective manner.”

C. Wenezenki-Yolland: What that means is that…. I had mentioned we would have FOI lead individuals within each deputy minister’s office. They’ll be responsible for those searches. The two-way escalation process means they can escalate directly to us if they are concerned so that we can intervene.

Also, in our office’s reviews of information, that means we can go back and have a conversation with them to identify that we don’t think that they have captured all the records.

D. Eby: So escalation means a lateral conversation. It doesn’t mean that it goes up to the minister or to your minister, necessarily. The word “escalation” was used in the answer to the first question as meaning you could escalate to the minister if there was an issue with the deputy. In this context, in the report, escalation actually means that it’s a conversation between your office and the deputy.

C. Wenezenki-Yolland: The person who is the lead for FOI has an escalation point. They can escalate to myself, or we can escalate back ourselves, going the other direction.

J. Tegart: I just want to make a comment, not necessarily having a question. I want to thank you very much for your presentation today.

Some of the preamble to questions is a tad bit political, I think. I’m hoping that we can leave our political agendas outside the door. We have an opportunity to make recommendations. We have certainly seen some reports, and I think that the opportunity is ours as a committee to do.

I appreciate the work that’s being done through your office, Cheryl, and hopefully, the recommendations that come out of this committee will help guide your work. I realize it’s us, as politicians, that have that responsibility. I appreciate the opportunity to review the work you’ve done and for us to be able to take a look at it and say: “Does it meet what we’re looking for, or do we want to make recommendations that will guide it further?”

I really appreciate the work done through your office. It really is up to us to look at that and say, “Do we need to go further? Are there areas of concern?” and to include those in our recommendations. Certainly, personally, I hope that, as a committee, we’re working together and that we’re looking at the improvement of FOI and other records being available as much as possible — protecting people’s privacy also. Finding that balance is difficult sometimes, but that’s the work of this committee.

D. McRae (Chair): As you started off, there was no question. It was just a comment.

Did you wish to respond at all, Cheryl, to anything, or can I go to the next question?

D. Eby: On the issue of protecting the identity of applicants. It’s interesting the structure that you’ve set up. I think it actually sets up a way in which government could easily implement the anonymity of applicants. Your office, as the recipient of the FOI application on behalf of government, really has no need to pass on the name or identity of the requester to the ministry.

You just pass the request on to the ministry. If the ministry comes back and says, “We need more information,” your office is well placed to go to the requester and say: “We know you want to remain anonymous. But would you consent to talking directly to the ministry to clarify your request for records or these kinds of things?” The person can make the decision, yes or no. “No, I don’t want my name released. Just have them send me whatever their interpretation is.” Or: “Yes, go ahead. I’d like to talk to the analyst and clarify my request.”

Don’t you feel that the way that you’ve structured these things actually makes it quite possible to protect the identity of applicants in this way and for your office to be able to go back to applicants and say: “In this situation, you’re asking for a fee waiver, or you’re asking for these records. It’s not totally clear. Would you consent, in this case, to releasing your name to the ministry responsible?”

C. Lowe: I think that in the vast majority of cases, it will be entirely possible to keep the applicant’s identity confidential. That is always our first starting point. In most cases, the name never needs to be shared.

To your point. Where there’s an opportunity, if we thought it would help to have a ministry staff person speak to them about their request because…. Perhaps they don’t understand the ministry’s business processes or where records could be, or there may be better sources
[ Page 173 ]
of information or a better format that we can provide it in, in a more timely way.

While we could get consent in those cases, you have to understand that consent, in the legislation, is a very formal process. We would actually have to get that consent in writing, and they would have to identify certain things. It wouldn’t just be as easy as consenting over the phone. There would be a bit of a challenge there in terms of…. We would actually have to ask them to put it in writing, and some people might think that that’s kind of awkward.

I also would say that I can’t see any place where, if someone said, “No, I want to remain anonymous,” we would share their information anyway. We really want to provide a good service, and we would certainly do a handoff. We would say to the person: “Listen. We think you would benefit from a conversation with the ministry, and we’re going to have someone call you.” Notice would happen. If they really didn’t want their name shared, we’re not going to do it. We don’t want to upset people. We really want to help them.

It’s not that we can’t get consent. It’s that we get 10,000 requests a year, and to add that layer into it is just going to create other complexities.

S. Sullivan: A couple of questions on…. One is on the cost. I’m very interested in the idea of proactive disclosure because I think it would be less costly. I don’t have any sense of the total cost of this program and how proactive disclosure would actually be less costly — or even some of the other initiatives that you’re talking about, what impact that would have on cost.

I’m very interested in a general total cost of…. When you look at each request, it takes one person so many hours to do it. That usually also has a cascading effect. They then can’t show up to the other meetings they were supposed to do, and the whole system would be a little bit more costly.

Is there anywhere that a total cost of this kind of legislation has actually been done?

D. Curtis: To answer the first component of the question, the total cost for FOI is approximately $20 million a year currently. That represents the direct costs associated with the information access office, which is approximately $8 million, as well as a prorated portion of indirect costs associated with the ministries in terms of the collection of those records — so quite substantial.

With respect to the second component of your question, the proactive release, we do not have cost estimates yet on what that may look like or potential savings. Part of that is the way that we’re going to be designing these.

Ideally, what we’d be looking for is to design the proactive release into the actual processes so that it’s not, to your point, going back and reviewing it — that the documents are developed with a common understanding in the beginning about what would be shared and to significantly reduce those costs. It would effectively, in an ideal state, be just administrative posting or sharing of that information that was developed anyway.

S. Sullivan: So $8 million more direct and then $12 million for the actual ministry staff.

D. Curtis: That’s correct. We do not do activity-based costing for those, so there are some assumptions based on the time that it sits or resides with the ministries for their data collection and assessment of harms, those things.

S. Sullivan: Does that include cascading effects of putting staff onto each request, or is it just an individual staff person that took the time?

D. Curtis: You’re correct. That is just the individual staff person, instead of the cascading impact across the organization.

D. Curtis: It’s relatively new to the file. It’s an interesting question and some of the costs and some of the metrics or some of the issues that we’ll be looking at.

S. Sullivan: Another question I had is about keeping the confidentiality of who is making the request. I think everybody would be very firmly in favour of…. If there’s an individual that has a very sensitive file and they really need to know something, that’s very important.

In my experience in municipal government, I have seen one individual do several hundred FOI requests, and they were clearly not very serious. They were actually almost harassing to the city. Maybe they were mentally unstable or something. I’m not sure what was going on there, but they were generating a lot of time from the staff.

Then there are some that are more like an exercise of gotcha. “I want to find someone who’s written an email that may have an unfortunate turn of phrase that could be used in a negative way to individuals.”

I wonder if there are categories of requests that could be considered that had different levels of confidentiality treatments.

C. Wenezenki-Yolland: Just in that regard…. We do categorize the requests by different types of requesters. It’s similar to what the Privacy Commissioner does.

I should clarify that when we’re talking about the identity of an individual, we’re not talking about the type. We
[ Page 174 ]
do disclose, as it is now, to ministries, the type of requester, but it is the identity that we only disclose when and if needed. Your point about different types of requesters….

The reason I want to make that point is we don’t share personal information. We get a lot of personal informations. We categorize them by personal information requests and then what we would call general information requests. We may have applicants who are inquiring because they want their own record. Some of those records are particularly sensitive. It could be related to adoption or a number of different things. That type of information is retained and definitely is very much on a need-to-know.

Under the general requests…. They tend to be media, political parties, and then there are businesses and organizations who may be requesting information because they’re wanting to get information that will move their business forward. We do categorize by those general types of requests and can disclose that.

I don’t know if that answers the question, but we do have the ability to disclose by type without disclosing the specific individual.

S. Sullivan: Would you have the ability to determine the costs for media requests versus political requests versus other requests?

C. Wenezenki-Yolland: Because we have quite a few statistics that our system captures around the information requests and we know the different types, you probably could, based on percentage of requests, get a general distribution across the different categories of requesters if that’s what you wanted. Yes.

D. McRae (Chair): Next question to John, and then the final question will go to David, and then our time will be at 10:30, I would believe.

J. Yap: MLA Sullivan asked a question regarding cost. I’d like to explore this further.

Do you have a comparison of where British Columbia…? How do we compare in terms of the costs to maintain freedom of information and access to information — FOI, the whole system — to other jurisdictions? Where are we today, the current state? And compare that to where we think we’re going with the coming changes to the system, how that would place us compared to other jurisdictions. More in terms of costs — I’m interested in that comparison.

C. Wenezenki-Yolland: What I can say to that is we don’t have, specifically, the costs for other jurisdictions. We do have volume information and how we compare to other jurisdictions. For example, I can tell you that the volume of information requests that we process here in British Columbia is between 8,000 and 10,000 records a year.

I believe the comparison is that that is approximately twice as many freedom-of-information requests on a per-capita basis compared to Ontario or Alberta.

Even if they had the same costs per unit, our costs are substantially more just because of the pure nature of the volume of requests that we deal with on a regular basis.

J. Yap: So on a pure activity basis, maybe — certainly on a per-capita basis — we’re higher, compared to other jurisdictions.

J. Yap: With the changes that are planned with proactive disclosure, etc., would that address that? I guess what I’m interested in is if we’re going to build a…. What are we building? Are we going to build a Cadillac system of freedom-of-information request delivery? If we do, what will be the cost of that?

C. Lowe: I can tell you that government’s primary driver in proactive disclosure isn’t necessarily the cost savings. Certainly, our experience when we first launched it in 2011 is that there weren’t cost savings with the material that we put forward.

It’s possible, as government goes further down this road and puts more and more categories of information out there, that eventually we would see some cost savings. But I wouldn’t want to guarantee that, because that hasn’t been our experience. The proactive disclosure is really about putting more information out there for the public so it’s more convenient for them and they don’t have to make FOI requests.

In fact, you might actually see a spike in requests at the beginning, because the more information that’s out there then would encourage someone to make a request for additional information on top of that. I just want to be careful that we don’t leave you with the impression that doing proactive disclosure is, therefore, going to reduce FOI requests, because it didn’t have that effect in the past and it might not going forward.

J. Yap: I think, if I may, Chair, it would be helpful to have a sense of what the costs are, with our eyes relatively wide open. These changes, which, you know, are important changes that would improve the system…. What will this cost the people of British Columbia, cost our taxpayers, who we’re accountable for? If now the system costs $50 million a year, whatever that number is, and this new system could lead to an expansion to $50 million plus whatever that number is, it would be, I think, responsible to have an idea.

C. Wenezenki-Yolland: I would agree that as we move forward with new initiatives, we do typically develop business cases, so we do fully understand the costs. At
[ Page 175 ]
this point, we haven’t had time to build business cases for everything that we’re looking at.

I would like to add, though, that with our centralized system and approach that we’re using here in B.C., we are actually seen by other jurisdictions as leading. They’re actually looking to B.C. in order to look for similar…. We’ve gained efficiencies by changing our system, compared to what it used to be in the past. These functions used to reside fully within ministries, without a central coordinating or oversight function. It was substantially more, and they’re looking to do the same in other jurisdictions.

D. McRae (Chair): David, if you can commit to a short question and, hopefully, a short answer, we’ll stay within our time frame.

I just think it’s important to note, on the record, the amount of money that freedom of information saves through transparency. I will use a notorious example of $16 orange juice as one that, I’m sure, gives all of us pause when we’re in hotel rooms on official business and ordering from room service. That transparency saves taxpayers money on the low end and on the high end as well. As government has the fear of exposure of scandal, they avoid the scandal and potentially save money, ideally.

I would like to note sort of a trend in the government’s report — page 14, recommendation 2, recommending that we do consultation with government bodies; page 16, recommendation 4, that we do consultation with government bodies. And I’d note and maybe ask, in part, whether the Ministry of Finance doesn’t consider the many public hearings that we’ve had, the advertisements in newspapers, the government’s own report here to us and the reports from many public bodies that we’ve heard as sufficient consultation. If not, why not?

Then I would also like to ask, about the recommendations that we not put amendments into the Freedom of Information Act but instead put them into the Information Management Act and whether we should simply wait for government to do that or whether it’s government’s position that it is within the jurisdiction of this committee to say: “These things need to happen. We’ve heard that they need to be in the Information Management Act, and that’s a good idea.” I’m not totally clear about why we wouldn’t just recommend that they go into the Freedom of Information Act. Then government can put them in the Information Management Act if they saw that as more appropriate.

C. Wenezenki-Yolland: First, in regard to the last part of your question, we’re open to the advice of this committee in that regard, where we’ve identified that we think things could potentially be in the Information Management Act.

In regard to the consultation piece, I would refer that to Sharon, I think. But I would offer that, at the core of that, is that when we’re developing legislation — just our own process internal to ministries — where there are parties affected by the development of a piece of legislation, we would do extensive consultation in developing the specific wording and structure of the legislation. We’d want to ensure that we understand all of the potential implications and if there are any unintended consequences. From my perspective, the spirit in which that is presented is just based on the same practice that we would take when considering that kind of change that has significant impact for other parties.

S. Plater: I just wanted to say that I think the information that you’ve received as a committee has been particularly valuable. It comes from a lot of different parties, and they all speak on different elements of what they believe is important to them. The ones where we have indicated a further consultation — most of the public bodies that have presented to the committee have not addressed those particular issues.

What we would be looking at, with further consultation, is talking specifically to the impacted bodies — so those bodies that are going to have to administer, for example, the implementation of a privacy management and accountability policy — and saying: “How realistic is that in terms of your organization?”

If we’re talking to a public body like some of the boards where they have two people, what impact is that going to have? We just want to hear from those organizations to see how government can best address the recommendations that are being made while meeting the practicalities in the very large range of public bodies that exist out there. So that’s why we’re recommending that kind of consultation.

D. McRae (Chair): We’ve given you three extra minutes. Thank you very much for your very robust answers.

I also want to say thank you very much, Cheryl, to you and your team. You’ve had a lot of work to do in a very short period of time — government reorganization in terms of new tasks for new ministries. I know you had, probably, many late hours to get to this place.

On top of that, too, I’d also like to say that the civil servant, obviously, survives many a different politician and premier and government. You mentioned you started in 1985. The civil servants in British Columbia, I think, for many, many decades, if not over 100 years, have served the residents of British Columbia well.

At the same time, too, good culture is hard to create, and once created, it is something you have to treasure.
[ Page 176 ]
I respect that you recognize that and go forward, and thank you for your work in the past. For the much work you have going forward, thank you to you and your team.

I invite the Office of the Information and Privacy Commissioner of British Columbia to come forward. I see they’re there, so I’ll invite Elizabeth Denham to come forward and introduce her staff when she is ready.

D. McRae (Chair): Ladies and gentlemen, we are going to reconvene after our short recess. Once again, welcome to the Special Committee to Review the Freedom of Information and Protection of Privacy Act on Wednesday, March 16. Today we have in front of us at this time the Office of the Information and Privacy Commissioner for British Columbia, headed by Elizabeth Denham, the Information and Privacy Commissioner.

Elizabeth, could I ask you first to introduce your staff who have joined you? Then I will turn the floor over to you.

Also, I do want to just ask…. We are going to have to have a hard stop at 12 o’clock because there is a committee meeting coming right after this one in the room. I just ask the members of the committee, as well, to perhaps be short in questions, in terms of length. Hopefully, we can get it all satisfied.

E. Denham: Thank you, Mr. Chair. Beside me today is Michael McEvoy, deputy commissioner. Behind me in the gallery are members of my excellent staff, including the assistant commissioner, Jay Fedorak.

Thank you, Mr. Chair, for inviting me back to speak to you today. Given our hard stop at noon, I’m going to reduce my prepared remarks to about 20 minutes. Then we’ll have time for Q and A.

I want to remind the special committee that this actually my third appearance before you. During my first presentation, I really explained how the act is working on the ground in a general presentation. The second time that I appeared before you, I provided a deeper dive into our formal submission.

Today I’m here at your request to comment on the David Loukidelis report, commissioned by government, which addressed how the government could implement recommendations arising from my Access Denied investigation report. No doubt that all members of the committee have read Mr. David Loukidelis’s report. It didn’t have an executive summary. It was 70 pages long.

That report obviously considers a lot of matters: policy, training, culture. But what I think what is most important to this committee are the matters that deal directly with the legislation that you’re reviewing.

I believe that everybody has received a document from my office for your reference. It’s a table that sets out the legislative recommendations that I made in my Access Denied report and in my submission to the committee, alongside those contained in the implementation report submitted to government by Mr. Loukidelis.

Does everybody have the table I’m referring to? Okay. It shows that my recommendations and those in the implementation report are very closely aligned. I think, as you know, this is a particularly important moment for access and privacy in British Columbia. As the public discussion and submissions to this committee demonstrate, the people of British Columbia understand that their access-to-information rights can only exist when they are able to exercise those rights.

This discussion is not just happening in British Columbia. Across Canada, there has been a loss in public confidence in how governments are responding to access-to-information requests. We witnessed the destroyed gas plant records in Ontario, the federal commissioner’s investigation into the use of PIN-to-PIN communications and, here at home, we had the issue of email deletion.

Bold measures are needed to restore public confidence. Public servants and officials must be required to create full and accurate records of their business activities.

Your request that I appear today is related to a number of inter-connected events that took place in British Columbia over the last few months. I’d like to briefly review these events with you to put my remarks in context.

On October 22 of last year, my office published the Access Denied investigation report. I was pleased that the Premier, in the House, accepted the recommendations in Access Denied and responded by retaining a credible subject matter expert for advice on how to implement them. I want to remind the committee that the government retained Mr. Loukidelis not to assess the validity of my recommendations but to advise on how to implement them.

The minister responsible for the act also referred three matters related to Access Denied to this committee: duty to document, oversight of destruction of records and the availability of deleted electronic records for access requests.

My message to you when I appeared before you on November 18 was that everyone in British Columbia would benefit if we built a stronger legislative framework for access to information. And why? Because it’s about good governance.

In November, I highlighted two components of my presentation that are required to build accountability into the legislation: a duty to document and independent oversight over the unauthorized destruction of records, accompanied by complementary offences and penalties. Together, these two pillars will provide the structural integrity for government’s access-to-information practices.
[ Page 177 ]

On December 16, government publicly released Mr. Loukidelis’s implementation report. The report provides a well-thought-out blueprint on a range of matters, but most importantly, it provides a clear path to implementing the key aspects of my Access Denied report.

Let’s start with the duty to document. The implementation report recommended that government should give the most serious consideration to my recommendation that a duty to document be created. Specifically, it should seriously consider introducing legislation creating such a duty.

This recommendation echoed my earlier submission to you that the failure to create and keep adequate records poses significant risk for public bodies. These risks include diminished accountability, reduced openness and transparency, the inability to rely on proper documentation for litigation and audits, the loss of the historical record and, most importantly, the loss of public confidence.

The table that I provided to you displays, for easy reference, my recommendations, along with those from the implementation report. You’ll see from this table how the recommendations and Mr. Loukidelis’s align.

I’ve said that the duty to document is not to create more records. The purpose is not to create more records or more work. Rather, it’s to ensure that public bodies focus on creating the right records to document their business activities and key decisions, whether they occur via email, via briefing note or through the minutes of a meeting. And of course, policies and training and commitment are really important parts of implementation, but they must flow from legislation to be effective and to be enforceable.

As a basic function of records management, core government already determines the types of records associated with their mandates and their business activities and, as we heard from Cheryl earlier, applies retention schedules to those records. So that work is already done. We’re almost there. Let’s take the final step and require accountability to ensure that the necessary documents exist.

It will not take a lot of work to implement a duty to document. What I’m proposing adds a requirement that the records are created in the first place.

Information Commissioners across Canada also support a duty to document. In January, we joined together calling on our respective governments to create a legislative duty requiring public entities to document matters related to their deliberations, their actions and their key decisions.

Here in British Columbia, the call for a duty to document has been supported by many submissions that have been made to this committee. The submissions illustrate how much people in B.C. care about their access rights. In fact, a recent Ipsos poll commissioned by the B.C. Freedom of Information and Privacy Association showed that 96 percent of British Columbians polled support a duty to document. I believe this duty should apply not just to core government but to all public bodies that work on behalf of British Columbians.

I’m going to turn now to the matter of independent oversight over the unauthorized destruction of records. I very much appreciate the detailed treatment given to this recommendation by Mr. Loukidelis in his report. He concurs with my recommendation on independent oversight over the unauthorized destruction of records but notes that this alone isn’t going to be enough. A cultural shift that includes executive-level leadership in creating the proper culture for records management is also required. This is consistent with my message in Access Denied.

However, I recognize that my focus today, and the focus of this committee, is on the legislative solutions to this issue. I can’t emphasize strongly enough that the oversight mechanism must be independent if the public is to have confidence in it. Any potential for conflict, or even the appearance of a conflict, on the part of those assessing whether records have been improperly destroyed would erode public confidence in this process.

As noted in the implementation report, my recommendation for this oversight is based on model language that already exists in Alberta’s equivalent law. The Alberta language gives the commissioner the authority to conduct investigations to ensure compliance with the rules related to the destruction of records set out in any piece of legislation in the province or in accordance with the rules of a local public body.

Ontario has also recently added provisions to its Freedom of Information and Protection of Privacy Act that give the commissioner oversight over the failure of an institution to preserve records according to records retention requirements.

There should be independent oversight of allegations of deliberate records destruction in contravention of any enactment of B.C., similar policy or legal instrument. This means that it would apply across the public sector. In other words, those who are alleged to have destroyed records should not be policing their own actions.

Currently my authority under FIPPA to investigate an allegation of destruction of records is very narrow. I can only investigate when it’s alleged that the records have been deleted after an access-to-information request has been received. For example, just last week I noted the reports of the destruction of records related to B.C. Place Stadium. I’m not saying there was any wrongdoing in the destruction of those records, but this is an example of an incident of destruction over which my office has no jurisdiction.

My office must have clear jurisdiction to investigate allegations of unlawful records destruction whether or not an access-to-information request has been received. Our sister statute in Alberta contains model language that closes this gap.

What is also missing in our act is an offence for the destruction of records. Without it, there’s no direct consequence for the unlawful destruction of records. Mr. Loukidelis’s report urges government to establish disciplinary measures for public service employees who engage in the deliberate destruction of records. He also discusses the creation of an offence for such acts and asks us to remember that this offence should contain a requirement for intent — the intent to evade an access request. I agree.

The general offence section of FIPPA requires offences to be carried out wilfully. If an offence were added to the act for destruction of records, it would be clear that intent would be required for somebody to be found guilty of an offence.

When there is deliberate destruction of records, the consequences ought to be severe, and this is why we need an explicit offence written into the act. I want to stress that other sanctions should also be available. The circumstances and the severity of the conduct would determine which sanction could be applied. This can include discipline up to dismissal with cause. But an offence for unauthorized destruction of records necessitates a legislative amendment, and the presence of such an offence in FIPPA would send a clear signal that government does not condone wilful and unlawful records destruction.

Minister Virk also asked this committee to comment on “the idea that deleted electronic records remain available for responses to access requests.” My office’s orders and investigation reports have been really clear on this point. Employees should search deleted mailboxes in response to access requests. They should also search their recovered items folder when there is a reasonable belief that this folder may contain responsive records. Backup folders should be searched only in exceptional circumstances.

All of these processes should be supported by training and policies to support access to information. Therefore, I don’t believe that there needs to be a legislative change on this matter.

As I mentioned at the beginning of my presentation, this is a pivotal moment for B.C.’s privacy and access legislation. What we’re witnessing is an emerging consensus on how to deal with these very important issues, and the work of the committee is extremely timely. Your recommendations can contribute to restoring B.C. as a leader in Canada and, indeed, around the world in information rights.

Both Mr. Loukidelis and I agree that the framework we need includes a legislative duty to document and independent oversight over the destruction of records, accompanied by appropriate offences and penalties.

Thank you very much for asking me to address the matters from the report and to speak, once again, to the recommendations I’ve submitted to the committee. As always, I look forward to your questions.

E. Foster: Thank you for your report. Under your “Duty to Document” portion of it, you talked about all public bodies. Two questions. One, does this include local government? Two, would this include the MLA offices — meetings with constituents and that sort of thing?

E. Denham: The reason I’m suggesting that the duty to document be included in the Freedom of Information Act is because the act applies to all public bodies, including local public bodies. We’ve seen cases where there’s failure to create records at the local public body level. We’ve seen it in health authorities. We’re doing an audit of the city of Vancouver right now in terms of their records management and access to information.

The benefit of putting a duty to document in the Freedom of Information and Protection of Privacy Act is that it would apply across the entire public sector, not just to core government. If you place a duty to document in the Information Management Act, it applies to government ministries, so it applies to core government only. That’s the difference.

Your second question. No, the constituency offices of MLAs are excluded from any kind of duty and excluded from the Freedom of Information and Protection of Privacy Act.

E. Foster: Okay. Thank you for that. We’ll go back to the local government. Having spent many years in local government, I would suggest that, if that’s your recommendation, you need to be a little more specific.

Local government records are kept for council meetings and official committee meetings, and so on. There’s a great deal of time spent by people in local government in the office with constituents. They won’t come in and talk to…. By doing that, you’re going to eliminate a large group of people from taking part in the process. That’s from 20-plus years of experience in the field.

E. Denham: I can appreciate that, but the duty to document would be applied to the existing city bylaw that requires the retention of certain records. Now there would be a requirement to create them in the first place. There’s not an intention to interfere with citizens having conversations with elected officials. It’s about the creation of records, by city council, of course — minutes of meetings — but also throughout the bureaucracy.

It would not be new in the sense that there’s already a city bylaw that outlines the record-keeping requirements.
[ Page 179 ]
It goes one step further and says you’ve got to create the records in the first place.

E. Foster: In your recommendation, be very specific about that, because the intent of all the people here…. We won’t be here in ten years’ time. Hopefully, we’ll all still be alive, but we won’t necessarily be at these tables in ten years’ time, and people forget what the intention was. We see it in laws all the time. As we do these things, let’s be very specific about it.

E. Denham: Yes. It’s outlined in my submission in November, and it’s also emphasized again in the document that I filed last week — more detail.

E. Foster: Okay. Obviously, I didn’t read it right, then. I’ll go back to it again.

D. Eby: I realize that the report is pretty fresh — the government’s report on the recommendations. In particular, I’m hoping that the commissioner will comment on the anonymity of requesters and how government could best respond to the desire of people to remain anonymous, breach notification and the suggestion that a broad consultation needs to take place before we implement a privacy breach notification requirement.

There are two — the privacy management plan, the one-size-fits-all issue — that the government has identified, and then, finally, the placement of some of these provisions that the commissioner has called for, for our government, saying: put them in the Information Management Act versus the Freedom of Information Act.

Do you have any position about where these things are best placed? Do you agree with those recommendations? It may be, Mr. Chair, that given how new this report is, the commissioner might need to take some time and come back on those recommendations to this committee, but I’m curious about her impressions.

E. Denham: Unfortunately, I haven’t seen the report, so it’s difficult for me to comment on it. If a copy is available to me now, I can certainly get back to the committee with my comments on those recommendations.

At a high level, just hearing the discussion earlier about the anonymity of requesters, my recommendation was to amend FIPPA to require public bodies to ensure that the name and the type of applicant is only disclosed to the individual at the public body that receives the access request on behalf of the public body. I think it’s really important.

The other thing I would suggest to the committee is to take a look at the Newfoundland and Labrador revised legislation there, because in that case, both the name and the type of applicant is not disclosed to the individual in the public body that is processing their request, because the type of applicant shouldn’t affect what records are located and released.

Our office does publish statistics — I think Cheryl mentioned that — at the end of the day of the types of requesters that come to us for appeals, but that’s only statistical information after the fact.

But I can get back to you. I don’t know what the recommendations are around the consultation for breach notification, the privacy management program. I can certainly get back to you on that, but I haven’t seen the report.

D. Eby: I think that would be very helpful to the committee. Certainly the commissioner can have my copy, but there are some notes on it.

In light of those comments about anonymity and the types, there’s definitely an interest in the committee. We’ve had conversations about the statistical analysis — frequent flyers in the program, for example, that kind of thing. The government would be able to collect that kind of statistical information without it interfering with the legal rights of the individual to receive the information. How do you separate out those two things?

In your response, if you could talk about the statistical analysis so that government can make informed decisions but also respect the legal rights of the individual to access the information, and how you keep those things separate. That would be very helpful to the committee, I believe.

Also, just as a follow-up to vesting certain changes and provisions in the Information Management Act versus the Freedom of Information and Protection of Privacy Act. Just on a principle level, I just want to remind the committee that any changes made to the Information Management Act would apply only to core government — having a thoughtful, considered discussion about the implications of that.

The other thing that the IMA is missing is there’s no independent oversight or enforcement regime within the Information Management Act. The advantage of making changes to the Freedom of Information Act means that there’s an independent office that oversees and reviews the legislation.

D. Routley (Deputy Chair): If we’re looking at the issues that you referenced at the beginning of your presentation, the historical context of this, that breaches and failures to produce documents or intentional destruction of documents…. If you view this as a cultural issue, and I certainly do, as with many other cultural issues and problems, there are different ways to approach them.

Often there’s an approach that involves incentive or an approach that’s overly based in the restructuring process, but the other approach is punitive measures. You’ve refer-
[ Page 180 ]
enced that in some of the penalties you’ve suggested. I’m wondering how you would recommend the committee…. How would you recommend those penalties be described and imposed in the act?

E. Denham: I agree that there’s a balance needed between culture and policy and training and technical changes and legislative. There’s a balance in all of those things to create the change.

I think the government’s response to my Access Denied report was a strong one. They retained an expert to give them a blueprint for implementation. There was a move. There was a reorganization, as we’ve heard. There’s a greater focus on policy and change management out of the Ministry of Finance. I think the Ministry of Finance is set up well because of its intrinsic control mechanisms for financial assets that I have likened to the kind of controls we need for personal information.

There is a substantial recognition that records management, freedom of information, protection of privacy needs a new focus. I know that Cheryl and her team are working really hard on change management. I like what I hear today. But this, in my view, is not sufficient.

This report that I wrote was the fourth in a series of reports about significant issues around FOI. Timeliness, no responsive records, failure to archive — there’s a whole history of reports. What I think is: there needs to be a backstop of legislation, especially around offences and penalties for the deliberate destruction of records. There we would only be catching up with other jurisdictions. I think the duty to document is a way that government would demonstrate that the accountability, that one more step in accountability, is needed.

It’s a balance. It’s a balance between culture change, incentives — training is really important — clarity of policies. Since the focus of this committee is on what legislative change would help also incentivize the culture change, then I think those two changes to the legislation are really important.

D. Eby: I’m curious about the commissioner’s recommendation in relation to Mr. Loukidelis’s recommendation about “the intent to evade a request for access to the record” — destroying records with the intent to evade a request.

I’m imagining a scenario where you’ve got an employee on the way out the door. They know their departure will be controversial, so they go through and they delete all their email, triple delete all their email. Now, there’s no actual request yet, but they’ve reasonably anticipated there will be a flood of requests on the news of their departure.

Does the intent to evade a request mean that they have to be evading an actual request that already exists? Or can it be enough that they intend to evade the provisions of the act for reasonably anticipated future requests?

E. Denham: The idea would be that there would be penalties and sanctions for deliberate actions and intention to evade or to frustrate or contravene records management rules. In other words, there are record schedules that say: “These kind of records need to be retained for a certain period of time.”

I think what Mr. Loukidelis is talking about in his report is that it has to be a deliberate action. I would say triple-deleting records is a pretty deliberate action, although I’m hoping there’s no technical ability to do that. But it’s really about contravening the rules on retention of records to purposely evade access to those records.

Welcome back, Kathy Corrigan. I know you were away for a block of time there, but I’m pleased to see you were able to return.

K. Corrigan: I’m going to frame my question in a way that I’m going to minimize the possibility that I’m going to ask a question that’s already been dealt with, because I can read the transcript later.

My question is: are there any other things that you think should be pointed out to the committee that have not been dealt with so far that show a discrepancy between either what Mr. Loukidelis’s report recommended or was offered up today in terms of a plan —a discrepancy with what you think needs to be done in your recommendations?

E. Denham: I’m at a bit of disadvantage, not having seen the government’s report. But in terms of Mr. Loukidelis’s implementation report and various reports that I’ve written, I don’t see light between our positions.

I’m strongly recommending those two legislative changes that I think would be an important backstop. I have listened very carefully to the discussion about proactive disclosure around this table today and also was listening with interest in Cheryl’s presentation on what kinds of categories of records are being considered for proactive disclosure.

In 2013, I wrote a report on proactive disclosure and open government that outlined exactly those categories — so contracts over $10,000 — and really building the procurement process that public bodies engage in to let third parties know that contracts or the substantial pieces of contracts minus trade secrets are going to be published and proactively disclosed.

I suggested calendar requests, three years ago, be proactively disclosed. That makes up 21 percent of the government’s 8,000 access-to-information requests. Right there I think you would be saving some of the effort of FOI analysts. If 21 percent are calendar requests, get the calendar requests out there, minus personal information.

Final audit reports, expenses — all of these categories of records are frequently requested by applicants. Again,
[ Page 181 ]
I think moving forward on proactive disclosure is a great idea. But studying it further — I worry about further and further and further study. We’ve seen years of study on the subsidiary corporation issue.

I would like to see a commitment to disclose contracts, to disclose expenses, to disclose calendars in the government’s report, but I haven’t seen it.

K. Corrigan: I do have a follow-up. One of the things that those of us in opposition, or our research staff, get a feeling about is when there is a record that is embarrassing to government, politically embarrassing, it seems like those types of records either don’t get to you or they get to us another way. They’re leaked, or something like that. You certainly talked about that in your Access Denied report, those kinds of things.

I’m wondering if your feeling is that if the Loukidelis recommendations are essentially followed and that if government follows this new framework, are we going to be able to get away from the habit, what seems to be a habit, of essentially using section 13 or whatever section of the act in order to deny access to what are politically sensitive documents?

In the whole act, nothing talks about political sensitivity, right? It’s all about these categories. But in essence, we get the feeling that often categories are found in order to justify not releasing politically sensitive information. Are we going to get past that?

E. Denham: Well, I’m optimistic about the training and the policy changes and the focus that I’ve heard about from Cheryl and her team. I’ve also told the government that I’m going to start a series of audits to look at duty to assist, to see how the government is doing on duty to assist. That’s exactly the audit I’m doing on the city of Vancouver right now. It’s our first one. I will be coming back to look at that.

The act has worked relatively well for 20 years, but I think we’ve had a particular challenge in the last few years. As an oversight agency, I’m certainly going to step up my audit. I’m waiting for the government’s formal response to the details of my report. I advised them that I’d be coming back in the spring. Well, it’s almost spring.

D. Routley (Deputy Chair): You mentioned investigating the destruction of documents, unless there has been an information request that’s outside the scope of your office. So the recommendation, I assume, will continue to be that the office’s power or scope be increased. Are there other areas of this entire issue that are outside the reach of the office that you think should be brought into the scope of your office?

E. Denham: In terms of overseeing allegations of unauthorized destruction of records, the recommendation that I’m making I think is sufficient. It would bring the B.C. law up to where Alberta and Ontario have gone recently.

My colleague in Alberta recently investigated allegations that records were being shredded after the change in government. Even though there were no access-to-information requests, she was able to go in and investigate whether records were being properly destroyed or not — properly destroyed according to the established schedules.

In my view, that would be sufficient, but I just wanted to underline for the committee how narrow my jurisdiction is right now. We get many calls from organizations and from staff within organizations that said: “I don’t think these records should be destroyed.” There’s nothing we can do, unless there’s a live access-to-information request, in that case.

D. McRae (Chair): Well, looking at the committee members, I do not see hands with questions.

Your initial presentation and statement and your access to the committee members for questions and answers was phenomenal. Seeing that there are no further questions, I would like to very much thank the office and the individuals for coming to this committee for the third time.

D. Eby: It’s not a question, Mr. Chair. It’s just that as the commissioner departs, I wonder if we can make sure that she gets a copy of the government’s report as quickly as possible.

D. McRae (Chair): I think they’ll be made public for all, as soon as we possibly can, as we leave this room.

S. Sourial (Committee Clerk): Yes. We’re posting all the documents that were distributed to committee members this morning. They should be momentarily on the committee’s website. I do have hard copies for the commissioner.

D. McRae (Chair): Elizabeth, thank you very much to you and your team for coming today and for the hard work that you do for the province of British Columbia and its citizens.

Access to on-line versions of the report of proceedings (Hansard)
and webcasts of committee proceedings is available on the Internet.

Chair:	Don McRae (Comox Valley BC Liberal)
Deputy Chair:	Doug Routley (Nanaimo–North Cowichan NDP)
Members:	Kathy Corrigan (Burnaby–Deer Lake NDP)
	David Eby (Vancouver–Point Grey NDP)
	Eric Foster (Vernon-Monashee BC Liberal)
	Sam Sullivan (Vancouver–False Creek BC Liberal)
	Jackie Tegart (Fraser-Nicola BC Liberal)
	John Yap (Richmond-Steveston BC Liberal)
Clerk:	Susan Sourial

REPORT OF PROCEEDINGS(Hansard)

SPECIAL COMMITTEE TO REVIEW THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT

REPORT OF PROCEEDINGS
(Hansard)

SPECIAL COMMITTEE TO
REVIEW THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT