The committee met at 9:02 a.m.

[R. Glumac in the chair.]

R. Glumac (Chair): All right. Good morning, everyone. My name is Rick Glumac, and I am the MLA for Port Moody–​Coquitlam and Chair of the Special Committee to Review the Freedom of Information and Protection of Privacy Act. It’s an all-party committee of the Legislative Assembly.

I would like to acknowledge that today we’re on the traditional territories of the Lək̓ʷəŋin̓əŋ-speaking people, known as the Songhees and Esquimalt Nations.

I’d like to welcome everyone that is listening to and participating in this meeting today. Our committee is tasked with reviewing the Freedom of Information and Protection of Privacy Act. We’re currently holding public consultation to review input on the act, including hearing presentations today and tomorrow.

The committee also invites British Columbians to make a written, audio or video submission if you can’t present in person. For details on how to do that, you can visit our website at www.leg.bc.ca/cmt/foi. The deadline for submissions is 3 p.m. on March 31. All the information we receive will be carefully considered as we prepare our report for the Legislative Assembly.

At today’s meeting, each presenter will have up to ten minutes to present, followed by up to 15 minutes for questions and answers with the members here today. All audio from our meetings will be broadcast live on our website, and a complete transcript will also be posted.

Now I’ll ask all the members to introduce themselves.

J. Rustad (Deputy Chair): Hi. I’m John Rustad. I’m the MLA for Nechako Lakes, and I am the Deputy Chair of the committee.

T. Shypitka: Tom Shypitka, MLA for Kootenay East.

A. Olsen: Adam Olsen, MLA for Saanich North and the Islands.

H. Yao: Henry Yao, MLA for Richmond South Centre.

S. Chant: Susie Chant, MLA for North Vancouver–​Seymour.

K. Paddon: Kelli Paddon, MLA for Chilliwack-Kent.

R. Glumac (Chair): Excellent.

Assisting the committee today are Karan Riarh, Darryl Hol, Jesse Gordon and Emma Curtis from the Parliamen­tary Committees Office; and Amanda Heffelfinger from Hansard Services.

[9:05 a.m.]

Our first presenter today is Tim Shoults. He is from the B.C. and Yukon Community NewsMedia Association.

Welcome, Tim. Take it away. We’re excited to hear your presentation.

Presentations on
Freedom of Information and
Protection of Privacy Act

B.C. AND YUKON
COMMUNITY NEWSMEDIA ASSOCIATION

T. Shoults: Good morning. Thanks for the time to present today.

As you said, my name is Tim Shoults. I’m vice-president of the B.C. and Yukon Community NewsMedia Association. We represent more than 90 news media outlets in communities in every part of the province and every constituency — from the Tri-City News serving Port Moody and Coquitlam; to the Omineca Express covering the Nechako Lakes; including the North Shore News, the Saanich News, the Burnaby Now, the Cranbrook Daily Townsman and the Richmond News; just to name a few that will certainly be familiar to members of the committee.

Our members have a combined print circulation of 1½ million copies, an adult readership of almost two million British Columbians every single week, and online they draw more than 11 million unique visitors and more than 33 million page views to their websites every month.

These media outlets deliver more than the news. The information that we deliver in print and online provides our readers with a sense of connection, of identity and of belonging to their communities. Just as important, we are bulwarks against misinformation, speculation and rumour, which are serious challenges in a world where anyone with a cell phone in their pocket is a publisher with that access to a global audience.

Between us, our members proudly deal with more of the 2,900 organizations covered by the Freedom of Information and Protection of Privacy Act than any other organization, from provincial ministries and Crown corporations to municipal governments, regional districts, health authorities, universities and school districts. In the majority of cases, our members are the only media covering these institutions in the communities they serve.

Freedom-of-information requests are a critical tool for our members, who collectively file hundreds of requests per year for coverage that provides accountability for local institutions to our readers.

One of the best examples that comes to my mind, which is close to home: in February of last year, dogged FOI-fuelled reporting by Jessica Wallace of Kamloops This Week — that’s my hometown newspaper, where I work as operations manager — revealed more than $500,000 in spending over five years using a single corporate credit card by the former chief administrative officer of the Thompson-Nicola regional district. You can still see the information that we collected for that project publicly online for anyone to access in a searchable Google spreadsheet.

The result of that award-winning reporting has resulted in a forensic audit by the regional district and substantial changes to policies surrounding acceptable spending by municipal officials. It continues to reverberate to this day and will into this fall’s municipal elections. Without FOI, none of it would have ever come to light.

This isn’t easy work for community reporters who don’t have single beats to cover or the luxury of spending weeks or even days on investigative work. Instead, stories like that come together in hundreds of stolen moments — pieces of downtime between attending council meetings, racing to take pictures or video at the local school, covering minor hockey, laying out pages, editing copy and posting stories to websites and social media channels. That work becomes even more difficult when the FOI requests required to do that work become more challenging to file, more expensive and less productive.

With regard to fees for FOI, it goes almost without saying that in an era where traditional news media outlets, which are funded primarily by local advertising revenue, are competing not against other local media outlets so much as against global giants like Facebook and Google for advertising, any increase to costs is a damper on our ability to maintain the FOI requests we do make, let alone to make more.

I do need to note that this is something we would have relished the chance to say to this committee before Bill 22 was introduced and subsequently passed by the Legislature, and I do note that this committee, I believe, was actually established in June of last year, four months before that bill was introduced. I feel badly for this committee that it has a statutory obligation to review legislation that has been changed in the middle of its tenure without the benefit of its work.

[9:10 a.m.]

It seems that you’ve been asked to study whether or not the barn door should be opened or not when the horse has already busted through it. But since the legislation has changed and those fees are in place, I’d like to focus today on some other aspects of freedom of information that this committee might be able to take up in its report.

Our members’ experience has been that information — even relatively innocuous information like statistics from which it would not be possible to extrapolate personal information — has been tightly controlled and guarded, particularly when it comes to attempting to gather information about the COVID-19 pandemic over the past two years. This control varies somewhat from health region to health region, but at the provincial level, it seems to come directly from the top.

The decision not to make information public, from our perspective, appears to have been a deliberate policy decision, either by the provincial health office or the government. Our members find this control of information and the narrative around the pandemic to be concerning. Without raw data, we have no way of knowing that what we’re being told is the truth on issues of huge public importance.

Reporters are increasingly forced to become mouthpieces for the government. We no longer get to pose reasonable questions to knowledgable sources and have them answered. Even for the few lucky reporters — often the same few reporters — who get to ask questions at those press events that are controlled by the government, those questions are rarely actually answered. It’s become a bit of a piece of pandemic public theatre.

With that access to information curtailed, our members have increasingly had to rely on both the public and sources within the system to leak information to them. During the outbreaks in care homes on the North Shore beginning in the spring of 2020, for instance, the North Shore News relied on sources to report on the number of cases and deaths from COVID in care homes, which was a huge public issue. Once in a while a medical health officer might let slip, during an interview, a piece of information that is useful, but most requests that are funnelled through media contacts simply fall into the abyss.

It seems as if there are many people at high levels that are required to vet even the most basic requests, and very little information gets given out as a result. Our members have, of course, filed numerous FOI requests during the pandemic, most seeking strictly statistical information about COVID cases in our communities that could not in any way be linked back to individuals.

We’ve sought reports, memos, reviews on care homes and acute care outbreaks, thinking that there might be some lessons or valuable information in there about how and why these outbreaks happen and what we’ve learned as a result. All of them have been denied in their entirety, usually based on a directive from the PHO not to provide anyone’s personal information.

Here’s what we heard directly from reporter Jane Seyd of the North Shore News:

“They don’t even bother to blank sections out, and I’m pretty sure nobody even attempts to get the information. They just wait as long as possible, usually going through the motions of getting the time limits extended several times, and then deny it. I’ve appealed to the Privacy Commissioner’s office, and there they sit. A very few of my appeals have made it into the waiting stage for the adjudication phase. I’m told it takes several months before someone even looks at it, because they’re overrun with similar requests from people with similar complaints.

“The lack of factual information has made it impossible to really present a full picture to the public of what is happening in the pandemic, who is getting sick and how and why, and what has happened in the most serious situations, especially in local areas.

“The queries we get from the public tell me that this is information the public wants. Citizens aren’t children. They have the right to this information in order to both assess their own degree of risk and behaviour and to assess whether government policies and actions are appropriate. Compared to other provinces, the clampdown on information in B.C. has seemed heavy-handed and unnecessary.”

That’s all from Jane, who you can tell is pretty passionate about it.

The recent changes to the act have focused on the protection of individual privacy. We understand that freedom of information and protection of privacy naturally go hand in hand. Like freedom of expression or public health restrictions themselves, they have to seek a perpetual balance. What we are seeing is that protection of privacy is being increasingly used as an excuse to curtail freedom of information when that balance is not upset. That cannot stand.

What we are looking for is clear direction from this committee — to the Legislature and to the more than 2,900 stakeholders governed by the act that you’re reviewing — that public information should be deemed to be public by default, unless there is a compelling and truly privacy-based reason for it to be withheld.

[9:15 a.m.]

I think these words by a federal Member of Parliament in 2017, who was speaking about changes to the federal Access to Information Act, are particularly appropriate to end on: “Information delayed is information denied.” That Member of Parliament, of course, was Murray Rankin, who was a true champion of FOI in Canada and one of the fathers of the act that you are reviewing today. I can’t help, of course, but wonder what he thinks about what it has become now.

I thank the committee for your time, and I look forward to your questions.

R. Glumac (Chair): Thank you very much, Tim.

T. Shypitka: Thanks, Tim, for the presentation. First, congratulations, I guess. It’s 100 years, I think, that your association has been around for; 1922 is what I think I read somewhere.

T. Shoults: That is correct.

T. Shypitka: Congratulations on that.

You made a lot of comments on timeliness when information is needed. You cited a lot of examples with COVID and the pandemic and needing that time-sensitive information. As we know, COVID was kind of a floating target, where it was up and down and changing all the time. That information was needed in a timely fashion.

Can you roughly estimate how many stories died on the fact that that information wasn’t done in a timely way?

T. Shoults: It would be very, very difficult for me to do so with 90 different newspapers trying to generate stories. How many of those stories died, or how many just went out with incomplete information or without accurate local data?

I’ll just ballpark. My newspaper has had to do four or five stories every issue, every week, due to COVID. Maybe we’re doing it a little heavy. Call it three stories a week. Call that a couple of hundred stories every single week, from newspapers across the province, that are related to COVID and that are suffering from lack of information. Call that 12,000 stories a year, ballpark.

T. Shypitka: Wow. Okay, thanks.

H. Yao: Thank you so much, Tim, for your presentation. I really appreciate the opportunity of enlightening us from some of your perspectives.

I’m trying to educate myself here. You mentioned a lot about delayed information release associated with the pandemic itself as common on all articles that were killed. I should say the article wasn’t able to see the light of day due to the lack of information. Through some of our previous consultations, too, it seems like it’s not simply the pandemic.

May I ask, in regard to the delay in releasing information, as you’ve mentioned — multiple delayed requests — does this only apply to the pandemic, according to your experience, or does it apply to multiple different levels and go back further than simply 2020?

T. Shoults: Thank you for the question. It absolutely goes back many years, and it definitely goes well beyond COVID information. COVID is one of the ones where we’re all covering the same kind of story and looking for the same kind of information, so it’s easy to talk about. Absolutely, the information we’ve tried to get from universities, from municipalities, regional districts, health authorities….

The delay appears to be…. This is something we hear as a continuing refrain: “It’s the default setting.” You’re expecting that you’re going to get that can kicked down the road multiple times, and you have to continue to fight for the information. Sometimes it often does feel, with some of the information, that the delaying tactic is used in order to ensure that a timely story just cannot happen, or can’t happen with the information one wants.

H. Yao: Thank you so much, Tim. I really appreciate it. I would like to follow up, if you don’t mind.

A lot of us have been talking about proactive information release. I guess from your perspective, do you think there’s a need, maybe, for a system — maybe even a special committee — to really discuss what kind of information the government should be releasing proactively?

You mentioned that a certain amount of systematic, basic, information, released on a regular basis, should be accessible, as a sort of capacity, or at least released in a way that doesn’t require journalists such as yourself and your team to go around digging it out, instead of having it be readily accessible.

T. Shoults: I think that’s absolutely appropriate. I believe, and I didn’t get a chance to review it in full, that previous presenters to this committee have talked about the concept of proactive release of information. I think it makes a lot of sense.

My suggestion on that is if a certain number of inquiries about the same type of information are made within a designated time frame — let’s say, make it a year — then I would suggest the Information and Privacy Commissioner should have the ability to require proactive disclosure of that type of information going forward, perhaps on an annual-review basis.

[9:20 a.m.]

J. Rustad (Deputy Chair): Tim, thank you very much for the presentation. I’ve got a couple of questions, if I may.

I want to start off…. You were talking about the lack of information coming forward in a timely way and that it’s happened over many years. I think back to — and I’ve said this a number of times in this committee — the fact that this act was originally written even before the Internet was really being used. So it is very archaic in terms of its origins.

What sorts of changes have you noticed over time? I’m not sure how long you’ve been in your position, but I imagine you have been involved in the media for many years. What sorts of changes have you noticed over time? Have you seen sort of an acceleration in terms of the challenge of accessing information? Or have you seen sort of a systemic denial or delay of information being able to be released over time?

T. Shoults: I can speak to this. I’ve been in the business for going on 25 years this year and with the association for the last ten. I’ve done some lobbying work on behalf of the association, talking to government, going back to 2003. I remember talking to a caucus group and to the Ministry of Attorney General about access to court services online, for instance.

I think that while technology has advanced, the framework for responding to inquiries has stayed in that analog era. We recognize, at the same time, that there’s a greatly increased amount of information that governments have to go through, and probably more people — I can’t speak to this completely coherently — asking for access to that information. Again, that’s part of that balance, but it seems overall that the speed of response has not increased with any increases in technology.

J. Rustad (Deputy Chair): Thank you. The second question…. This came up in a previous presentation, in questions.

If data were to be made sort of more proactively released, the concern was that it would just be a data dump, and there wouldn’t be a convenient way of structuring or organizing the data to make it easy to be able to go through and actually find what you were looking for.

I’m thinking: from a media perspective, how should data be organized? If we turned FOI completely around — instead of making it what can’t be, sort of the restriction side of it, as opposed to if we had everything out there, with the exception of what the freedom-of-information officer says shouldn’t be released…. How should that data be structured or organized in a way that would actually be convenient for somebody to be able to access, like from the media?

T. Shoults: I’m reminded…. I think it was Duplessis who said, back in the ’60s, that if I want you to know something, I’ll put it in a secret report for you to find, and if I want to hide it, I’ll give it to you in the middle of one million pages of information — a paraphrase of that.

We’re not afraid of open data dumps. We have some very, very skilled journalists who are able to go through information, and we’ve got the tools to be able to access. I think raw data is not as huge a concern for us.

That FOI story that I talked about in Kamloops — I got to participate myself in building up the spreadsheets and making the data more interpretable. I know firsthand that it’s not as onerous. If it’s a question of doing raw data dumps and giving us the ability to organize and present that data, I don’t think that would be a concern, from our organization’s perspective.

J. Rustad (Deputy Chair): Thank you, and if I may, the third question I’ve got…. You talked about the challenges during the pandemic and getting information or getting the full story as opposed to something that was filtered.

I think back to a release of information that came out of Germany in the early months of the pandemic. I think it was by spring or summer of 2020. It talked about the need for using certain language and releasing data in a certain way to help manage the population, to bring the population along to achieve an objective, a health objective.

[9:25 a.m.]

I guess the question I’ve got…. I’m not saying that that has been done here or hasn’t been done, and I’m not asking you to answer that question. That would be way too political. But the question is: when you have things like a pandemic, do you think it actually might be appropriate for information to be presented or not presented in certain ways to be able to help achieve the ends that the provincial health officer and the government may be interested in trying to achieve?

T. Shoults: As someone who deals with information and how it’s interpreted and misinterpreted, I’m sympathetic to the desire to try and present information in a way that doesn’t cause panic or, again, create misinformation. I think the attempt to control the message sometimes has the unintended consequence of doing exactly that. I think it’s better to provide more information and then provide context to that information than to try and cap the message there.

S. Chant: Thanks very much for your presentation. I appreciate it.

My question. You’ve talked about how, over quite a number of years, a number of FOIs have gone in and not gotten results and others have gone in and gotten results. Is there any way that your organization could look at what has gone in and maybe categorize it in such a way so that if we were able to proactively release stuff, we’d have some guidance, initially, about what you’re looking for, on a sort of ongoing basis?

Perhaps look at what’s been asked for over the years, in follow-up to John’s question.

T. Shoults: Thank you for the question. That’s an excellent idea. We are a small and volunteer-driven organization with limited staff capacity, but that is a very good use of our time. I did some preliminary work on that in preparing for this presentation, but herding 90 cats was…. I don’t have exact data, but going forward, that is something that I think would be very useful for us. If that’s something that would help get proactive disclosure information, I’ll roll up my sleeves for it.

S. Chant: I do not speak for the committee as a whole in giving direction, just so you know.

T. Shoults: Absolutely. I appreciate the suggestion.

S. Chant: That would go back through the Chair, and so on.

H. Yao: You mentioned that a lot of delay can sometimes become a default setting. It’s more of almost an historical issue. So I’m curious. Obviously, you’ve been in the field for 25 years and been in the association for ten years. Did you actually make this kind of presentation about the importance of adjusting or addressing the delay issue multiple times through our FIPPA Committee, or is the first time you’ve brought it up?

I guess my second question right now is: in the past, how responsive and how interactive was the committee, and was it able to put a recommendation together in regard to your previous requests?

T. Shoults: I appreciate the question. I’m ashamed to say this is the first time, to my knowledge, that the association has made this sort of representation. I know many of our individual members and maybe organizations that make up a large portion of our members have done so. We need to be doing it in a more systematic manner, and we’ll be doing so from here.

R. Glumac (Chair): A couple of follow-up questions. I’m assuming, because it’s a volunteer-run organization, it might be hard to do this. But do you have data on how much things were delayed, by how long and how often?

T. Shoults: At this point, what I have is primarily anecdotal from individual reporters, and we’re going back in history. Again, we’re talking about dogs that didn’t bark, stories that we filed FOI requests on and eventually gave up on the story because the story was no longer timely. Or we ran a version of the story without the requested information because we had other stuff to go on. I don’t have that level of data for the committee at this point.

R. Glumac (Chair): Yeah. It’s certainly helpful to have that kind of information. Otherwise, anecdotal…. There are always, potentially, stories that can come out of anecdotal things. If you have an opportunity to provide that data in the future, that’d be helpful, I think.

[9:30 a.m.]

Similarly, you said that compared to other provinces, information is less available in this province. Do you have any data to back that up?

T. Shoults: Again, when I solicited input from some of our more prolific FOI filers…. That was a quote from Jane Seyd at the North Shore News. No, I haven’t got additional data on that, but it would be helpful for us. Again, I’m happy to work with my fellow provincial associations and our national association, News Media Canada, on that file.

R. Glumac (Chair): Great. Appreciate that.

I don’t see any other questions, so thank you very much for your presentation. If anything else comes up you want send in, please do so. Thank you.

T. Shoults: Thank you very much for your time, everyone.

R. Glumac (Chair): Our next presenter is Jill Tipping from B.C. Tech.

Welcome, Jill. We’re looking forward to hearing your presentation. Take it away.

B.C. TECH

J. Tipping: Thank you so much, parliamentary secretary, and to the whole committee: thank you so much for having me here today.

I’m really pleased to provide comments and input from B.C.’s tech sector on the FOIPPA legislation. I will be limiting my comments in the main to the data residency provisions and, briefly, to measures that allow for privacy protection. I won’t be addressing the freedom-of-information changes.

On data residency, B.C.’s tech sector was pleased to see the data residency provisions updated to be more consistent with the modern tools available and the efficiencies that those can deliver for government services. Whereas in the past there was a prohibition in the legislation on public bodies disclosing, storing or allowing access to data outside of Canada, the legislation now permits that as long as it’s in compliance with the regulations.

The legislation essentially was making permanent the temporary relaxation on data sovereignty requirements introduced in March 2020 in response to the incredible COVID pandemic challenges we were all facing at the time. This was an unprecedented challenge to B.C., to its citizens, to our government and to its services, and it required a quick response.

The tech industry is pleased to see that the experiment, having proven to be beneficial, will now continue. This process-oriented change to move the data residency rules outside of legislation and into regulation may allow government to act more quickly in a dynamic business and technology environment, and that will be a positive thing for business efficiency, for the predictability of the rules to business and for government services and, ultimately, we believe, to ensure better privacy protections.

The decoupling of data residency and privacy protection is, in our view, an opportunity to improve both. On privacy, the introduction of new privacy offences and privacy breach notification requirements create a framework to address damage should a breach occur, and critically, the requirement for public bodies to develop privacy management programs that seek to prevent breaches in the first place will create a stronger privacy framework for B.C.

In the digital era, expectations are changing, and it’s important that government has a regulatory framework in place that enables it to take advantage of the best opportunities available whilst ensuring privacy protections are strong. We’re pleased by the potential the new legislation gives for greater access to cloud-based services, and the changes open the door for more local companies to leverage cutting-edge technology platforms to deliver their own solutions to B.C.’s public sector to deliver to citizens’ expectations.

I’ll close my remarks there and be very happy to answer any questions you may have.

[9:35 a.m.]

R. Glumac (Chair): Thank you very much, Jill.

I guess I’ll start with a question. I think for people that sometimes are not in the tech sector, necessarily, there is a concern around data residency that somehow keeping data within the province makes it safer. I wonder if you could talk to us a little bit more about that concept. Is that something that has some relevancy to it?

We were talking earlier about how this legislation was written a while ago, and technology has evolved. From the perspective of someone that’s in the tech sector, could you elaborate a little bit on the best way to keep data safe? Is it through residency or through some other means?

J. Tipping: It’s a great question. I’m happy to answer. I think it’s really important to distinguish from the fundamental things that lead to safety in the physical domain versus the digital domain. In the digital domain — like it or not — it’s essentially a border-free world. So it becomes far, far more important to have controls over use of data and what is permitted in a jurisdiction rather than to require that the data itself is in the jurisdiction.

It may seem perverse, but the same things that allow for greater safety in a physical environment don’t necessarily deliver safety in a digital environment, so you have to pivot your approach to make sure that even without that control over physical things, you still have effective controls over what’s of concern to British Columbians.

The main reason why I’m positive about this legislation is that I think moving away from where the data is stored and focusing instead on how the data must be managed for it to remain private and safe is a really big step forward.

R. Glumac (Chair): Just following up on that, we have a few questions that have come up. A lot of times people cite changes to, for example, the Patriot Act or something like that as putting data at risk if it’s resident in the United States, for example. I know those provisions have been changed, but potentially, they could happen again. Do you have any comments on that, on the safety of our data — if there could be changes in legislation and where that data is stored?

J. Tipping: It’s certainly something to remain very alive to, and there are risks from that particular jurisdiction. I think from some of the other things we’re seeing around the world, there are other jurisdictions that can do things that are unpredictable and can cause risk for us. So we have to be alive to that.

Again, this is why I think ensuring that for public bodies’ data in British Columbia, that we’re controlling things and enforcing things at the level of the public body and their relationship to their supplier will lead to the best outcomes, because what we won’t be able to control are the actions of other states.

A. Olsen: Hi, Jill. Nice to see you and hear from you.

I’m trying to reconcile the comments that you made with respect to it being a good thing for us to have — I might be paraphrasing this incorrectly, but this is how I heard it — a flexible and responsive regulatory framework in British Columbia with the potential threat of a responsive and flexible regulatory framework in another country that we have no control over.

I understand that you’ve drawn a distinction between where the data is stored and how it is managed. However, we have no control over the regulatory framework of any other jurisdiction, including Canada. We only have a regulatory framework.

[9:40 a.m.]

When we heard from the B.C. Teachers Federation, as an example, I have two students in our public education system who are on cloud-based services, both based out of another country. The management of their data has essentially left our domain and is now in the domain of somewhere else, potentially to change their regulatory framework. How do we reconcile that, or how do you reconcile that?

J. Tipping: Not wanting to oversimplify, but maybe I’ll just draw a distinction between the process — or the structure, the framework change — and then the substance of the world we live in. The process change of moving the rules on data residency out of legislation into regulation, I think, is sensible.

What we’re attempting to control is a very fast-moving environment, so using a flexible and responsive tool like regulation, which can be changed more easily than legislation, and making sure that the legislation is very sound on principles but that the regulation enables you to adapt in whichever way the Legislature might decide it needs to adapt, whether to make things stricter or to make things more relaxed…. That’s just a good thing when you’re dealing with something that is a fast-moving environment. I think that’s a sensible move.

Then turning more to the substance of your question — which is, what can we control, and what can we not control? — I do still see that having control, for public bodies, with their suppliers, with clear regulations that must be complied with in British Columbia, gives us a stronger position than controlling only the data residency piece and having less leverage on other elements.

R. Glumac (Chair): Adam has a follow-up.

A. Olsen: Okay, that’s fine, but wouldn’t it be better if…? Is it an option to control at all?

J. Tipping: It is an option. I think it’s an option that loses some of the real benefits of accessing modern tools and best current thinking on how to manage things efficiently. So as with all things, there does need to be a balance between efficiency and responsiveness, shall we call it, and protection and restriction. I think it’s important to have a balance of both so that government can actually access the best technology tools available to deliver its business.

A. Olsen: Okay. I’ll leave it there.

R. Glumac (Chair): All right. You can come back if you want to ask something later, Adam.

J. Rustad (Deputy Chair): Well, thank you for that, and thank you for your presentation. You really made me wonder: would we, as a jurisdiction, have a problem if our data were stored in China, or if our data were stored in Russia, or if our data were stored in Ukraine? It makes me wonder.

We’re in a world where yes, we’ve got allies, we’ve got people — you know, the Americans, European states or other jurisdictions that we’re good friends with, where we have a trust relationship of some kind. But as we’ve seen in the world events just recently and we’ve seen historically, things can change, and things can change quite rapidly.

Yes, you put something out there in terms of data, and it basically is anywhere in the world — depending on the restrictions, the access and the security you’ve got attached to it — but there is still the physical location of that data, which creates a vulnerability, and not necessarily even from just an access perspective. You know, what happens if a bomb goes off, right? There’s the physical side that can be very disruptive to data as well. I’m curious, and it made me wonder.

Even in our own country, during the pandemic, the Canadian security agency, whatever they call it, tracked 30-million-plus cell phone users and where those people were moving around on cell phones, and used it for health, used it to help guide government in terms of health. People didn’t even know that their cell phones were being monitored and tracked in terms of where they went.

It just goes to show that under certain circumstances, data can be utilized whether there is permission or not. It could be utilized by various countries or various other jurisdictions just as easily.

[9:45 a.m.]

So from a data security perspective, wouldn’t it make more sense if we were to invest and set up repositories in British Columbia for critical information data and personal information? I get it. There are companies around the world that are really good about it, but just from a physical data perspective, wouldn’t it make sense if we were to invest and have that data stored in our own jurisdiction?

J. Tipping: I think it’s a really smart point and a really sophisticated point, too, to think about: what is our exposure to data? But also, really, anything else. We could be talking about grain supplies and where B.C.’s food supply comes from. So I think some of the same thinking can be helpful when we think about data.

One thing to just, perhaps, provide a certain amount of reassurance on is that the corporate partners involved, whether small or large, are very alive to these risks too. There’s no desire to expose British Columbians or any other customer to excessive risk, whether that’s political risk or…. Actually, earthquake risk can be a really big issue for data centres, so paying attention to seismic risk, which is an area where British Columbia is a bit challenged….

We might find that if we had all our data in British Columbia and nowhere else, that wouldn’t necessarily be the least risky thing we could do from the point of view of all kinds of physical risks.

Balancing all of those things, making sure that data is available at all times and that applications can work efficiently because they’re not dependent on accessing things from one specific location, is actually core to modern efficiency. But efficiency is just the other side of the coin of saying “avoiding business interruption risks.” So if we want everything to move smoothly, it’s often a good idea to sort of diversify where things are held so that you’re not specifically dependent on the risks of one particular end.

I’m completely alive to the concerns and the considerations that the committee is discussing. I think they’re strong ones.

R. Glumac (Chair): Susie?

S. Chant: Asked and answered, thank you.

H. Yao: Thank you so much. I really appreciate your presentation. Unfortunately, I’m not a tech person, so bear with me if I’m going to ask any questions that sound dumb.

We talked a lot about digital and physical domain. The way it was explained to me is that in a digital domain, there’s a higher frequency of attacks, a higher frequency of, I guess, hackers is the term they like to use. There is a comparison, contrast, when it comes to different companies or B.C. investing money in regards to, I guess, digital protection and compared to physical protection.

One argument presented to me for me to understand the situation better is that some of the bigger companies like Google, companies that actually have multiple service centres around the world, also have spent a lot more money financially on data protection in regards to digital defence against potential digital hackers, as Rick and I both know. I think our colleague over there mentioned different countries who potentially could, because of physical issues, but also, digitally, who are already starting various forms of aggression — I hate to use the term — against different forms of privacy concern.

I guess my question right now is: is this argument that was presented to me valid? That often companies who have a bigger set of data, bigger set of information, tend to invest a greater amount of resources protecting data in regards to digital programming or, I guess — I hate to use the term — finding a way to make sure there’s different server profiling of duplication of data to ensure that if one server is down, the other server can pick up the slack as needed?

J. Tipping: Yes, it is a valid thing to say. Perhaps I’ll just add a nuance to it, which is that what you’re talking about when you’re describing that is the platforms.

The platforms might be best understood, to use a comparable from a different industry, like banks. When we think about the primary institutions that are driving banking, we want to know that they’re large and have sufficient resources to address all of the financial risks and exposures that they’re managing. Similarly, when it comes to platforms, there is a benefit to having platforms that can take a global perspective and address the most pointed risks that we’re seeing, wherever they come from in the world.

[9:50 a.m.]

I would distinguish between the platforms and then tech companies more generally, because there are many tech companies, including the platforms themselves, that will provide services, but there are also smaller B.C.-based companies that will deliver services based in one of those platforms.

I hope that’s helpful.

H. Yao: Actually, it perfectly leads to my follow-up question, if you don’t mind.

You mentioned earlier about starting in March 2020, sort of as an experimental stage, regarding this new kind of idea of allowing our digital information to be able to flow freely across physical borders. Are there any successful stories, any kind of negative consequences, associated with that for the last two years of the experiment? Did the B.C. tech sector benefit, or were they harmed due to the circumstances? That’s my first question.

I guess my second question is…. Often it was presented to me that educational institutions also rely heavily upon cross-border information-sharing. I would just love to hear from others in the educational sector, I guess, on what they not only benefit from but vitally rely upon in this kind of cross-border information-sharing in order for them to thrive in the modern economy.

J. Tipping: I don’t have 100 percent visibility, but I’m not aware of any hugely negative consequences of the changing rules that came in, in March 2020. I think it can be really reassuring that when we do experiment with new approaches, it doesn’t necessarily lead to big negatives.

On the positive side of things, it has been a very interesting time during COVID. We’ve seen every sector of the economy digitized. We’ve seen 30,000 jobs created in technology in British Columbia.

We’ve seen, as you were describing, a somewhat borderless approach in business organizations but also in British Columbian companies seeking to be far more active everywhere else in the world and the rest of the world being very interested in being active in B.C. At the moment, our biggest challenge in the industry is actually access to enough talent to keep up with the demand from B.C. for innovation.

If I switch the conversation slightly, you were asking about other sectors where it’s vitally important. Education is a big one. I would also describe manufacturing and anything that depends on supply chain links. Transport is a critically important industry that’s adopting a lot of technology. We see that with members such as Seaspan, that are really accelerating their growth. The resources sector is experimenting more and more with digital twins and other things that can help them increase efficiency and reduce safety incidents.

It’s part of the future economy. The bricks and mortar of the digital economy are data and the way that data flows. I do think we need to have the right measures in place that mean we can control what we can control. Again, I would just emphasize that there is a relationship between government, as a customer, and its suppliers that, in a contract, can go beyond what might be in legislation. That’s a totally appropriate way for any customer to engage with any supplier.

R. Glumac (Chair): We have a question from Kelli online.

K. Paddon: Thanks so much, Jill. I appreciated hearing your thoughts on this. I’m just wondering. If I were to explain this to you, the average British Columbian, or if someone were to explain it to me, would the benefit of these changes to residency be because of security or efficiency or usefulness?

I hear that you’re describing those benefits here. I just want to kind of drill it down to its simplest form. What is the benefit there? I know that people are worried about the security. I’m wondering if that is part of the benefit, or if it’s the efficiency that you mentioned before, or a collection or balance of those things.

J. Tipping: What a good question. I’m don’t want to give you a bad answer, so let me do my best. To me, it’s really both at the same time. It’s efficiency and safety.

If you can use the most modern tool, and if you can use the tool that’s tested in the most challenging environments in the world, it’s going to be cheaper and more efficient, which is good for the efficiency with which we use taxpayer funds. It’s good for things to be efficient.

[9:55 a.m.]

It will also be safer. It isn’t so much that it is a trade-off between safety and efficiency. It is that using the most up-to-date tools will provide both efficiency and safety.

Apologies if this an inept analogy, but perhaps…. When your iPhone tells you to update to the latest software because it has important, enhanced security concerns, you tend to press “yes,” instead of going and Googling online and finding out precisely what the details are of those changes. There is a level at which you sort of trust that the company itself will be looking out for your data and will be wanting to give you something that’s more efficient and that there must be some benefit to it.

I don’t suggest that we just trust everything anyone ever tells us, but there is an element in which, as we discover problems and flaws, what we do with software is plug them and fix them. Using the most up-to-date version of software will give us more protections than using something that is out of date. That’s how I’d probably try and explain this change.

R. Glumac (Chair): Thank you.

We have a question from Susie.

S. Chant: Hi there. Thank you. I’m enjoying your presentation.

Back to the privacy plans. Would that be, in your thoughts on it…. Let’s say that a health authority would determine a privacy plan that then says: “This is the kind of data we are collecting, and this how we are collecting, and this is how we are accessing it.” So that when it goes to the data collection bank, it is data that can’t be…. If it is accessed, it may well not be as damaging as it has been in the past.

I think of, for instance, Newfoundland’s health authority being held to ransom fairly recently, and of the work that was involved there and the impact that happened there. It makes sense to me that the privacy plans have to be far better. Having worked in Vancouver Coastal Health Authority for a long time, I know how challenging some of the privacy work can be. I’m just interested in your take on that, please.

J. Tipping: I’ll maybe give you three observations. First of all, the fact of requiring a plan is an enormous step forward in the first place. The second step is that requiring plans from each body actually enables a bit of sharing of best practice. Exactly the example you were quoting, from elsewhere in Canada, is a great opportunity to learn from what worked and what didn’t work elsewhere.

Perhaps the third thing I’ll mention…. Just to sort of share what we see in industry, it continues to be the case that the single biggest source of data breaches, whether in the public sector or the private sector, is the user — the individual human and, perhaps, their desire to write their password on a Post-it Note and stick it next to their computer.

That continues to be the biggest single source of data breaches and concerns. It’s why I am so enthusiastic about the requirement for a plan: sometimes it’s the basics that are the things that are most risky. By just setting out some basic principles and reinforcing those basics, I think you’ll really see an improvement in the situation.

S. Chant: Thank you.

A. Olsen: Just a further clarification with respect to the threats of attackers or hackers and then the threats of regulatory change. I think there’s a line that’s being blurred here with how it’s being framed. Security of data is a threat no matter where it’s stored. As you said, Jill, it’s a borderless world. Where it is a bordered world is in the physical domain, where we have borders and we are responsible for the laws and the regulations within the borders of British Columbia.

The threat of security in the digital world is that data can be stored anywhere. It has a range of threats, depending on the robustness of those servers that that information is being stored on. As to the security of being able to control data with respect to the regulatory aspect, the only place that we know we can control that is in this building here.

[10:00 a.m.]

Wouldn’t you agree that when we open our data up to being stored in other jurisdictions, we open it up for the regulatory bodies of those jurisdictions to make decisions about our data that we, as the province of British Columbia, cannot control?

J. Tipping: I wouldn’t disagree with what you’re describing, theoretically. I understand what you’re saying, and I take the point. I think practically, though, because the data of any public body will be used and stored using the services of an IT provider of some kind, there’s an opportunity, other than in legislation, to introduce the customer-specific concerns or requirements in a contract. That’s how I would square that circle.

J. Rustad (Deputy Chair): Earlier in your presentation, you talked about moving from having stuff in legislation to moving it into regulation, for the simplicity of being able to change and go through that. In some ways, that makes a lot of sense because it is way more flexible. You aren’t limited to when the Legislature is sitting to be able to bring it in.

There’s only so much legislation that you can put through, and all the challenge around there. At the same time, it also means that there isn’t the scrutiny. There isn’t the oversight of regulations and regulatory changes.

I guess the question I’ve got for you is: in that shift, have you seen regulations that have been put in place since that legislation was brought in? Where is there an opportunity for input, scrutiny or improvements through a process that is done through regulation, as opposed to legislation?

J. Tipping: I think that’s a really excellent point. Perhaps I should just caveat my comments in that I think this is a great approach when what you’re dealing with is a very fast-moving environment.

As to what’s appropriate in the world of data residency and what specific requirements British Columbia is going to have, it makes sense to me that because that is such a fast-moving environment, the benefits of flexibility and being able to respond quickly outweigh what you might consider for something that was a slower-moving situation. That’s worth saying.

I still think that there’s a lot to be worked through, in the detail of regulation, to make sure that things are working appropriately and as efficiently as they can without giving up that. You don’t want to have no limits whatsoever. You want to make sure that it’s given enough scrutiny and that it’s a balanced approach that has the support of all. I think there’s more work to be done on the detail level.

J. Rustad (Deputy Chair): If I could, just in terms of follow-up: as you said, there’s more work to be done. What would you like to see in regulation? Or what would you expect to see in regulations as they are developed?

J. Tipping: There are really a few things that we’re most focused on. I won’t suggest that I will step into the shoes of the individual suppliers who will also have very specific input on this. I’m sure you’ll be hearing from others.

At a general level, what the tech sector as a whole is looking for is that the regulations are very, very clear. They do need to be very specific, unambiguous and clear, both in overall intent and in specific requirements. They should provide us with as solid a basis for working as we have today.

Taking all of the learnings from the experiment we’ve been doing since March 2020 and really reflecting those, many things worked. Not everything worked. Making sure that that’s reflected, I think, is really critical. I would say that that process is important.

[10:05 a.m.]

H. Yao: Do I have time for a question?

R. Glumac (Chair): You do.

H. Yao: I just want to make sure we don’t keep our other presenter waiting for too long.

I guess I’m going back to one of the questions that was sort of presented to me. I don’t know why I didn’t ask it earlier. Just to simplify my question, if the March 2020 experiment hadn’t happened, what would have happened to our British Columbia’s ability to use virtual technology to match with the rest of the world — for example, if that hadn’t happened in March 2020?

J. Tipping: I imagine we would have ended up in the same place, but it would have taken longer. We would have deployed less efficient tools, probably more costly tools and, ultimately, less safe tools for longer. But I do believe that we would have gotten here in the end.

COVID encouraged us to take some experiments, but it also accelerated things that perhaps we knew we should be doing. I think it would be a tragedy if we lost the positive impacts of the experimentation that we did during COVID, because some of them were necessary changes.

H. Yao: Do you mind if I have a follow-up? Obviously, recently we were talking about the importance of the digital divide between rural and urban areas, and we’re trying to balance it.

My question right now is: if this legislation, if regulations, didn’t happen…. If this didn’t happen, would B.C. be falling behind, regarding the digital divide, with the rest of the world? Is this something actually giving us a platform to maintain our modernization in regard to digital technology and the digital economy?

J. Tipping: There are two digital divides that I might highlight. One is the difference between urban settings and rural, remote and, specifically, Indigenous communities, not all of which have the access we would like them to have today. I know that’s a priority for everyone here.

The other digital divide, I would say, is between large business and small business. There is a tremendous opportunity for small business to adopt technology to explore new business opportunities or just to strengthen their existing business model.

I do think that there’s a need for us in B.C. not to be complacent but to be positive and forward-looking, to really embrace a modern economy in B.C. and make sure that everyone has the opportunity to participate in that. Whether they are a print shop in Langley, a manufacturer in Richmond or a kid in Prince George, I want them to see a digital future for themselves in B.C.

R. Glumac (Chair): To follow up on that, if I hear you correctly, what you’re saying is that this ability to not restrict data to be resident is inevitable. As I understand it, every other province in the country has removed the data residency provision. What you’re telling us is that this is the direction that the rest of the world is going. Is that correct?

J. Tipping: That’s correct — and to not be fearful of it but to just embrace it and put in place the measures you think are necessary for B.C.

S. Chant: Just very quickly. When you speak of the digital divide — you talked about businesses and also maybe some of our smaller communities — I’m also concerned about the digital divide associated with age and marginalization.

If you think, say, of 100 people in a population, how many of those people do not have access to decent technology to support whatever it is they’re trying to do, would you say? A guesstimate?

J. Tipping: Let’s say 5 to 10 percent.

S. Chant: Okay. And that number is diminishing?

J. Tipping: Yes, it is. What’s interesting is that as we solve one problem, we get a new problem. I don’t know if you recall, but in the early days of COVID, one of the biggest challenges for the homeless was the ability to charge their devices. We might solve the problem of access to a technological device but not solve the problem of access to being able to charge it and, therefore, use it. These are better problems to have than the problems we had in the past, but we continue to work on access.

[10:10 a.m.]

R. Glumac (Chair): Just a final question. The premise that you’re conveying is that it’s not the location of the data that provides the protection of the data. It’s the resources that go into ensuring that the data is safe that provides the protection. Some of those platforms that have iterated on data protection significantly may not have their data resident, but they may in fact be a safer place for your data. That’s what you’re saying, if I could paraphrase?

J. Tipping: That’s perfect. We need to switch seats now.

R. Glumac (Chair): All right. Well, I don’t see any other questions, so thank you so much for your presentation and for answering all our questions, specifically around data residency. Thank you again.

J. Tipping: My great pleasure. Thank you so much.

R. Glumac (Chair): All right. We have our next presenter we’re going to let into the Zoom waiting room. We have Tyler Olsen.

Welcome, Tyler.

Tyler is from the Fraser Valley Current and the Overstory Media Group.

Tyler, we look forward to hearing your presentation today. Take it away.

Fraser Valley Current,
OVERSTORY MEDIA GROUP

T. Olsen: Thank you very much. Thanks for having me. As you said, I’m Tyler Olsen. I’m the managing editor of the Fraser Valley Current. We launched a year ago this month. I’ve worked as a journalist in British Columbia since 2006, primarily at small, local newspapers.

I’m going to focus here just on one single issue that I hope underscores the broader importance of the FOI system as used by reporters like myself. That issue I want to focus on is ambulance response times.

Everybody wants our ambulances to get as quickly as possible to sick and hurt people, but resources and people aren’t…. You can’t staff ambulances on each block. Governmental decisions play a key role in how quickly ambulances can get to you, and because of that, B.C. tracks ambulance response times in each community. That information is important to guide decisions to improve how quickly you can get help when you need that help and when you call 911.

It’s also important for the public to know. We, the people, deserve to know how responsive our ambulances are in an emergency, if our local ambulances should be better and if our government should be putting more resources into that system, just like it goes for any other system where we have a right and where our decisions are made based on resources and how we allocate those resources. We deserve to know if our community is growing faster than our ambulances’ ability to respond to emergencies so that we can encourage our decision-makers to act to provide the necessary resources.

Again, we’re talking about ambulances here, but it goes for a number of issues and all sorts of decisions made by our government.

That information data is necessary to guard, also, against systemic failures and discrimination, but you or I don’t have — or you may, but we, the public, generally don’t have — easy access to ambulance response times. Those times could be public, but like large amounts of information, they aren’t accessible.

I don’t why, but this is one key reason why reporters like me request public documents through the FOI system. We just want the information, and an FOI request is the way I get these documents about issues like ambulance response times.

Last spring I received ambulance data through an FOI. This spring I have asked to see if I could receive that information through government communication channels. I made that request ten days later, and I have yet to be told even if that’s possible. I know they are working on it, but I don’t know if I’m going to get that information.

Even if I had the data at my fingertips, I’d still hope to use FOI requests to illustrate and educate readers about the system, because once you have the data, be it about ambulances or otherwise, our reporter’s work is only getting started. In the case of ambulance response times, I’d want to know why a city has slower ambulances than other cities. I’d want to know if officials have even noticed. I might want to know if anything has been done to try and fix the issue.

[10:15 a.m.]

Now, in an ideal world, I would try to talk to the person, or I would have an interview with the person at the B.C. Ambulance Service whose job it is to improve ambulance performance, who has that expert knowledge of the issue and topic and who can have that conversation about what’s being done about this system. But we aren’t in an ideal world. We’re in British Columbia, and in British Columbia, it’s almost impossible to get an interview with someone from the provincial government.

Instead, we reporters are sent to deal with communications staff who are very nice but insist on fielding and answering questions by email. You can request interviews with officials. You are almost never going to get an interview that allows you to have that exchange that allows you to ask questions, ask follow-ups and pick apart the nuances that can help understand an issue.

That’s how most FOI requests originate — from reporters and public citizens who actually want to know what various government experts, managers and analysts really know and think about a specific topic.

When you see requests for things like communication between different people in government, those are requests aimed at getting at people’s true feelings about a matter rather than getting at those feelings after being processed through people whose job it is to — again, lovely people — ensure that the information that’s sent out to reporters is denuded of as much controversial or just candour or revealing information as possible. They will focus on getting specifics to you, and that’s very helpful, but the nuts and bolts about why and how something happened are very hard to get at if you are a member of the public or if you are a reporter.

Now the government has thrown up barriers to deter the access to freedom-of-information requesting documents as well. In past years, colleagues would ask me for my help about filing FOI requests. And I would tell them that while there were delays and sometimes overzealous redactions, the province’s system was actually decent, because it was so easy to access. An FOI request was as easy as sending an email.

That low barrier made filing FOI requests especially welcoming to reporters at small news organizations. It helped me write stories about mining, about parks, about hospitals, about schools — about a range of other topics — that helped inform our readers and gave people insight into just how well their government was performing and how they were delivering those services that they were elected to provide.

Then fees hit. With fees, came both the monetary factor and then the paperwork and bureaucracy necessary to pay those fees.

Last November the Fraser Valley was at the centre of one of Canada’s costliest disasters. Previously I would have begun filing FOI requests almost immediately to learn how the province had prepared for and responded to the disaster. The information would have allowed us to report on the work done to save properties and lives and to see what, if necessary, needed to be done differently in the future. It would also serve as the baseline to measure the government’s actions in years to come.

I’m proud of how we reported on the Fraser Valley flooding and landslides. But at the same time, I know that we could have done even more. Because when the province instituted its new fees, it raised a barrier to access that changed just how anybody makes decisions about whether to file an FOI request.

We have made — I have made — fewer FOI requests than I have done in previous years. With an FOI request, you’re never sure what you will get from that request, or if the documents you hope exist actually do exist. That’s why you make FOI requests and why you make, maybe, more than would seem necessary from the outset. But you don’t know what’s there until you start looking.

I’m fortunate that my employer has never deterred me from spending money on an FOI request, but I’m also aware that we exist in a world where we all operate under resource and financial constraints. Ten dollars isn’t a lot individually, but it adds up. The money spent in one area is money that can’t be spent on another newsgathering area.

As I said, a fee isn’t just a fee. It’s a psychological barrier. It’s a hassle, and it’s spreading. Since B.C. instituted its fee, some city governments — including Chilliwack, in my region — have followed suit. I’m very worried there will come a day when, to get comparable information from the eight municipalities we cover, we will need to pay eight different FOI fees.

[10:20 a.m.]

We do stories about how Abbotsford, Chilliwack, Mission and Hope address the same issue in different ways. One way we can get at that information is by seeking data and information through FOI requests. If we have to start filing eight different FOI requests and paying eight different fees….

Currently we have to file eight different requests anyway. But if we have to pay eight different fees, suddenly we’re not talking about a $10 cost. We’re talking about an $80 cost for that one story. Again, I can pay that, but it impacts the resources that are available to us for all the other things that we do and all the other stories that we do.

The goal of the fees seems to be to deter frivolous requests, but there’s no way to deter frivolous requests without deterring important ones — or ones that somebody thinks aren’t frivolous, that somebody thinks is very important to them, to their own issues and to their own lives. The government is a black box, and because of that, we don’t know what a frivolous request is until we make that request. We don’t know what desperately important information needs to be uncovered until we find that information.

We, and you, don’t know what vital stories aren’t being written now that reporters in these organizations are filing less FOIs. All I can guarantee is that fewer journalists are filing FOI requests. If fewer penetrating and important stories are getting written, then our governments are being held less accountable now than previously. Those are my remarks.

R. Glumac (Chair): Thank you very much, Tyler.

Does anyone have any questions?

J. Rustad (Deputy Chair): Tyler, thanks for the presentation. It’s disturbing when I think about governments being less transparent or less accountable. I suspect that that trend is, potentially, global.

I’ve asked this of each presenter, and I want to ask you as well. If we were to flip this…. The FOI Act was written at a time when the Internet wasn’t even broadly used. Technology has changed dramatically over the years, and I would say that the FOI Act has become more of a restriction than it is an access act.

If we were to go to a more proactive model of data being readily available and dumped so that reporters could access it, do you still see a role, in terms of FOI, in a situation where government officials are not willing to provide interviews? I’m just trying to understand. If all the data were available, but you were still sort of being denied being able to ask questions, do you still think there would be a role for FOI to be able to try to get at those questions?

T. Olsen: That’s a great question. Yes, there is, in part because there are documents, and then I guess you could proactively redact documents and then post them online.

Audits are one example of information that is not currently provided. You have to use FOI requests to get at them. Audits are a great way to determine what an independent person, whether inside or outside an organization, feels about the true state of a program or a governmental area. They can provide a ton of information and a kind of candour about that information.

There’s a realm in which…. If those are also provided online, that reduces some of that friction and makes parts of FOI requests…. That would ease that. At the same time, though, there are huge areas — I’m thinking particularly about local concerns about, say, mining or a quarry in your area or something — in which I don’t trust. And I think that the ability to provide all that information through proactive disclosures….

[10:25 a.m.]

I can’t see a world in which all that information that you can currently access through an FOI request can be put online proactively, because there’s just so much information and documents that government generates. To remove that access to those documents, which would have been created pre Internet too — this isn’t an Internet creation of those documents — would be harmful to people and reporters who are looking at individual developments or things like quarries or forestry operations and one-off things.

I don’t have any confidence that a government of any sort, no matter how competent, could put all that information online proactively. So if you can’t put all that information online proactively, you need to make that information available reactively through something like an FOI request.

R. Glumac (Chair): Thank you.

We have a question from Kelli.

K. Paddon: Hi, Tyler. Thanks for everything. We haven’t spoken since most of the trauma and drama of the fall. I’m glad to see you’re well.

My question is…. I was listening to you, and I think you did a great job of describing the concerns that you have. I’m wondering, though…. I don’t know that I heard what the suggestion or what the direction that you would have in your mind would be. Would it be to go back to no fees but everything else…? I know you said that, yes, there’s a delay, but it was still better. Or are you suggesting something different? What would make it so that you’re able to access the information for the people that you report to?

T. Olsen: Right. I think that’s…. The crux of this is that there’s a bunch of different issues here. I was focusing on fees.

Essentially, now…. I’m going to go off on a tiny tangent. Libraries here in our region have suddenly dropped their late fees. That’s, in part, to reduce the barrier for people to access the library.

The issue of barriers is one that, I think, is key in that whenever you put barriers in place…. Barriers can be fees. I would definitely say that the fees themselves are a significant barrier and should be removed.

Wait times are barriers. When you know that you have a story or something that has a deadline and that you can’t trust to receive a document within a certain time frame, then that impacts your ability and your desire to request that information. I have information I’ve requested from the RCMP through the federal ATIP program that I requested last year. Like many people, I never got a response on that. I don’t expect to, because that system is even more broken than B.C.’s system. But we shouldn’t be….

In a way, when I’m comparing B.C.’s delays to other delays, I’m comparing it to the federal system, which just doesn’t work. B.C.’s system has worked, but it also needs to be better. We should be aspiring to not be just better than the single-horse access-to-information program out there.

Our province should be aspiring to create as low a barrier as possible to access information that belongs to the public. We should be aspiring to reduce those wait times to ensure that those wait times aren’t increasing and, at the same time, realize that there are trade-offs and that it’s better to get a document in 60 days than never at all.

I think there’s a balancing act to be done there. It’s also one where there are…. It’s a resource question, not just for the FOI system but for the entire governmental communications system in which…. There are reasons that I’m requesting and that I use the FOI system, and that’s often because other systems are directing me that way because of barriers created through those systems as well.

[10:30 a.m.]

R. Glumac (Chair): Thank you.

A question from Henry.

H. Yao: Thank you so much, Tyler, for your presentation. I do want to just piggyback a bit off of you and ask you to really help me paint a better understanding of the challenges that some of our journalists are facing.

You mentioned that governance often feels like a big black box, and you never know what kind of information is out there. Then your description of how, even proactively, this information — such as, for example, you talked about mining companies…. There’s still some information that government probably will end up withholding from the general public.

As we know, when it comes to FOI, it isn’t just information that is readily available. Actually, we have to put in staff time to go in there to find certain information. As you mentioned earlier, sometimes you don’t know what to ask until you start gathering a lot of information to figure out if it’s a pattern that can be identified by journalists in regards to a direction of investigation.

So I’m sort of having a hard time — and, please, I would love to hear your advice — reconciling between how we can manage this mass of information that requires staff time to gather and still provide proper access to our general public. How do we also address the fare issue? This happened quite a few times. It’s multiple delays people are talking about when it comes to responding to an FOI request.

I would love to hear your feedback. Maybe you have some recommendation that we could introduce next bill on how to increase transparency and accessibility by allowing us to be efficient in providing the response time to those journalists or the individual public, while also realizing that it is a huge amount of data and a huge amount of information that needs human power to scan through, to examine through, in all the forms, to be readily available for the request.

My apologies. A really long-winded question there.

T. Olsen: In part because I’ve never worked as an FOI officer, and I can’t tell you where exactly the largest time backlogs are, I can only talk about what makes me want to request something through an FOI channel or what makes me not want to request something through an FOI channel — and sometimes the public, too, because I know I’ve talked to members of the public who have encountered those things or who have filed FOI requests.

On the demand side, which is what I’m saying, the one thing that government can do, I guess, to encourage people to find that information through other channels is to be upright, forthright and truthful when they are asked for that information through channels and to not be afraid to provide information through conversations and interviews. Because when they are afraid and when they are reluctant to provide information through those channels, that’s what sends people looking for information through other channels.

That’s what creates somebody who has a problem with a manure operation on the other side of their fence. It’s when they feel that there’s something that they’re not being told or that something’s being hidden from them or that they’re not getting that information through various channels. Or when they feel that their local community newspaper or something isn’t reporting on that thing, and they want to find that information so that they can give it to their local community newspaper, which is something that happens. Again, people see journalists and news organizations as one way to spur change and spur reaction from decision-makers.

When people file these FOI requests, they’re looking to create that change. That change can come before an FOI request. That’s what I’m suggesting. Or that information can be provided through non-FOI means.

As I said in my presentation, the proactive data is just one very small slice of that. The much larger slice of that is just ensuring that people feel like they’re getting the actual truth and the actual information when they ask someone those questions.

[10:35 a.m.]

As a member of the public, I can’t really say, because it kind of depends on who you’re talking to sometimes. But as a reporter, I know that I’m frequently left with the impression that even if there was something interesting or important that was being discussed amongst government officials, they would never tell me that, because they see that as creating headaches down the line. Those headaches eventually lead to changes like things to the FOI law, and then we’re here. I think a lot of it can come down to just openness and truthfulness and transparency that way.

H. Yao: Thank you so much. I really appreciate your answer.

If you don’t mind me…. I know my question asked earlier was a bit overly complicated, so I apologise for that. I guess my question is: how do I…? I’m looking for different strategies to reconcile the balance between, obviously, the backlog of information that’s available and needs to be done through FOI.

Unfortunately, we’re also dealing with a lot of people saying FOI requests are getting delayed due to the human power and resources required to scan through. From your journalism perspective…. I understand you don’t work for an FOI department yourself, but from your perspective, what can we do in working with the public to find ways to allow the FOI process to be more streamlined or to allow the public to access information faster?

T. Olsen: Right, okay. I’ve got a good one. You could allocate more resources to FOI requests, and if you needed to find a place…. That’s essentially it.

Things cost money, and what we value costs money. If we value this access to public information, we should, and the government should, put its money where its values lay. If that’s going to cost some money, that’s going to cost some money. That’s a decision to be made by government, but it’s one that none of this…. The legislation isn’t free. Nothing is free in this. So if you feel that this is an important way that people can access information and an important thing to hold government accountable, at some point, you just have to put your money into that and put resources into that.

Clearly, the government puts a lot of money into managing how it interacts with reporters. Responses to reporters go through multiple edits through multiple people. It’s put a lot of resources into that side of things. I’ve seen a lot less impetus in putting resources into providing more information to journalists and members of the public.

S. Chant: Thank you for your presentation. It’s been very helpful.

My question. You spoke about barriers — fees being a barrier and wait times being a barrier. You also alluded to barriers that you had encountered before you hit the FOI point. You would try to get information elsewhere, and you couldn’t get it, so you went to FOI. Are those also governmental-based barriers, or are they outside of government entities?

T. Olsen: Thanks for the question. Those are governmental-based and, again, communication-based barriers. Now, I requested that ambulance information ten days ago, and this is eminently through the PHSA. But I’ve encountered similar things through provincial government where there are delays in responding to reporters. There are times when those responses just don’t happen.

There are also times, when we talk about barriers, that it’s just about something as simple as not being allowed to interview the inspector of dikes, say, last year before we had any of these floods. When I can’t interview someone, when I can’t talk to them for 20 minutes, that’s when I will often make a freedom-of-information request. If I can’t speak to them and hear from them personally about their thoughts on an issue, I will, historically, try to find what they are telling their colleagues about this issue. Since I can’t speak to them and hear their personal thoughts, I’ll try and find someone who they are telling their personal thoughts to.

These denials of interviews happen not just for myself, a smaller organization, but for larger news organizations as well.

[10:40 a.m.]

That is one key reason that people…. Again, as I said, the barrier that prompts people to file an FOI request is that lack of ability to get that information just, often, verbally.

S. Chant: If I can just clarify what I’m hearing, access to sources to speak to directly has also become more and more difficult.

T. Olsen: Yes. If you ask pretty much any reporter in British Columbia, they’ll tell you the same.

A. Olsen: Thank you, Tyler, for your reporting, especially last fall — a tough time for your communities that you report on.

I’m just wanting to get a little bit more detail from you around the frivolous requests. We heard this a lot last fall with respect to one of the reasons why we’re bringing a fee in. We asked the question about whether or not the fee was meant to be a deterrence, and we were assured that it wasn’t meant as a deterrence. I think that you’ve given a presentation here which suggests otherwise.

Maybe you could just talk about…. I think you made the statement that you don’t know what a frivolous request is until you ask it. Maybe just, from your process perspective, if you’re looking for information…. Maybe a little bit more on the frivolous request piece that you were referring to.

T. Olsen: That’s a hard one to answer because I don’t know what the government considers a frivolous request. In all of these requests, every request it gets is being made by an individual. I would suppose there are other parties, maybe, that the government could consider frivolous requesters.

These requests are all for information that the government holds and that someone from the public wants to see. When you consider it that way, I don’t know what can be considered a frivolous request. It’s putting a value judgment on an action and information that a member of the public is declaring that they would find of value.

At the same time, there are requests where…. Because there is so much information that the government creates, and because there are fees already for FOI requests that require a lot of staff time, in seeking to avoid those fees — or, frankly, in seeking to prevent and not tie up staff resources — one can make smaller requests for things, like maybe an email inbox that doesn’t show you every email, but it shows you the subject line of each email over a certain time period.

Those specific requests may not be designed to themselves provide information, but may be designed to find information that can then be specifically requested. In doing so, that request can be more efficient than, say, requesting the full contents of every single email over, say, a certain month. You can request the email inbox and then see what the subject lines are and request individual emails that you think will provide you with the information that is useful to you.

That original request for, say, an email inbox could be looked at as frivolous because it itself isn’t providing substantial information, but it can be used, essentially, to direct somebody to figure out what information is available and then how to get at that useful information — frankly, in a more efficient way than doing a blanket request that may, on the surface, look less frivolous.

R. Glumac (Chair): We have one final question from John.

J. Rustad (Deputy Chair): I’ll make it very quick because I know we’re over time.

Thank you so much for this. There are a number of entities, even private MLAs, that are not included in the FOI requests or FOI availability. Is there anything in particular that you think should be added into FOI that currently is not available through FOI?

[10:45 a.m.]

T. Olsen: Yeah, thanks. Yes, I think MLAs, as the elected representatives of communities…. That would be a large help. Especially if one thinks of MLAs as having an important role in our community, then it does strike me as strange, and outside the reasons and mission of our FOI law, to have those MLAs not be covered through freedom-of-information law.

At this point, the matter of trying to reduce the barriers that have been erected in the last little bit is what I have been most focused on and hopeful to see. After that, ideally, I think, you’d have as much information available to the public as not, because it is the public’s information. If we trust people in positions — who have been elected by the public — we should trust, even if that information is available, that it can be used by the public to make decisions about who represents them and who doesn’t represent them.

Yes, I’d like to see everything under the sun covered by the FOI law — probably MLAs being nearer the top of the list than others. But I think that at the moment, reducing the barriers that have been created is the most important thing.

R. Glumac (Chair): Well, thank you very much, Tyler. I very much appreciate your presentation and taking the time to answer our questions here today.

We have our next presenter today, who is actually here in person. I’d like to introduce Vincent Gogolek.

Welcome, Vincent. We’re happy to hear your presentation today, so take it away.

VINCENT GOGOLEK

V. Gogolek: Thank you for inviting me.

I’d like to begin by respectfully acknowledging that we’re here today on the traditional territories of the Songhees and Esquimalt First Nations.

You already have my written submission, I believe, so I am going to just highlight a few of the points, and then I’ll be happy to take your questions.

First, I’d like to highlight the unfortunate position that this special committee finds itself in compared to its predecessors. Those committees, as provided in the Freedom of Information and Protection of Privacy Act, are given a year to do a review, every six years.

What happened here is unprecedented. The government brought in very extensive changes to the bill that this committee is supposed to be reviewing and is required by law to review. The practical result of this is that this committee has half the time of its predecessors to hear from witnesses, to consider what the witnesses had to say and to write their report. So this is a problem.

This is a problem for you, but it’s also a problem for all of us as a society, because of the legislation. This is a legal requirement: that this committee has a year. Technically, I guess, you did have a year. But the problem is that there’s not much point in having hearings while, down the hall, there’s a review bringing in amendments to the law. There were amendments to the bill that were presented and accepted, so you’re in a tough position.

[10:50 a.m.]

There’s a question of privilege that was raised. I think that would have been a very helpful thing to have a ruling from the Speaker, but for technical reasons, there was no ruling. We don’t have the advantage of the wisdom of the Speaker in terms of what the effect is on the privileges of the members and of this committee. So what, in the absence of that ruling, is to be done?

There may be circumstances where the government has to bring in amendments for some reason. The doctrine of parliamentary sovereignty and parliamentary supremacy means that parliament can’t bind itself except in terms of what’s called manner and form.

You can’t prevent a future government from doing what was done, but you can put in a requirement that if there were to be amendments brought in during the review period of the committee duly constituted, perhaps a two-thirds majority, some other way could be used to keep this from happening or to restrict the government to doing this in cases where there is a real emergency. “Something has happened. Something must be done. We must change the law.” If they can get two-thirds of the Legislature to agree…. Presumably, if it is a real emergency, everybody would be on board with whatever changes they’re bringing in.

I offer that to you. You are the parliamentarians, and you’re the ones who have access to people who are the experts on parliamentary procedure and legislative drafting. I would encourage you to talk to them about how this could be avoided in future, because the original drafters…. I don’t think there was ever any discussion back in the day, back in the early ’90s, about this situation. It was never considered that a government would do this. Anyway, I’ll leave you with that thought.

Another point is the administration of the Legislature. You and your predecessor committees have had a number of respected experts, organizations, saying that this is something that would be important. This would be a good thing, to avoid the kinds of things that happen when there is a lack of scrutiny and transparency. Well, we’ve just had a criminal trial dealing with what happens when you have a lack of transparency and coverage under the FOI Act.

Over three years ago, three commissioners — information, ombuds and the Merit Commissioner — made recommendations. One of the recommendations was, of course, to put the administration of this place under the Freedom of Information Act. All of the leaders of all the parties agreed with this and said: “Yup, this is a very good idea. Get right on it. It’s the minimum we should be doing.” Well?

We had extensive amendments to the act last year — very extensive amendments. Somehow the administration, coverage of the administration of the Legislative Assembly, didn’t make it into Bill 22. You have an opportunity to recommend, remind the government that “yes, we do remember this,” and it would probably be a good thing that something that all the parties agreed to is brought in.

I don’t know if you’ve heard anything from any other witnesses about the city of Richmond case, which I referred to quite extensively in my written submission. It’s a case that involved a request for amounts paid in a settlement to city employees in the city of Richmond.

[10:55 a.m.]

Essentially, it went to the commissioner’s office. The commissioner’s office said: “Hand over the information. It’s not covered by privilege.” There was a judicial review in the B.C. Supreme Court, and the judge overturned the commissioner’s decision.

Unfortunately, that decision was never appealed. I was not part of the proceedings in any way, so I don’t know the background to the case, but that case is binding on the commissioner. The judge cited something called “settlement privilege,” and this is part of litigation privilege. The legal system has a number of mechanisms in place to encourage people to settle, to not drag everything out through the full court process to trial. Settlement privilege is one of those. It’s to allow people to have full and frank discussions without prejudicing the actual case itself.

Now, as the judge noted, the term “solicitor client privilege” in section 14 does not include settlement privilege. But because FIPPA does not contain express language that would abrogate settlement privilege, accordingly, it should not be interpreted to have done so. It’s not included in the term that the Legislature put in the act, but the judge said: “Well, because you didn’t say this part of it is expressly excluded, we’re putting it in.”

Of course, what happened? Well, the OIPC is bound by this, so what happens is that they have to now look at section 14. The judge herself said that the terminology does not include settlement privilege. Well, her reading is: “If you didn’t get rid of it, well, then that still applies through the operation of the common law.”

This has had real, live effects. For example, the city of Vancouver used to release these types of settlements on request, and they don’t. They make you file an FOI request now, apparently. Of course, it’s denied on the basis of settlement privilege.

Settlement privilege, the way it’s been set up, the way it’s been interpreted, covers essentially any kind of dispute. Anything that could go to court, even if lawyers are not involved, will be privileged. If you’re being let go, if there’s some sort of dispute with a public body, even if you have not lawyered up, are not represented by counsel, you may never do that.

Whatever arrangement you come to, which is normal functioning, is covered by settlement privilege. There’s no legal action going. You haven’t even hired counsel, so it’s not about to go to court. It’s not like you’ve hired a lawyer, and they’ve sent a letter to the city saying: “This much, or we’ll take you to court.” No. It’s just the discussions back and forth.

This has come up in the employment area, but this could apply to essentially any dispute. This is a huge expansion of what was originally set up to protect conversations, confidential communications between the lawyer and the client public body for the purposes of having legal advice. This is taking it to a much wider place, and it is being widely used by public bodies to reduce information that was previously available.

[11:00 a.m.]

In terms of the application fees, B.C. has now gone in the opposite direction to a number of other jurisdictions — like Newfoundland, New Brunswick, the Republic of Ireland — where they’ve eliminated the fees. I am not aware of how much money the B.C. government plans on making out of this, but at the federal level, if a cheque is sent in, it costs $50 to process. So if the federal government charges you five bucks for your ATI request, the federal government and the taxpayers of Canada are out $45.

Based on the math here, if even a quarter of the people making requests to the government of B.C. put it in by cheque, as opposed to doing it online, there’s zero net revenue to the province. If half of them did it, the province is out of pocket to charge people the ten bucks.

Quite apart from the transparency aspect, which is terrible, this isn’t good public policy, even in terms of: “Yeah, we’d like to make a little money back.” There are apparently 14,000 requests received by the government of British Columbia. At ten bucks, that’s $140,000. That’s not a ton of money. That’s gross.

R. Glumac (Chair): Vincent, I’m just letting you know that we’re a little bit over what the presentation…. We want to make sure you get all your points in.

V. Gogolek: Okay, thank you. Sorry about that.

I’d just like to conclude — you, of course, have my written submissions — by saying that when governments shut down important means for the people to find out what their government is doing, the people will have a tendency to believe that the government is trying to keep information from them. They generally don’t believe that the increased secrecy is because the government is doing good work on their behalf. In these times, I don’t think that’s something that any of us want to encourage: undermining people’s trust in government and people’s confidence in what’s going on behind the scenes.

I look forward to your recommendations in your report, and I’d be happy to answer any questions.

R. Glumac (Chair): In regard to what you were talking about with settlement privilege and it not being explicitly mentioned in the legislation, would you be suggesting that it should be specifically mentioned? Could that go the other way, then — that too much information could be revealed, in terms of client-lawyer privilege and things like that?

V. Gogolek: The courts are very, very careful about any kind of incursion onto solicitor-client privilege. Some cases that I think I may have cited in my written report talk about privilege being sacrosanct. They’re very reluctant to cut into it.

Part of that tendency is what we saw in the city of Richmond case, where you have settlement privilege, which is not covered by the wording in section 14. As Madame Justice Gray said — because it hasn’t been expressly taken out — I will say that the common law applies to freedom-of-information requests.

There are a number of problems, I think, with the decision, with the reasoning behind it. A lot of what settlement privilege has behind it is what the courts and the legal system have developed to encourage settlements of actual legal disputes, where you want to encourage the parties to make their best efforts, to say: “Okay, what can we do to come to some sort of agreement — where we don’t have to go and bring it all before a judge, spend court time at the public’s expense — and make this happen?”

[11:05 a.m.]

I think it’s unfortunate that it’s in there. I don’t have actual wording to suggest to you, because in this case, it does have to be very carefully drafted. We’ve seen other cases in the Supreme Court of Canada, in the University of Calgary case involving the Alberta act. I would encourage you to take a look at that to get an idea of how protective the highest court in the country is of privilege, and how carefully they want any legislative incursion into that to be drafted.

Given that this case is now the law, it does bind the OIPC in their decisions and how they go about it. It also affects how public bodies deal with requests. So there are now going to be…. I suspect that public bodies will look at this and say: “Well, gee, if we’re having this discussion, if things went bad, could this go to court?” Maybe. Settlement privilege — that’s going to cover a lot. A lot of things can go bad. A lot of things could end up in court.

The next review is going to be six years from now. I don’t know that we want to have six more years of a constantly expanding interpretation of section 14, especially when the purpose of section 14 is to protect privileged communications between the public body client and their counsel. This is going way beyond what the clear intention, I think, of the Legislature was in carving this out.

I’m afraid I can’t help you with a suggestion in terms of how to draft it, but I think it’s very important that this be taken care of.

R. Glumac (Chair): Just a clarification on your first recommendation, around changing the legislation when this committee is sitting, for example. You mentioned the two-thirds vote. In my time here, I’ve not seen anything that requires a two-thirds vote. Are there examples of that anywhere?

V. Gogolek: I can’t think of them right now, but they do exist. That’s why I put forward two-thirds, because it does exist in other legislation, in other circumstances. This, of course, would be used in the very limited circumstance where a government decides to do this, because, of course, a government has to be free to make necessary amendments, especially if it’s in an emergency situation.

If something happens with restrictions, or a loophole develops in terms of access to people’s personal information, and the government wants to protect people’s personal information, they would have to amend the legislation.

They’ve already set up this committee. You wouldn’t want to — and I don’t think you can, actually — prevent them from doing it, because of parliamentary supremacy. You don’t want a government….

Now, let’s say that time allocation was not brought in for Bill 22, and it did not pass. So we had six months where the committee was on hold, and then it gets brought back in the spring session. Then what do you do? You’ve got a one-year clock ticking. They’re amending the act. We’re going to be here having this hearing going on. Down the hall, down the stairs, they’ll be debating extensive changes to the very legislation that you’re looking at.

[11:10 a.m.]

Unfortunately, I think, because we have this example now…. Previously, you could say: “Well, nobody would do that.” Yeah, they did it. I think that there now has to be some sort of legislative safeguard put in as well as sort of the institutional, “This would not be the done thing. No, you can’t do that unless you can get two-thirds of the members to approve it” — maybe even at first reading.

R. Glumac (Chair): Okay. Well, thank you. I don’t see any further questions. Thank you very much for your presentation.

V. Gogolek: Good luck with your truncated process. I’m sure you will do your best in the circumstances, as we all do.

R. Glumac (Chair): We can call a recess right now. We are running a little bit behind. Why don’t we reconvene here at 11:25?

The committee recessed from 11:11 a.m. to 11:28 a.m.

[R. Glumac in the chair.]

R. Glumac (Chair): Our next presenter is Bob Mackin.

Bob, I look forward to your presentation today. Take it away.

BOB MACKIN

B. Mackin: Thank you for this opportunity. Good morning.

Today, coincidentally, is the Ides of March. Instead of Roman tragedy, I want to begin with ancient Greek wisdom. The philosopher Plato is credited with saying this: “We can easily forgive a child who is afraid of the dark. The real tragedy of life is when adults are afraid of the light.”

I have learned, over 30-plus years as a reporter here in British Columbia, that far too many adults who run our public institutions are afraid of the light.

[11:30 a.m.]

They build walls to keep the light away, to keep us from knowing how they make decisions and how they spend our money. We need open doors and open windows, because democracy dies in darkness. It is why we are here today. We need the adults in charge of public institutions to let the light shine in. We need today’s children, who will be tomorrow’s adults, to be brave, because we’re going to rely on them to care for us in our old age.

There is a lot to be afraid of in today’s world. There is war, disease, pollution, natural disasters, greed, waste and corruption. We’re in an age of social upheaval and toxic partisanship. Sean Holman calls it a “post-truth society.” In 2021, we were shocked when people protested outside of hospitals or burned down churches. In 2022, we were still shocked by a loud minority who wrongly claimed that a vaccine is harmful and a virus is not.

Secrecy begets disinformation, which fans the flames of extreme ideologies and undermines democracy. Transparency, however, breeds trust, and it breeds confidence.

In a November 2009 speech on freedom of information, then Chief Justice of the Supreme Court of Canada Beverley McLachlin said this:

“Information itself, or the possibility of information coming to light, acts as a check on abuse of powers. Public opinion and debate operate as an immediate check on potential abuse of government power. The need for information is compounded by the inevitable tendency of governments and those exercising powers on behalf of the government to disclose only as much as they deem necessary. Despotic secrecy is a historic norm. Democracy sets its face against this. Yet, unchecked, the tendency is always there, and unchecked, it will inevitably undermine democracy.”

In 1996, U.S. senator Patrick Leahy said: “Press releases tell us when federal agencies do something right, but the Freedom of Information Act lets us know when they do not.”

The B.C. government spends $28 million a year on a department that tells the public what it thinks it does right. My job as a reporter is to find what the government is doing wrong and where it can improve. That is why I use FOI.

I have uncovered how government has swept workplace deaths, child abuse and pollution under the rug. I’ve uncovered information about government subsidies for the IOC and FIFA, two of the world’s richest and most corrupt organizations. I have uncovered how politicians have wasted public funds to boost their own image and pad their pockets while British Columbians struggle to make ends meet in communities with underfunded hospitals, underfunded schools and underfunded emergency services.

My focus for the last two years has been the pandemic. Why wasn’t B.C. better prepared? Why did so many people die? Where did the billions of dollars go?

I don’t do this to be on your Christmas card list or invites to cocktail parties. I’ve been vilified by people as diverse as Rich Coleman, Lisa Beare, Christy Clark, Geoff Meggs and Penny Ballem, plus too many diehard professional and amateur partisans, on the left and on the right, to count.

I wish I never had to file one FOI request. I’m disappointed, though, that I don’t have more time to file more than I do. But I won’t stop, because British Columbians need the information that I find and the information that other reporters find.

It’s a constant struggle. Our 21st century governments are in permanent campaign mode, using modern product marketing and corporate communications techniques to manufacture consent. They talk about public engagement, but instead they divorce and divide us when we need unity and we need understanding.

In 2016, the OIPC commissioner at the time, Elizabeth Denham, audited Vancouver city hall. What she found there in 2016 is what I know still exists today, in 2022, in the B.C. government. She said:

“…inappropriate delays, failure to meet legislated timelines, missing documentation, incomplete responses and adversarial communication with applicants…evidence of treating media applicants differently than other applicants. The principle in FOI requests is that all applicants be treated equally and should not be distinguished by their employment status. It is in the public interest to protect the ability of media applicants to identify issues, obtain records and disseminate information in a timely manner.”

In OIPC order 0419, the adjudicator stated: “The duty to provide access to records under the act is not defined by the willingness of the public body or its staff, contractors or agents. There is a section of the law that is called duty to assist, but politically influenced managers encouraged treating media like adversaries.”

Section 2(b) of the Charter of Rights and Freedoms protects freedom of the press, and FOI flows from the Charter.

[11:35 a.m.]

The courts have held that justice delayed is justice denied. They’ve also held that access delayed is access denied, and reportage delayed is reportage denied. This brings me to my five-point plan to fix the broken FOI system in B.C.

One, at the top of the list, repeal the $10 FOI tax. A party with “Democratic” as their middle name should never act undemocratically, but it did last November by ramming through Bill 22. I’ve heard from readers of mine who are diehard NDP supporters who say that that was the last straw. They’re not going to give their votes, volunteer time or donations to the NDP anymore.

Two, transform the information access operations department business model from censor to publisher. Amend the law. Make proactive disclosure the rule. The proactive disclosure of calendars, expenses and contract data was a long-overdue, baby-step start by the B.C. Liberal government in 2016, but it was only a policy change. Today the NDP routinely misses deadlines and omits information with no fear of being held accountable.

Three, split the Office of the Information and Privacy Commissioner and the office of the registrar of lobbyists into three separate agencies with three separate commissioners. Current commissioner Michael McEvoy wears three hats. His passion is protecting privacy. FOI and lobbying regulation don’t get the attention they deserve. It is simply unacceptable for many FOI appeals to the OIPC to take five years for an investigation, inquiry and final decision.

Four, allow FOI appeals directly to the provincial court. The often-five-year FOI appeal sagas through the OIPC processes, which are all too common, benefit only the bank accounts of lawyers and harm the public’s right to know. We need to let the public and media bypass the OIPC when necessary, when it is urgent, to let a provincial court judge decide on contentious documents.

Five, add the Legislative Assembly to the act. In February 2019, in the wake of the report by then Speaker Darryl Plecas, the OIPC commissioner, the Merit Commissioner and the Ombudsperson made a joint public appeal. They called on the NDP government to add the Legislative Assembly to the act. NDP House Leader Mike Farnworth agreed. He promised to do so. Three years later, it’s a broken promise.

Meanwhile, we also wait for the verdict in the fraud and breach-of-trust trial of Craig James, the former Clerk. If the act could’ve applied to the Legislature from day one back in 1993, the spending scandal may never have happened.

I also want to end with just two general recommendations.

I ask you, as MLAs, to watch Sean Holman’s documentary. It’s called Whipped. It’s about the archaic tradition of party discipline in B.C. You were not hired to be an MLA by your party leader. Citizens sent you to Victoria. Be brave, and do the right thing. Represent the people that gave you the job you enjoy today. Caucus members outnumber leaders. There is strength in numbers. Speak up. Don’t be trained seals.

Two, you will not be MLAs forever. Your goal should be to leave the governance of B.C. better than how you found it when you were elected. Past committees have made wise recommendations, but their reports were filed and forgotten. Be the committee that delivers change for the better. In the spirit of Plato, be the adults who embrace the light instead of the darkness.

R. Glumac (Chair): Thank you, Bob.

Do we have any questions from the committee?

J. Rustad (Deputy Chair): Thank you, Bob, for those very concise recommendations. It’s nice to hear that.

I couldn’t let you go without at least one question. I’ve been thinking through this, and I’ve asked this question of all the presenters. The Freedom of Information Act, when it was written, was written at a time before the Internet. Technology has changed dramatically. I’ve often wondered whether we should stop talking about restrictions that can come from this act and get to a place where we proactively release all information, with the exception, of course, of the information that a freedom-of-information officer says could not be released.

If the freedom-of-information process were to go down that road, do you think that would address the five recommendations that you have made?

B. Mackin: Absolutely. That would be a great first start. If this committee could study models elsewhere…. For instance, Hamburg, Germany has a regimen where…. There was a scandal there a number of years ago about an opera house that cost way too much. The construction cost overruns were way excessive, and it became a big scandal there.

[11:40 a.m.]

The solution to that was that they didn’t want that to happen again with taxpayers’ money, so they changed the model. They decided to have a transparency law, a law that built on some of the freedom-of-information laws that exist in North America and other parts of Europe. But their idea was disclosure by default. That government has to remember who the boss is.

Government doesn’t have money; government has the peoples’ money. Government is owned by the people. If government can change its culture and understand it has to be open — and to think openness first — and make decisions in public…. Right now, we have a system of government here in B.C…. People on either side of the aisle will understand this, even the Greens, who had a bit of an eye into it when they had the power-sharing agreement with the NDP. The Premier’s office has too much power. The Prime Minister’s office has too much power. Mayors’ offices, in certain cities, have too much power.

The concentration of power has happened at a time when there should be more power given to the people. Because of that concentration of power, there is less chance for the public to see how decisions are made, less chance for their voices to be heard and less chance for them to see the information.

I absolutely think that there is room for proactive disclosure. That has to be part of the culture shift. There was a group called the COVID-19 Accountability Group that put out a report in May 2020. Part of their idea was a 15-day deadline for proactive disclosure on contracts, on scientific reports, on other types of information.

The proactive disclosure — as I mentioned in my presentation — that we have now is inadequate. It’s just a policy. It needs to be enshrined in law, and there needs to be hard deadlines. The people at the information access operations department have heard from me enough in the last couple of years.

The Health Ministry — the ministry with the biggest budget in government — has been the worst offender. They’ve been missing deadlines for their list to proactively disclose no big contracts. They’ve also been late in filing the minister’s expenses. They’ve been late in filing, for public observation, the minister’s calendars.

There is no one to hold them accountable, because that was just a policy change. This needs to be law. There needs to be penalties. There needs to be accountability to make sure the public gets the information it has a right to see in a timely fashion.

So absolutely — proactive disclosure is needed. It’s got to be done in a way that gives the power to the people who ultimately own the institution.

R. Glumac (Chair): Thank you.

T. Shypitka: Thanks, Bob, for the presentation. I’m not sure whether to clap or slap my fins together as a trained seal. But thanks for the presentation. It was awesome.

Can you expand on your No. 3 recommendation on splitting the commissioner’s office into three? You said Michael McEvoy is wearing many hats. How would that look — splitting that office up?

B. Mackin: Federally, we do have separate offices. There is the federal Information Commissioner and the federal Privacy Commissioner. There is also a federal lobbying commissioner.

So the model exists federally, and I think that’s got to be looked at here provincially. Because since the act was made law back in 1993, of course, technology has changed. We’ve got a more globalized economy. Fewer borders in many ways. Information travels around the world at the speed of light. It wasn’t necessarily so back in 1993 in the early days of the consumer Internet.

With that, we’re also seeing the greater challenges at keeping sensitive information private. Maybe many of you — many people watching at home — have been the victims of identity theft in one way, shape or form, getting a phone call from your bank or your credit card company saying that you need to get a new bank card or a credit card because there’s been a security issue. That’s just the tip of the iceberg.

In fact, this dovetails with another one of my recommendations about the Legislative Assembly being put under the act. The Legislative Assembly itself had a cybercrime incident back in November 2020, and I’ve tried my darndest to try to get a copy of that report, but the Clerk’s office says it will not give it to me. It will not give me that report, because it doesn’t have to. The Legislative Assembly is beyond the reach of the act, despite what Mr. Farnworth had promised in February 2019.

[11:45 a.m.]

Here we are in March 2022, and we are still no further ahead in keeping the seat of government accountable and looking inside its affairs. That ties, again, into the privacy side of things — a lot of challenges on privacy. I know that Mr. McEvoy has been spending a lot of time, perhaps more time, on issues of privacy and information security than he has been in recent years on FOI.

This is a shame, because we’re in an era — as I said, and as Sean Holman said — of a post-truth society, where we’ve got worries about the future of our democracy, whether it’s here in British Columbia, in Canada, next door in the United States, or whether it’s foreign actors like Russia and China doing what they’re doing to try to harm our institutions. We need to give new life to institutions that are there to protect our democracy like we need to give new life to institutions that protect our privacy. Again, of course, lobbying is an important area that needs to be regulated in government.

As much as there might be an extra cost there, sometimes democracy costs. It’s a good investment, because the benefits outweigh the costs. I think that is what the committee should look at doing as well — making that recommendation about splitting the office in three so that each of those very important areas gets the time and staff that they need to regulate and to oversee.

T. Shypitka: Bob, just as follow-up, in regard to the separation, could you ever foresee any kinds of bureaucratic silos created with those three separate divisions within the freedom-of-information commissioner’s office? Could you see any problems that way? Have you seen that federally? I’m not aware of any, but maybe you can expand on that.

B. Mackin: Federally, they do seem to work together when they need to work together. The challenge federally, of course, has been in other areas of how those agencies work — the laws that each of those commissioners is entrusted with guarding. Now, the Privacy Commissioner federally has said, for instance, that British Columbia’s provincial privacy laws are stronger than the federal government’s privacy laws.

Of course, there are the budget allotments that do happen. It may not be so much the bureaucratic silos, as again, it points back to the concentration of power in the Prime Minister’s Office, in perhaps sometimes manipulating the process to have a desired outcome as to who they want to be head of a certain office or to stand in the way of the watchdog.

We’ve seen that in various jurisdictions, where there has been meddling, whether it’s here in British Columbia…. The previous Office of the Premier meddled in the office of the children and family commissioner, for instance. Then of course, there was the issue with the Auditor General — how the Premier’s office meddled with the operations of the Auditor General in a previous government. So we have seen different areas, but bureaucratic silos isn’t really an issue.

I think the other issue is, again, those at the top level of power, in the executive branch of government, meddling with those watchdogs. The watchdogs need to be empowered with reasonable budgets. They need to be empowered with a pit-bull commissioner, not a poodle, and they need to be allowed to have the freedom in order to do their jobs properly on behalf of the people.

A. Olsen: Thank you for your presentation, Bob. You were uniquely identified in the process. There are potentially hundreds of journalists in this province, but Bob Mackin shows up as the reason why we’ve got a fee. There was maybe one other reason, but within the debate, you were named. Maybe I’d just like to ask a question of you that I asked of Tyler Olsen, who’s also a journalist that presented to us today — around the frivolous requests.

I think that your name was tied to the reason why the fee needed to come in, because there was this journalist, Bob Mackin, making so many frivolous requests. I thought that maybe we could give you an opportunity here to respond, because you weren’t able to respond last fall. As well, we heard a lot about frivolous requests. I’d just like your perspective on that.

[11:50 a.m.]

B. Mackin: There are no frivolous requests. If a government like the NDP, which believes so strongly in education, is going to say that a reporter’s questions are frivolous, does the government truly believe in education? I was brought up — as probably you, and members of the NDP caucus, were — that there are no wrong questions, that we should encourage people to ask questions. When we’re talking about a government which is the biggest force in our province economically and socially, which spends $60 billion a year plus and runs up a big debt for future generations to pay off, there are no frivolous questions.

If there were frivolous questions, there is part of the act, section 43, that could have been exercised against me. That has not been exercised against me since Rich Coleman tried it, back during the B.C. Liberal era. when I was trying to find out about spending at B.C. Pavilion Corp. It never got to an inquiry because it was pulled at the last minute by the B.C. Liberal government of the time. It was used as a tool to try to silence me. There’s a story in the Tyee that I wrote, back in 2012 or 2013, about that situation.

There are no frivolous requests. I do have a lot of questions of government, as other reporters do, as other citizens do as well. I get contacted by readers who will offer me questions to ask, for instance, or give me tips on what to ask for. Frivolity? Not at all.

R. Glumac (Chair): Excellent. I don’t see any further questions. Thank you, Bob, for your presentation and for answering our questions here today.

Our next presenter today is Thomas Martin.

Welcome, Thomas. Good to have you here today. We look forward to your presentation.

THOMAS MARTIN

T. Martin: Good morning. Thanks for having me on.

I am taking a break from work to deliver this. I do work for a private company, but these are just my personal experiences and opinions. What I’m going to talk about is not just the FOI issue, but how it relates to government procurement. I apologize in advance for combining two of the most boring topics possible into one presentation.

My background is forestry. I have worked in a mix of government positions and private sector as a consultant to government. I’ve been in the industry for over a decade now, I would say, as it used to exist. The amendments to the FOIPP Act do not support proactive disclosure of government procurement records. This $10 fee, or any sort of fee, will only worsen an already opaque situation.

[11:55 a.m.]

I was going to make recommendations for improvement — just delivering them. First, I’d say: require, in legislation, proactive disclosure of government procurement records, including responses and evaluations of proposals, awarded contracts and the actual payments. If you’re not going to do that first step, then at the very least, make an amendment to FOIPPA, section 21(1), which allows for the refusal of records that might harm a business interest. Make an amendment in there to say that records relevant to government procurement cannot be withheld.

Of course, regardless of if you move ahead with either of those two recommendations, I’d say: drop the freedom-of-information request fee.

Now, that I’ve delivered those recommendations, just some background on some examples that I’ve had in my work experience. The first one I want to talk about is a real-life example that happened to me at the company I work for, for a request for proposal. This is a type of government procurement that doesn’t just evaluate based on cost. It allows you to provide experience and methodology for a project, and it allows for more flexibility.

We felt like something was off with the evaluation, and we wanted to have some accountability and transparency in the process. So we actually asked to see the other proposals that other vendors submitted, and their evaluations, to see if we were evaluated fairly. We were told that we’d have to file an FOI to see those.

We filed that FOI. I think we had two delays. Then our FOI was returned 100 percent redacted. So we were told that to have transparency in this process, we’d have to file an FOI. We filed it, we had two delays, and it was returned 100 percent redacted. The explanation we were given was that delivering these records would harm the business interests of a commercial organization or third party. Of course, now we’d have to pay $10 to get a blank FOI returned to us after several months of delays.

Another example of transparency in government procurement is direct awards. I was actually doing market research for the Ministry of Forests, and I compiled the direct awards that are typically published in summary PDF tables with one line item per contract — no explanation about what the contract really is or the deliverables or anything like that. It’s just a very short summary.

I compiled that, and over the course of four years, FLNRO reported $151 million in directly awarded contracts. These are contracts with no competitive process. That, I believe, represents about 3 percent of the total FLNRO budget each year that’s directly awarded. Of course, the only way to look into these contracts is to file individual FOIs for these contracts.

A third example I want to talk about is the unreported contracts. In government procurement, there are policies that directly awarded contracts get published in these summary tables, and contracts over $10,000 get published in these summary tables online. But they don’t always go there. For example, just out of interest, I looked for my fire-line contract from this past summer, which was both over $10,000 and directly awarded. It should have been published online in either of those two tables or both of those two tables. It was not published.

Now we have a contract that was directly awarded, that is not published anywhere and that has no records online. So the only way you’d be able to find it is if you knew it existed and then you filed an FOI to receive the contract details.

I was emailed an FOI summary. I can’t remember when I got this email. It was a year or two ago. It was in regard to a B.C. Wildfire program. Someone else had done all the FOIs, and there were five companies that received work out of this new program. I believe the total summary of work in this program was about $1.5 million. One company that was owned by ex–B.C. Wildfire employees received $1.3 million of the total, and the next largest billing company on the list was $200,000.

[12:00 p.m.]

That’s an example of contracts that were directly awarded. Well, I actually don’t know, because I just got an email summary of it. I didn’t get the FOIs. It was an example of contracts that were probably directly awarded, but they probably wouldn’t post it online. The only reason someone found out about them is because they submitted a bunch of FOIs to get this information and then compiled it manually.

Nothing is changed for the procurement process, but you now have to pay ten bucks per FOI. I appreciate that government procurement is quite boring. There is a lot of policy and regulations around it and not a lot of follow-up if those policies and regulations are followed strictly. Then, as vendors or as the general public, so much of the time we have to file FOIs if we want to find out more information. Then when we do file those FOIs, they often come back incomplete or with more information needed, and now we need to pay ten bucks per FOI.

My recommendations that I said at the beginning still stand. I think it would be great for this committee to recommend more proactive disclosure in legislation for procurement. This could be either in the FOIPPA act or, for example, the Procurement Services Act. If you’re not going to do that, then at least amend FOIPPA so that you can’t claim it’s harmful to business interests if it’s a government procurement process. As well, there’s other stuff in procurement policy that can happen. Of course, please remove the $10 FOI fee.

Okay. That’s the end of my presentation. If you have any questions, I’m here. I know we’re into lunch now, but I’m here.

R. Glumac (Chair): Excellent. Well, thank you, Thomas, for your presentation.

Committee members, are there any questions?

A. Olsen: Thank you, Thomas, for your presentation. I think it was very similar to the very first presentation that we heard from Chris Atchison and the B.C. Construction Association. I think that you highlighted it as an opaque situation. I think he probably would have agreed with that characterization of it.

I don’t really have a question. I think your presentation was very clear. Just to, I think, emphasize the point that with billions of dollars each year being spent from the government procuring services and goods, this is a very important area that you raise. Thank you for your presentation.

R. Glumac (Chair): Thank you. So no question there, just a comment.

J. Rustad (Deputy Chair): Thank you for the presentation. One of the biggest frustrations that I’ve seen over my time in politics, spanning multiple governments of course, is the procurement, the bid process, and not being able to show that evaluation publicly. It used to be the opening of the envelopes to see who won. Now that this whole process has gone digital, it seems to be less and less information is out and available. It is one of the things that I’ve noted.

I found it interesting, in terms of that number that you used for FLNRO. I think it said 3 percent of their budget is out through direct awards. I hadn’t realized that there was that many through there, so I want to just say thanks, first of all, for sharing that. It’s interesting to think about how much of that is going out there.

I know, for example, when we were in government, in many cases you’ve got deputies or former deputies or former staff people that are hired for significant amounts of money over a period of time to come in as a contractor and work to do negotiations and to do those sorts of things. So it wouldn’t be unreasonable to see those types of things in place, but there still should be more transparency in terms of why and the rationale around it.

I wanted to once again thank you for highlighting that particular issue.

T. Martin: You’re welcome.

I should add that the 3 percent number was just some back-of-the-napkin math I did right before this presentation. The number I do know is $157 million from 2017 to 2020. I think that’s 3 percent of FLNRO’s budget.

R. Glumac (Chair): Excellent. Thank you.

I don’t see any other questions, so thank you very much for your presentation. Much appreciated.

Okay. With that, committee members, we will take a recess until 1:15. We’ll see you back then. Thanks.

The committee recessed from 12:05 p.m. 1:19 p.m.

[R. Glumac in the chair.]

R. Glumac (Chair): We have our next presenter coming into the Zoom right now. We have two presenters from i-SIGMA. We have Tony Perrotta and Robert Johnson.

Welcome to the committee. It is great to have you here today. We’re looking forward to your presentation, so take it away.

[1:20 p.m.]

i-SIGMA

T. Perrotta: Okay. Well, thanks for having me here today. Thanks for the opportunity. My name is Tony Perrotta, and I am the chair of the Canadian branch of the International Secure Information Governance and Management Association, also known as i-SIGMA. With me here today is our global executive director, Bob Johnson, who is an expert and thought leader on information life-cycle management.

To give everyone just a little bit of background on i-SIGMA, the association was created in May 2018, following the merger of two associations — the National Association for Information Destruction, also known as NAID, and PRISM, which stands for Professional Records and Information Services Management. These two organizations merged in 2018, forming i-SIGMA.

NAID had always been the watchdog association for secure shredding operations worldwide. Together with PRISM International, the joint association now represents all four pillars of records and information management. These four pillars are basically the physical records, information storage, data protection and media vaulting. There’s the whole digitization and scanning of documents, and then there are the confidential records and information destruction services.

As such, i-SIGMA is the umbrella association for these professional privacy practices that stand united, heralding the proper information life-cycle management needed in a world of increasing threats to privacy, and i-SIGMA operates around the world. So while I can speak to the Canadian market, Bob can also provide an international perspective on best practices when it comes to information management and privacy protection.

Let met start by praising you guys, praising British Columbia. This province has traditionally been a leader in privacy protection, and we have long considered PIPA a vastly superior piece of legislation to the federal government’s PIPEDA. I know that this is not the focus of today, but I thought I’d mention it. I just thought it was a good thing.

As for the Freedom of Information and Protection of Privacy Act, generally speaking, I think it’s a solid piece of legislation. We were certainly pleased with the changes last year that made breach notification mandatory. We believe that all privacy legislation, whether for public or private sectors, must include a breach notification provision.

We were also pleased with the requirement for public sector organizations to have a privacy management program. This is something we recommend for all public and private sectors, though we also call for organizations to publicly disclose their privacy policies.

We feel that empowering consumers to shop around for suppliers that offer best-in-class protection…. While this is not applicable for the public sector, posting privacy policies and practices should still be a requirement, since it speaks to the transparency and accountability of these organizations.

In terms of specific recommendations to improve the act, one item that is missing is a clear requirement that organizations safely destroy information that is no longer needed, and i-SIGMA believes that information is only as secure as the weakest link in its life cycle. In too many cases, so little attention is paid to the end-of-life cycle management of information. That’s why we’re requiring that there be a provision for safe destruction and disposable, especially at the end-of-life cycle.

As evidence of that, there are frequent reports of personal information found in dumpsters, recycling bins, abandoned buildings, or stored on discarded computers and electronic devices. All measures taken to protect that personal information during its useful life are negated if it’s not destroyed safely at the end-of-life cycle.

[1:25 p.m.]

This is not a new problem. We’ve been seeing this happening over several years, as we’ve been raising these issues with i-SIGMA or NAID for the past decade.

I’ll give you an example. In 2010, NAID Canada, one of i-SIGMA’s predecessor associations, released the results of an audit into information destruction practices, mainly focused in the Greater Toronto Area. The audit found that over 14 percent of commercial dumpsters in the GTA contained personal information, which is a disturbingly high number for us. That exercise has since been repeated in countries like Australia and Spain and sparked national conversations in those countries around the failure to securely destroy information that is no longer needed.

Furthermore, the threats related to a failure to safely destroy information do not go away as more records only exist in electronic format. For example, in 2017, our U.S. association conducted the largest study to date looking at the presence of personally identifiable information on electronic devices sold secondhand or in the after-market, if you want.

The study found that 40 percent of devices that were resold in the after-market in these channels contained residual information and, precisely, more personal information. To ensure credibility, the study was conducted by a third-party forensic lab. Alarmingly, however, the investigation used only basic recovery methods, not sophisticated forensic examination, meaning that the information obtained would have been accessible just to anybody that had these devices in their hands.

Among the information that was recovered were things like credit card information, user passwords, company and personal data, tax details — things like that. The list goes on and on. The devices examined included mainly mobile phones, tablets, computer laptops and hard drives that are typically sold in the secondhand marketplace.

Given the recent interest in Canada on matters related to cybersecurity, the results of the secondhand electronics study show how matters seemingly as simple as safe information destruction can have a profound effect on impacts of individuals and organizations and even national security and the broader economy.

Because of these serious implications, we have been advocating for all privacy legislation to include a specific destruction requirement, along with definitions of destruction. We’ve got to have some type of a requirement to dispose of information in the act, but that is not defined.

As I mentioned earlier, often enough, the end-of-life cycle is typically one of the most overlooked aspects of data and information disposition. However, PIPA includes a specific requirement, and we recommend that FIPPA do the same.

PIPA states:

“An organization must destroy its documents containing personal information, or remove the means by which the personal information can be associated with particular individuals, as soon as it is reasonable to assume that (a) the purpose for which that personal information was collected is no longer being served by retention of the personal information, and (b) retention is no longer necessary for legal or business purposes.”

To that, I would add, “destruction” is defined as “the physical destruction or electronic erasure of information or media in order to render the information practicably unreadable and unreconstructable.” This definition applies to both paper and electronic records and would eliminate any ambiguity around what’s required when it comes to information that is no longer needed or, in other words, at the end of its life cycle.

Now with that said, I would like to hand this over to Bob to touch on three other important points.

R. Johnson: Thank you, Tony.

[1:30 p.m.]

My name is Bob Johnson. I am the current executive director of i-SIGMA, and I’ve actually been in the secure destruction industry, believe it or not, for close to four decades. Again, I want to thank you for this opportunity.

Our final three points are as much practical as they are legislative. There are certainly legislative considerations related to them. While we’re aware that FIPPA addresses the government’s protection of personal information, we believe it’s in the best interests of all that the private sector sees government upholding the same vigilant personal information protection standards.

First, Tony mentioned some of the disturbing studies we’ve done of the destruction practices around the world regarding casually discarded paper records and electronic equipment. Since the commissioner now has audit powers, we would encourage that he specifically review destruction and disposal practices, as our experience suggests and demonstrates that he may find a significant compliance gap with government offices and agencies.

Secondly, I would like to stress the importance of enforcement and accountability to ongoing compliance. Over the years, I have received many inquiries from data controllers around the world looking to enhance their data destruction processes in response to additional regulatory accountability, including fines and sanctions. When additional accountability is added, compliance with data protection requirements always increases.

For this reason, we recommend strong enforcement powers for the data protection regulators, as well as appropriately stiff accountability for agencies that do not properly destroy personal information as part of their disposal processes. It only takes a few examples to get the other agencies and organizations to take it seriously.

Finally, we believe data protection regulation should hold the data controller — in this case, agencies and government offices — responsible to demonstrate the proper due diligence in the selection and contracting of their third-party data processors, including those who provide data destruction services.

The fact is that data destruction is now predominantly outsourced to third-party contractors. Unfortunately, the combination of demand by trusting clients and the absence of clear regulatory guidance on due diligence in contracts leads to unsecure, non-compliant, even disreputable service providers being entrusted to protect personal information. Again, we have seen firsthand that the best way to ensure data controllers demonstrate service provider selection due diligence is by holding them legally responsible for the quality and compliance of their third-party data processers.

Clearly there’s a lot more to say on this subject. Tony did a great job of highlighting some of the points. We’re available to answer your questions here or at any time, obviously. I’ll just close by thanking you again for this opportunity to share our perspective.

R. Glumac (Chair): Thank you very much. We have a question from Tom.

T. Shypitka: Thank, guys — Tony and Bob.

Maybe I’ll start with Bob, first of all, on your third point there, data controller and holding agencies accountable, especially for those third-party entities that are outside jurisdictions. We heard from another presenter that suggested that outside data storage wouldn’t pose an eminent threat. It kind of made me think a little bit.

Would your No. 3 point, Bob….? How would they be able to control or how would they be able to hold those accountable outside the jurisdictions?

R. Johnson: Well, there might be some confusion, maybe. Maybe I didn’t express it clearly enough regarding my point. If we’re talking about government agencies or even the private sector sharing information across borders, certainly there needs to be a responsibility with those data controllers and agencies that there is some downstream due diligence in the ability of those extrajurisdictional entities to protect that information.

[1:35 p.m.]

Here, though, what I’m specifically talking about are…. They’re generally identified in most of the GDPR in Europe or, really, around the world. They’re recognized as third-party data processors, which are the ubiquitous and even necessary third parties that [audio interrupted] every business, every organization, every government agency hires to help them do the things that they do. In some cases, it’s a building service, or record storage or data destruction.

But this isn’t really about sharing information with entities outside the jurisdiction who may use or store that information or retain it in some way, like a hotel chain or something like that. This is more for the really nuts-and-bolts daily operation of the organization, the people they hire that, by virtue of what they provide, the services they provide, they have access or take custody of that personal information.

Am I missing something in my explanation there?

T. Shypitka: No, that’s great. I just wanted to also touch upon the life cycle. This one would go to Tony.

You talked about data being destroyed after its life cycle, whatever was reasonable. Those are kind of broad terms. I would imagine that the life cycle is different for one set or another. How would you write that up? How would you recommend that we put that in more definite terms in legislation — what life cycle was?

T. Perrotta: If I could touch a little bit upon that. I was referring more to the end of life cycle, so I guess when you’re done with the information. Information is really like a very porous thing. Let’s take devices, for example. You’re upgrading your IT systems in the public sector, refreshing endpoint devices. That could be laptops, mobile phones or computers, whatever it is — hard drives.

What’s the sense of having all this security, cybersecurity, investing all this money in resources, if you want, and maintaining data security, and then, when it comes to the end of life cycle, it’s kind of like it ends there? You don’t even think about it anymore. You just want to dispose of it. You don’t want to put any more work into it. That’s typically been our experience with a lot of public sectors.

Another area of expertise I have is that I run an organization that specializes in the disposition of IT and data destruction. What we’ve been seeing a lot, especially in the public sector, and in the private — I can’t say it’s just the public sector — is that often enough, data disposal or the disposal of IT and devices is passed down to someone who is kind of lower down in the organization. They really just want to get rid of it. They feel like the information that’s on it is not important.

That’s where I find that they lack the proper documentation. They lack the proper security requirements in place to properly document. Just because they hit the bin, for example, doesn’t mean the data is no longer important.

R. Johnson: I’d like to speak to that also, if I might interject. Tony, I think you did a great job of explaining this whole idea of the need for guidance and diligence in vendor selection — due diligence — so that it’s not relegated to someone that doesn’t understand the process. The vendor receiving those materials appreciates and is doing the right thing.

Again, it’s kind of an emerging principle throughout the world with regard to the protection of personal information. Personal information is more or less a data subject, meaning individual citizens’ right that their personal information will not be retained any longer than it needs to be retained for the purpose it was retained for.

I think they didn’t, at the end of the life cycle…. If there’s a life cycle, it’s generated. There’s a time when it’s used, and then there’s a time when it’s no longer needed. At that point is where disposal usually comes in. But part of the language that Tony read from PIPA actually specifies in there that it shall not be retained longer than needed.

[1:40 p.m.]

Again, that speaks to security, but it also speaks to the right of an individual to be forgotten. I’m guessing you guys have heard that term before. The information doesn’t need to be retained any longer than it needs to be retained. It is a security thing, but it’s also kind of a right that my information not be retained unnecessarily.

R. Glumac (Chair): We have a question from Henry.

H. Yao: Thank you so much for the presentation. I just wanted to clarify one of my understandings. Based upon your recommendations, the suggestion you’re sharing…. Obviously, now with FIPPA, there’s a security safety plan. You’d like to have some kind of data destruction or data end-of-life-cycle policy added into it as part of the security safety plan. Is that the direction we’re leaning towards at this point?

R. Johnson: I’ll just take that one. If the question is…. Our recommendation for including and calling out a hard mandate and requirement that personal information be properly destroyed when it’s discarded is simply a recognition that it’s often neglected if it’s not specifically addressed, with no uncertain terms.

Now, I’m not sure. Did I address the question correctly there?

H. Yao: It’s okay. Don’t worry about it. We’ll move on.

I do have a question about it. I noticed plenty of mentions, all throughout, of your use of the term “destruction”— quite a few times — associated with electronic devices. Obviously, with climate change, as well, as a topic, we definitely want to reuse and reduce whenever we can. So I’m wondering. According to expertise, are there simple protocols or simple practices that can be exercised to ensure that devices can be cleaned, wiped and be passed on to the next individual without, as you mentioned earlier, this kind of forensic equipment that can actually re-identify data that used to be erased by the practice itself?

R. Johnson: Well, Tony, why don’t you field that first? Then I’ll fill in any holes.

T. Perrotta: Sure. You know what? We have a lot of that here, too, with the circular economy. With climate change driving a lot of the decisions we make today, there is a much larger demand for the repurposing, the reuse, of devices.

Now, that can be also done and achieved…. When we say “destruction,” we mean destruction of data, not necessarily the entire device. Data could be destroyed by being wiped, for example — removed from devices — which we do a lot of, by the way. We wipe thousands of devices, but we do it in a way where we don’t use any free software. We basically do it securely. We have encrypted software that wipes this data from devices — more specifically, cell phones, smartphones, tablets, laptops, servers and hard drives, for example.

NAID, for example, has a requirement that you have to meet a certain standard in order to be NAID-certified. This means you have to have proper security measures. Your facility needs to be secure. When you wipe a device, any NAID auditor can show up unannounced at any time and ask you for a device that you’ve wiped. They’ll send it to forensics, and if they find any data on that device, you fail. You basically don’t get the certification, right? These are just a few of the standards and requirements that NAID requires from NAID-certified organizations that provide these types of services.

R. Johnson: Great job, Tony. I think there are nuances, as well, to the question.

If the electronic media are repurposed within an organization where there’s a certain understanding and a certain obligation among the parties that any information that should survive the wiping would be protected, that’s one thing. Tony referenced one of the studies. We’ve done several over the years with electronic media. The last one we did was the most ambitious. Not only were we able, though, to retrieve personal information off those devices in 40 percent of them; a significant portion of them had evidence that someone had tried to wipe them.

[1:45 p.m.]

An organization like Tony’s — there are hundreds of organizations, companies, that provide that service — is more in tune with the technical savvy and expertise to do that properly. The challenge, when you’re passing that device on, outside of an organization where you can no longer control what might reside there, is that you don’t have the liberty of taking any chances.

I would say that self-administered wiping inside of an organization, if it’s not done by a professional, is risky at best. We don’t advise that. We advise, again, that if it’s going to leave the care and custody of the data controller and they’re going to lose control of it in that way, they take stronger measures to make sure that the data has either been erased via overwriting or that it be physically destroyed.

H. Yao: Can I have a quick follow-up?

If you don’t mind me piggybacking on my previous question, now I’m going to talk about paper-based data. Obviously, if you throw out paper-based data through a recycling bin or through a shredder, they are potentially retractable, obviously by an individual who wants to spend the time and energy trying to retract them.

So for a professional shredding service, a professional data destruction service, if we provide paper-based data, I ask: how does it usually get processed, and is there any potential room for allowing the residual leftover material to be recycled or reused — any kind of means to allow that to be returned back to the circular economy?

R. Johnson: Tony mentioned our certification program, and it is the most successful data security third-party-operator certification out there. We didn’t come here to talk about that, necessarily. But to your point, the business model for literally these thousands of companies out there that provide data destruction service is predicated on the recyclability of the paper materials they destroy.

They’ll take it down to a small particle size. Of course, you have to remember — and if you need a tour of one, we’re happy to give you a tour — that these processing centres are handling hundreds of tonnes of paper per month that go through their facility. They’re destroying it en masse and then baling it up into bales that weigh more than a car and then shipping it off to a paper mill.

It’s already been physically destroyed and is now going to a paper mill where it’s going to be made into new paper. That’s actually part of how they offer their services so economically, because there’s that side of the business that’s there.

Just in the industrial methodology in which it’s used, it is, I will say, virtually impossible that anything could be reconstructed out of that process.

R. Glumac (Chair): We have a question from Susie.

S. Chant: Thank you for your presentation today. If I’m understanding correctly, and I think I am, the privacy plan that is part of the most recent legislation and is expected…. If that privacy plan were to address all components of the life cycle of data, then you would feel that it was doing the job that needed to be done.

Really, you’ve given us two different issues around electronic data. One is the devices themselves, and one is the actual data, the destruction of the data and also the disposal of devices appropriately.

So my perception is that whoever is creating a privacy plan needs to incorporate the entire life cycle of data and have specific direction as to what happens in each part of these cycles. So if, for instance, we incorporated, in the legislation, that framework, or in whatever way that it gets done, that would meet what you’re speaking to. Am I on track?

R. Johnson: I think you’re 100 percent on track. If I would add anything to that, it would only be that…. I understand that within the public sector, there are both limitations and maybe some advantages to building in accountability.

[1:50 p.m.]

Tony made this point, and I’m probably unnecessarily reiterating it. Often we see very elaborate controls and processes regarding the protection of information, upon how it’s collected, managed, transmitted. Then, at the end of that 14-page or 45-page manual, is one line that says: “It shall be properly destroyed at the end of its life.” There’s no further direction whatsoever regarding the details by which that would happen, including how due diligence applied to the vendor, the processes to be used, and how employees are trained to isolate and recognize it.

One of the challenges we face — and it comes up — is recycling. Far be it from us to argue against recycling. No one would ever advise that every employee in an operation be given a switch that they could turn off the firewall to the computer. That would seem insane. Yet, most employees make that decision 100 times a day on what they’re going to do with the paper or electronic media that they’re handling, either a thumb drive or a piece of paper.

In some regard, one of the battles we fight is encouraging organizations to train their employees to understand…. The point is if there isn’t a training program about that, then it’s a major loose end in the program. Again, that would be something that would be addressed in that same policy and procedure.

R. Glumac (Chair): Well, I don’t see any further questions. Thank you so much for your presentation and for your time today.

R. Johnson: Let us know if we can be of any help along the way.

R. Glumac (Chair): Excellent. We will.

J. Rustad (Deputy Chair): Before we go into the next presentation, there is an individual in government — I think it’s the archivist, I’m not sure, exactly, the name of it — that is responsible for what needs to be kept permanently and for the destruction of information. It might be worthwhile to ask that individual to come in and present to us, in terms of what the standards are that are currently being done.

It’s just something that we might want to add to the list of information that we can look for.

R. Glumac (Chair): We can discuss that.

J. Rustad (Deputy Chair): Just before I forgot about it, I wanted to throw that out there. Now staff has it, and we can talk about it another time.

R. Glumac (Chair): Our next presenter is Keegan Clark.

Welcome, Keegan. We look forward to hearing your presentation today.

KEEGAN CLARK

K. Clark: Hi there, thank you. I would like to thank the parliamentary committee for allowing me to speak here on this day, the 15th of March, 2022, to address concerns of many, including myself, regarding FIPPA and Bill 22, 2021, that was passed on the 25th of November, 2021.

What you’re about to hear may shock you, it may disgust you, and it may frighten you, because this is only one example of many who have suffered consequences. To provide a better understanding on how this directly reflects on Bill 22 and the issues within FIPPA, I must explain where it began.

So far, our data collection of 113 participants who have suffered negligence, abuse and/or assaults and the more unfortunate individuals who have suffered the worst consequences — death — shows a pattern in an unimaginable amount of evidence. Private corporations and/or personnel governed under private corporations — medical doctors, public bodies and our personnel governed under public bodies — have abused their position and power of authority.

A data collection investigation was initiated in 2017 where a public health authority body known as Vancouver Island Health Authority, VIHA, and/or personnel governed under VIHA, were caught unlawfully doctoring medical records to cover up and hide evidence through numerous copies of records. Due to this, it prompted a complaint with the patient care quality office, PCQO. VIHA and/or personnel governed under VIHA committed crimes under the Criminal Code of Canada in implementing internal policies in 2018.

A PCQO case officer stated: “VIHA lawyers will be creating a policy so this does not happen again.” That states: “Please be advised that Island Health is not obliged to provide copies of records that have been previously provided,” which did not abide by FIPPA laws, nor a Supreme Court of Canada judgment which takes precedence.

[1:55 p.m.]

Part of this lengthy investigation, on the 16th of December, 2020, a non-consensual surgery took place at a VIHA facility with staff and a patient under the pretence of medical coercion. Offences under the Criminal Code of Canada and many more negligent factors therein took place, resulting in severe bodily damage and a near-fatal drug-related overdose, with complications. The patient was awake and completely aware of their surroundings in an unaltered state of mind during the surgery.

Upon completion of the surgery, the surgery was successful, with no issues or repercussions, as stated by the surgeon. It was at this point when a horrible act was committed, as the patient was lying on the operating table in a very vulnerable position, cut open. The surgeon explained and showed the patient what the tendons and tissues look like and where they are located.

The surgeon then looked at the patient and said: “Want to see something funny?” The patient looked over at the operation site, where the bones, tissues and tendons were exposed. On the surgeon’s own accord, without permission, he began to pull body parts out of the body as if the patient were a puppet.

The patient began to wonder if this was okay and kept feeling this wasn’t right. The patient looked at the assisting doctor for assurance; however, the assisting doctor’s eyes widened with a worried expression as they portrayed their worry to the recorder, known as the nurse. The whole room became silent.

The surgeon continued these actions. The surgeon’s hand was shaking as the body parts were being pulled out of the body, excessively, to the point where connective tissues were detaching from body parts and other tissues within. At this point, the patient began to laugh profusely out of distress and looked away, feeling hopeless and hoping it would stop. His laughing continued. The anaesthesiologist then took over and caused a drug-induced overdose.

A hypertensive emergency with signs of in-organ damage occurred, followed by convulsions. At this point, death was imminent. Loss of consciousness then occurred. Luckily, the patient survived and they later found there to be an excessive amount of drugs and of drugs not allowed to be administered intravenously.

Medical doctors have commented on these matters, and the most experienced medical surgeon in British Columbia, for this type of procedure, stated things such as: “That’s crazy — 250 milligrams? Our dose is normally 100 milligrams.” Or: “Marcaine will kill you.” The medical professionals responsible were so negligent that now professionals have questioned their credentials and intentions. Now, they were so eager to push the patient out.

However, there was one individual who made a difference from the easy decision — this decision of morality and compassion. This nurse pulled this patient aside — that nurse had tears falling down her face — gave the patient a hug, and apologized for everything the patient went through and shared before the patient was wheelchaired out of the hospital. That right there is health care. Health care isn’t just administering medication and performing tests. It’s the compassion, the sincere want to help those who need it.

The patient has gone through all the right channels to get answers and help, like patient care quality offices and obtaining records. However, as seen time after time, these quality offices are set in place to limit exposure and minimize damages — for instance, the unlawful doctoring of medical records from 2017 and 2018. Nothing was done about that. It was simply brushed under the rug, and an unlawful internal policy was set in place.

VIHA and/or personnel governed under VIHA — and corporations and/or personnel governed under corporations involved in these matters — have committed unlawful access, use and disclosure of confidential medical information and personal private information, such as the disclosure of full legal name, date of birth, sex, residential address, personal cell phone number, personal health care number and medical information.

VIHA and other corporations have breached multiple sections of FIPPA and PIPA, from which the patient mentioned, who was intertwined with all of these issues, had their private, personal information and medical information leaked to employees and the general public, out of spite, for reasons such as: “I have access to everything.”

One corporation involved apologized, in a formal letter, for the part they took in the unlawful access, use and disclosure of confidential information. However, an apology cannot correct the identity theft nor the financial burden caused by such actions. However, VIHA once again swept the unlawful access, use and disclosure of confidential information under the rug.

The patient of this surgery requested the medical records pertaining to the surgery. However, the medical records that were supplied were insufficient, incorrect and/or partial. Therefore a secondary request to retain all records and information was requested. That request was denied.

I would like to refer to a letter from VIHA denying access to medical records, based on their unlawful internal policies, dated the 18th of October, 2021. I would like to reiterate the following: “Please be advised that Island Health is not obliged to provide copies of records that have been previously provided.”

[2:00 p.m.]

This letter also refers to case law from an OIPC of B.C. decision that they, VIHA, claim the policies abide by. Line 12-15: “Please be advised that Island Health is not required to process repeat requests for the same records. Accordingly, we will not be reprocessing any requests for records which have already been supplied to you for previous requests. This decision is consistent with case law created through the Office of the Information and Privacy Commissioner for British Columbia.”

If VIHA or a public body would like to so loosely create policies based on case law, I, too, would like to refer them to case law. The Supreme Court of Canada, the most prestigious court in all the land — McInerney v. MacDonald, 1992: “Patients have a right to see the content of their record at any time and for any reason.” VIHA’s internal policies are completely contradicting every aspect. That being said, the Supreme Court of Canada holds a higher power and authority than any OIPC of B.C. decision, which takes precedence in all provincial and territorial laws.

A letter addressed to VIHA regarding their unlawful internal policies — that of which threaten legal action if they fail to provide all the requested medical records in accordance to FIPPA laws and case law, corresponding to the Supreme Court of Canada that supersedes the OIPC of B.C. case law — was sent. Later that day, Bill 22, 2021, was introduced into the Legislative Assembly on October 18, 2021. On November 1, 2021, a complaint was submitted to the Office of the Information and Privacy Commissioner — OIPC — regarding VIHA’s unlawful policies that restrict and deny access to medical records.

However, upon contacting the OIPC on numerous occasions regarding this complaint to receive an update, I received push back and answers such as, “I can’t seem to find the complaint,” or “Someone will get back to you” — whilst the individuals from the OIPC would chuckle or laugh in delay.

A response was eventually received on November 26, 2021, from the OIPC. That response was merely to notify that VIHA’s once-unlawful interim policies had now been made into law with minor adjustments to wording from the passing of Bill 22 on November 25, 2021.

I would like to refer to section 43(b): “Power to authorize a public body to disregard a request. If the head of a public body asks, the commissioner may authorize the public body to disregard a request under section 5 or 29, including because the request is for a record that has been disclosed to the applicant or that is accessible by the applicant from another source, or….” Who is responsible for proposing and drafting this section, 43(b) in Bill 22, 2021?

The issue is how and why the section was implemented in Bill 22. There are many instances of dereliction of duty regarding these matters. However, have illegal lobbying activities taken place over the section therein Bill 22, which is the cause for concern in raising [audio interrupted] to be investigated further.

I had the chance to speak to the Minister of Citizens’ Services on February 16, 2022, regarding Bill 22 and the minister’s involvement regarding the potential of illegal lobbying activities. I’ve spoken to the executive director of the Minister of Citizens’ Services, responsible for proposing, drafting and signing off on bills, that of which my questions were answered with direct answers.

However, questions of questions for answering eventually led to some answers I was looking for — one question in particular: “So the concern here is section 43(b). I’m trying to find out who and why created that section there, just because there are other issues that occurred prior to this, and it’s just quite a coincidence that that just occurred and appeared.”

The response was: “I would suggest to you that that is a complete coincidence.” I was first told that no lobbying activities took place. The executive director then continued to speak about processes and procedures: “I would say to you that the timing of the situation is coincidental.” “We didn’t receive any specific requests — or especially, particularly, with, say, 43(b).” “I feel comfortable telling you that we did not receive any specific lobbying for 43(b).”

I asked that same question in different ways. The executive director then went on to say: “It’s likely that VIHA lobbied or spoke to us about this.” As previous statements came in contradiction after questions were being asked: “It is entirely possible that during those consultations that section 43 specifically was raised as being too narrow.”

I continued to press and raise concerns of a complaint filed with OIPC regarding VIHA’s unlawful policies dated November 1, as that public body has been caught unlawfully altering and/or destroying medical records and refusing to release medical records based on unlawful policies. VIHA’s once-unlawful policies were now proposed into section 43(b) and presented into the assembly.

The executive director then expressed: “So not to recant what I said before, but I wouldn’t say that no health authorities have ever talked to us about section 43(b). It’s possible that they have.” “So basically, I don’t want to sit here and tell you definitively that no one ever talked to us about section 43, Keegan. They certainly did.”

[2:05 p.m.]

The contradictions and inability to answer four questions is quite concerning. I would like to refer to multiple sections of debate here in the Legislative Assembly during a question of privilege. Third Session, issue No. 143, page 445, Mr. Adam Olsen: “I rise at the first opportunity to address a question of privilege and to provide evidence that last November the Minister of Citizens’ Services may have intentionally misled this House.” As it appears, the Minister of Citizens’ Services is seen at the core of multiple issues that are being raised repeatedly.

I’ve spoken to the OIPC regarding section 43(b). The OIPC would simply throw words around, stating things like: “Oh, after a year or so has passed, the time limit would reset, and you could re-request your medical records or any records from a public body.”

Access to medical records is difficult enough. I have had the pleasure to listen to and examine some victims in similar situations and documents relating to concerns, some who have lost family members who simply want answers.

There have been instances where medical professionals have committed liable defamation against other medical professionals in falsely diagnosing patients to deny a request for medical records. The more disturbing aspect of this instance is why medical professionals went through extraordinary lengths to deny patients access to medical records. Patients have a right to need to see their medical records so they may obtain adequate health care and ensure that they are informed of their own health.

I’ve had police officers manipulate, lie, of course, even threaten my safety regarding these matters. As to their reasoning, I cannot say with certainty. However, what I can say is that these police officers and/or cases are directly involved in these matters I’ve discussed. I’ve been asked by a police officer: “Why are you doing this?” Shortly after, that same police officer said that I’m going to get hit on my motorcycle. “You’re still going to get hit.” Where’s the accountability?

Upon a formal complaint with the CPSBC regarding the mentioned circumstance, that prompted many concerns. The CPSBC are allowed to investigate physicians and surgeons of British Columbia only. The surgeon and anesthesiologist have been caught lying in medical records and statements made to the CPSBC during an active investigation, that of which can be corroborated by evidence of witnesses and audio recordings. The surgeon has admitted to committing these actions by downplaying the severity.

As to the witnessing nurses, unfortunately the CPSBC cannot intervene. We’re very interested in what the nurses have to say. As such, the British Columbia College of Nurses and Midwives, BCCNM, can investigate and intervene in such matters as it is the BCCNM’s duty and responsibility to protect the public.

A complaint was filed with the BCCNM regarding the possibility of negligence regarding the nurses involved in the patient’s care to receive a clearer picture and answers as to what happened, why it happened, and if any nurse is involved came forth and reported such incidences of dereliction of duty, as it is a health care provider’s duty to report such matters.

However, the BCCNM will not proceed as the complainant does not have access to full legal names and records. “We don’t know the full names of the nurses involved, so we cannot and will not investigate this.” As such, any nurse and/or midwife in British Columbia can commit offences and be negligent with no repercussions as long as the complainant does not know the nurse’s and/or midwife’s full legal name and/or retain records.

They’ll also blindly trust whatever a doctor testifies simply because of their status. Yet it has been proven that multiple aspects of previous complaints, where doctors have committed acts such as falsifying medical records and/or statements by the means of deceit, omission and blatant lying, has gone unchecked.

R. Glumac (Chair): Keegan, sorry to interrupt. We’ve scheduled ten minutes. We’re at 16. How much longer do you have for your presentation?

K. Clark: No worries. Two paragraphs.

R. Glumac (Chair): Okay. Thanks.

K. Clark: This section of Bill 22 gives a public health body and any public body across the whole province of British Columbia the power to disregard a request for records, such as medical records, on approval of the Privacy Commissioner if the applicant has requested for that period of records in the past, whether or not they have actually received the documents or have simply misplaced the documents and need to gain access to such files again, which causes a reason for concern of potential cover-ups and evidence tampering, as previously seen, thus not allowing access to medical records in the future, which may mean the difference between life and death for more unfortunate individuals. That also may infringe on the Charter of Rights and access to health.

[2:10 p.m.]

It is a never-ending revolving door of policies and laws acquired from governing bodies, where health care providers are so well protected, they are never held accountable. This must change, and it starts with having access to records.

These issues discussed in these sections aren’t something that can happen or may happen. These are issues that have and are happening.

This concludes my presentation. I thank you for allowing me to present here today. Unfortunately, I do not have more time to speak about additional concerns regarding section 33 as such. I ask for additional time or another time to present these concerns at a later date.

R. Glumac (Chair): Thank you. Members, are there any questions?

Keegan, you referred to…. You talked about a disturbing story regarding a surgery. Do you have a…? Has there been any media coverage of this that we could refer to and look at?

K. Clark: Not at this time. However, if the committee would prefer to review the evidence, there are thousands of documents, including audit recordings to corroborate all of this. However, in regards to media coverage, there has been no media coverage at this time.

R. Glumac (Chair): Okay. I don’t see any further questions, so thank you very much for your presentation.

I guess Keegan had a question of whether he could present on a different topic.

I don’t know that we’re able to schedule that in person, but you are able to make a submission, and it can be an audio or video submission, which will be received by the committee. Thank you for your time today.

All right. Our next presenter is not here yet, so we will recess until, let’s say, 2:20.

The committee recessed from 2:12 p.m. to 2:20 p.m.

[R. Glumac in the chair.]

R. Glumac (Chair): We have, joining us now, Maureen Juffs. She’s just coming into the Zoom room now.

Hi, Maureen. Welcome to the committee today. We look forward to hearing your presentation, so we’ll hand it over to you.

MAUREEN JUFFS

M. Juffs: Thank you. I’m neither tech-savvy nor government-savvy. I’m just a rural citizen — wife, mother, daughter, neighbour, volunteer. Maybe getting to be an elder in our tiny community, but it’s a diverse one. Through my life, I’ve always cared about our province, our part of the world and our planet.

I’m deeply concerned about the changes to the freedom-of-information and privacy laws, particularly the ones brought in last fall. I mean, some of these changes I just can’t get into, but making our data accessible to the U.S. or China seems, if possible, even more alarming than removing oversight and adding fees. I sure hope that your report can do something about this.

Last fall’s legislative changes…. Effectively, they make mistakes and inefficiencies easier to hide, as well as making malfeasance easier to hide. This profoundly damages our society — our civil society, our democracy. I’ll say it again.

I don’t know, and I shudder to guess, why those particular changes were rammed through without either incorporating many of the 2016 review committee’s recommendations nor waiting to incorporate your current review findings. I’m also very angry, still, with my MLA, and I do not understand why he went along with it.

One of the things that was particularly disturbing was flagged by the Privacy Commissioner. There’s no valid reason to exclude the B.C. Legislature from freedom-of-information requests. Those misappropriations from 2019 clearly show why we should not exempt the Legislature.

[2:25 p.m.]

Look, even if every soul in Victoria today could be trusted absolutely, without any oversight for the rest of their lives, to do everything right, it would still be a grave mistake to give all future governments an exemption from scrutiny.

Those not-so-modest fees for access-to-information requests — a toll gate on access, as Murray Rankin called them. I’m low income. A small fee presents a big problem to me. Right now, my teeth are in bad shape because cash was tight for the last few years. So yeah, any fee, especially $25 a pop, effectively cuts me out of any conversation unless somebody else will pay it instead. That shifts the power to people who aren’t me.

The problem is so much wider. I really have to thank Information and Privacy Commissioner Michael McEvoy and the journalists and academics and NGOs who have been flagging these things. I just want to say that this really matters. It matters to the public interest. As a member of the public, I really want to make it clear that I care.

I’ll probably never make a freedom-of-information request myself. But my informed decisions, as a citizen, depend on all journalists having unhindered access on my behalf. Nothing but a serious risk of harm can justify placing any restriction on that access. In particular, a fee, however modest, for providing public information to the public is unacceptable. A fee privileges the wealthy. It hinders research in the public interest, or pure research — any kind.

How unreasonable to charge us for information which our taxes already paid to collect. We do have a problem. I understand that thousands of requests from the opposition for freedom-of-information requests can be an issue. I understand that freedom-of-information requests aren’t really being dealt with timely…. That’s a problem of resources put to it, not a problem of too much requests. It’s a problem of a bottleneck in the information flow.

Could the problem with the requests have anything to do with understaffed departments? Could it have anything to do with there being no consequence if there are unreasonable delays? More staff and better access systems — for secure access, of course…. There are obviously privacy concerns that have to be respected. The concealing or withholding information is the part that has to justify itself.

The information on the workings of the government and non-personal information about our province and things that go on here should be public by default. Transparency is the basis for trust and participation in democracy. Lack of information cuts at its very root. When this is blocked, these policies, whether subtle or blatant, like last fall’s….

What this says is: “This is not your government, not your country. It’s ours. Run along. Mind your own business, and we’ll make the decisions for you.” That’s what this NDP government has been telling me in these decisions. That’s why I’m particularly mad at my MLA, because he’s one who should know better.

[2:30 p.m.]

I’ve heard that the Premier is concerned about surveillance of government activities. Freedom-of-information requests…. Yeah. Surveillance of government activities, I’d say, is actually the job of Her Majesty’s Loyal Opposition. Deal with it.

That problem is with the government not with the questioners. Government workings need to be transparent by default. It’s the basis for trust and participation in democracy.

Lack of information cuts at its very root — our society, our democracy, our solidarity as members of one community, one province we share. One country. One planet.

In particular, a fee, however modest, which the proposed fee wasn’t — any fee for providing public information to the public is unacceptable. The delays and the bottlenecks are hard on our democracy, and they’re not too hard to fix. They can be dealt with.

I want to see hard targets for government information to be made available on request — quotas or maximum timelines — free of charge. I want actual consequences when information is not delivered in a timely manner. I want to see staffing and systems that will allow journalists and researchers, as well as politicians and the public, to scan and analyze what’s going on in our part of the world.

I think that these mechanisms for sharing of information are essential if we are to be able to pool our efforts to make things better.

R. Glumac (Chair): Thank you very much, Maureen, for your presentation.

Does the committee have any questions?

We have a question from Tom.

T. Shypitka: Hey, thanks, Maureen, for your presentation. You said at the beginning you weren’t government savvy, but I think you got the points across quite well. I think it’s what all British Columbians are asking right now — more transparency, more timely access to information.

You mentioned your fear of data residency and keeping some of our private information outside of our jurisdictions. The Legislature shouldn’t be exempt. These are all things that people are concerned with. That’s why the committee is here.

You mentioned budgeting for more staff to process, but at the same time, you said that these things should be made public by default. Going down that road, I think you would probably agree that we wouldn’t need this extra staffing if things were made public by default. The information would be readily available; therefore, not having to request information. Would you agree with that?

M. Juffs: I would agree that if the systems for accessing the information are well designed to allow do-it-yourself research on the data, then the load on staff for filling in freedom-of-information requests would be reduced, because it wouldn’t be behind a wall. It would be like looking up the map of your property. You don’t have to do a freedom-of-information request to get an idea of whether there’s a flood hazard on your property boundaries. That’s good.

T. Shypitka: Okay. Thank you, Maureen. That’s perfect.

R. Glumac (Chair): A question from Adam.

A. Olsen: I just want to thank you, Maureen, for your presentation. It was very well articulated. In fact, I wish I had access to it prior to my speech before the changes were made last fall.

M. Juffs: I hope I get a copy.

A. Olsen: It will live on in posterity on Hansard, so you’ll be able to go back and take a look at it.

[2:35 p.m.]

I’m just wondering. You talked about that your informed decisions require the media to have access to it. What I’m interested in is as you’re a self-described rural citizen from a tiny community but have also demonstrated quite a deep understanding of the changes that were made, how do you get your information? How do you stay informed by what’s going on in the Legislature here? Because it…. Well, I’ll just leave it at that.

M. Juffs: Well, your Green Party posts or flags some good articles that I have actually followed up. I really appreciate articles in publications like the Tyee but also Narwhal and also any kind of media, social media, sometimes discussions with others — but just kitchen table and good articles that I read online. I don’t watch TV. I do watch things on the Internet sometimes. I don’t subscribe to a newspaper except the local paper. But there’s an awful lot of good thinking available.

A. Olsen: Part of the reason why I ask the question, Maureen, is we often hear in here that nobody watches the Hansard video and that what goes on in the Legislature is often not paid attention to. But I think this presentation was a clear demonstration that British Columbians from all corners of our province are paying attention to what’s going on in our democracy. So that was the reason why I asked the question. Thank you, Maureen.

R. Glumac (Chair): I don’t see any further questions, but I echo Adam, and I thank you for your presentation today. You’re clearly a well-informed citizen of British Columbia, and for you to make a presentation today, it was well appreciated, so thank you so much.

M. Juffs: Thank you.

R. Glumac (Chair): All right. We have our next presenter in person here today. Her name is Nicole Duncan.

You’re welcome to come up, Nicole, and you can have a seat wherever you like.

NICOLE DUNCAN

N. Duncan: I’d like to begin by thanking the hon. members of the special committee to review B.C. Freedom of Information and Protection of Privacy Act and also parliamentary committee staff, who assisted in scheduling time for me to present to you today.

My hope is that we can work toward revisions to the act and the associated regulations, which support a culture change. My hope is that we can contribute to a culture which recognizes that open government is good government, that openness promotes accountability and improves understanding of policies, decisions and actions taken by government on behalf of citizens.

The act gives individuals, community and advocacy groups, media, business and others rights of access to government information. The public’s ability to engage fully in meaningful public debate about the problems we face and possible solutions depends, in large part, on the right of access to government information.

Transparency promotes accountability, and it is essential to redressing maladministration, inefficiencies and a lack of fairness. It is not enough to pass a progressive piece of legislation. We must acknowledge the importance of implementation that supports proactive disclosure, careful consideration of the public interest complemented by publication schemes and solid information management practices, all of which support a culture of openness.

Empowering practitioners within public bodies to provide advice and assistance to applicants and to disclose information in a timely manner is also a key component of the culture change needed.

[2:40 p.m.]

The act, in part 2, includes a number of mandatory and discretionary exemptions to the right of access. These exemptions are limited and subject to a public interest test. However, since the mid-’90s, when the act was first passed, there has been relatively little consideration of the public interest test provided by section 25. The existing consideration of the public interest test has fallen short of the need to consider the balance of the public interest on a case-by-case basis in the context of the requested information.

Instead, in practice, where consideration of the public interest test is undertaken at all, there is often an unnecessarily high bar applied to the public interest considerations. The application of this unnecessarily high bar in relation to the current interpretation of the public interest test provided by section 25 is itself antithetical to the public interest. The prevailing interpretation impacts the public’s ability to access information relied upon to reach important policy and program-related decisions affecting British Columbians.

The U.K. Freedom of Information Act contains various exemptions, rather than exceptions, to disclosure, some of which are subject to a public interest test. In the U.K. context, the public interest test is articulated as a balancing exercise.

When this legislation first came into effect, there were certainly debates regarding the application of the public interest. Arguments were put forward that the balance of the public interest should start with the scales weighted in favor of maintaining the exemption. However, thankfully, what prevailed was an application of the public interest test whereby the scales start equal and the public body must consider whether, in all circumstances of the case, the public interest in maintaining the exemption outweigh the public interest in disclosing the information.

The consideration of the public interest is undertaken case by case — in other words, based on the facts of the particular case and in the context of the particular information. This approach allows for public interest considerations to evolve over time as societal norms and values evolve and change.

According to the Information and Privacy Commissioner of British Columbia’s website, in relation to section 25(1)(b) of the act, between October 1995 and February 2022, they issued approximately 60 orders where the application of section 25(1)(b) is part of the scope of the complaint. The first order summary available on the website is from the 25th of May, 2001.

I wasn’t able to find an order that does not conclude that section 25(1)(b) does not apply. The requests in each case cover a range of information, such as audit reports conducted by health authorities regarding various companies contracted to provide home care support services, to the costs associated with an investigation into a health data breach in the Ministry of Health.

What I take from this is that there appears to be an interpretation of section 25(1)(b), in particular, that inserts a test of temporal urgency and compelling need.

For instance, the Information and Privacy Commissioner asserts in an early order, on November 25, 2009, involving a request for the business case related to the Surrey outpatient facility project, which was a public-private partnership: “While I understand CUPE believes there is a public interest in disclosing the disputed records, and there may well be, this is not the test for section 25(1)(b). I have examined the records in question and am unable to agree with CUPE that there is an urgent and compelling need for their disclosure. I find that section 25(1)(b) does not apply to the records in dispute.”

In this case, Fraser Health Authority, the public body, told CUPE, the applicant, that it had not developed a business case in accordance with the capital asset management framework for the project but that it did have records related to business case elements identified in that framework.

What must also be kept in mind as we look and consider section 25(1) is that it applies despite any other provision of the act, so a public body must consider the public interest and access to information it holds regardless of whether a request has been made. This is what we refer to as the public interest override.

However, in the context of a request for information and a public body’s reliance on an exception, the public interest should be considered on a case-by-case basis without the introduction of an unnecessarily high bar applied to public interest considerations. The public interest test applies to all exceptions to disclosure in the act and, therefore, it should be considered on a case-by-case basis after establishing that the exception applies to the information requested.

[2:45 p.m.]

It is essential that, in doing so, we all acknowledge that although a higher bar may well apply to section 25(1)(a), insofar as this subsection requires one to undertake a consideration of the public interest test grounded in an assessment of risk of significant harm to the environment or to the health or safety of the public or a group of people, no such requirement is included in section 25(1)(b).

In my view, this approach would properly align with the intention of access-to-information laws and the approach taken in comparable jurisdictions, where exemptions to disclosure are qualified by a public interest test. This approach would require no amendment to the act. However, it would require a change in practice by both public bodies and the regulator.

The act also provides a discretionary exception, at section13, related to policy advice or recommendations. However, under subsection 13(2), the head of a public body must not refuse to disclose any factual material, public opinion poll, statistical survey, appraisal, economic forecast, environmental impact statement, etc. In other words, the factual information that may have been relied on as a basis for a public body’s decision can’t be withheld under section 13 of the act.

Unfortunately, in practice, the public has struggled to access this information. I would ask the committee to consider recommending that this information be proactively made available to the public as part of a mandatory publication scheme provision under the act and a complementary provision under the regulation regarding process and best practice. This would support the goal of increasing proactive disclosures and reduce the costs associated with processing access-to-information requests.

The current provision set out as sections 71 and 71.1 does not go far enough to mandate the creation of publication schemes and to support the goal of proactive disclosures. For clarity, sections 71 and 71.1 allow the minister or the head of the public body to establish categories of records available without request. However, there is no obligation to do so, and no oversight can meaningfully be provided by the regulator.

I would be remiss not to mention that there continues to be a significant issue with delay beyond the 30-day time for compliance under section 7 and, at times, even beyond the additional 30-day extension provided by section 10. These continued delays and responses that assert there are no responsive records frustrate the public’s right to access information and creates, often, unnecessary barriers that prevent the public from engaging in advocacy efforts in a timely fashion. To empower practitioners within public bodies and to train all public body employees regarding the duty to make every reasonable effort to assist applicants would be a good first step to encourage a culture of greater openness and transparency.

The duty to assist, under subsection (6)(1) of the act, also requires public bodies to respond without delay, to respond openly, to respond accurately and to respond completely. Assisting applicants to clarify their request for information in the context of what information is actually held by the public body would go a long way to reducing the number of no-responsive-records responses and reduce the cost of processing access-to-information requests.

There are two areas related to some of the recent changes to the act at the end of last year that I just would like to highlight for the committee and ask that the committee consider, during its review, whether there is a need to address these areas.

The first and, in my view, possibly the most important is the data residency changes. The committee will, of course, be aware that in November 2021, the data residency provisions under the act were amended to remove the prohibition on disclosure of personal information outside of Canada. It was really alarming to see these significant changes to the act occur while the work of this committee was ongoing and, therefore, the public and stakeholders were unable to provide fulsome feedback related to the proposed changes prior to them being enacted.

I cannot express strongly enough that this approach does little to engender public trust. The fact is that once personal information leaves Canada, Canadian laws do not apply, and contractual or technical protections may not be enough to protect the personal information of British Columbians.

For British Columbians whose personal data or personal information is in a foreign jurisdiction where privacy protections do not apply to them, there is little recourse available to address any inappropriate collection, use or disclosure of their personal information in the foreign jurisdiction. Further, it is unclear whether, in all cases, British Columbians would even be informed that their personal information was inappropriately collected, used or disclosed.

Data breaches in Canada are difficult to address, let alone data breaches involving the personal information of British Columbians in foreign jurisdictions.

Where a Canadian does have a right in a foreign jurisdiction to seek legal recourse — where, for instance, their personal information is subject to a data breach — the costs associated with enforcing those rights will very likely be too high for most Canadians to afford.

[2:50 p.m.]

I know I only have ten minutes of your time, so I appreciate your indulgence.

Lastly, I just wanted to highlight the application fee. In addition to the fee schedule set out in schedule 1 of the regulations, a public body may now charge a non-refundable application fee for every public body included in the request. So in practice, the application fee may be charged multiple times for the same request in the case of information held by multiple public bodies — for instance, multiple ministries.

The province’s last annual report on the administration of the act, from 2018-19, indicated that there was an increase in requests for access to information made to multiple ministries concurrently. While I recognize that the application fee will not apply to requests for personal information, I’m concerned that the application fee and the practice of applying multiple fees will be a barrier to access to information for many members of the public.

R. Glumac (Chair): Thank you, Nicole.

Does the committee have any questions?

J. Rustad (Deputy Chair): Thanks for the presentation today. It’s clearly well-thought-out, as you’ve cited various sections of the act and the process. With most of the people that have applied, I’ve asked this question — there are a couple that I didn’t — and it’s just with regards to the whole freedom-of-information process and whether or not we should be pushing for far more public disclosure or proactive disclosure right up front and sort of change the way we think about information.

I’m wondering. If we were to take an approach that would go along those lines, what sort of barriers or what sort of challenges would you potentially see in the process of information being out there? As well, what information, perhaps, shouldn’t be out there?

N. Duncan: I think it’s an excellent question. I think it goes right to the heart of the culture change that I, certainly, would like to see. I think it’s absolutely essential for there to be more proactive disclosure, but I think that in order for that to happen, it has to be embedded in the way that we do business in the public sector. It has to be sort of the default from the get-go — which is why I suggested publication schemes.

The beauty of a publication scheme is that it really focuses everyone within the public body on classes of information that will be proactively disclosed. It’ll become the normal course of business. It’ll become embedded in just the way that public bodies do business. That reduces costs; it increases public trust.

One of the things that we found, certainly, in the early days of the U.K. legislation, when the FOI Act was first passed there, was that there was a lot of concern about any information getting out into the public where the government hadn’t decided that it was time. What we found was that the more information that went out, the more it was clear what a great job bureaucrats were doing — so policy advisers, how fulsome their advice actually was. While some politicians were not very happy with some of the early decisions — I could think of a few — certainly from the perspective of practitioners or from bureaucrats’ perspective, they really got to showcase the hard work that they do to advise the politicians.

In terms of barriers other than the cultural ones, there needs to sort of be a meeting of the minds when it comes to access and privacy practitioners, and also information management and records management professionals. They need to be able to work very, very closely together with IT professionals in order to deliver on the pragmatic aspects of proactive disclosure and making records easily accessible to the public.

R. Glumac (Chair): Thank you. We have a question from Susie.

S. Chant: Thank you for your presentation. For a little while there, you were talking about health authorities and the use of section 25(1)(b) to not disclose things. Am I to understand from what you were saying — I’m just clarifying here — that you felt that they were using that section inappropriately to not have information distributed? Am I understanding correctly that that’s what you were saying?

[2:55 p.m.]

N. Duncan: What I was saying was that…. Section 25 is the public override section. There are two subsections. Section 25(1)(b) is arguably the aspect of that public interest override that is, shall we say, less burdensome. The tests that one needs to consider when deciding whether information should be disclosed, even if an exception applies, is a public interest test. So you’re considering public interest factors that might weigh in favour of disclosure, despite an exception under the act actually applying to that information.

It’s not so much that it’s inappropriately applied but that it’s just not considered — or it’s not considered fully. Or when it is considered, there is, in my view, an unnecessarily high bar attached to the public interest considerations. It’s almost like there’s an inbuilt weighting in favour of maintaining the exception to disclosure.

S. Chant: Okay. Thank you. I appreciate that.

R. Glumac (Chair): I don’t see any further questions, so thank you very much for your presentation — greatly appreciated.

With that, committee members, we are finished with our presentations for today. Is there any other business that anyone would like to bring up? No, I don’t see any.

A motion to adjourn?

From Henry, seconded by Tom.

Motion approved.

The committee adjourned at 2:56 p.m.