The committee met at 8:03 a.m.

[R. Glumac in the chair.]

R. Glumac (Chair): Good morning, everyone. My name is Rick Glumac, and I’m the MLA for Port Moody–​Coquitlam and the Chair of the Special Committee to Review the Freedom of Information and Protection of Privacy Act, an all-party committee of the Legislative Assembly.

I’d like to acknowledge today that we are meeting on the traditional territories of the Lək̓ʷəŋin̓əŋ-speaking people, known as the Songhees and Esquimalt Nations.

I would like to welcome everyone who is listening today. Our committee is tasked with reviewing the Freedom of Information and Protection of Privacy Act. In today’s meeting we’re going to be receiving a presentation from the Office of the Information and Privacy Commissioner on their recent submission.

I would like to welcome Michael McEvoy, Information and Privacy Commissioner.

Presentations on
Freedom of Information and
Protection of Privacy Act

OFFICE OF THE INFORMATION
AND PRIVACY COMMISSIONER

M. McEvoy: Good morning, everybody.

I, too, would like to begin by first respectfully acknowledging the place from which I present to you today, on the traditional territories of the Lək̓ʷəŋin̓əŋ people, known as the Songhees and Esquimalt First Nations.

With me this morning are to my left, oline Twiss, deputy commissioner, and to my right, Jeannette Van Den Bulk, deputy commissioner for our office.

I want to begin by thanking each of you for your work on this committee. I think it’s easy to be a skeptic or a cynic about the task you’ve been charged with, but the work of advancing the Freedom of Information and Protection of Privacy Act is critically important to serving the public interest.

[8:05 a.m.]

We live in a democracy that we can be thankful for but too often, I think, take for granted. Fundamental to our system of democratic governance is its carefully calibrated system of balances and checks between citizens and those who make decisions on our behalf. One aspect of this relationship is the huge mass of information that public bodies acquire, both as a collateral aspect of governance and what is collected about us as citizens — all of which is, for the most part, necessary and legitimate.

What is the check or the balance? An important part of the answer is the Freedom of Information and Protection of Privacy Act. It checks how public bodies collect and use personal information about us. Just as important, it opens the door to the information associated with governing us, balanced, of course, by narrow exceptions to that right. At least, that’s the way it should be. What is clear is that the system of checks and balances has somewhat eroded with time. It reminds us that we cannot take this part of our democratic foundation for granted. It’s why your work is important and why it matters.

My purpose in being here this morning is to follow up on our general presentation to you in February and to provide you with a more detailed set of recommendations to fortify and advance the Freedom of Information and Protection of Privacy Act. I was deeply impressed by many of the submissions made to you already, by individuals, civil society groups, journalists and others. If there were any doubt, it is abundantly clear that British Columbians care deeply about the legislation you are charged with reviewing.

What I will focus on today, in my remarks, are select recommendations found in our written submission pro­vided to you. I will also address the questions posed by the committee after my last presentation.

First, however, I wanted to briefly comment on an issue not addressed in detail in my submission, the new provision in FIPPA that allows public bodies to charge an application fee. I want to reaffirm my office’s intention to assess the impact of that fee on the public right of access to information. We will base that analysis on the six months of data marked from the start of the fee’s imposition until May of this year, and those findings will be made public.

I also want to reaffirm my strong encouragement to all public bodies to forgo charging their citizens a fee that makes accessing their information more difficult. I am pleased to see, for the most part, that appears to be the case.

I will now turn to highlight recommendations provided to you in our written submission. They are grouped into three categories or themes, mirroring the structure and purpose of the legislation: access and accountability, protection of privacy and, finally, enhanced oversight. I will focus on a few key recommendations in each category this morning. The remainder, of course, are found in our written submission provided to you, which has been made available both on our website and the committee’s as well.

Let me begin with, perhaps, one of the most important recommendations, both from a substantive and a symbolic perspective. The issue is this: the very assembly that unanimously voted to pass FIPPA, in 1992, failed to apply the law to itself. Somewhere in the mist of history we have lost account of why this happened. However, I do not think it is a reach to suggest that if the law’s sunshine had been shone on this institution since 1992, as it did with all other public bodies, we might not have endured controversies that have occasioned this institution in the time since.

Surely, it was because of particularly recent events that the then and still Government House Leader, the Hon. Mike Farnworth, agreed with recommendations put in a letter to the Legislative Assembly Management Committee in 2019 by me, the Ombudsperson and the Merit Commissioner that the administrative functions of the assembly be covered by FIPPA. This commitment was subsequently reiterated in a meeting he had with the three of us.

There is simply no cogent reason the same rules that apply to more than 2,900 public bodies across the province should not extend to the Legislative Assembly. It expends public resources and performs a public function, just like any other.

[8:10 a.m.]

To be crystal-clear, this change — I cannot emphasize this strongly enough — would not impact the standing of the Legislature, impinge upon the legislative work of government nor affect the constituency work of the Members of the Legislative Assembly.

The government has made a commitment on this important issue. The time is now to make good on this promise, and I would strongly urge all of you to recommend the same in your report to the assembly.

I mentioned at the outset about certain important checks in FIPPA that have been eroded over time. I will briefly highlight two that require your careful attention. The first concerns section 13 of the act, whose evolution, resulting from various court decisions, has so seriously misshapen its meaning that the public’s right of access to records has been significantly undermined.

Section 13 of FIPPA allows the public body to withhold information that would reveal policy advice or recommendations. The purpose of the exception is to enable full and frank discussion of policy issues in the public service. However, what is now considered to be advice or recommendations that a public body can withhold from public release has gone far beyond what was intended by the Legislature in 1992. Specifically, advice and recommendations have been defined to include factual, investigative or background material, including the assessment or analysis of such material and professional or technical opinions.

At a time when disinformation runs rampant, facts are in short supply and the public struggles to understand those basic facts on which government makes its decisions, the letter and spirit of the act and public trust in it are undermined when those basic facts giving rise to decisions are kept behind closed doors. This recommendation — to affirm what the act’s drafters’ intended, whereby factual material should not be withheld — has been advanced to and supported by past special committees which have considered the matter.

The second check sustaining erosion concerns not what the Legislative Assembly put in the act but what the courts have added to it. Section 14 of FIPPA is precisely and properly drafted to allow public bodies to protect privileged communications with their lawyers. That’s it. No other kinds of privilege are included. By way of comparison, Alberta’s access legislation provides for both solicitor-client and something called settlement privilege as a basis for withholding information from a requester.

Our legislation was meant to provide public bodies and the public with a complete code of exceptions to disclosure. Settlement privilege was not included in FIPPA. But despite this, a court decision has, as we lawyers like to say, been read into our act, which in plain language means it has been added to our legislation.

Why is this especially problematic? An important example will suffice. For many years, public bodies disclosed the payouts made in severance packages in response to access requests. This kind of information can shed considerable light on the administrative competence of our public bodies, in addition to identifying the costs to the public purse. The payments may or may not be justified, but from a FIPPA point of view, the public has a right to know about these kinds of often substantial public sector expenditures.

Increasingly, however, public bodies are attempting to hide these payouts behind the curtain of settlement privilege. FIPPA should be amended to make explicit that the list of exceptions to disclosure set out in the act is exhaustive and does not include settlement privilege.

I mentioned grouping this morning’s presentations into three categories. The second is about the protection of our personal information.

Recent changes to FIPPA have made some positive updates to the privacy rules designed to protect personal information. Mandatory breach notification and a requirement that public bodies develop privacy management programs are good steps forward. But for the most part, these changes were a catch-up on reform recommendations made in other jurisdictions a number of years ago.

The challenging task you face, I believe, is making recommendations that position FIPPA as a forward-looking statute that contemplates the technology, the use of which we are now beginning to consider and which we can expect will be used increasingly in our digital future.

We absolutely want public bodies to innovate and to use new technology to improve policy-making and to find efficiencies to better serve citizens.

[8:15 a.m.]

However, if these advancements are to be embraced and trusted by the public, they will need to protect and treat with respect British Columbians’ personal information. This means having clear and enforceable rules that place guardrails around the use of new technologies. One area in particular stands out: automated decision-making and its companion, artificial intelligence.

Government makes decisions about us every day that may allow us access to health care or determine if we are eligible for social assistance. Increasingly, these kinds of decisions will be made by automated means, and such systems will be deployed through artificial intelligence.

We, as citizens, may be the collective source of that artificial intelligence, in the sense that the vast reservoir of personal information government holds about us will be processed to profile us, seek patterns or insight into our behaviour as citizens and predict future outcomes. All of this may yield considerable value to society, but it may not if used improperly.

This is what separates an automated decision-making system and use of artificial intelligence from other technological advancements that increase efficiency. It doesn’t simply process information faster; it processes information differently, and in a way that is not always clear to those running the system or to the individual affected by a resulting decision. In other words, you can be directly affected by the output of the system, but its so-called reasoning is unknown, perhaps even to the person running the system.

Because of this, specific measures are needed to ensure the responsible and fair use of these systems by public bodies. As it stands, section 31 of FIPPA requires public bodies to retain information used to make a decision about an individual for at least one year. However, you can see how this is difficult when a public body can’t determine what or how information was used to make the decision in question.

While these systems may still be in the early stages, we need to be prepared, because Canada, in fact, is a global leader in AI. The regulation needs to be in place before we get too far down the track. Not to mix too many metaphors this morning, but once the genie has left the bottle, it may be too late. Therefore, it is imperative that FIPPA be updated to grant individuals the right to be notified if an automated decision system is being used to make a decision about them. Individuals should have the right to receive meaningful explanation of the reasons and criteria used to make that decision and to object to the use of an automated decision-making system.

We’re also recommending that FIPPA require public bodies to create traceable records of how a decision is made that impacts an individual using an automated system. If an explanation cannot be provided due to the secrets or security classification, a public body should provide the individual with the type of personal information collected or used, why the information is relevant and the likely impact on the individual.

The final category theme I wanted to highlight for you this morning, folks, is on the very building blocks that support our legislation. I want to talk about those building blocks and why we need stronger oversight mechanisms to ensure those foundational footings are properly supported. When I use the term “building blocks,” I am really talking about the proper creation and retention of public body records. Without this, there can be no meaningful access-to-information system.

A right of access to information depends on records being available in the first place. If records are not created, if they can’t be located or retrieved or if they have been improperly destroyed, rights of access are fundamentally impaired. Good public administration and governance cannot be achieved without proper record-keeping systems. Tracking the life cycle of a record is critical to understanding how government runs and how its decisions are made.

It must also be remembered that those records that under­pin the functioning of good government ultimately, in a collective sense, belong to the people of British Columbia and that, with some exceptions, individuals in this province have a right to access those records. So a question arises: if this system is so important, how do we ensure its building blocks are put in place, well maintained and functioning to support the proper public sector governance and access to information?

The answer is that the government has begun this task, but it is far from complete. A starting point can be found in the Information Management Act, which is something the special committee asked me about during our previous session.

[8:20 a.m.]

You asked me to what extent the IMA has or has not addressed the 2016 special committee’s recommendations. I would agree with the assessment of the IMA offered by your predecessors on the 2016 special committee, who rather tepidly described the IMA as a move in the right direction. It noted, among other things, it only applied to a limited number of government bodies. It strongly recommended that the duty to document decisions be put in FIPPA, in order to ensure its broader application to all public bodies.

We agree with this recommendation and would go a step further. A duty, including the duty to document, is of little value if it’s not backed up. This is a serious shortcoming of the IMA. In addition to its lack of breadth, there are no mechanisms within it to ensure the proper recordkeeping required of ministries is actually carried out. At most, the chief records officer can review a government record management system and make a recommendation about it. That’s the extent of it.

No power to require a ministry to do something, as a duty might imply. No sanctions available to the chief records officer if, for example, an information schedule is violated or records are improperly destroyed. The system set up under the IMA can in no way be described as a robust or independent mechanism of oversight over our critical record management system. This needs to be rectified.

I point to two measures that would begin to attend to these concerns. These are already found in other public sector privacy and access legislation in Canada. First, freedom-of-information legislation in Ontario requires public bodies to have recordkeeping and retention rules and policies. This allows the Ontario commissioner an overall independent window into government’s management of records.

A similar provision into B.C.’s FIPPA would do the same. It would not be aimed at my office micromanaging the disposition of individual records, but rather, it would give my office the ability to ensure that public bodies are attending to basic record management responsibilities on which their work and right of access relies.

The second measure is the independent oversight over allegations of unauthorized destruction of records. This power is long-standing in Alberta and has been used in that jurisdiction to, for example, investigate and alleviate concerns that a change in government led to the widespread destruction of records. I made this recommendation to the last special committee, and it accepted that recommendation.

Therefore, I’m recommending that FIPPA require public bodies to have in place reasonable measures respecting recordkeeping and retention rules and policies. This would of course apply across all public bodies, in line with the 2016 special committee recommendation. I’m also recommending that section 42 of FIPPA expand the commissioner’s oversight by granting the commissioner the jurisdiction to review matters or allegations of unauthorized destruction of records that occurs outside of or prior to an access request.

I believe this answers the question that you posed to me at the conclusion of our previous appearance about the Information Management Act. The other question you asked concerned what public sector statutes in other jurisdictions can we look to as you undertake your deliberations. You will note that in our written submission, we cite provisions from a number of other laws in Canada and abroad that offer greater protections and transparency and that can serve as examples of what we should look to as we consider reform here in B.C.

I just mentioned provisions related to information management found in the statutes of our counterparts in the provinces of Alberta and Ontario. The jurisdiction that most recently revised its legislation in a significant way is Newfoundland and Labrador. I would commend to you a provision there that requires public bodies to consult with the commissioner on any proposed changes that affect access and privacy rights of citizens in that province. Interestingly, a similar requirement for consultation is found in Europe’s General Data Protection Regulation that applies to public and private sector entities alike.

I set here just some examples, of course. We will chart our own made-in-B.C. solution, but to the gist of your question, there are certainly things that we can learn from jurisdictions both here in our country and abroad.

In concluding my remarks today, I return to observations I made in my first submission to you in February, about how our freedom-of-information and protection-of-privacy legislation represents, in a very real sense, a social contract between citizens and our public bodies. On one side of the contract, public bodies are permitted to collect information, much of it about us, so that it can function. That collection, amongst other things, allows government to provide important services or to plan public policy and programs.

On the other side of this bargain, British Columbians get an assurance that public bodies are accountable for the information they collect and use, as well as being responsible for the protection of the personal information they gather about all of us.

[8:25 a.m.]

I have also attempted to underscore how important this bargain is to our democratic system of governance in British Columbia. It adds a necessary set of checks and balances that support our democratic infrastructure.

You have, I think, much to consider in taking account of all that you have heard from citizens over the course of your review. Some have expressed frustration about how the legislation has changed and evolved over time, fraying that social contract and, in some circumstances, paring back the carefully calibrated checks and balances within it.

I share a number of those concerns and frustrations. Time has taken something of a toll on some of the provisions of the Freedom of Information and Protection of Privacy Act. I also believe, at its core, the legislation is sound, that B.C.’s access and privacy system is a good one and that it contributes in a fundamental and appreciable way to the democratic foundations of our province. But it can be even better.

I believe your work will go a long way to making it so. As you begin to craft your recommendations for government, please know that my office continues to be available to assist your deliberations in whatever way that we can.

With that, Chair and members of the committee, I want to thank you for your work on behalf of the citizens of British Columbia. I turn it back to you, hon. Chair, for questions that the committee may have.

R. Glumac (Chair): Excellent. Thank you very much for your presentation.

I turn it over to committee members. Are there any questions?

K. Paddon: Thank you very much for that. I have a few questions, but I’ll go right back to the beginning.

You explained that you will be taking a look at the first six months, at the impact of the fees. I’m just wondering if you can say more about how that will happen and what information you think you’ll be able to share, based on your strategy on how you’re looking at it.

M. McEvoy: Thank you for the question. Obviously, I’ve communicated with the minister responsible for the legislation. At a staff level, our staff have communicated with staff in the Ministry of Citizens’ Services. We’ll be very carefully looking, essentially, amongst other things, at the requests that have been made to government for access to information, the number of occasions on which that will come to our office for review.

Amongst other things, the obvious thing we’d be looking at is the volume of requests, whether that’s been impacted. For example, comparing what is happening with the provincial government generally, compared to past years, how that compares to other public bodies where fees are not being charged to see how that level and number of requests are being made. Those would be some of the areas that we’d be looking at.

Other areas that we may consider, that we haven’t made a final decision about, may include even doing, potentially, surveys that may help give insight into whether the fees are having an impact or not. We will be carefully looking at those numbers and working with the ministry to ensure that we have the proper data to make a judgment about what, if any, impact fees might be having.

R. Glumac (Chair): Did you have other questions?

K. Paddon: I can wait, if other people want to….

T. Shypitka: Thanks a lot, Mr. McEvoy. Very valuable. A lot to unpack there first thing in the morning, but very detailed and very thorough. Thanks for all the input. It’s super valuable.

I just wanted to go back to section 14 on protection of information and settlement privilege. Maybe just explain that one a little bit more to me. I didn’t really understand the crux of what you were talking about there.

M. McEvoy: At its outset, the Freedom of Information and Protection of Privacy Act was designed to be I describe as a complete code. That is to say that it begins with a presumption that citizens have a right to the information that their government has about them, subject to very carefully delineated exceptions.

One of those exceptions is solicitor-client commu­nications. I think that would strike everybody as sensible and obvious. The communications that public bodies have with their legal counsel, were they to be disclosed to the public, could undermine, in fact, a public body’s case that they may have in court and so forth. That is the privilege that is identified in the act as being the one that is protected.

[8:30 a.m.]

What is not identified is something called settlement privilege. I mentioned that in Alberta, they specifically cite settlement privilege as a basis for a public body withholding information. It’s specifically delineated — not in B.C.

There was a case involving, I believe, the city of Richmond, in which what was at issue were the severance payouts that were made, I think, to several employees. The basis for withholding that was settlement privilege. There was an argument about that before the courts. The ultimate result of that decision was that the court said that although settlement privilege was not in the legislation, it could be that common-law privilege could be, in effect, read into it, made part of the legislation, which allowed, in that case, the city to withhold the information in question about the severance payments.

That is what we are left with now. We see increasingly that public bodies are relying on settlement privilege to withhold information from requesters about severance payments and payouts that may have been made by those public bodies.

S. Chant: Just to follow up on that…. And forgive me, because my expertise is elsewhere. It’s been done in court that settlement privilege has sort of moved into section 14. So when we’re doing our deliberations and making our recommendations, how do we do it so that that goes away again?

M. McEvoy: That’s a very good question. In the case of the decision that I cited to you, I believe the court said that unless the Legislature makes it explicitly clear that such a privilege is excluded — is outside the act — the judge was going to read it in. So it’s really incumbent upon, now, the Legislature to say explicitly….

S. Chant: Either yes or no to settlement privilege.

M. McEvoy: Yes. And there are ways of drafting such things in the legislation. Legislative counsel are more than adept in expertise in terms of being able to handle that and put such an amendment into the legislation.

S. Chant: Okay. Very good. Thank you.

A. Olsen: Thank you for the presentation, Mr. McEvoy. Nice to see you all again.

Greg Phillips from the Trial Lawyers Association made a presentation to us a couple of weeks back and raised the issue of the ability of an individual solicitor or lawyer to be able to make applications on their behalf. Mr. Phillips’ presentation was very narrow in the request of this, and I just am wondering if maybe you heard that presentation. Or if not, I’ll try to do my best to explain it.

What are your thoughts on the ability of…? Right now, currently, in order for an individual to get their personal information from a public body, they have to make that application on their own. How do you feel about an individual’s lawyer being able to make that application on their behalf, as I think was the advocacy by the trial lawyers?

M. McEvoy: I think when it is clear that, for example, a lawyer is representing an individual, a public body would exercise some kind of a modicum of common sense to recognize that that, in effect, is coming from the individual. That is to say that no fee would be charged, because there is no fee charged for somebody seeking their own personal information. That would be my hope.

[8:35 a.m.]

If for some reason public bodies believe, because of the wording of the legislation and the accompanying regulation, that that kind of representation on behalf of an individual is not recognized as an application by an individual for their personal information, then I think that’s something that can be changed. You can make a recommendation to government to ensure that. For example, the regulation attached to our act, which has provisions about who can represent an individual applicant, if that needs to be modified, then that’s something you can recommend, if that’s necessary.

I would hope that, in the interim, public bodies would recognize that if it’s legal counsel acting in a bona fide way on behalf of an individual, that reality would be recognized and that those individuals would be given, through their lawyers, access to their personal information at no cost.

A. Olsen: I’ve got a few questions. I don’t know if we want to go around and see if there are others, but I can keep going.

R. Glumac (Chair): Why don’t you go ahead.

A. Olsen: All right. Nicole Duncan presented on March 15, and we’ve been talking about proactive disclosure to some extent here and when the Legislature was debating Bill 22. Ms. Duncan talked about publication schemes and the proactive…. It was, I think, a way for large amounts of public information to be proactively disclosed.

I’m wondering if you have any thoughts on the use of publication schemes to ensure that there’s proactive disclosure. To “enable” I guess is probably the best word, or a word. It might not be the best word. The proactive disclosure of information would then not need to be requested through FOI.

M. McEvoy: This is a very important recommendation, I think, that this committee can make to focus on this issue of proactive disclosure of information. It’s something my office and I have pushed for, for a number of years. It puts information into the public sphere, which then often negates the need for access requests. It cuts down on the need for public bodies to have to go individually through applications and take that time and effort to do that.

Section 71 of our legislation provides for the minister to actually require public bodies to create categories of records for public disclosure. That’s a section that I believe the minister should use in a more vigorous way to not just encourage but direct public bodies to proactively release information.

We have had a start in that direction, which I think is good, but it doesn’t go far enough. That is to say, contracts, for example — I think it’s the amount of $10,000 — are proactively released now. Travel expenses of senior members of ministries are released. But there are other areas that I think ministries and public bodies should consider in proactive release.

Now, that may differ from ministry to ministry or public body to public body. What those bodies should be looking at are requests that happen frequently, where there’s a repetition of responses to individuals, where they see patterns that can be addressed by…. Instead of waiting for an application, to actually post it.

And post it online in a way that is easy for citizens to access, easy to understand, so you don’t have to go searching around through a million clicks, for example, on a website. Do it in a transparent way. There are all kinds of very good communications and technical people that can help out with those things. All of that will allow for, I think, a greater sense by the public that their governments are open, and again, it would reduce the need for actual individual applications for access to information.

I think proactive disclosure is very important. It’s something that I think the committee would do very well to emphasize and encourage the minister and government to make more use of section 71 to create those categories of records that require proactive disclosure.

[8:40 a.m.]

A. Olsen: Jill Tipping from the B.C. Tech Association presented to us, also on March 15, with respect to the data residency changes that happened back in Bill 22 last fall. I think there was some discussion as to the security of information on a server and how there’s relatively little difference between a server here and a server somewhere else in terms of their ability to get hacked. If the company that’s managing or the individuals that are managing that data are maintaining high levels of security on those servers, it makes little difference whether the server is located on the premises here or anywhere else in the world.

There is another type of security, though, that I think — well, for me — is the type of security that I was most worried about. That is a governing jurisdiction that we don’t have any control over making rules about servers that are located within their territory that they have a right to.

Can you, maybe, Mr. McEvoy, provide any more clarity or any more context around not the threat to the data itself on a server but the threat that changing regulations and changing laws in the jurisdiction where that information is being held might have on the information of a Canadian or of a British Columbian? And perhaps — the federal government, I think, is starting down this in terms of their international relationships — just a few comments, maybe, on data residency in this context.

M. McEvoy: As the committee will know, prior to the amendments found in Bill 22, which have now been approved, there was, in essence, a prohibition on the storage of British Columbians’ data outside of Canada. Certain exceptions applied, but that was essentially the rule. That has now been taken out of the act.

But what has not been taken out of the act and remains in the act is that all public bodies have an obligation to ensure that how they handle the personal information of our citizens is done in a way which ensures the reasonable security of that data. That obligation remains — so, as you note, whether that data is stored on the local server in whatever municipality it might be — Richmond or North Vancouver — that that be done safely; and if it’s stored outside of the province — in another province — that that be done securely.

The one thing about storing within Canada is that in addition to the security measures that have been put in place by the specific provider, the contracts that public bodies engage in with specific providers have to ensure that proper security measures are in place.

Storage in Canada…. You know the laws in Canada with respect to privacy. Those rules are known. We have a system of a rule of law in this country where if there are issues or concerns, there are mechanisms in place to deal with those. That becomes somewhat more challenging when the data leaves the country. It may be, for example, that a public body is working with a multinational company whose security measures are excellent. They have expertise in those issues. That’s important.

It’s also the case that public bodies, if they were going to engage with a company that is going to store data outside of Canada, have to absolutely assess the country in which that data is going to be stored, apart from the security measures that the company operating there may be taking. So where that country, for example, has no rule of law as we would understand it — an independent judiciary system, rules around privacy — I think a public body would have to be very, very careful, and perhaps it would be inadvisable in such situations to be contracting with a company that would operate in that kind of a jurisdiction.

[8:45 a.m.]

In every instance, the public body is going to have to look at a number of things. What kind of information are they storing or having processed outside of the country? How sensitive is it? What is the volume of information, the security measures of the company in question in place? Also, look at the country itself, how its rules operate and whether it operates, again, with the rules of law as we would understand them here in this country. All of those things have to be taken account of before making a decision.

If a public body is of the view, after their assessment, that there would not be reasonable security provisions in place that would satisfy them, then obviously they should not go there or engage with that company or have the information of British Columbians stored, accessed or processed outside of this country.

K. Paddon: A lot of my questions were already taken care of, so thank you, but I do have a follow-up on the topic of proactive disclosure.

This is a really interesting thing that keeps coming back to my mind. One of the things I’m hoping for your opinion on is…. We’ve all seen the court dramas on TV where all of the discovery gets dropped off. It’s truckloads and truckloads of information, and people need to search through it to find any useful piece.

That is kind of my fear — that despite the intent of proactive disclosure, it would essentially be an information dump that may be very difficult to sift through. Like you did mention, these records belong to British Columbians. How can it be usefully disclosed so that it can be navigated? That’s something I have a hard time imagining — how we could do that.

One of my questions would be: do you have any opinions about that? Then a related question would be: what are your thoughts…? I was speaking with someone, and they said: “What if every application was disclosed openly?” So looking for your thoughts there.

M. McEvoy: That’s an excellent question and concerns about, as you describe them, a data dump. It’s actually a question that we looked at in some detail in a report that our office did on open data and government sharing information that it has. It’s not just personal information about you and I but all kinds of other things, from hunting licence data to…. I mean, you could just name a whole…. The categories are endless, really. It’s all pretty meaningless if it’s just put on a web and people are left to their own devices to sort through it.

What we had recommended in that report is a systematic approach by government to organizing that information, categorizing it, putting it, potentially, in a central place that people can see. They can look at an index of what is, for example, available for looking at and downloading perhaps.

To your point, to be meaningful, a proactive release of data has to be organized in a way that is understandable to the public, that is indexed in a way that’s understandable to the public and that is readily accessible to the public. That, I think, is part and parcel with any meaningful, proactive disclosure.

I’m sorry. You asked the last point — I just want to make sure that I pick up on it — which was….

K. Paddon: It was to ask: as applications are made for information, should the results of those just be published in an index system, like what you’re talking about?

M. McEvoy: Yes, for the most part, I think they should be. I would just put a small exception on that, and that’s a matter that, again, our office looked at some number of years ago.

In some cases where journalists have spent perhaps many months, maybe even a few years, investigating a story and through their labours, they’ve been able to obtain information which is a story of considerable relevance….

[8:50 a.m.]

In those cases, the proactive disclosure of that information would certainly go to the journalist, but perhaps there would be a short delay period to allow the journalist to process that information so that they have that exclusive story, in effect, and then, thereafter, disclose. That would be the only kind of caveat I would put around that.

This is assuming, by the way, that there’s no personal information involved, because individuals will ask for their own personal information and get that information. That’s not something you’d, obviously, be proactively disclosing. But general kinds of information that I mentioned — absolutely disclose, subject to the caveat that I’ve just mentioned.

R. Glumac (Chair): Excellent.

A question from Susie.

S. Chant: On to another one of the speakers that we had, back at the beginning. They were talking about the right to be forgotten — i.e., in schools, information that’s…. So as a seven-year-old, they had a behavioural issue. They’re now in grade 11, and they’ve managed to learn how to manage their behaviour or whatever. Should that information be allowed to be forgotten? At this point, it apparently isn’t. Would that be part of the information management plan? Could that be worked in at that level and not have to be part of the legislation?

M. McEvoy: What exists now within the law with respect to your individual rights and personal information is the right to request a correction of information that may or may not be accurate. We have, I think, a recommendation that you’ll find in the submission that talks about how that can be tweaked.

It’s correct to say that there is no statutory right to be forgotten, which exists now in Europe, under the General Data Protection Regulation. In many respects, the application of that, I think, is more directly connected with particularly how private entities deal with your information, and that’s something that I think should be considered in the course of government looking at the Personal Information Protection Act.

But as concerns our own statute, I think that’s something, I suppose, worth consideration. I’m just trying to think of examples where such records that are held about us, as individuals — younger people, who reach the age of majority — where one would want to have those records eliminated, destroyed, or reference to those individuals…. I’m not sure about that, actually, thinking about it.

I mean, you think about the obvious things that the public bodies have about us — health authorities, your health record. That’s something that you’d want to, presumably, carry through with you.

S. Chant: Right. But I thought that…. For instance, public schools that have now gone to data-based collection, where they’re collecting all…. They know that kid has got peanut allergies, and they know…. Once the child has finished with the school system, one would think that aggregated data would be acceptable, but personal data doesn’t need to be kept any longer.

M. McEvoy: I think that goes to the issue that I mentioned earlier about record management. All public bodies will have and should have…. And that’s one of the recommendations that I’m making to you — that all public bodies have in place record management systems that would address these very things.

I think most school systems, hopefully, now have systems in place that say, “We will keep those records for X period of time, after which we don’t need them anymore,” and they would be destroyed. But again, there’s actually no legal obligation that exists, and there should be.

I think, again, that can be corrected, and I would urge the committee to recommend that the legislation have a provision like Ontario’s, where all public bodies must ensure they have robust record management systems, which would include matters such as when records must be destroyed because they’ve ended part of their useful life cycle.

[8:55 a.m.]

S. Chant: Is there any wordsmithing between “destroyed,” which is what I would associate with sending stuff off to Iron Mountain to be gotten rid of because it’s all on paper, and data that is stored in a server or a cloud or whatever? Is there any way that somebody could wiggle around and go: “Well, we don’t destroy data. It’s just going to be there”? Again, my expertise is elsewhere, so humour me.

M. McEvoy: It is completely…. Yes. Data, those zeroes and ones that sit on a computer — yes, they can be destroyed in the same way that paper can be. That’s a technical issue. And, with you, Member, over my pay grade…. But it can be done.

S. Chant: Okay. Thank you.

H. Yao: I do apologize. The reason why I’m trying to stay behind is because I ask a lot of questions. Sorry about that. So I’ll take a bit of your time, if you don’t mind. I want to thank all of my colleagues before me, who were asking a lot of really great questions as well.

The first question. I do almost want to piggyback off something that my colleague earlier was talking about: proactive deletion versus request of correction, which you were mentioning earlier. That sort of brought us back as…. I had quite a few meetings with constituents where different, I guess, lobby or representatives connect with and come to speak to me. They grab government information, and what happens is they — I want to use the term “cherry-pick” — cherry-pick information to create an argument. And it’s sort of reminding me that there is almost a lack of education of how to navigate through government data.

You were talking earlier about proactive release of data. It could be a huge data dump. It’s almost like we have to have a government version of Google to search through data in order for people to actually fully appreciate how to use the information.

My question. And I know quite a few journalists who…. Journalist organizations present presentations to us to also explain how journalists are better trained regarding this data, navigation of data, exploration of data. What’s it called? Checking — so they can do proper fact checks.

Obviously, we have already talked about the application fee and the FIPPA. I’m wondering, if you don’t mind entertaining me being a bit out of the world here for a second, if we have a sort of a compromise where there could be a proactive release of data, but it’s provided to professionals such as journalists who actually can sift through the information in the proper way of presenting it according to their professionalism. That way, we avoid unnecessary misinformation.

As we now know, in today’s technology, misinformation is pretty rampant. And any way to kind of ensure that a data dump doesn’t turn into another exponential growth of conspiracy theory but will allow journalists to be able to work through the information and hold government accountable on all decisions we are making…. I would love to hear your perspective on that part.

Second, I almost felt like including myself. I wasn’t educated about FOIPPA. And I think maybe a lot of journalists were doing more FOIPPA, so they…. FIPPA. I apologize. It’s called FIPPA now. And people know how to utilize it, how to do a search and everything. I almost felt like: do you see a need for our public education sector to provide training for young adults or youth as they grow older? How do we go through data? How do we analyze information? So that way…. I hope you understand that.

My hope is, really, to combat misinformation, and my fear is that a major data dump will create a huge black hole for people to exponentially create conspiracy theory. And at the same time, I’m hoping to empower our population to better hold our government accountable, so more of a professional body, maybe a certified journalist body, where we can say that the information it provides is all based on facts.

I would love to hear your perspective on that. Please entertain me.

M. McEvoy: I would maybe return to a point made earlier. I would hope that in the way government would do proactive disclosure, it would be done in a clear, concise, understandable way so that it does not require any mediating forces to have to…. Those who need to interpret that or create a buffer, in effect, between citizens and their information….

[9:00 a.m.]

I know there is a concern on the part of public bodies at times. I’ve heard it directly from a number of them — that they are concerned about disclosing certain information.

I know there is a concern on the part of public bodies, at times — I’ve heard it directly from a number of them — that they are concerned about disclosing certain information because people wouldn’t understand. That cannot be a basis for withholding information.

The one thing we do know is that most public bodies have communications arms. If there’s a concern about what a certain record or document means, they can explain that to the public. That’s part of the nature of the system. The information gets out there. Some may have a different interpretation of what it means. That’s the nature of living in a democracy. Again, it can be debated what a decision means or the rationale for a decision. That’s something that, again, if government or public bodies feel they need to explain the information, of course, they will, and they should.

In terms of, to come back to it, the data dump, as it’s described, I would be interested to hear specific examples of that from individuals. Most requests tend to be about a specific thing and generating specific kinds of information, and the answer comes back to if it’s about individual citizens and their own information. If they need assistance with that, there are places that they can go. But by and large, specific applications made, specific responses.

Sometimes it results in answers that may be of — well, I’ll say it straight out — embarrassment to the government or public body. That’s the nature of the system. That’s why it’s there: to cast transparency on what has transpired and allow the public to make a judgment about those things.

I don’t know if that answers or gets to the core of your question.

H. Yao: I hope you don’t mind. Absolutely. Because I’m just toying with some concepts in my head, so I apologize for it. One of the presenters was expressing concern about data dumps, basically. It’s hard for the public to navigate through. Then, I believe, another presenter from the journalists’ organization said that they’re professionally trained. They know how to sift through a lot of information if it’s a data dump. They’d rather see a data dump than nothing, because at least they have something to work with and be able to provide the proper story and proper information.

Of course, the goal is actually holding government accountable, so we want the access to information to be provided by an independent or third party, like with journalists being able to gather. That’s the reason why I was asking for information. But it’s okay. Maybe I’m too abstract in that question. I do apologize for that.

I do have a different question I would love to talk about. You had earlier talked about the only body that’s not FIPPA-required, which basically is the Legislature. If I remember correctly, that’s your comment, here.

M. McEvoy: Yes.

H. Yao: What kind of…? Are we talking about the administration here in this building? Is that including the MLAs’ emails, with communication with the public and with everyone else? What kind of information do you believe should be available? And of course, as you probably know, there’s a lot of redaction every time information goes out — when it comes to information.

Should there be an algorithm to automatically redact, so that that person can be protected? Or would that be better suited being gone through by, I guess, a personal effort to make sure that it’s redacted appropriately, based upon the needs of the public and protection of privacy?

M. McEvoy: To zero in on one aspect of your question: no. No MLA’s email would be looked at. What we are talking about here are the administrative functions of the assembly. As it is now, the definition of a public body excludes legislative officers. Specifically, that means it excludes the Clerk of your House and the Sergeant-at-Arms.

[9:05 a.m.]

If that were amended, it would ensure that the administrative functions — not the legislative operational functions — of those offices would be covered by the act. What does that mean in real, concrete terms? It means, for example, spending receipts of how those offices function; travel, for example, like it is for senior public servants. That’s what an amendment covering the assembly would get at — not at the workaday matters that you and other members of the assembly attend to. They would not be covered. Members are excluded from the act, and that would continue to be the case.

Can I just come back for a moment to an earlier question, because one of the things you talked about was education and citizens understanding rights. I should also mention, that’s one of the issues of concern to my office as well, in thinking about how our children are brought up in our society. They are digital citizens, as it were, something that didn’t exist 20 years ago.

It’s a focus that we have had in our office of working with educators, developing lesson plans to integrate into the school system to give kids a greater understanding of what their rights of privacy are, how to navigate this increasingly complex world. I think that’ll continue to be an emphasis as well — it’s very important — and allow us to be not just digital citizens, but I think good critical citizens as well, as we navigate this world.

I hope I’ve answered your question about the assembly. I think I want to be clear, again: it does not impinge or affect the work of MLAs but applies to the administrative functions that I’ve described to you.

H. Yao: Thank you so much for the clarification. It’s my lack of understanding, so thank you for the education opportunity.

I also want to follow up with you a bit more, because, like I say, I have a lot of questions. One of the arguments for Bill 22 earlier is the excessive backlog of information. Obviously, one of the continuous lessons we have learned from presenters is the 30-day quota is often broken by norm, not enforced by norm. People continue to have extension after extension after extension.

Many journalists say the information they received got delayed to the point that it’s no longer relevant news for them to explore, or people just feel like: “Why are we receiving information now?” In a way, it feels like it’s actually creating information barriers or controlled access.

I would love to hear your feedback and maybe, from your professional experience, what else our government can explore in regards to addressing this backlog issue. Of course, everybody’s talking about increasing staff, increasing work, increasing funding, which I understand maybe you want, to improve the situation.

But is there anything else you also see that…? I know one of our colleagues also mentioned that proactive information disclosure is also a great way to maybe have people asking less questions in order to actually find information right away. Instead of utilizing FIPPA, they should be able to directly access information.

I’d love to hear your feedback. Is there anything, in your perspective, which would actually increase efficiency and reduce this access backlog, so that way the public can access the information they request, within an appropriate time that’s been assigned?

M. McEvoy: That’s an excellent question. Again, at the heart of how an access-to-information system can and should work is the record management system itself of government. That, I think, government’s going to have to take a good hard look at, to make sure that those systems are fit for purpose, are able to meet the modern age.

You mentioned automated systems of redaction. These things are possible. It automates certain functions that would allow for the quicker response to access to information. Again, it all goes to systems of record management, and it’s something that the government needs to, I think, more carefully assess and analyze.

The timelines provided in the act are there for a reason, to ensure there is quick response to people’s applications. It doesn’t always happen. The complexity of some requests are such that it requires some extensions. There are provisions in the act that specifically allow, where those conditions exist, for extensions. Ultimately, for something much longer than 60 days, public bodies have to come to my office, and those are individually assessed.

[9:10 a.m.]

I do a timeline report card, as it were, on government every two years. We will be coming up to that, I think, in the coming months, to look at that issue again. That’s a really helpful exercise. It’s meant to assist government in making their response to access requests a quicker one — where there are problems or bottlenecks, to identify those and to work at those issues so that individuals, journalists, civil society groups and others are able to get responses to their applications in a much quicker time.

H. Yao: Perfect. Sorry. Can I keep on going to ask a question?

R. Glumac (Chair): I’ll put you back on the list.

H. Yao: Sure. Put me back. I apologize.

Thank you for your time.

R. Glumac (Chair): We’ll go to John.

J. Rustad (Deputy Chair): Thanks for the presentation and the information.

I must admit, I never paid a lot of attention to this act and to the components of the work about it. As you spend time in the Legislature, you get involved in many, many components, and you can’t necessarily touch on everything. But being on this committee has been very helpful in terms of the understanding of it.

One of the things that I’ve been asking everybody and that we’ve talked about — I mentioned it to you, when you first presented to us — is around this proactive disclosure, this idea of changing the way we look at data from one of asking for information to one of providing information, and your job being to see what can’t be released. I would recognize that that’s a pretty significant shift and one that I don’t think legislatures are quite ready to go to, because of the size of it. But the idea of proactive disclosure is still one that really appeals to me.

You had mentioned in your presentation, in one of your responses here, the idea that where there are repetitive requests, where there’s information that seems to be needing to be made available on a regular basis, that the government or the agency should make a list and then consider proactively releasing that information. I’m just wondering whether or not your office could play a role in developing an extensive list of information that should be considered for proactive disclosure, unless there are valid reasons not to.

I’m wondering whether or not that would be a good step towards a change to the act and a change to the process that would be far more along the lines of making all information available — except for what your job would be, which would be to say: “The following should not be made available.”

M. McEvoy: Thank you for the question.

Yes, we are always here to assist in that regard. I believe that we have, over time, done that — identified areas that we think generically apply across all government bodies, that are amenable to proactive disclosure. So contracts, I mentioned. Travel expenses. Calendars, which are frequently asked for. Those are issues that can and now often are proactively released by public bodies.

It’s also the case, though, that it’s a little challenging sometimes for our office to be sort of micromanaging those issues, because what might be something that is frequently asked for in Quesnel is not going to happen, necessarily, in Maple Ridge or downtown Vancouver or a school district in the East Kootenays. This is where, I think, public bodies themselves have to reflect on…. Rather than being told from above, “Here is a category subject to the things I’ve mentioned,” but: “Here are the things we’re getting frequently asked about here. Let’s take the step now of ensuring that those get released on a regular basis.”

For example, I mentioned travel. My office…. I think it’s the case with ministries, where senior deputy ministers and so forth disclose that information on a quarterly basis. Everybody knows it’s there. You know exactly where to go to get the information.

[9:15 a.m.]

Those are the kinds of things that all public bodies, I think, need to be thinking about. It’s a place where the minister — because the minister has been charged with the ability to direct these categories — can take additional steps through her staff as well. We’re quite prepared to work with them to look at where public bodies can proactively disclose categories of records, again, that are more frequently asked for. So I think, working together, we can…. If there’s a will — and that’s critical — to do this, it can be done, and make it more effective, I think, for citizens.

J. Rustad (Deputy Chair): Thank you for that. It’s a daunting task when you think about the magnitude of data. I understand where governments would sometimes be embarrassed about information being out there, which is why there are often extensive processes to go through. I’m not talking about this government. I’m talking about any government anywhere in Canada. Obviously, information is the first weapon in any fight, and politics is a fight between various sides. The interpretation of that information, of course, is being well documented by many writers and others over history.

Still, I’m a firm believer that as a society, we have the right to our information, which is why I keep pushing this issue. It just seems to me that we’re dealing with legislation that was designed for a different era to try to achieve openness and transparency and to try to achieve the ability for people to access the information. I just can’t help but think that if we were to design that information today, and if we were to remove the politics of the information, it would look quite different in terms of what we would design and in terms of making information available.

You talked a lot about the information, in particular, that’s considered the counsel advice to cabinet. Having been in cabinet and having seen the advice and stuff that comes forward…. Is it possible to make that fairly cut and dry and not to be open to interpretation in terms of what should be released and what shouldn’t be? It is one of those areas that I find, as governments get more and more worried about scrutiny and the revealing of information, they tend to become more secretive, as we have seen from the media’s perspective. Then you end up with an oral culture. You end up with things not necessarily being…. Records being created….

It creates this real challenge, because how do you actually create oversight in a structure that’s designed not to have oversight? How do you create oversight in a structure that has got cabinet confidentiality? How do you create the ability to be able to force a set of standards and rules that would have to be followed with regards to records that are created? What would actually be considered advice that should not be disclosed versus what needs to be disclosed and should be public record?

I’m wondering if you can provide some insight as to what kind of mechanisms we can put in place that would actually be able to make the disclosure more effective.

M. McEvoy: Yeah, that’s a very good question. Section 13, the advice and recommendations exception, was designed to be sort of a compromise, as it were, that addresses the issues that you’ve identified.

I think, at the very outset, the way that provision was interpreted…. Let me take, as an example, a briefing note that any member of this committee may have seen over the course of their time here. So the briefing note would indicate the issue. It would set out the background. It would describe options, and then it would have a recommendation at the end.

[9:20 a.m.]

The way section 13 was initially interpreted and the matters that the public would see if they made a request for such a document is that they would see the issue. The background facts would be disclosed. And in British Columbia, I would say, unlike Ontario, the public would see the options outlined.

What they wouldn’t see at the end of the day is the recommendation that a public servant may have made about that. The reason for that is this so-called ability of public servants and those in political office to be frank in their discussion around those recommendations. Ultimately, of course, government is answerable for the decision it makes, and that’s obviously debated.

What has happened over time is that not only were the recommendations withheld, but so were the options. And now what has happened is that the background is now disappearing in a sense. That is being allowed to be withheld, because over time the courts have interpreted that provision as saying: “Well, perhaps those facts shouldn’t be disclosed either, because just the way the facts are stated might imply what the recommendation might be.”

In my view, that is not what was intended by the legislation. In fact, if you look at section 13, you will see it actually makes provision for the things that must go out, including, I believe, the factual information.

Somehow, over the course of time, I’ve described that as misshapen. I think that’s what the committee has to set right, to ensure that at least the facts upon which government is making its decision — to be found, for example, in a briefing note — see the light of day so that the public can appreciate the issues that all of you in this Legislature are attempting to come to grips with.

Again, section 13 was meant as something of a compromise. Those recommendations that may be made by a public servant…. The servant’s view was that they should feel that they should be in a place of some comfort to make recommendations even though they may be seen as unpopular or whatever. Those are protected in the legislation, but what’s not protect, in our view, and shouldn’t be protected are the facts underlining the decisions that are being made.

I really would urge the committee, when they make their recommendations on this issue, to underline that fact and to ensure that the legislation is clear on that point.

R. Glumac (Chair): We are running short on time. It seems like we could definitely have spent more time with you today. But I’m going to ask…. I had a bunch of questions. A lot of it was touched upon. Let me just ask one, maybe, to dig into a little bit deeper.

We’ve had a lot of presentations from people, and you’ve touched upon this, where the time it takes to get information is much longer than they expect, often more than 30 days, more than 60 days. We’ve heard that a number of times. You said that your office does — like, every couple of years — a report on this.

Are you aware of any jurisdictions where this is handled in a timely manner consistently? It seems like a very difficult challenge. It’s a function of the number of requests and resources and everything else. It comes back to questions of if more information is proactively disclosed, then maybe more resources would be freed up. It’s a very complex thing. But just in terms of the amount of time it takes to get information, do you have any advice on how that could be made more timely?

M. McEvoy: One of the things that I should say is that there are many hundreds, if not thousands, of public servants across Canada, across the province, who attend to issues of access to information, who do absolute incredible service to citizens because they understand the importance of it.

[9:25 a.m.]

Many applications that are made for information, whether it’s about somebody’s own information or about general information, are answered in an expedited and very efficient and effective manner. I think it needs to be said that that is actually happening in the system now.

Where it is not transpiring, where those responses are not effective, are the areas that our office attempts to identify, either in a report card or provincial government. We have done some audits and investigations of some municipalities where we’ve identified some specific problems, and we’ve made some specific recommendations in those situations that are aimed at improving the responses to access requests by those public bodies. We will continue to do that, and we will continue to work with public bodies to improve those systems.

Again, I make mention of recordkeeping systems and record management systems. This is so fundamental. That’s an area I think is evolving, changing, where tech­nologies are available and can work to speed and process requests, in addition to matters like proactive disclosure.

Those things taken together…. In some cases, it does involve additional resources. That is actually very important, because systems of access to information are fundamental to systems of government. They are not add-ons. They are not things that are nice to have. They are important aspects of the way our democracy functions.

Where more resources have to be put in by public bodies, we certainly recommend that, and we will continue to do that and continue to work with public bodies throughout the province to make their systems work more effectively for citizens.

R. Glumac (Chair): I know there are more questions that we have from committee members, but we have run out of time. If committees members want to send those questions to the Clerk, we can send those to you for a written response, if that works. If the committee has an interest, maybe, in inviting you back for more questions, would you be open to that?

M. McEvoy: Of course. And it goes without saying that as the committee engages in its deliberations, we are here to assist. If there are areas that you feel need further clarification, please do come back to us. We will be here — our very effective team with me that can assist you with your work.

R. Glumac (Chair): That’s great. It’s much appreciated. Thank you for your presentation and for all your advice and responses today.

With that, committee members, a motion to adjourn.

From Henry and seconded by Tom.

Motion approved.

The committee adjourned at 9:27 a.m.