WxT Language switcher

Decision pursuant to 6.1, 2024 OIC 78

Date of decision: November 2024

Summary

An institution submitted an application seeking the Information Commissioner’s approval to decline to act on an access request under subsection 6.1(1) of the Access to Information Act. In the institution’s opinion, the access request constitutes an abuse of the right to make a request.

The Commissioner finds that the institution did not establish that the access request is an abuse of the right to make a request.

The application is denied.

Application

Under subsection 6.1(1) of the Access to Information Act, the head of a government institution may seek the Information Commissioner’s written approval to decline to act on an access request if, in the head of the institution’s opinion, the request is one or more of the following:

  • vexatious
  • made in bad faith
  • an abuse of the right to make a request for access to records.

Institutions may not decline to act on access requests for the sole reason that the requested information was already proactively published under Part 2 of the Act (subsection 6.1(1.1)).

The institution bears the burden of establishing that the access request meets one or more of the requirements under subsection 6.1(1).

If the institution establishes that one or more of the requirements of subsection 6.1(1) apply, the Commissioner must exercise her discretionary power to either grant or refuse the application.

In exercising her discretion, the Commissioner will consider all relevant factors and circumstances, including:

  • The quasi-constitutional nature of the right of access;
  • The public interest in the records sought;
  • Whether the institution met its obligations under subsection 4(2.1) to make every reasonable effort to assist a requester in connection with their request.

Access request at issue

On August 9, 2024, the institution sought the Commissioner’s approval to decline to act on an access request it had received on March 27, 2024. The access request is the following:

From November 1, 2023, to December 31, 2023, all emails in the Outlook application and chat messages in the MS Teams application, including attachments, of all employees, consultants, or contractors who work in [a specific office of primary interest (OPI)] (excluding the student position). Exclude communications that are related to human resources, are subject to solicitor-client privilege, or contain potential Cabinet Confidences.

According to the institution, the access request is an abuse of the right to make an access request.

Is the request an abuse of the right to make a request to access records?

The Act provides requesters with a significant statutory right to access information under government institutions’ control. However, all rights come with responsibilities. The right of access must not be abused.

An abuse of the right to make an access request occurs when a requester uses their right of access in an abusive or inappropriate manner.

This may be the case when a request is directed towards a purpose other than obtaining documents or information. It may also be the case when a request is contrary to the public interest in that it overburdens an institution, hinders other requesters’ rights of access, and / or unnecessarily increases the costs and time spent by institutions to meet their statutory obligations.

The factors listed above are not exhaustive; other relevant factors may be considered depending on the circumstances of each case. Whether an access request amounts to an abuse of the right of access must therefore be assessed case-by-case.

The institution argues that the access request at issue constitutes an abuse of the right to make a request to access records as the broad scope of the access request would result in a very time-consuming exercise for employees. The institution further argues that the normal activities of its employees would be disrupted, as they would have to shift their attention away from their operational obligations. It would also affect its employees’ ability to meet their obligations to other access requesters.

Volume of records

The institution estimates that the access request will generate over 8,200 emails to process. This estimate is based on data from the servers provided by its IM/IT unit. Using the conservative ratio of 16 pages per MB of data, the institution estimates that the access request would result in over 75,800 pages, and that based on federal government's guidelines, it would take the department approximately 12.6 years to process.

The institution also mentions that MS Teams chat results are not included in the estimated page count because, when extracted from the server, each chat entry is recorded as a single document, and it is not known how accurate the estimate would be. Therefore, the estimated timeframe does not include the time required to process the volume of MS Teams chat messages.

Efforts to assist the requester

The institution argues that its Access to Information and Privacy (ATIP) office made multiple attempts to work with the requester to meaningfully assist them in clarifying and refining the scope of the request so that the request could be responded to without causing the institution undue strain over an extended period of time.

The institution’s ATIP office canvassed various options with the requester, such as asking them to identify the subject matter or substance of the information sought, include only specific positions within the OPI, narrow down the time period, exclude certain types of records, and limit where to search.

The institution indicated that as a result of these efforts:

  • on March 28, 2024, the requester confirmed that they would not provide a subject matter for their request;
  • on April 14, 2024, the requester agreed to exclude records from the sole student working at the OPI;
  • on April 15, 2024, the requester agreed to reduce the time frame from approximately 6 months to 2 months;
  • on April 15, 2024, the requester agreed to exclude communications that are related to human resources, are subject to solicitor-client privilege, or contain potential Cabinet Confidences.

On May 2, 2024, the institution’s ATIP office offered a final opportunity to the requester to further narrow the scope of the request. On May 13, 2024, the requester replied via email indicating that they remained firm on the scope of the request and indicated that the institution should "move forward with the already-rescoped request."

Based on its prior interaction and the requester's last email, the institution’s ATIP office concluded that the requester would not agree to further reduce the scope of their request.

Impact on the OPI

The institution further argues that a request of this size would create significant challenges for the department and would severely impact the OPI’s ability to advance the department’s mandate.

The institution mentions that the OPI has limited resources to process this request. With only 14 employees, full-time work by several members of the OPI would be required to gather the records and to provide ongoing recommendations regarding the disclosure of the records. The ATIP office would need to consult the OPI on an ongoing basis to obtain their subject matter expertise regarding the disclosure of the records. It is estimated that this request will require 200 days of full-time equivalent work within the OPI. When vacation and other leave are taken into account, this is tantamount to committing one employee to this request on a full-time basis for a 1-year period.

According to the institution, this would severely hinder the OPI’s ability to meet its mandate and would hinder and delay the implementation of the institution’s mandate with regard to sexual orientation, and gender identity or expression, and the Government of Canada’s implementation of the federal 2SLGBTQI+ Action Plan.

Impact on the ATIP Office and others’ right of access

The institution also argues that a request of this size would cause undue strain on its ATIP office over an extended period of time and would hinder other requesters’ right of access and/or unnecessarily increase the costs and time spent to meet its statutory obligations under the Act.

The institution mentions that it is a small department with 439 employees and with an ATIP office team of only 4 employees. During the last fiscal year, its ATIP office processed approximately 12,000 pages of records (comprised of Access, Privacy, Consultations and Proactive Publication review). Using these figures as a baseline, if this was the only request the ATIP office had to work on, it would take its entire ATIP office more than 6.3 years to process this request.

As such, the institution argues that its ATIP office does not have the capacity to take on this volume of work without severely impacting its ability to respond to other access requests and to meet its other obligations to ensure departmental compliance with both the Act and the Privacy Act. The time, resources and effort needed to search, identify, retrieve, and process the responsive records will adversely impact the right of access of other individuals and unreasonably interfere with the operation of its ATIP office.

Discussion

Whether an access request would overburden an institution rests on an objective assessment of the facts. The assessment varies depending on the nature of the access request, the size and type of operations, the work required to act on the access request and the impact on operations. In some cases, acting on an access request that overburdens the institution, will interfere with the ability of others to legitimately exercise their rights of access. In those instances, the institution must also demonstrate the link between the overburdening and the interference with others’ right of access.

In their response to the institution’s application, the requester argues that the estimated number of records is not credible because the institution fails to consider the likely large number of duplicate records, email chains, and carbon-copied emails between team members of the OPI. The requester also claims that duplicates alone will reduce the entire access request page volume by 50 to 75%. The requester also argues that the institution fails to consider the exclusion of records containing potential Cabinet Confidences, solicitor-client privileged records, and records related to human resources matters, which will reduce the total number of records and pages.

Although the Commissioner agrees that the institution’s response to the access request would exclude duplicates and emails that are subject to the solicitor-client privilege or related to human resources and Cabinet Confidence, she accepts that it was appropriate for the institution to include these emails in its estimate for the purposes of this application. The institution’s estimate includes the number of records required to be acted on, not just the number of records that would be included in the response to the access request. In order to determine whether an access request amounts to an abuse of the right of access, the efforts required to sort documents, and remove duplicates and excluded records may be considered.  

The requester also disagrees with the institution’s evaluation of its capacity and estimated timeframe to process the access request. The requester argues that the Commissioner accepted the daily page processing estimate of 250 pages per employee in 2023 OIC 47. Based on this ratio, in the requester’s opinion, the institution’s ATIP office should be able to process 250,000 pages of records per year.

The Commissioner would like to bring to the requester’s attention that, in her previous decision 2023 OIC 47, she did not accept a daily page processing ratio of 250 pages per employee. This estimate was provided by the institution, and related to the capacity of its quality-control office, which is separate from its ATIP office. The quality-control office does not perform tasks like applying exemptions and consulting third parties and other institutions.  

That said, the Commissioner is not convinced of the accuracy of the institution’s evaluation of its capacity to process the request. According to the institution, its ATIP office, which is composed of 4 employees, has the capacity to process 12,000 pages per year. This is equivalent to processing 250 pages per month per employee. This appears to be too low, particularly since this number includes duplicates and pages that will be excluded as being out of scope.

Moreover, as the requester pointed out, the institution’s ATIA Annual Report to Parliament 2022-2023 seems to indicate that it has sufficient remaining capacity to process this request. As indicated in the report, the institution processed 6890 pages under the Act in 2022-2023, and 700 pages in 2021-2022. The Commissioner is aware that the institution’s ATIP office must also process pages of records under the Privacy Act, for consultations and proactive publication review. That said, these numbers do not strike her as being very high for 4 employees. This case is different from the case she examined in 2023 OIC 47, in which she granted the application as the institution successfully demonstrated it had a significant backlog of requests and diminished capacities. The institution has not provided any evidence of backlog nor sufficient justification as to how acting on the request would contribute to its diminished capacity.

Furthermore, the institution did not provide any explanation to contextualize the records, including any information regarding the nature and complexity of the records that would support its position that acting on the request would overburden its already limited capacity within the ATIP office. The Commissioner recognizes that institutions may not have retrieved the records before submitting an application under section 6.1, and thus that they may not know the exact nature of the records. That said, institutions should be able to anticipate the type of records that the access request would yield. In 2023 OIC 47, the institution was able to demonstrate, after the preliminary assessment, that the access request would yield complex records involving consultations with third parties and other governments. In the present case, the institution has not explained whether it considered the type of records that may be deemed relevant during its preliminary assessment, including the expected work needed to process the records. Thus, it is unclear whether the records at issue are anticipated to require lengthy consultations with third parties, for example, or whether they are “benign and require no internal or external consultation” as the requester claims.

Finally, the Commissioner finds that the institution did not provide sufficient information regarding workload and competing priorities to justify the expected response time beyond claiming that it had calculated that it needed more than 6.3 years to process this request if it were the only access request its ATIP office had to work on, and more than 12.6 years when considering other requests. The institution did not demonstrate that it had considered the normal workload of the OPI’s employees, and how searching for, retrieving, and reviewing records, as well as providing recommendations on them would affect their normal workload and undermine their work objectives.

Having considered all the representations and evidence submitted by the institution and the requester, the Commissioner finds that the institution did not provide sufficient evidence to allow her to conclude that acting on the access request would overburden its operations and hinder other requesters’ right of access.

The institution’s claim that the request would cause undue strain to its ATIP office over an extended period of time and would hinder other requesters’ right of access is not supported by sufficient evidence. The Commissioner acknowledges that the estimated number of responsive records is high, however, this alone does not justify an application for approval to decline to act on an access request.

For the reasons set out above, the Commissioner concludes that the institution has not demonstrated that the access request constitutes an abuse of the right to make a request.

Decision

The institution has not established that the access request met one or more of the requirements of subsection 6.1(1).

Therefore, the application is denied.

Date modified:
Submit a complaint