Decision pursuant to 6.1, 2023 OIC 48
Date of decision: October 2023
Summary
An institution submitted an application seeking the Information Commissioner’s approval to decline to act on an access request under subsection 6.1(1) of the Access to Information Act. In the institution’s opinion, the request is both an abuse of the right to make a request and vexatious. The institution further claims that it met its duty to assist the requester prior to seeking approval to decline to act.
The Commissioner finds that the institution showed that it fulfilled its duty to assist the requester prior to seeking approval to decline to act. The institution, however, did not establish that the access request is either an abuse of the right to make a request or vexatious.
The application is not granted.
Application
Subsection 6.1(1) provides that the head of a government institution may seek the Information Commissioner’s written approval to decline to act on an access request if, in the opinion of the head of the institution, the request is vexatious, is made in bad faith or is otherwise an abuse of the right to make a request for access to records. The institution bears the burden of establishing that the request meets one or more of the requirements under subsection 6.1(1).
The right of access to information under the control of a government institution has been recognized as quasi-constitutional in nature (Blood Tribe (Department of Health) v. Canada (Privacy Commission), 2006 FCA 334 at para 24; see also Canada (Information Commissioner) v. Canada (Minister of National Defence), 2011 SCC 25 at para 40). Bearing this in mind, approval to decline an access request will only be provided if there is clear and compelling evidence to support the institution’s position that the access request is vexatious, made in bad faith or is otherwise an abuse of the right to make a request for access to records. (See, for example: Saskatchewan (Advanced Education) (Re), 2010 CanLII 28547 (SK IPC) at paras. 43-47; Northwest Territories (Public Body) (Re), 2017 CanLII 73304.)
If the institution does establish that one or more of the requirements of subsection 6.1(1) apply, the Commissioner must further determine whether the circumstances warrant exercising her discretionary power to grant the institution’s application to decline to act on the request.
On April 14, 2023, the institution sought my approval to decline to act on an access request received on February 22, 2023, and clarified as follows on March 27, 2023:
“Emails (excluding attachments) from the mailboxes (all mailbox folders including: inbox, outbox, emails filed for deletion, etc.) of [three] employees containing any of the following terms in the subject or body: “fraud”, “harass”, “incorrect”, "overpayment", “flexibilities”, "garnish", “unfair”, "kids", “illegal”, “union”, "labour relations”, "vacation", "flight", "lol", "omg", "lmao", "dumb", "annoying", "incompetence", "theft" Time period: please include records from January 01, 2021 to present (March 27, 2023).
HR file of [an employee], please include the following subjects: pspm application file, pay file, staffing file, labor relations file. Please include all relevant materials since the commencement of their employment with [the institution].”
It is this request which the institution submits is both an abuse of the right to make a request and vexatious.
Did the institution meet its obligation to assist the requester?
Before seeking the Commissioner’s approval, institutions should ensure that they have met their duty to assist obligations under subsection 4(2.1).
Subsection 4(2.1) sets out a general duty to assist requesters. The scope of this duty is broad, requiring that an institution make “every reasonable effort” to assist a requester with their request. The duty to assist may include helping a requester: clarify their access request; narrow its scope in order to facilitate a more timely response to records sought; and provide information needed to enable an institution to identify requested record(s).
What will constitute “every reasonable effort” to assist a requester with their request in any given case will depend on the relevant facts and circumstances. In turn, whether an institution has met its obligations under subsection 4(2.1) is fact dependent and must be assessed on a case-by-case basis.
In the present instance, the institution maintains that it met its obligations under subsection 4(2.1) prior to seeking the Commissioner’s approval to decline to act. In support of its position, the institution explains that, after receiving the request on February 22, 2023, it engaged in numerous communications with the requester in order to seek clarifications regarding records sought and afford the requester opportunities to narrow the request to facilitate a more timely response.
The institution also states that it assisted the requester by explaining the extent to which the requester should expect that requested information and / or records (i.e. in particular, information within the requested HR file of a named employee working in the “HR to Pay” division) would be redacted based on the Act’s “personal information” exemption. It also queried whether, bearing this in mind, the requester wished to continue to request information about individuals other than themselves.
The Commissioner notes that through these efforts, and with the cooperation of the requester, the initial wording of the request was significantly amended, so that by March 27, 2023 the requester had agreed to:
- reduce the number of keywords listed in the request (i.e. from 50 to 20);
- limit the time period for the requested emails (i.e. from January 1, 2021 to March 27, 2023);
- no longer seek attachments to emails or records encompassed by a separate access request; and
- list examples of the types of HR records sought.
Thereafter, the institution did not further communicate with the requester, but instead submitted the current application for approval to decline to act.
The requester maintains that the institution could have made additional efforts to assist them in connection with the request prior to seeking approval to decline to act. More specifically, the requester states that the wording of the revised request, for which the institution is seeking permission to decline to act, was in fact based on recommendations made by the institution’s officials and that had the institution indicated that there were continued issues with the request, they would have been more than willing to entertain further revisions. In turn, the requester argued that the institution’s section 6.1 application ought to be dismissed on the grounds that it is premature and that, in keeping with the institution’s duty to assist obligations, it should engage in further deliberations with the requester regarding the scope of the request.
Having considered the matter, the Commissioner is not prepared to dismiss the application as premature. Based on the material before her, while the requester may have agreed to further revisions of the request’s wording, it was reasonable for the institution to conclude that the requester did not intend to abandon portions of the request (including a named HR to Pay employee’s HR file), which the institution submits are abusive and / or vexatious.
In the circumstances, the Commissioner finds that the institution did make every reasonable effort to assist the requester with their request and was not obliged to continue to seek to narrow and / or re-scope the request prior to seeking her approval to decline to act.
Is the request an abuse of the right to make a request to access records?
The Act provides requesters with a significant statutory right to access information under government institutions’ control. However, all rights come with responsibilities. The right of access must not be abused.
An abuse of the right to make an access request occurs when a requester uses their right of access in an abusive or inappropriate manner.
This may be the case when a request is directed towards a purpose other than obtaining documents or information. It also may be the case when a request is contrary to the public interest in that it overburdens an institution, hinders other requesters’ rights of access, and / or unnecessarily increases the costs and time spent by institutions to meet their statutory obligations.
The factors listed above are not exhaustive; other relevant factors may be considered depending on the circumstances of each case. Whether an access request amounts to an abuse of the right of access must therefore be assessed case-by-case.
In the present instance, the institution argues that the requester (who is or was an employee), has had pay issues and that they are using the Act, rather than “proper channels” (i.e. by filing informal or formal complaints), to address those issues. The institution maintains that the request is an abuse of the right of access mainly because the request inter alia:
- is privacy invasive, designed to target personal information and “research” named employees which could lead to wide exposure of that individual’s personal information to other employees in conducting the searches.
- is contrary to the Act’s purpose as it seeks to obtain “personal information” of individuals other than the requester which the Privacy Act protects and renders inaccessible / undisclosable;
- would establish a “precedent” that would “open the door to the idea that anyone could pursue the processing of an HR file through an access request in an effort to conduct research on a person” and that this would be contrary to the institution’s obligations under the Privacy Act.
- would strain its ATIP Office's resources and hinder its ability to manage other requests due to its extensive processing time, particularly for the HR file portion under a litigation hold.
The institution also argued that this request is a second attempt by the requester to find evidence of harassment against other employees. The Commissioner notes that she accepted the institution’s application for permission to decline to act on the first of these requests.
The requester, for their part, maintains that the purpose of the request is to access government records related to public servants and that this is not contrary to the Act’s purpose. Although the requester recognizes that the records may need to be severed, they state that this is “completely normal” and does not render the request an abuse of the right to make a request.
The requester denies the relevance of their previous request, for which the institution successfully obtained the Commissioner’s approval for permission to decline to act, maintaining that the current request is markedly different from the first. The requester states that they have made every concession possible to accommodate concerns raised by the institution’s ATIP staff, including by reducing the request’s scope and using examples of requested records and wording recommended by ATIP officials.
According to the requester, other government institutions have processed similar requests, undermining the institution’s claim that the request would set a precedent of allowing a request for a named individual’s HR records.
Finally, the requester submits that the institution has not substantiated its claims that the request would negatively impact its ability to handle other requests and questions the institution’s position that the search and retrieval of responsive records would be privacy invasive and / or increase the risk of a violation of privacy.
After reviewing the parties' submissions and supporting documents, the Commissioner finds that the institution has not demonstrated that the request constitutes an abuse of the right to make a request under the Act.
It is important to note that a request under the Act is not limited to one's personal information, and seeking information related to government institution officers or employees is not inherently abusive, inappropriate, or contrary to the Act.
The institution provided insufficient evidence to support its claim that the request has a purpose other than obtaining documents or information. Additionally, the institution cannot assert that most, if not all, of the requested documents are incapable of disclosure, rendering the request futile or a waste of time.
While requests for records involving named officers or employees' HR records may result in limited information disclosure due to redaction, this alone does not establish an ulterior purpose for the request. Similar requests for HR records have been made to institutions before, and it does not introduce a novel form of request.
It is worth noting that this application differs from the institution’s previous application to decline action on an earlier request by the same requester. In the previous application, the institution demonstrated that the request was overly broad, posed an undue burden on the institution, and impeded the rights of other requesters. However, the current request is narrower in scope, and the institution failed to substantiate its claims about negative impacts, burdens, or impediments.
The institution did not provide sufficient information regarding the volume of records, expected response time, workload comparisons, competing priorities, processing costs, or the effect of a litigation hold on HR records. Furthermore, the institution did not explain how retrieving records related to their responsibilities would compromise privacy or disclose personal information, and the possibility of a centralized search or designated individual search was not adequately addressed.
Based on the above reasons, the Commissioner finds that the institution has not established that the request amounts to an abuse of the right to make a request for access to records, as claimed.
Is the access request vexatious?
The term “vexatious” is not defined in the Act. In the context of an access request, the term is generally taken to mean a request filed primarily to embarrass, to harass, or to cause annoyance or trouble. However, determining whether a request is vexatious is a fact-dependent exercise that must be undertaken case by case. For this reason, it is best not to strictly define this term (Canada v Olumide, 2017 FCA 42).
Even seemingly legitimate access requests can be vexatious if they are primarily brought, knowingly or unknowingly, for improper purposes, such as inflicting damage or wreaking retribution upon a government institution. A request may also be vexatious if it is made or pursued in a vexatious manner.
While section 6.1 specifies that it is the access request, as opposed to the requester, that must be vexatious, the circumstances surrounding a request and the behaviour of a requester may be relevant if they demonstrate an improper purpose underlying the request. In such circumstances, a request will be vexatious if there is a clear link between the request itself and the vexatious behaviour.
The institution’s submissions in support of its position that the request is vexatious were substantially similar to those advanced when claiming that the request is an abuse of the right of access. In turn, the requester made similar submissions when denying the vexatiousness of the request.
The institution’s submissions and supporting documentation did not establish that the request is primarily directed towards a purpose other than obtaining access.
As previously stated, the institution did not establish that processing the request would be invasive of privacy and / or risk personal information being disclosed. It did not show that the request would overburden the institution, nor did it establish that the request would not result in the disclosure of any information. In turn, it cannot be reasonably inferred that the request must be motivated by a purpose other than access based on such grounds.
For reasons previously explained, the Commissioner does not agree that a request directed towards obtaining information relating or pertaining to officers or employees of a government institution, is invariably improper. While the request may ultimately not result in the disclosure of significant information, the institution did not establish that the request is motivated by a purpose other than to obtain access to information capable of being disclosed.
The institution’s submissions and supporting documentation did not show that the requester is using the Act to cause individuals’ discomfort or harm. Although the requester previously sought records pertaining to the three named HR to Pay employees, that request did not proceed. There is therefore no evidence of the requester having submitted repeated requests that target information about particular individuals, from which the Commissioner might reasonably infer that the request is motivated by a purpose other than access.
The materials submitted by the parties evidence that the requester throughout has been cordial and cooperative with the institution’s ATIP officials, attempting to work with them to ensure that the request was framed in a manner that would be accepted by the institution. No inference can be drawn based on the requester’s behaviour that the purpose of the request is directed towards an objective other than access. Neither the circumstances surrounding the request nor the behaviour of the requester demonstrated an improper purpose underlying the request.
Accordingly, the Commissioner finds that the institution has not established that the request is vexatious.
Decision
The institution has not established that the access request met one or more of the requirements of subsection 6.1(1).
Therefore, the application is not granted.