Complaint: The Canadian Security Intelligence Service (CSIS) refused to confirm or deny the existence of any files concerning the requester under subsection 10(2), noting that if they did exist, they would be withheld under several exemptions.

Investigation: The OIC learned that CSIS had contacted the requester and suggested he make a request under the Privacy Act for the information. In response, CSIS would list the searched personal information banks and in most cases confirm whether it had the information.

Outcome: The OIC reiterated the institution’s offer to the requester, and the requester agreed that it might resolve the matter. CSIS issued another response as though the requester had made the request under the Privacy Act.

Information Commissioner’s position:

• Requesters might not always understand the difference between making a request under the Access to Information Act and making one under the Privacy Act.
• In these circumstances, institutions can often provide requesters with the information they seek—and meet their duty to assist—by suggesting that their request be processed under the other Act, as was true in this case.