In 2012, the then-Privacy Commissioner of Canada, Jennifer Stoddart, gave a speech called “Open Government and the need to balance institutional transparency with individual privacy”. While her remarks focussed largely on privacy rights (not surprisingly, considering her role), Ms. Stoddart did make it clear that privacy and access to information are “two values which are essential to democracy”.
Too often, however, government institutions are guilty of using privacy concerns as a shield against open government. Stating “privacy concerns” is a way for government institutions to avoid scrutiny, in the same way that “I don’t comment on matters before the courts” is an easy dodge for politicians looking to avoid controversy on constitutional issues.
In its recent decision Rodrigue v. Deputy Head (Department of Veterans Affairs), the Public Service Labour Relations and Employment Board saw through a department’s protestations about privacy concerns (expressed, no doubt, through a waterfall of crocodile tears) and reinstated an employee who brought important information to light about the department’s services for veterans.
The grievor was a case manager at Veterans Affairs. Her manager was sometimes late with files. In October 2012, a veteran awaiting services from the department ended up in Emergency; this upset the grievor so much she was off work for medical reasons until December 2013. She submitted an application to the Commission de la santé et de la sécurité du travail du Québec (CSST) to receive disability benefits during her sick leave. According to the CSST, the October 2012 incident was not a “work accident”. The grievor appealed to the Commission des lésions professionnelles (CLP). To prove her case, the grievor decided to find documents showing her manager’s tardiness.
The grievor’s union representative therefore requested the sheets and decision registers that her manager had verified on December 4, 2013. The CLP hearing was scheduled for January 16, 2014. The department did not process the request in time for the documents to be used at the CLP hearing. One of the department’s witnesses complained that he had not received the request “compliant with the department’s rules”, and that in any event “that type of request would easily take 30 days, if not longer”.
Let’s stop the narrative here for a minute. First, the Access to Information Act states that a request for access to a record need only be “made in writing” and “provide sufficient detail to enable an experienced employee of the institution with a reasonable effort to identify the record”. The Access to Information Regulations go further and state explicitly that a requester can either use the federal government’s Access to Information Request Form or provide a written request with sufficient details to identify the record. You don’t have to use the Form. Second, the Access to Information Act requires a government institution to provide access to the requested record within 30 days. The government institution may extend that time limit in some limited circumstances, but only if they do so within the initial 30-day window. Why, then, would an information and privacy officer within a department admit that this type of request routinely takes more time than permitted under the Access to Information Act? While it’s common knowledge that the Act’s timelines are routinely extended or ignored, it is interesting to see someone admit, under oath, that this is the case.
Back to the narrative. The grievor decided to take matters into her own hands. She went through some boxes and found copies of two intervention plans that showed the time elapsed between the plan’s submission and her manager’s response. She brought those two plans to the CLP hearing. She gave a copy of the two intervention plans to the employer’s lawyer; however, the employer objected to that evidence. The parties discussed the matter, and the employer agreed to acknowledge the dates on which the emails and responses containing the intervention plans were sent. The plans themselves were never shown to the CLP; the only people who saw the plans were the grievor, the employer’s lawyer, and a lawyer friend of the grievor who accompanied her to the CLP hearing. The grievor’s union representative saw the emails but not the plans themselves.
The department decided to terminate the grievor, for cause, as a result of this unauthorized disclosure of a clients’ personal information. The Board, after hearing this case, reinstated the grievor with full back pay.
The Board was particularly concerned because, in another case in April 2014, the employer adduced an unredacted medical file of a client in another CLP case. The employer did not fire anybody involved in that incident. The Board held that the “rules must apply to everyone”, and that this was evidence of a “double standard”. Case over; the grievor was reinstated.
The Board was careful not to condone breaches of privacy, with Board Member Marie-Claire Perrault stating: “I do not take lightly departments’ obligations to protect personal information. I also believe that the employer has the right and obligation to implement protocols to ensure compliance with the provisions of the Privacy Act”. I wonder, however, whether there was something deeper going on in this case. I wonder whether the Board is indicating that open government – that is, the disclosure of important information about service standards – is just as important a value as privacy. The Board clearly concluded that not every breach of privacy is a firing offence; however, I wonder whether the real message is that privacy rights should not be used as a tool to punish whistle-blowers who are trying to expose government wrongdoing.