Access at issue: Nine recommendations regarding the processing of access requests at National Defence Special Report to Parliament from the Office of the Information Commissioner of Canada introduction I initiated this investigation into DND’s overall processing of access to information requests further to serious allegations made during the pre-trial hearings of Vice-Admiral Mark Norman, together with findings that I had made in an earlier investigation involving the Office of the Judge Advocate General, that DND had inappropriately withheld information in response to a request. The concerns raised by these findings and allegations warranted immediate action and compelled me to investigate further. This report reviews nine distinct issues that I found were having a significant impact on DND’s ability to process access requests. Information also came to my attention during the investigation that, in my view, was evidence of the possible commission of an offence under the Act during the processing of an access request related to Vice-Admiral Norman. Since I do not have the authority to investigate such offences, I disclosed this information to the Attorney General of Canada in February 2019. In pursuing this investigation and releasing this report, I seek to give not only the DND clear direction on steps they can take to improve how they process access requests but also to other large, decentralized institutions that are subject to the Act. As the government begins to recover from the impact on operations of the pandemic, and looks to how it will work in the future, my findings should have added relevance to institutions across government. It will be imperative, going forward, that all institutions follow sound information management practices and make smart use of technology. With this special report to Parliament, I share the results of my recent systemic investigation into how the Department of National Defence (DND) processes and responds to access to information requests. Senior leadership is key to influencing corporate culture change, information management practices and internal communications protocols in order to ensure compliance with the Act. Indeed, as a result of my investigation, the Minister of National Defence and his deputy minister are now aware of some of the tools and practices needed to support and deliver on their access to information responsibilities. These leaders should see it as their responsibility to champion a new approach, and to adopt these tools and practices in order to effect the necessary changes within the department – Canadians expect as much. I note that collaboration at the working level during my office’s investigations is very important, and throughout this investigation DND officials showed a genuine willingness to address gaps in their access to information procedures. Such improvements are essential to helping ensure that Canadians’ ability to exercise their quasi-constitutional right to access government information is not compromised. Caroline Maynard Information Commissioner of Canada 2   Special Report to Parliament ACCESS AT ISSUE the dnd systemic investigation The investigation focused on the six offices of primary interest (OPIs) most frequently tasked with responding to access to information requests for the Department of National Defence (DND)1 between January 1, 2017 and December 21, 2018. Over the course of several months, OIC officials interviewed the six OPIs and DND’s Directorate of Access to Information and Privacy (DAIP) to better understand how DND responds to access to information requests. DND shared various internal tasking documents, manuals, processes and procedural guides, training materials, statistics and dashboard information regarding DND Access to Information and Privacy (ATIP) compliance. Based on this information, the Commissioner identified issues and shared her findings with the Minister of National Defence, who agreed that significant improvements were needed to ensure that the institution was fully meeting its obligations under the Act. In order to remedy existing shortcomings, DND proposed several improvements which were then either accepted or built upon by the Commissioner. In January 2020, the Commissioner issued her recommendations to the Minister of National Defence who agreed to take corrective actions. It is important to note that the following report is a synopsis of the issues and recommendations made throughout the investigation. In the spirit of transparency, the letters between the Commissioner and the Minister of National Defence, in which she outlines her findings and wherein he agrees with the recommendations, are appended to this report. “ Transparency in government is crucial to maintaining trust between citizens and their government.” – Information Commissioner A critical phase for the access to information system 1  W hile the investigation concerns both DND and the Canadian Armed Forces, for ease of reference and since they share the same Access to Information and Privacy units, the report will only refer to DND throughout. 3   Special Report to Parliament ACCESS AT ISSUE nine areas of focus The Commissioner identified nine specific issues that had a significant impact on DND’s ability to properly process and respond to access requests. DND is currently in the process of implementing these recommendations and the OIC will monitor the progress of their implementation over the course of future investigations into access request complaints against DND. Splitting and re-scoping requests Reference material for tasking Determining whether a search for records was reasonable Lengthy delays in the consultation process 4   Special Report to Parliament 1 2 3 4 5 Paper-based transmission of documents slows the ATIP process down 6 Mandatory training for those involved with access to information requests 7 TLO’s competing priorities affect their access request duty 8 Lack of TLO experience 9 OPI’s awareness of their responsibilities under the Act ACCESS AT ISSUE information commissioner’s recommendations 1. Splitting and re-scoping requests The investigation examined how access requests are handled when they are first received by the institution. Specifically, it looked at how and when OPIs were tasked with responding to requests, as well as DND’s practice of splitting or re-scoping requests because the subject was too broad, covered different topics, or encompassed a period of time that was too long. Staying true to the original scope of the request is paramount, yet DND lacked appropriate “check back” procedures with requestors to ensure that the original intent of the request was being honoured after it had been split or re-scoped. This created a risk that relevant records might be missed. Response DND committed to: • Develop a standard operating procedure (SOP) that includes a “check back” step to ensure that the original intent of the request is met • Implement the new SOP by March 2020 Commissioner’s Recommendations • Establish clear criteria to safeguard the original intent of the request during the proposed “check back” step • Share the SOP with OIC by April 2020 In April 2020, the OIC received DND’s new SOP. 5   Special Report to Parliament 2. Reference material for tasking The decisions and actions taken when an access request is first received are pivotal to the successful management of a request. At DND, requests were often tasked by ATIP shops to one or more OPIs across the institution, based on their own individual knowledge of the program areas within the institution. As DND’s history and operations span various program areas and locations around the world, entire program areas may have been overlooked and relevant documentation and records may have been missed and/ or not requested in the first place. This investigation found that employees responsible for coordinating responses to requests within OPIs (called Tasking Liaison Officers (TLOs) at DND) had very little reference material available to them to help identify and determine relevant program areas. Response DND committed to: • Develop and maintain a reference document listing that explains the programs and mandate of each branch/OPI, as well as key areas of interest Commissioner’s Recommendations • Create and maintain reference documents, with a common format, about departmental programs to assist TLOs • Add maintenance of these documents to the responsibilities of the TLOs ACCESS AT ISSUE information commissioner’s recommendations 3. Determining whether a search for records was reasonable Successful record searches require attention to detail to ensure a reasonable response to an access request. Employees with responsibilities for access to information must carefully plan and record their efforts to obtain responsive records. The investigation found that the lack of information on how a search for responsive records was conducted makes it extremely difficult to determine whether a reasonable search was done. In addition, not collecting sufficient information about the actual search does not ensure accountability and, ultimately, did not allow DND’s ATIP team to properly question whether the OPI’s search was thorough and complete. “ Ministers and deputy ministers must ensure that they and their officials generate, capture and keep track of records that document decisions and actions.” – Information Commissioner Access to information in extraordinary times 6   Special Report to Parliament Response DND committed to: • Expand the scope of internal tracking documentation to provide a more complete picture of the elements of the OPI’s search for relevant records • Develop more training and materials for both uniformed and civilian employees that stress the duty to assist the requester • Provide justifications for “nil” record reports to senior level department officials to ensure senior level oversight Commissioner’s Recommendations • Develop quality records return forms and documentation about how the search was conducted (e.g., OPI guidance checklist) • Ensure that return forms include information about the OPIs tasked (including the rationale for the selection of certain program areas), who conducted the search and their contact information, where the search was conducted, and any reasons for an absence of records • Sustain an internal challenge function (i.e., a review process conducted by DND’s access request team) to improve compliance and accountability ACCESS AT ISSUE information commissioner’s recommendations 4. Lengthy delays in the consultation process When an information request is received, it may generate consultations within an institution about relevant documentation and, occasionally, about whether some sensitive information should be withheld. This investigation found that internal consultations at DND involved too much “back and forth” (e.g., e-mail or correspondence exchanges in which the disclosure of information was deliberated) which contributed to excessive delays in responding to access requests. Response DND committed to: • Encourage the use of face-to-face and teleconference discussions rather than emails and letters • Pilot a process to increase communication with requesters on the timing and the appropriateness of legitimate extensions • Keep open lines of communication with the requesters to manage their expectations and ensure that they understand the process (e.g., reasons for delays) • Issue a guidance document to provide OPIs with reasonable, but specific, timelines • Release partial information where appropriate and/or helpful Commissioner’s Recommendations • Ensure that consultations and discussions are as efficient as possible by providing OPIs with a reasonable, but specific, timeframe to respond to request and consultations 7   Special Report to Parliament 5. Paper-based transmission of documents slows the ATIP process down At DND document exchange is mainly paper-based. As a result, records sent via internal mail by OPIs have to be scanned and uploaded to the DAIP’s central records management system. Response DND committed to: • Complete a SharePoint pilot regarding electronic transfer of classified documents • Explore the feasibility and availability of a range of solutions to facilitate secure digital transfer of unclassified and Protected B documents • Improve the department’s internal mail service by introducing in‑person delivery at DND Headquarters • Improve policies and processes to support the management of access requests Commissioner’s Recommendations • Explore technological options and paperless systems that provide secure electronic transfer of records within the classified systems of the department to reduce the risk of lost or damaged records and facilitate information management • Review DND’s policies and practices to better support the processing of access requests, reduce response time, and ensure that records are transferred securely ACCESS AT ISSUE information commissioner’s recommendations 6. Mandatory training for those involved with access to information requests DND is Canada’s largest federal institution and its employees are located around the world. As a result, sharing information and providing core training across to all employees is challenging. While DND’s access request team had been working with its different OPIs to ensure quality training was provided, there was evidence that many employees did not complete the training but continued to handle access requests as part of their primary or secondary responsibilities. This gap in skills and knowledge increases the risk of inadequate searches and multiple consultations for clarifications regarding the application of exemptions and severances. “ We are in a moment in time when strong leadership can guide the testing and pursuit of modernization and innovation.” – Information Commissioner A critical phase for the access to information system 8   Special Report to Parliament Response DND committed to: • Formalize access to information training across the department, including special quarterly training for ADMs and TLOs • Hold annual networking sessions to educate and share information among TLOs • Explore the introduction of an access to information component into basic military training for newly-enrolled members, senior non-commissioned officers and senior officers • Develop on-line training modules for non-military public servants • Provide access to on-line courses via the Canada School of the Public Service for members of the military Commissioner’s Recommendations • Engage with OPIs to understand their training needs leading to improved awareness, competence and performance • Make training mandatory for individuals who have access request as a primary or secondary duty and monitor attendance ACCESS AT ISSUE information commissioner’s recommendations 7. TLO’s competing priorities affect their access request duty The investigation at DND revealed that some staff assigned with the initial tasking of access requests, especially in large OPIs, generally have other work responsibilities. Response DND committed to: • Work with ADMs to review the staffing and experience of key TLO positions to determine whether they should be assigned full-time responsibility due to the volume of requests Commissioner’s Recommendations • Ensure that access to information management is the “sole duty” of TLOs where there is a high volume of requests (over 200 annually) and/or the issues are complex 8. Lack of TLO experience This investigation revealed that the role and experience of the TLOs varied across OPIs. Understandably, it takes time for newly-assigned TLOs to gain knowledge and experience, but the investigation found that lack of experience may lead to incomplete or inaccurate responses. Response DND committed to: • Create and staff additional positions to effectively manage the workflow • Introduce an ADM sign-off as a “safety net” measure that ensures a final check of the response from their sector of the organization • Address low levels of experience via senior-level engagement and oversight • Review job descriptions and assignments to ensure that there is capacity to manage the volume of information requests Commissioner’s Recommendations • Ensure that TLOs have the necessary level of experience to allow them to fulfill their duties 9   Special Report to Parliament ACCESS AT ISSUE information commissioner’s recommendations 9. OPI’s awareness of their responsibilities under the Act Awareness and knowledge are at the heart of effective management of the access to information obligations of federal institutions. Federal employees must understand their obligations under the Act and the consequences of obstruction. Lack of knowledge or accountability can lead to inadequate responses if possible situations of obstruction are not identified or are ignored. “ Timely decisionmaking and the proper documentation of both the decisions and any resulting actions must go hand-in-hand.” – Information Commissioner Access to information in extraordinary times 10   Special Report to Parliament Response DND committed to: • Confirm that 100 percent of senior leaders have signed Letters of Agreement regarding access to information and that key metrics have been implemented to monitor departmental compliance • Increase communication and training for employees • Develop a SOP regarding reporting an instance of obstruction • Update the Defence Administrative Order and Directive on access to information to highlight the consequences of obstruction • Add mandatory work objectives to personal development/performance agreements for those with primary or secondary responsibilities for access to information programs • Track performance via a departmental dashboard that is reviewed by senior level officials on a regular basis Commissioner’s Recommendations • Ensure that OPIs fully understand their responsibilities under the Act regarding obstruction • Ensure that all employees who have access to information responsibilities as a primary and/or secondary duty have mandatory work objectives to comply with the Act • Include access request commitments in the performance agreements of DND senior officials ACCESS AT ISSUE ANNEXES annex 1.1 The Honourable Harjit Singh Sajjan MP National Defence 101 Colonel By Drive Ottawa, ON K1A 0K2 Our file: 3218-01422 Institution’s file: N/A Dear Minister Sajjan: I am writing pursuant to paragraph 37(1)(a) of the Access to Information Act (the Act)1 to report the results of my office’s systemic investigation into the processing of access to information requests by the Department of National Defence and the Canadian Armed Forces’ (hereinafter referred to as “DND”) during the period between January 1, 2017, and December 21, 2018. Letter from the Information Commissioner to the Minister of the Department of National Defence dated January 16, 2020, that conveys the results of the systemic investigation of the department’s ATI processes. Original available at https:// www.oic-ci.gc.ca/en/resources/ reports-publications/accessissue-nine-recommendationsregarding-processing-access. BACKGROUND In the fall of 2018, I became aware that during Vice Admiral Mark Norman’s trial it was alleged that in responding to an access to information request, a search for responsive records within an Office of Primary Interest (OPI) was never actually conducted. It was also alleged that the name of the Vice Admiral was never used in any records, making it impossible to retrieve records responsive to the request and suggesting that this was a common practice within DND. Based on these allegations, combined with the findings that I made in a recent investigation into the processing of an access request within the Office of the Judge Advocate General (OJAG)2, I made the decision to initiate a systemic investigation into how DND processes and responds to its access to information requests. Consequently, a Notice of Intention to Investigate was sent to DND on December 21, 2018. I wish to note that while some allegations made during Vice Admiral Mark Norman’s trial triggered this systemic investigation; the purpose of this investigation is not to examine this specific case, but to review DND’s global processing of access to information requests. 1  Access to Information Act, R.S.C. 1985, c. A-1. This investigation is governed by the ATIA as it existed prior to June 21, 2019. 2  3217-01983, where I concluded that DND had inappropriately withheld information, thereby seriously contravening the purpose of the Act 12   Special Report to Parliament ACCESS AT ISSUE annex 1.1 Finally, in carrying out this systemic investigation, my office obtained information that, in my opinion, constituted evidence of a possible commission of an offence under paragraph 67.1(1) of the Act. Since it is not within my mandate to investigate offences, I disclosed the information to the Attorney General of Canada, as permitted by subsection 63(2) of the Act. INVESTIGATION My office has examined the processing of access to information requests of six OPIs that are among the most tasked organizations for retrieving records within DND, namely: the Assistant Deputy Minister Materials (ADM(Mat)), the Assistant Deputy Minister Policy (ADM(Po1)), the Canadian Joint Operations Command (CJOC), the Chief Military Personnel (CMP), the Vice Chief of Defence Staff (VCDS) and the Royal Canadian Navy (RCN). This sampling of OPIs gave my office significant insight into the machinery of DND’s processing of access to information requests. During the course of my office’s investigation, interviews were conducted with these six OPIs and the Directorate of Access to Information and Privacy (DAIP) to better understand the process by which DND administers and responds to access to information requests. To support and complete the information collected through these interviews, DND provided internal tasking documents, ATIP manuals, processes and procedure guides, DAIP training decks regarding the Act, statistics and dashboards regarding OPI compliance, OPI engagement summary reports, and the results and implementation schedule of an assessment on the access to information program conducted in 2017 by KPMG3. On September 17, 2019, I communicated the preliminary findings of my investigation to the Deputy Minister of National Defence and invited her to provide representations in response to matters raised by this investigation. In particular, I identified nine specific issues which, in my view, are impacting upon DND’s ability to process access to information requests in a manner consistent with the Act. I asked that DND’s representations address each of those issues. On October 31, 2019, DND responded, indicating its agreement with my preliminary findings, and explaining for each of the nine issues raised the steps that it had taken, or that it intended to take to improve DND’s processing of access to information requests. Let me say that my office and I are very pleased with the very good collaboration of everyone involved with this investigation at DND. Files and documents requested were quickly made accessible; witnesses identified were made available and detailed representations were provided in a timely manner. Based on the evidence gathered and the representations received, I provide you, as the head of DND under the Act, with my findings in relation to each of the nine issues identified during this investigation and with respect to DND’s proposed course of action as well as my recommendations. 1. Lack of procedures for splitting and re-scoping of requests. The investigation has shown that Tasking Officers within DAIP have the authority to split and re-scope access to information requests in certain circumstances. Such circumstances include when the subject of the access request is too broad, when the access request may cover different topics or when the request encompasses too long a period. However, the investigation has also shown that there is a lack of procedures to revert back to the original scope of an access to information request once split and/or re-scoped. This could result in responsive information and documents being excluded from the response to the request. 3  In 2017, KPMG was commissioned to conduct an “Assessment of the Access to Information and Privacy Program” within DND. Their report can be found at https://www.canada.ca/en/department-national-defence/corporate/reportspublications/audit-evaluation/assessment-access-information-privacy-program.html 13   Special Report to Parliament ACCESS AT ISSUE annex 1.1 One of the examples where this issue has occurred is a request for information4 split into two separate requests5 and then re-scoped to limit the OPIs tasked (with the authorization of the requester). As a result, one split request was limited to information contained within the RCN and the other limited to information contained within the VCDS. Still, the records that were retrieved from RCN and VCDS in response to the split requests contained information originating from other OPIs, specifically: •  Public affairs (PA); •  The Director General Military Personnel Research and Analysis (DGMPRA); •  The Joint Personnel Support unit (JPSU); and •  The Chief of Defence Staff (CDS) The results yielded from the search for responsive documents showed that records responsive to the request would also likely have existed within these additional OPIs. However, these OPIs were never tasked to do a search because of the original decision of the Tasking Officers to split and re-scoped the request to only include records within RCN and VCDS. Considering that the original access to information request was not limited to RCN or VCDS and that there was no procedure in place to revert back to the original scope of the request, information and documents responsive to the request have most likely been unduly excluded from the responsive records. I find that the lack of procedures to revert back to the original scope of the request could result in responsive information and documents being excluded from the response to the request. This practice is contrary to DND’s duty to assist the requester and to respond accurately and completely to the request. DND’s response and proposed course of action: DND states that a request may be split into distinct manageable parts in order to more efficiently meet the stated wishes of the requester. DND agrees that such a split or re-scope of a request should not alter the intent or scope of the original request. DND also indicates that it is currently developing a Standard Operating Procedure (SOP) which will include a “check back” step to ensure that the original intent of the request is met at the time records are received from the OPIs. DND commits to have this SOP implemented in March 2020. Recommendation 1: I accept DND’s proposed action with respect to this issue. I further recommend that DND’s SOP clearly establish criteria that would ensure the safeguard of the original intent of the request during the proposed “check back” step. Additionally, I recommend that a copy of the SOP, along with DND’s implementation plans, be provided to my office by April 2020. 2. Lack of reference material for tasking. The investigation has shown that to determine which Tasking Liaison Officer (TLO)6 or OPI is to be tasked with a search for documents after a request is received, DAIP has developed a process that blends research, mentorship, and corporate knowledge with the consultation of an internal OPI Tasking document. This OPI Tasking document outlines the various organizations within DND and provides a short and broad context as to what these organizations are responsible for. However, the investigation has also shown that the TLOs do not have any reference documents that explains the mandates of internal program areas within the various OPIs. This is problematic as it may result in program areas not being identified as potential holders of responsive records. The TLOs rely almost exclusively on the corporate knowledge that is available within their organization to help them identify which program areas may have responsive information. 4  A-2016-02418 5  A-2016-02418 & A-2017-00517 6  Tasking Liaison officers (TLO) act as coordinators for their respective OPIs.They are responsible to manage, track, task and respond to requests within their organizations. 14   Special Report to Parliament ACCESS AT ISSUE annex 1.1 I find that considering the complexity, the scale of operations, and the temporary postings of Canadian Armed Forces (CAF) members within DND, it is neither a sound nor an effective practice to rely on corporate knowledge to determine the relevant program areas that could be responsive to a particular access to information request. There is very little reference material available to TLOs within the OPIs to help identify and determine the relevant program area(s) for records responsive to the request. This may lead to program areas not being identified as a source of information responsive to a request. DND’s response and proposed course of action: DND states that in an evolving global environment, and the scale (size and reach) of DND/CAF, they often must rely on corporate knowledge and informal networks of experienced employees to determine how to navigate broad program areas. DND adds that each ADM level organization has an internal website with details of programs and mandates within the organization. TLOs receive ATIP training from DAIP which also provides detailed instruction on obligations for record search and retrieval. DND acknowledges that while many of the ADM level organizations actively maintain their internal web pages and other referenced documents outlining their structure and mandate, the quality and currency of the information vary across the DND. As such, DND agrees that each of the ADM level organizations be required to develop and maintain a reference document listing and explaining their programs and mandate as well as key areas of interest. To that end, the DAIP director commits to provide guidance on the format and content of the reference document and to encourage each organization to refresh their information on an asrequired basis, compliance of which is to be monitored through an annual submission to DAIP. Recommendation 2: To better support the TLOs in determining the correct program areas to task, I recommend that all organizations within DND be required to develop a reference document listing and explaining their programs and mandate as well as key areas of interest. I recommend that the maintenance of the reference 15   Special Report to Parliament document be added to the TLOs’ responsibilities. I also recommend that DAIP and the DAIP director ensure that the format of the reference document is consistent through all organizations and contains sufficient detail for the TLOs to know what documents they have in their care. 3. Lack of information to determine whether a search for records was reasonable. As mentioned above, the investigation has shown that TLOs are responsible for determining the relevant program areas to task and collecting the records responsive to the request. TLOs also gather information regarding the search conducted by completing a checklist and a return form on behalf of the OPI. Once an OPI is identified by a Tasking Officer as a possible organization that may have records responsive to the access to information request, a tasking is sent out by DAIP via email to the relevant TLO. The full text of the request is sent with three attachments; (1) a certification of Security Classification/Designation; (2) an OPI guidance checklist and return form; and (3) a TLO checklist. However, very little information is requested from OPIs with regard to the particulars of how a search is conducted within the OPI. More particularly, the OPI guidance checklist and return form first reviewed by my office did not indicate: •  what was searched (i.e., what databases, folders, etc.); •  why these information holdings were searched; •  what were the parameters of the search (i.e., key words used, date ranges, etc.); •  who conducted the search (individual and specific program area); •  why the person who conducted the search is experienced in the subject matter; •  when was the search conducted; and •  whether any other division or subdivision may contain information and why. ACCESS AT ISSUE annex 1.1 During the course of this investigation, it became evident that DND was aware of this issue as it had already began to overhaul its OPI checklist and return form to request more information from the OPIs. However, as noted in my September 2019 preliminary findings letter, I was then, and I am still, of the view that more information should be sought from the OPIs to ensure compliance with the Act. The new checklist and return form does not provide enough information to determine whether an OPI conducted a reasonable search. One example of this would be a search to respond to a request about a particular person. Not knowing the parameters of the search makes it impossible to determine if the search was done with the full name of an employee, his or her position, any nickname that person may be known to use at work or any other relevant information. I find that the lack of information on how a search for responsive records was conducted makes it extremely difficult to determine whether a reasonable search was done. In addition, not collecting sufficient information about the actual search does not ensure accountability and ultimately does not allow DAIP to properly question the search was thorough and complete (challenge function). DND’s response and proposed course of action: DND indicates that when an OPI respond with a “nil” report, indicating that no records have been found to respond to the access to information request, that particular nil report is now published weekly by DAIP and promulgated to all ADM level officials. Furthermore, DND states that they have taken steps to ensure that all employees and CAF members understand their duty to assist a requester under the Act. Employees and CAF members have to know that a request must be interpreted broadly to ensure that records are not excluded simply because the requester did not use vernacular, terms or phrases in common use within the department. DND confirms that additional guidance has been provided to TLOs to ensure that staff are aware that all records of business value regardless of where they are located must be provided in response to an access request. 16   Special Report to Parliament Recommendation 3: In addition to DND’s proposed course of action, I recommend that OPIs be also required to provide in the return form the following: •  the reasons why the particular program area within the OPI was identified; •  why a particular information holding was chosen for the search; •  the parameters of the search and how the search was physically conducted (i.e., key words, terms and timeframes used, manual searches, etc.); and •  the position and contact details of the person conducting the search should also be included. This additional information will not only ensure that a reasonable search has been conducted, but it will also allow the TLO and DAIP to better perform their challenge function, especially if they have reasons to believe that more records exist or that a nil response is questionable. 4. Lengthy delays in the consultation process. The investigation has shown that the internal consultation process can be lengthy. This appears to be in part due to the fact that the majority of stakeholders who are consulted were, until recently, geographically located in various locations making it more difficult to have face-to-face discussion. This investigation also revealed that OPIs are often given several opportunities to provide rationale or justifications as to why information should not be disclosed, especially in circumstances where DAIP and the OPIs do not agree with each other on the recommended severances. I find that, while internal consultations are necessary, allowing several multiple “back-and-forth” between OPIs and DAIP adversely affects the processing of access to information requests as it contributes to increasing delays in responding to them. ACCESS AT ISSUE annex 1.1 DND’s response and proposed course of action: DND agrees that internal consultation can be lengthy. One of the challenges expressed by DND has been that the majority of stakeholders were geographically situated across various locations. However, with the concentration of command and personnel at National Defence Headquarters (NDHQ) Carling Campus, there are more opportunities to solve issues in a timely fashion and at senior level where necessary. As a result, DND indicates that it intends to strongly encourage DAIP and the OPIs to increase the use of faceface and teleconference discussions in place of email and letter traffic to improve the timelines of consultations. In addition, DAIP states that it will pilot a process to increase communication with the requester on both the timing and the appropriateness of legitimate extensions and discuss the possibility to issue partial releases of information, when appropriate. Recommendation 4: In addition to DND’s proposed course of action, I recommend that consultations and discussions be limited and efficient and that OPIs be given a reasonable, but specific, timeframe by which responses are expected. This will limit the “back-and forth” that is currently happening and will ensure better compliance with the Act. 5. A paper-based transmission of records slows the ATIP process down. The investigation has shown that the transmission of records throughout the ATIP process within DND is mainly paper-based. The OPIs use internal mail to send records back to DAIP, where DAIP must then scan and upload these records into their management system. I find that this process is onerous and adds considerable time to the ATIP process, especially considering the size of DND and the fact that its OPIs are located in a number of locations, including abroad. 17   Special Report to Parliament DND’s response and proposed course of action: Recognizing the obligations for the secure transfer of information particularly across a large and geographically diverse institution, the DAIP director and the ADM information management have been exploring options for the secure electronic transfer of records within the DND. DND explains that the VCDS and the RCN are already working to establish central SharePoint sites and equivalent repositories within the classified systems for their organizations. In addition, since the majority of the command structure has moved to NDHQ Carling Campus, it has alleviated some of the internal mail delays as many of the OPIs are now able to walk over to DAIP and provide them with a paper copy of the documents. Recommendation 5: I recommend that DND continue to explore the above-proposed options. I also recommend that DND’s policies and practices be reviewed to better support the processing of access requests, reduce the response time and ensure the secure transfer of records. 6. Lack of mandatory training of those involved with access to information requests. According to the Treasury Board Secretary 2016 Interim Directive, it is the government institution’s responsibility to ensure that individuals are properly informed of their responsibilities under the Act and receive adequate training. The investigation has shown that DAIP was strongly committed to the development and provision of access to information training for employees. DAIP was also engaging with OPIs in an effort to determine the appropriate ATIP training that was necessary for each OPI’s areas. However, attendance to these training sessions is not mandatory. For example, in reviewing the L1 (OPI) engagement summary for 2018-19 provided by DAIP, it was determined that many of the OPIs did not attend the ATIP training offered by DAIP. ACCESS AT ISSUE annex 1.1 I find that the lack of mandatory training for all individuals who have ATI as a primary and/or secondary duty can severely affect the processing of access to information requests. This is because employees and CAF members without the necessary training may not have the skill and knowledge needed to respond adequately to their tasking. This can result in inadequate searches and sometimes unnecessary and multiple consultations for clarifications regarding the application of exemptions and severances. DND’s response and proposed course of action: DND confirms that it is mandatory for all staff actively involved with tasking and processing of access requests and those providing recommendations for severances under the Act, to be trained in‑person. DAIP has created and formalised ATIP specific training that is promulgated quarterly to all ADMs and TLOs. Additionally, a networking, education and information session is held annually for all TLOs from across the department, which provides an opportunity for TLOs to share new information and best practices with each other. DND also explains that it is the largest federal department and has military members and public servants located in all Canadian provinces and territories, as well as on ships at sea, deployed, employed or posted in countries on four continents. As such, it would be extremely challenging to offer mandatory in-person training to all organizations or to all staff. Nonetheless, DAIP is continuing to explore various ways to introduce ATIP training into basic military training for newly enrolled military members, including modules in career training and promotional courses for senior noncommissioned officers and senior officers. Additionally, a similar familiarization in the form of on-line training modules will be explored for members of the public service jointing DND. Recommendation 6: In order to better support individuals who have ATI as a primary and/or secondary duty, I recommend that DND continue to implement the above course of action and monitor attendance of its mandatory training sessions. In addition, I recommend that DAIP continue to engage with the OPIs in order to better understand and address their specific training needs. 18   Special Report to Parliament 7. TLOs’ competing priorities affect their ATI duty. The investigation has shown that some TLOs within organizations that have a high volume of access to information requests or complex requests have ATI as a secondary duty creating competing priorities. For example, ADM(Pol) responded to 325 requests with a TLO who has ATI as a secondary duty. Accordingly, ADM(Pol) has only been able to complete 38% of the required consultations and 44 % of its taskings during the 2018-19 Financial Year. I find that competing priorities inevitably delay the access to information process. This is especially so for organisations with a high volume of access to information requests or with more complex requests. DND’s response and proposed course of action: DND indicates that in some smaller organizations, the volume of work related to access to information requests does not necessarily warrant the dedication of a full time employee. In these cases it is appropriate for the work to be assigned as a secondary duty. However, for those organisations where the volume of requests is higher or the requests and records are more complex, DND agrees that one or more dedicated staff focussing on the nuance and timing of the responses and appropriateness of proposed redactions is preferable. As such, DND commits to examine the staffing of the TLOs for those organizations where the volume of requests is higher or the requests for records more complex to determine the appropriateness of the functions of the position, their job descriptions and experience. It will then provide recommendations to each ADM responsible for the position. Recommendation 7: To avoid competing priorities for TLOs, I recommend that DND ensure that in organizations where there are a large volume of requests (over 200 requests) and where the request for records may be more complex, the TLOs have ATI as their sole duty. ACCESS AT ISSUE annex 1.1 8. The lack of TLO experience may affect responses to access requests The investigation has shown in some instances, the TLOs within OPIs that deal with a high volume of access to information requests or complex requests are occupying entry-level positions. They generally do not have the necessary experience to adequately understand and respond to the various access to information requests. I find that that the lack of experience of TLOs to support a large volume of complex requests may lead to incomplete or inaccurate response to access to information requests. DND’s response and proposed course of action: DND recognises that the position of TLO has, at times and in some organisations, not been staffed with employees at a level commensurate with the role. Further to the interviews conducted by my office with the TLOs, DND confirms that it is in the process of creating and staffing additional positions to more effectively manage its workflow and meet its obligations under the Act. It indicates that it will examine the staffing of the TLOs for those organizations where the volume of requests is higher or the requests for records more complex to determine the appropriateness of the functions of the position, their job descriptions and experience and provide recommendations to each ADM for the position. In addition, DND indicates that senior level oversight has been implemented as a safety net for lack of TLO experience. According to DND, all return forms from each organization must be reviewed and approved by the responsible ADM or authorized delegate. Recommendation 8: I recommend that DND ensure that in organizations where there is a large volume of access to information requests or where the requests are more complex, the TLOs have the necessary level of experience to allow them to fulfil their ATI duties and functions in a manner that ensures that access to information requests are accurately and completely responded to. 19   Special Report to Parliament 9. a)  Not all OPIs are aware of their responsibilities under the Act The investigation has shown that not all OPIs are aware of their responsibilities under the Act regarding obstruction to the right of access. Some OPIs were unaware of how to proceed when faced with a situation in which they believe that obstruction may have occurred. While I have noted in my September letter that, since the beginning of this investigation, procedures have been developed to address this situation, it is still unclear as to how these procedures have been communicated to the OPIs or where the OPIs can access them. I find that the fact that OPIs are not all aware of their responsibilities under the Act can lead to situations where possible situations of obstruction are not identified or are ignored. DND’s response and proposed course of action: DND states that it has started to implement a number of measures to communicate considerations regarding obstruction, including updating the Defence Administrative Orders and Directives (DAOD) 1001‑1 – which explains the consequences of obstruction and directs individuals to report allegations of obstruction to DAIP. In addition, DND confirms that DAIP has updated the content of their ATIP mandatory training sessions to include the consequences of obstruction of an individual’s right of access and, within DAIP, a SOP was created and formally implemented describing the procedures to respond to allegations of obstruction. Recommendation 9 a): To ensure that potential situations of obstruction are prevented or identified and handled appropriately, I recommend that DND continue to implement the above course of action and ensure that all OPIs fully understand their responsibilities under the Act regarding obstruction. ACCESS AT ISSUE annex 1.1 9. b) Lack of accountability mechanisms. The investigation has also shown that a mandatory work objective to comply with the Act is not included in every individual’s personal development review or performance agreement who has ATI as a primary and/or secondary duty. The investigation has also shown that the annual personal development reviews and/or the performance agreements of DND’s senior leaders do not include a mandatory work objective to comply with the Act. I find that a lack of accountability, especially at the senior levels of an institution, can lead to access to information requests being disregarded or responded to in an incomplete or inaccurate manner. DND’s response and proposed course of action: DND confirms that it had since required that all senior leaders sign a letter of agreement to commit to the following; •  Provide all relevant records within the negotiated deadlines set by DAIP. This includes rationale for any nil returns as well as identifying sensitivities; •  Support the resolution of any issues or challenges that arise in the processing of access requests; •  Contribute to meaningful improvement regarding the percentage of on time responses, assessments, retrievals, and files returned due to quality issues; •  Ensure deadlines for access requests are monitored, with appropriate follow-up and escalation; •  Provide leadership in the review of processes and procedures to identify areas for improvement; and •  Ensure the search process is comprehensive and considers both the letter and the intent of the request. In addition, DND confirms that it developed a series of metrics to closely monitor compliance through dashboards and reports which are reviewed and discussed with ADMs on a regular basis. 20   Special Report to Parliament Recommendation 9 b): To increase accountability and achieve better results in responding to access to information requests, I recommend that DND ensure that all employees who have ATI as a primary and/or secondary duty, have a mandatory work objective to comply with the Act included in their annual personal development reviews and/or their performance agreements. In addition, I recommend that the commitments listed above be added as mandatory work objectives to personal development reviews and/or performance agreements of every senior leader within DND, civilian and military. CONCLUSION In accordance with paragraph 37(1)(b) of the Act, I would ask that you inform me by February 13, 2020, whether you intend to implement my recommendations. If not, please provide me with the reasons why you will not be taking the recommended actions. Should you agree with these recommendations, my office will monitor the progress of their implementation throughout future investigation of access complaints against DND. Should you wish to discuss any aspect of this matter please do not hesitate to communicate with me at 819-994-0001. Yours sincerely, Caroline Maynard Information Commissioner c.c.: Deputy Minister National Defence and the Canadian Armed Forces Corporate Secretary National Defence and the Canadian Armed Forces ACCESS AT ISSUE annex 1.2 Ms. Caroline Maynard Information Commissioner of Canada Office of the Information Commissioner of Canada 30 Victoria Street Gatineau QC KIA 1H3 Dear Commissioner Maynard: I am writing in response to your letter dated January 16, 2020, pursuant to paragraph 37(1) (a) of the Access to Information Act (the Act) which report on the results of your office’s systemic investigation into the processing of access to information requests by the Department of National Defence (“DND” or the “Department”) during the period of January 1, 2017, to December 21, 2018. The Act gives Canadian citizens, permanent residents, and any person or corporation present in Canada a right to access records of government institutions. Access to information is a critical right, and the Department is committed to open government initiatives and is continually improving its access to information program. Please find below our responses to your recommendations. Letter from the Minister of the Department of National Defence to Information Commissioner dated February 28, 2020, that responds to the Commissioner’s findings and provides a further update regarding DND actions. Original available at https:// www.oic-ci.gc.ca/en/resources/ reports-publications/accessissue-nine-recommendationsregarding-processing-access. 21   Special Report to Parliament I trust that the responses below as well as those contained in the enclosed letter from Deputy Minister Jody Thomas of October 31, 2019, address your final recommendations. I also appreciate your recognition of the Department’s very good collaboration during the systemic investigation. 1. Procedures for splitting and re-scoping of requests DND agrees that a request may be split into distinct manageable parts to more efficiently meet the stated wishes of the requester, and that such action should not alter the intent or scope of the original request. The Directorate of Access to Information and Privacy (DAIP) is developing a standard operating procedure (SOP) which will clearly establish criteria to ensure that the original intent of the request is met at the time records are received from offices of primary interest (OPls). This safeguard will provide greater assurance that all responsive records are captured. A copy of the SOP, along with DND’s implementation plans, will be provided to your office by April 2020. ACCESS AT ISSUE annex 1.2 2. Reference material for tasking In order to better determine the correct program areas to task, DND agrees that all Assistant Deputy Minister (ADM)-level organizations should maintain a reference document listing and explaining their programs, mandate and key areas of interest. DAIP will provide guidance on the format and content of this reference document to ensure it is consistent through all ADM-level organizations and that it contains sufficient detail to identify the documents under their control. DND agrees on the importance of maintaining the reference document current and will explore options on where the responsibility for maintaining the reference document is best suited. DAIP will monitor compliance with this requirement on an annual basis. 3. Documentation to support the search for records DND has enhanced its process for the search of records. To better perform its challenge function, DAIP is amending its OPI return form to include 1) which areas within the ADM-level organization were tasked; 2) who conducted a search for responsive records; 3) where the search for records was conducted; and 4) the reason for the absence of records. Improvements were already made in this area by requesting supporting information on how a search was conducted. Moving forward, DAIP will continue to improve its processes, including incorporating your recommendations, such as •  the reasons why the particular program area within the OPI was identified; •  why a particular information holding was chosen for the search; •  the parameters of the search, and how the search was physically conducted; and •  the position and contact details of the person conducting the search. In addition, DND has taken steps to increase overall awareness. Uniformed and civilian employees involved in the access to information process have received training on the duty to assist applicants under the Act. Further guidance has been provided to ensure that all records of business value are provided in response to an access request and training packages have been updated to 22   Special Report to Parliament reinforce these obligations, and highlight the consequences for noncompliance. Furthermore, DAIP will continue to publish weekly “nil” reports for ADM-level officials to ensure senior level oversight. 4. Improving delays in the internal consultation process To improve the timeliness of internal consultations and responses to requesters, face-to-face discussions and/or the use of teleconferencing will be prioritized over email and letters wherever practicable. When delays are inevitable due to necessary consultations or other factors, DAIP will continue to increase its communication with requesters on the timing and the appropriateness of legitimate extensions by issuing partial releases of information ahead of the final release package, when appropriate. Furthermore, to ensure internal consultations and discussions are limited and efficient, DAIP will implement a guidance document to provide OPIs with a reasonable, but specific timeframe. This should serve to limit delays from back and forth discussions. 5. Transmission of records DND recognizes the need for secure technological solutions to enhance its processes and reduce reliance on paper files, particularly across a large and geographically diverse department. A pilot project for the electronic transfer of classified records using a secure site has proven to be successful. As such, DND is exploring the feasibility and availability of a range of solutions to facilitate secure digital transfer of unclassified and Protected B records as well as other solutions for classified information to minimize the transfer of paper records and associated mail time. The relocation of groups to the National Defence Headquarters Carling Campus has alleviated some of the internal mail delays as hard-copy records can now be provided in hand. DND is currently in the process of establishing a more efficient internal mail process. As DND continues to explore options and implement new processes to minimize the need for transfer of paper records, policies and procedures will be updated accordingly. ACCESS AT ISSUE annex 1.2 6. Training of those involved with access to information requests Concerted focus on training individuals involved in the access to information request process has demonstrated improvements in overall awareness and in departmental performance. DAIP will continue to provide mandatory classroom training to tasking liaison officers (TLOs). Additionally, those individuals who are actively involved in providing recommendations for severances under the Act are strongly encouraged to attend classroom training. DAIP has created and formalized access to information and privacy (ATIP)-specific training that is promulgated across the Department. Networking, training and information sessions are held annually, which provide an opportunity to share new information and best practices. Continued efforts will be made to explore various ways to introduce ATIP training into military training for newly enrolled members, including modules in career training and promotional courses for senior non-commissioned officers and senior officers. DND is pleased to report that military members can now access the online ATIP course provided by the Canada School of Public Service. DAIP is strongly committed to the development and provision of access to information training for employees and will continue to engage to address specific needs. 7. & 8. Defining TLO role and responsibilities DND recognizes that the role of the TLO may vary across ADMlevel organizations based on the volume and complexity of access to information requests. DND acknowledges that in some cases it may be more appropriate to have dedicated resources to alleviate competing priorities and reduce delays in the request process. DND’s Corporate Secretary will work with ADM-level organizations to examine the functions of the position and the experience level of the TLO, particularly in organizations where there is a high volume of requests and where records may be more complex, to ensure that duties under the Act can be fulfilled in a timely fashion. 9. OPI responsibilities and compliance under the Act a) Ensuring OPls are aware of their responsibilities under the Act DND has implemented a number of measures to communicate on the consequences of obstructing access to information. In 2019, the Defence Administrative Order and Directive on the Access to Information Act Requests was updated to outline the consequences of obstruction and to direct individuals to report any allegations of obstruction. Additionally, the content of the ATIP training sessions has been updated to include the consequences of obstruction and a SOP has been created to outline the procedures to be implemented to respond to allegations of obstruction. 9. b) Increasing accountability mechanisms Key metrics have been implemented to monitor departmental com­ pliance, including the ability to meet legislated timelines for release of records. A dashboard demonstrating departmental performance is reviewed and discussed at senior levels on a regular basis. In an effort to increase accountability and achieve better results in responding to access to information requests, senior leaders within DND have signed a letter of agreement to indicate their commitment to uphold their obligations under the Act. Furthermore, DND will ensure that employees who have access to information as a primary or secondary duty have work objectives to comply with the Act included in their performance agreement. In conclusion, DND is committed to continuous improvements to meet its obligations under the Act, and please rest assured that you can count on our continued cooperation to improve DND’s ATIP program. Yours sincerely, The Hon. Harjit S. Sajjan, PC, OMM, MSM, CD, MP […] 23   Special Report to Parliament ACCESS AT ISSUE