As you may recall, I asked the Office of the Information and Privacy Commissioner (OIPC) for clarification on the use of outside legal counsel to handle municipal access to information requests (I was inspired to ask for this clarification by the discovery that my 2015 FOIPOP to the CBRM regarding port matters was directed to Jim Gogan of Breton Law Group, who is also handling the CBRM’s response to the Privacy Commissioner’s ruling on my appeal).
Carmen Stuart, executive director and chief privacy officer with the OIPC, told me that given the review has been issued and the file closed (with the conclusion that, by not simply releasing the information as recommended, the CBRM has rejected the commissioner’s recommendations) she could only speak generally and not in relation to my review, specifically.
On the subject of outside counsel, Stuart said:
Based on the files that have come to our office for review, some public bodies do choose to have legal counsel process their access to information requests and reviews on their behalf. We have not examined whether this requires a delegation, we have accepted that the lawyer is the municipality’s representative and proceed on that basis. The obligations to comply with Part XX of the Municipal Government Act (MGA) rest with the municipality regardless.
(The reference to the “delegation” was in response to a point I’d raised regarding the MGA, which says the CAO has responsibility for handling FOIPOPs but may delegate some or all of that responsibility to “another municipal officer,” a delegation that must be carried out in writing.)
So having legal counsel process an access to information request is permitted. The question then becomes, which legal counsel? Should the responsibility go to a lawyer who was implicated in the subject of the FOIPOP request?
I have my own answer to that question — hell, no — but that carries absolutely no weight, in or out of court, so I guess we’ll just have to leave the matter unsettled.
NDAs
But I asked a second question of Stuart.
If you’ve been following this case, you’ll know that in justifying the decision to take another 60 days and go over the 682 pages of withheld documents again, regional solicitor Demetri Kachafanas told council that some of this information was subject to non-disclosure agreements (NDAs) and releasing it could get the CBRM sued.
District 7 Councilor Steve Parsons expressed skepticism that the Privacy Commissioner would ask a public body to release information subject to an NDA. Kachafanas replied that the commissioner believed companies doing business with a municipality should be subject to disclosure but that he believed the companies they’d signed NDAs with would take a different view of the matter.
I asked Stuart if the Privacy Commissioner would ask a public body to release information that was subject to an NDA and she said:
If the confidential business information exemption has been applied (s. 481 in the MGA), there is a three-part test. The second part of the test [s. 481(b)] considers confidentiality. A party is entitled to put forward a position that a non-disclosure agreement establishes the confidentiality criteria of the three-part test.
But according to Privacy Commissioner Tricia Ralph’s ruling, the CBRM — or rather, Gogan, acting on behalf the CBRM — didn’t put forward such a position. On the question of whether the withheld information could be considered “confidential,” Ralph said the CBRM provided:
…no evidence as to whether or not, at any stage in the process, the third parties suppled any information with the expectation that it would be kept confidential…it simply stated that all communications were confidential, securing a project of this size requires confidence in the various entities seeking to invest in this area and that in order to maintain confidence with various private sector players involved in this project, it needed to ensure that communications regarding the advancement of the container terminal remained confidential.
Why would you not mention NDAs if you were trying to justify an exemption on the basis of “confidentiality?” (Unless, of course, you knew the Privacy Commissioner can’t compel the release of documents and you didn’t feel the need to justify anything.)
For what it’s worth, I agree with the Privacy Commissioner: people doing business with public bodies should do so transparently. (Do you really think this would stop companies from doing business with government in Nova Scotia? Who else would they do business with?)
And now, I’m going to hold my peace and wait for my delivery of documents from the CBRM. Wouldn’t it be fitting if they arrived on Christmas Eve?
