Information and Privacy Commissioner, Ontario, Canada

Commissaire à l’information et à la protection de la vie privée, Ontario, Canada

ORDER MO-3175

Appeal MA13-624

Corporation of the Town of Arnprior

March 30, 2015

Summary: The appellant submitted a two-part request seeking access to (1) records relating to the town’s electronic records storage initiative and (2) service contracts with existing suppliers for services including internet services, maintenance of existing hardware, and firewall services. The town identified three records responsive to the second part of the request, denying access to portions of them under sections 7(1) (advice and recommendations), 8(1)(e) (endanger to life or safety), 8(1)(i) (security), 10(1) (third party commercial information), 11(a) (valuable government information), 11(f) (economic and other interests), and 13 (danger to safety or health) of the Act. In this order, the adjudicator finds that the mandatory exemption at section 10(1) does not apply; the discretionary exemptions at section 7(1), 8(1)(e), 8(1)(i), 11(a), 11(f), and 13 do not apply; and, that the town’s search for records responsive to part 1 of the request is reasonable. She orders the town to disclose the records to the appellant and dismisses the aspect of the appeal dealing with the reasonableness of the town’s search.

Statutes Considered: Municipal Freedom of Information and Protection of Privacy Act , R.S.O. 1990, c. M.56 , as amended, sections 7(1), 8(1)(e), (i), 10(1)(a), (c), 11(a), (f), 13 and 17.

Orders and Investigation Reports Considered: Order PO-1706.

Cases Considered: Aecon Construction Group Inc. v. Information and Privacy Commissioner of Ontario, 2015 ONSC 1392 (CanLII); Miller Transit Limited v. Information and Privacy Commissioner of Ontario et al., 2013 ONSC 7139 (CanLII); Boeing Co. v. Ontario (Ministry of Economic Development and Trade), [2005] O.J. No. 2851 (Div. Ct.)], leave to appeal dismissed, Doc. M32858 (C.A.).

OVERVIEW:

[1] The Town of Arnprior (the town) received a request under the Municipal Freedom of Information and Protection of Privacy Act  (the Act  ) for the following information:

Regarding Report 13-07-08-02, Infrastructure Technology Audit Findings & Recommendations, please provide copies of the following:

1) the Targeted Research conducted for the roll-out of the Electronic Records Storage Initiative; and,

2) service contracts with existing suppliers for internet services, PST, maintenance of existing hardware and firewall services.

[2] The town identified three responsive records and issued a decision letter advising the following:

1. 1) The Targeted Research was done in person by a technician from the supplier of the software for the town’s Electronic Records Storage. The Supplier assessed each workstation which was to be used to run the town’s Electronic Records System. Any workstation which did not meet the minimum operating system or hardware requirements for the town’s Electronic Records System was verbally conveyed by the supplier to town staff at that time. Therefore, access cannot be provided to the records as the records do not exist.
2. 2) The existing service contracts have expired and Council has directed staff to provide in-house services for existing IT maintenance. In reference to the expired service contracts please see below. Please note: where only partial access has been granted, we will sever (not release) the exempted portions.

[3] Partial access was granted to Record 1, the Help Desk Support, Professional Services Agreement and Record 2, the Network System Administration Program. Record 3, the Managed Firewall Service Program was denied, in its entirety. The information that was withheld in all three records was denied pursuant to the exemptions at sections 7(1) (advice and recommendations), 8(1) (law enforcement), 10(1) (third party information), 11(a)(valuable government information), 11(f) (economic and other interests) and 13 (danger to safety of health) of the Act .

[4] The requester, now the appellant, appealed the town’s decision to deny access to the undisclosed portions of the records.

[5] During mediation, the appellant advised that that records responsive to the first part of his request should exist, including technician’s notes. The town confirmed its position that no records responsive to that portion of the appellant’s request exist and declined to conduct an additional search. As a result, the reasonableness of the town’s search for responsive records is at issue in this appeal.

[6] The appellant confirmed during the mediation stage that he wishes to pursue access to the three responsive records, in their entirety.

[7] Also during mediation, the company who was the service provider and party to the contracts that make up the responsive records (the affected party) was notified of the request. The affected party objects to the disclosure of any of its information stating that the mandatory exemption relating to third party commercial information at section 10(1) applies.

[8] As a mediated resolution could not be reached, the file was transferred to the adjudication stage of the appeal process where an adjudicator conducts an inquiry. I began my inquiry into this appeal by sending a copy of a Notice of Inquiry, setting out the facts and issues on appeal, to the town, as well as to the affected party. Both the town and the affected party provided representations.

[9] The town’s representations, as well as a summary of those prepared by the affected party, were shared with the appellant in accordance with this office’s Practice Direction 7. The appellant provided representations in response. As the appellant’s representations raised issues which I believed that the town and the affected party should be given an opportunity to reply to, I provided them with an opportunity to do so. The town provided representations in reply, while the affected party did not.

[10] In this order, I make the following findings:

• • The mandatory exemption at section 10(1) does not apply;
• • the discretionary exemption at section 7(1) does not apply;
• • the discretionary exemptions at sections 8(1)(e) and (i) do not apply;
• • the discretionary exemptions at sections 11(a) and (f) do not apply; and,
• • the discretionary exemption at section 13 does not apply; and
• • the town’s search for responsive records was reasonable.

[11] Accordingly, I order the town to disclose the records to the appellant and dismiss the aspect of the appeal dealing with the reasonableness of the town’s search for responsive records.

RECORDS:

[12] The records and respective issues that remain at issue in this appeal can be summarized as follows:

[13] Record 1: Help Desk Support, Professional Services Agreement from June 1, 2004 to May 31, 2005 (8 pages). Partial access has been granted and Schedule A has been withheld pursuant to sections 7(1), 8(1), 10(1), 11(a), (f), and 13. The affected party submits that section 10(1) applies to Record 1 in its entirety.

[14] Record 2: Network System Administration Program dated October 17, 2006 (11 pages). Partial access has been granted and pages 2, 3, 5, 10, and item 5 under assumptions on page 8 have been withheld pursuant to sections 7(1), 8(1), 10(1), 11(a), (f), and 13. The affected party submits that section 10(1) applies to Record 2 in its entirety.

[15] Record 3: Managed Firewall Service Program dated November 15, 2004 (9 pages). Record 3 has been withheld in its entirety pursuant to sections 7(1), 8(1), 10(1), 11(a), (f), and 13. The affected party submits that section 10(1) applies to Record 3 in its entirety.

ISSUES:

1. A. Does the mandatory exemption at section 10(1) apply to the records?
2. B. Does the discretionary exemption at section 7(1) apply to the records?
3. C. Do the discretionary exemptions at sections 8(1)(e) and/or (i) apply to the records?
4. D. Do the discretionary exemptions at sections 11(a) and/or (f) apply to the records?
5. E. Does the discretionary exemption at section 13 apply to the records?
6. F. Did the institution conduct a reasonable search for records responsive to part 1 of the request?

DISCUSSION:

A. Does the mandatory exemption at section 10(1) apply to the records?

[16] The affected party claims that all of the information that is at issue is exempt under the mandatory exemption at section 10(1)  of the Act . The town agrees that some of this information is exempt pursuant to section 10(1). Accordingly, it must be determined whether section 10(1) applies to records 1, 2, and 3 in their entirety.

[17] The relevant portions of section 10(1) state:

A head shall refuse to disclose a record that reveals a trade secret or scientific, technical, commercial, financial or labour relations information, supplied in confidence implicitly or explicitly, if the disclosure could reasonably be expected to,

(a) prejudice significantly the competitive position or interfere significantly with the contractual or other negotiations of a person, group of persons, or organization;

(c) result in undue loss or gain to any person, group, committee or financial institution or agency.

[18] Section 10(1) is designed to protect the confidential informational assets of businesses or other organizations that provide information to government institutions.¹ Although one of the central purposes of the Act  is to shed light on the operations of government, section 10(1) serves to limit disclosure of confidential information of third parties that could be exploited by a competitor in the marketplace.²

[19] For section 10(1) to apply, the institution and/or the third party must satisfy each part of the following three-part test:

1. 1. the record must reveal information that is a trade secret or scientific, technical, commercial, financial or labour relations information; and
2. 2. the information must have been supplied to the institution in confidence, either implicitly or explicitly; and
3. 3. the prospect of disclosure of the record must give rise to a reasonable expectation that one of the harms specified in paragraph (a), (b), (c) and/or (d) of section 10(1) will occur.

Representations

[20] As described above, the affected party objects to the disclosure of records 1, 2, and 3, in their entirety. Its representations are brief. It submits that it has stated on each page the documents are confidential. It also points to a confidentiality statement that appears under the heading assumptions in one of the records (record 2) that stipulates that the information contained within it is proprietary to the affected party and may not be used, reproduced, or disclosed to other except as specifically permitted in writing by the affected party. It further submits that the information contains a "contractual framework that identifies equipment names, sites, financial information and effort related to [the affected party] which should not be disclosed from a security perspective. It also submits that disclosure of its financial information or managed services framework is necessary to maintain its competitive space within its market, explaining that "contracts are the defining piece of most competitive managed services contracts. It concludes its representations by stating simply: Therefore, [the affected party] is in compliance with the 3-part test.

[21] The town’s representations on the possible application of section 10(1) to the records are even less detailed than those of the affected party. It states that the record contains a confidentiality statement and submits that it was received and treated on the basis of confidentiality. It concludes its submissions on the possible application of this exemption by stating that all the various tests as to the type of information, supply in confidence and harms are fully met. The town does not provide specific representations on how the information in the records that it has withheld from disclosure meets each part of the section 10(1) test.

[22] The appellant submits that he is not a competitor in the marketplace to the company or companies supplying the information. He submits that:

[T]he requested documents are several years old and the technology used to provide these services has changed considerably in the last 8 to 10 years when the requested documents were first drafted. The financial information was relevant 8 to 10 years ago but today has been superseded by many changed in the market place, including better technology and lower prices and newer, different services. Types of equipment have also undergone significant changes and so has Help Desk process methodologies, network design and firewall services. Furthermore these are old service contracts. The contracts are not an up-to-date Information Technology Services Security and Information Protection Management Plan which would be separate and apart from the IT Services Management Framework records which I am requesting. Indeed it is not even evident that the town has a Security Policy (physical or electronic) that guides their protection of information decision-making and that can be viewed by ratepayers.

[23] The appellant also submits:

The affected party, a supplier like others known as resellers in the local IT marketplace has no particular proprietary and exclusive competitive or intellectual property in conducting a gap analysis or diagnostic to develop a marketing proposal for the buyer (the town) to sell product/services that are widely, easily and freely available to any other market player. Furthermore, product pricing sheets from large manufacturers and the standard network designs are fluid and changes occur rapidly in this market (like tract housing designs) so any perceived competitive advantage the affected party has is ephemeral and fleeting. Often these proposals are not much more than hyping of the resellers line of products/hardware. Thus no reasonable expectation of demonstrable harm can be expected with the release of this information.

[24] Finally, the appellant submits that the dated information was offered by the supplier and accepted by the town in a mutual exchange, is of a generic nature, and does not constitute confidential information. He submits that since the design and framework/process to conduct a gap analysis to build the marketing proposal are widely available in generic form in the marketplace, revealing this information cannot be said to meet the test of substantial or undue gain or loss. He also submits that the fact that another supplier agreed to disclose similar information in a related appeal (Order MO-3174-I) and did not claim it to be confidential is a relevant consideration.

[25] In reply, the town submits that it does not agree that the information contained in the records is not generic in nature as suggested by the appellant. It submits that:

The service contracts for the town include detailed descriptions of the hardware and software infrastructure and release of this information, although downplayed by the appellant, will leave the town vulnerable and exposed to both cyber-attacks and/or physical attacks…"

Part 1: type of information

[26] Based on my review of the information contained in records 1, 2, and 3 it appears that they contain information that is appropriately categorized as commercial, financial or technical in nature. These types of information have been discussed in prior orders:

Technical information is information belonging to an organized field of knowledge that would fall under the general categories of applied sciences or mechanical arts. Examples of these fields include architecture, engineering or electronics. While it is difficult to define technical information in a precise fashion, it will usually involve information prepared by a professional in the field and describe the construction, operation or maintenance of a structure, process, equipment or thing.³

Commercial information is information that relates solely to the buying, selling or exchange of merchandise or services. This term can apply to both profit-making enterprises and non-profit organizations, and has equal application to both large and small enterprises.⁴ The fact that a record might have monetary value or potential monetary value does not necessarily mean that the record itself contains commercial information.⁵

Financial information refers to information relating to money and its use or distribution and must contain or refer to specific data. Examples of this type of information include cost accounting methods, pricing practices, profit and loss data, overhead and operating costs.⁶

[27] Records 1, 2, and 3 are all agreements between the town and the affected party that outline the town’s purchase of a variety of IT services from the affected party. Record 1 describes helpdesk support services to be provided by the affected party to the town; record 2, describes the affected party’s administration and maintenance of the town’s network system; and, record 3 describes the affected party’s management and maintenance of the town’s firewall devices. In my view, the information in all three records clearly falls within the definition of commercial information as they relate to the buying and selling of services. I also find that all three records contain financial information within the definition of that term; namely information about the affected party’s fee structure for the services offered. Finally, I accept that some portions of the records contain technical information as contemplated by part 1 of the section 10(1) test. Portions of the records clearly describe the manner in which the affected party proposes to operate and maintain specific elements of the town’s IT system, which in my view meets the definition of technical information.

[28] In summary, I find that all of records 1, 2, and 3 contain information that can be described as technical, commercial and financial information. Accordingly, part 1 of the test for exemption under section 10(1)  of the Act  has been met.

Part 2: supplied in confidence

[29] In order to meet part 2 of the test under section 10(1), the town, or the affected party must provide sufficient evidence to establish that the information at issue was supplied to the town by the affected party in confidence, either implicitly or explicitly. I will address each of these components separately.

Supplied

[30] The requirement that it be shown that the information was supplied to the institution reflects the purpose in section 10(1) of protecting the informational assets of third parties.⁷ Information may qualify as supplied if it was directly supplied to an institution by a third party, or where its disclosure would reveal or permit the drawing of accurate inferences with respect to information supplied by a third party.⁸

[31] The contents of a contract involving an institution and a third party will not normally qualify as having been supplied for the purpose of section 10(1). The provisions of a contract, in general, have been treated as mutually generated, rather than supplied by the third party, even where the contract is preceded by little or no negotiation or where the final agreement reflects information that originated from a single party. In other words, except in unusual circumstances, agreed-upon essential terms of a contract are considered to be the product of a negotiation process and are not, therefore, considered to have been supplied. This approach has been upheld by the Divisional Court in Boeing Co. V. Ontario (Ministry of Economic Development and Trade), and a number of other decisions.⁹ Most recently, it was once again upheld by the Divisional Court in Aecon Construction Group Inc. v. Information and Privacy Commissioner of Ontario.¹⁰

[32] There are two exceptions to this general rule which are described as the inferred disclosure and immutability exceptions. The inferred disclosure exception applies where disclosure of the information in a contract would permit accurate inferences to be made with respect to underlying non-negotiated confidential information supplied by the third party to the institution.¹¹ The immutability exception applies where the contract contains information supplied by the third party, but the information is not susceptible to negotiation. Examples are financial statements, underlying fixed costs and product samples or designs.¹²

[33] All three records are contracts between the affected party and the town describing different services that are to be provided by the affected party in relation to the town’s IT system. Records 1 and 2 are executed agreements, as they have been signed. Record 3 appears to be an agreement between the two parties, but it has not been signed and I have no evidence before me to establish whether or not it was in fact executed. Each record identifies the period of the contract for the particular services that it addresses; all of the identified periods of time set out in the contracts have expired.

[34] The affected party opposes the disclosure of all of the information contained in these agreements. The town objects to the disclosure of portions of records 1 and 2, and record 3, in its entirety. Based on my review of these records however, I find that records 1 and 2 amount to negotiated agreements between the two parties and do not meet the supplied component of part 2 of the section 10(1) test. With respect to record 3, given that there is no evidence before me to support that it was ever executed, I accept that portions of that record were supplied by the affected party to the town.

[35] As stated above, it is well established that the agreed-upon essential terms of a contract or agreement are considered to be the product of a negotiation process and not supplied even when negotiation amounts to acceptance of the terms proposed by the third party.¹³ In Order MO-1706, Adjudicator Bernard Morrow stated:

…[T]he fact that a contract is preceded by little negotiation, or that the contract substantially reflects the terms proposed by a third party, does not lead to a conclusion that the information in the contract was supplied within the meaning of section 10(1). The terms of a contract have been found not to meet the criterion of having been supplied by a third party, even where they were proposed by the third party and agreed to with little discussion.

[36] Also as stated above, the Divisional Court has affirmed this office’s approach with respect to the application of section 10(1) to negotiated agreements¹⁴ and specifically confirmed in Miller Transit and Aecon Construction that the approach is consistent with the intent of the legislation, which recognizes that public access to information contained in government contracts is essential to government accountability for expenditures of public funds.¹⁵

[37] Records 1 and 2 are executed agreements or contracts between the town and the affected party. In keeping with this office’s approach with respect to the application of section 10(1) to agreements and contracts, which has repeatedly been upheld by the Divisional Court, I am satisfied that the information contained in these records was negotiated. In my view, the contents of these records represent final agreements between two parties outlining the agreed-upon essential terms that were the product of a negotiation process.

[38] Additionally, I do not accept that any of the information at issue in either of these two records meets the two exceptions to the general rule that contract are not supplied: the inferred disclosure and immutability exceptions. In my view, none of the information in the records would permit accurate inferences to be made with respect to underlying non-negotiated confidential information supplied by the affected party to the institution; nor do these records contain information supplied by the affected party that is immutable or not susceptible of change.

[39] Accordingly, I find that records 1 and 2 were not supplied for the purposes of part 2 of the section 10(1) test. As all three parts of the test must be established for the exemption to apply, I find that records 1 and 2 are not exempt from disclosure under section 10(1)  of the Act .

[40] Although record 3 is prepared in the form of an agreement or contract, in my view, it cannot be presumed to be a contract as it has not been executed. Record 3 is prepared on the affected party’s letterhead and contains information about the IT support services that it is to provide the town for the management and maintenance of its firewall devices. The information contained in record 3 is clearly not information that originates from the town and, in the absence of evidence to confirm that the town accepted these terms I cannot conclude that they were the product of a negotiation process. Accordingly, I accept that the information contained in record 3 meets the supplied component of part 2 of the section 10(1) test and must go on to determine whether it can be said to have been supplied to the town in confidence.

In confidence

[41] In order to satisfy the in confidence component of part two, the parties resisting disclosure must establish that the supplier had a reasonable expectation of confidentiality, implicit or explicit, at the time the information was provided. This expectation must have an objective basis.¹⁶

[42] In determining whether an expectation of confidentiality is based on reasonable and objective grounds, it is necessary to consider all the circumstances of the case, including whether the information was:

• • communicated to the institution on the basis that it was confidential and that it was to be kept confidential;
• • treated consistently in a manner that indicates a concern for its protection from disclosure by the affected person prior to being communicated to the government organization;
• • not otherwise disclosed or available from sources to which the public has access; and,
• • prepared for a purpose that would not entail disclosure.¹⁷

[43] I accept that the information contained in record 3 was supplied in confidence by the affected party to the town, thereby meeting that component of part 2 of the test for the application of section 10(1).

[44] Both the affected party and the town submit that the information which the affected party provided was supplied in confidence. In its representations, the affected party submits that it has stated on each page the documents are confidential and that each agreement includes a statement that addresses the fact that the information contained therein is proprietary to the affected party and may not be used, reproduced, or disclose to other as specifically permitted in writing. However, I find that no such explicit reference to the confidentiality of information appears in record 3. Nevertheless, I accept that, given the nature of the information, the affected party had a reasonably held, implicit expectation that the information which it supplied in the agreement, prior to it being executed, would be treated in a confidential manner by the town. In the circumstances, I accept that the information at issue was supplied in confidence.

Summary conclusion

[45] I find that the supplied in confidence component of part 2 of the section 10(1) test has not been established with respect to the disclosure of the information at issue in records 1 and 2. As all three parts of the test must be met for the exemption to apply, I find that section 10(1) does not apply to exempt records 1 and 2 from disclosure.

[46] With respect to record 3, however, I find that it was supplied in confidence within the meaning of part 2 of the section 10(1) test. Accordingly, I must now determine whether the disclosure of that information could reasonably be expected to give rise to the harms outlined in section 10(1)(a) and/or (c).

Part 3: harms

[47] To meet this part of the test, the party resisting disclosure must provide detailed and convincing evidence to establish a reasonable expectation of harm. It must demonstrate a risk of harm that is well beyond the merely possible or speculative although it need not prove that disclosure will in fact result in such harm. How much and what kind of evidence is needed will depend on the type of issue and seriousness of the consequences.¹⁸

[48] The failure of a party resisting disclosure to provide detailed and convincing evidence will not necessarily defeat the claim for exemption where harm can be inferred from other circumstances. However, parties should not assume that harms under section 10(1) are self-evident or can be substantiated by submissions that repeat the words of the Act .¹⁹

[49] While the town submits that the harm outlined in section 10(1)(a) applies to record 3 in its entirety, the affected party submits generally that section 10(1) applies. As section 10(1) is a mandatory exemption, I will address all those sections that, in my view, are applicable. In the circumstances of this appeal, I will examine the possible application of sections 10(1)(a) and (c) to the information that remains at issue.

Section 10(1)(a): prejudice to competitive position

[50] The affected party’s representations suggest that it is of the view that disclosure of the information contained in record 3 could reasonably be expected to result in prejudice to its competitive position. It submits that the disclosure of the contractual framework, the financial information and managed services framework is necessary to maintain its competitive space within its market because contracts are the defining piece of most competitive managed services contracts.

[51] I am not satisfied that I have been provided with the requisite clear and convincing evidence to establish that the disclosure of the information that is found in record 3 could result in prejudice to the affected party’s competitive position. From my review of the record itself, the terms of the agreement appear to be general in nature with respect to the description of how the affected party would meet the needs of the town. In my view, it is not evident from the face of the record how its disclosure could reasonably be expected to reveal information that could be used by the affected party’s competitors in future situations.

[52] Additionally, both the affected party and the town’s representations on the harm that could result from the disclosure of this information are very general. They do not point to specific information contained in the record or even the types of information contained in the record that they believe could be of assistance to the affected party’s competitors; nor do they provide evidence to demonstrate or explain how the disclosure of any specific information contained in the record could reasonably be expected to prejudice its competitive position.

[53] Moreover, the contract was drafted to address the town’s precise needs with respect to firewall services. Record 3, therefore, provides information describing how the affected party intends to respond to those precise needs. In the absence of detailed evidence to demonstrate that the information contained in this draft contract would be of use to a competitor in future situations where the IT services would be sufficiently similar to those sought by the town, I am not convinced that disclosure of this specific information would prejudice its position with respect to such future competitions.

[54] Finally, as noted by the appellant, I note that the information is dated. Record 3 appears to have been prepared over ten years ago and the proposed term for the contract, had it been executed, would have terminated just under ten years ago. I accept the appellant’s argument that the field of IT is one in which the landscape changes rapidly. As a result, in the absence of detailed and convincing evidence to demonstrate how the disclosure of information contained in a service agreement from approximately a decade ago could reasonably be expected to result in competitive harm in today’s market, I do not accept that the affected party’s competitive position would be prejudiced by its disclosure.

[55] Accordingly, I am not satisfied that either the town or the affected party have provided the requisite evidence to establish that disclosure of the information at issue in record 3 could reasonably be expected to give rise to the harm contemplated by section 10(1)(a).

Section 10(1)(c): undue loss or gain

[56] Again, although the affected party did not specifically identify the possible application of the harm contemplated by section 10(1)(c), its representations also suggest that it is of the view that the disclosure of its information contained in record 3 could reasonably be expected to result in an undue gain to its competitors resulting in a correlative undue loss to itself.

[57] For the reasons described above in my discussion on the possible application of section 10(1)(a), I do not accept that the disclosure of the information contained in Record 3 could reasonably be expected to give rise to an undue loss or gain. Additionally, based on the wording of this exemption, the party objecting to disclosure is required to demonstrate that disclosure would afford a competitor an advantage or that would result in a loss to itself. In addition, any such loss or gain must be characterized as undue. In the circumstances of this appeal, I have not been provided with clear and convincing evidence that disclosure of the specific information at issue would give rise to either a loss or a gain, let alone that such loss or gain could be described as undue. Accordingly, I do not accept that I have been provided with clear and convincing evidence to establish that disclosure of the information at issue in record 3 could reasonably be expected to give rise to the harm contemplated by section 10(1)(c).

[58] As none of the other harms identified in section 10(1) appear to be relevant in the circumstances of this appeal, the third component of the test for the application of that exemption has not been established.

Summary conclusion

[59] I find that the harm component in part 3 of the section 10(1) test has not been established with respect to the disclosure of record 3. As all three parts of the test must be established for the exemption to apply, I find that section 10(1) does not apply to exempt this information from disclosure.

B. Does the discretionary exemption at section 7(1) apply to the records?

[60] Section 7(1) states:

A head may refuse to disclose a record where the disclosure would reveal advice or recommendations of an officer or employee of an institution or a consultant retained by an institution.

[61] The purpose of section 7 is to ensure that persons employed in the public service are able to freely and frankly advise and make recommendations within the deliberative process of government decision-making and policy-making.²⁰

[62] Advice and recommendations have distinct meanings. Recommendations refers to material that relates to a suggested course of action that will ultimately be accepted or rejected by the person being advised, and can be express or inferred.

[63] Advice has a broader meaning than recommendations. It includes policy options, which are lists of alternative courses of action to be accepted or rejected in relation to a decision that is to be made, and the public servant’s identification and consideration of alternative decisions that could be made. Advice includes the views or opinions of a public servant or consultant as to the range of policy options to be considered by the decision maker even if they do not include a specific recommendation on which option to take.²¹

[64] Advice involves an evaluative analysis of information. Neither of the terms advice or recommendations" extends to objective information or factual material.

[65] Advice or recommendations may be revealed in two ways:

• • the information itself consists of advice or recommendations
• • the information, if disclosed, would permit one to accurately infer the nature of the advice or recommendations given.²²

[66] The application of section 7(1) is assessed as of the time the public servant or consultant prepared the advice or recommendations. Section 7(1) does not require the institution to prove that the advice or recommendation was subsequently communicated. Evidence of an intention to communicate is also not required for section 7(1) to apply as that intention is inherent to the job of policy development, whether by a public servant to consultant.²³

[67] Examples of the types of information that have been found not to qualify as advice or recommendations include factual or background information;²⁴ a supervisor’s direction to staff on how to conduct an investigation;²⁵ and information prepared for public dissemination.²⁶

[68] Sections 7(2) and (3) create a list of mandatory exceptions to the section 7(1) exemption. If the information falls into one of these categories, it cannot be withheld under section 7. Section 7(2)(a) states:

Despite subsection (1), a head shall not refuse under subsection (1) to disclose a record that contains,

factual material.

Representations

[69] The town submits that the information at issue in records 1, 2, and 3 is excluded from disclosure as it amounts to advice or recommendations within the meaning of section 7(1)  of the Act . Specifically, the town submits:

[I]t is self-evident on the face of the documents that the record reveals advice by consultants retained by the institution on which the Municipal Council is entitled to act. The exceptions to the exceptions are not applicable.

[70] In his representations, the appellant states

In no case is the information being requested any advice or recommendation of a town official or employee. In all instances it is generic and descriptive information originating with hopeful peddlers or a willing citizen volunteer engaged by the Chief Administrative Officer for the Town to offer up gratuitous advice at no charge. It is difficult to ascertain how release of this information could inhibit the free flow of information to the town in the future.

[71] In reply, the town submits that the exemption at section 7(1) extends the general principle to consultants and the consultant’s audit contains comprehensive information and is of a technical nature and includes a series of recommendations… It further submits that the information is not merely factual information, it goes much farther.

Analysis and findings

[72] Based on my review of the records and the parties’ representations, I find that none of the information that remains at issue contains advice or recommendations within the meaning of the exemption at section 7(1)  of the Act .

[73] From my review of the information at issue, I do not accept that any of it qualifies for exemption under section 7(1). In my view, the information contained in all three of these records is factual in nature; it describes the terms of various agreements for specific services to be provided to the town by the affected party. None of this information relates to a suggested course of action that will ultimately be accepted or rejected by a decision maker. In addition, none of this information can be said to describe options or an alternative course of action to be accepted or rejected in relation to a decision that is to be made. Finally, none of this information can be described as the views or opinions of either a public servant or consultant as to the range of policy options to be considered by a decision maker. Instead, the records describe in detail the agreed upon terms of services between the parties for various components of the town’s IT network support. In my view, none of this information can be described as the advice and recommendations and it is therefore, not exempt from disclosure.

[74] Accordingly, I find that none of the information at issue in records 1, 2, and 3 is exempt from disclosure pursuant to section 7(1)  of the Act .

C. Do the discretionary exemptions at sections 8(1)(e) and/or (i) apply to the records?

[75] The town submits that the exemptions at sections 8(1)(e) and/or (i) apply to all of the records at issue. Sections 8(1)(e) and (i) state:

A head may refuse to disclose a record if the disclosure could reasonably be expected to,

(e) endanger the life or physical safety of a law enforcement officer or any other person;

(i) endanger the security of a building or the security of a vehicle carrying items, or of a system or procedure established for the protection of items, for which protection is reasonably required.

[76] Generally, the law enforcement exemption must be approached in a sensitive manner, recognizing the difficulty of predicting future events in a law enforcement context.²⁷

[77] It is not enough for an institution to take the position that the harms under section 8 are self-evident from the record or that the exemption applies simply because of the existence of a continuing law enforcement matter.²⁸ The institution must provide detailed and convincing evidence about the potential for harm. It must demonstrate a risk of harm that is well beyond the merely possible or speculative although it need not prove that disclosure will in fact result in such harm. How much and what kind of evidence is needed will depend on the type of issue and seriousness of the consequences.²⁹

Representations

[78] The town submits that with respect to the topic of law enforcement generally, there is little more we can say. It notes the comment in the Notice of Inquiry (and indicated above) that states that it is not sufficient for an institution to take the position that the harms under section 8 are self-evident from the record but states:

However, the record, in the context of the world in which we seem to live, makes it obvious that a continuing law enforcement matter involving the protection of confidential information is crucial. Likewise, physical safety and the safety of property depend on the maintenance of confidentiality with respect to some of this information.

[79] The appellant submits that the town has failed to convincingly demonstrate that the request would hamper an existing real law enforcement action, and that as a result it suggests that there may be a possible violation sometime in the future. The appellant submits that this is a tactic of fear mongering over the issue of cyber security. He submits that if the town is following basic cyber security hygiene, such records do not make up the network design an infrastructure that the town is seeking to refurbish.

[80] In reply, the town submits:

Given the constant reports of security breaches on government computer systems an environment of constant cyber-attacks is not fear mongering by a reality for government organizations, including municipalities…As stated earlier, the service contracts for the town include detailed descriptions of the hardware and software infrastructure and release of this information, although downplayed by the appellant, will leave the town vulnerable and exposed to both cyber-attack and/or physical attacks. There is simply no need for a member of the public to have this type of security information.

Analysis and findings

8(1)(e): life or physical safety

[81] For section 8(1)(e) to apply, it is normally the institution that must provide evidence to establish a reasonable basis for believing that endangerment could result from disclosure. In the particular circumstances of this appeal, this onus falls on the town, who is asserting that the disclosure of the information at issue would endanger individuals. The reasons for resisting disclosure must not be frivolous or exaggerated.³⁰ A person’s subjective fear, while relevant, may not be enough to justify the exemption.³¹ Also relevant to the circumstances of this appeal, is that the term person is not necessarily limited to a particular identified individual, and may include the members of an identifiable group or organization.³²

[82] I am not persuaded that the town has established that the disclosure of the information contained records 1, 2, or 3 could reasonably be expected to lead to the harm contemplated in section 8(1)(e). These records set forth the details of agreements for the affected party’s provision of IT services to the town. From my review, the substance of these records provide more detail regarding the precise services to be supplied by the affected party regarding the management and maintenance of different components of the towns IT system than it does about the structure of the town’s network. In my view, they only identify some of the types of software and hardware used by the town, much of which appears to be standard to most IT systems used by institutions. Despite the town’s submissions regarding disclosure rendering it vulnerable potential cyber-attacks or physical attacks, in my view, in the absence of detailed and convincing evidence, it is difficult to see how disclosing the type of information that appears in these particular records could reasonably be expected to endanger the lives or physical safety of any individuals, let alone that such reasonable expectation of harm is well beyond the merely possible or speculative.

[83] In short, I find that the records do not qualify for exemption under section 8(1)(e).

Section 8(1)(i): security of a building, vehicle, system or procedure

[84] As with section 8(1)(e), for section 8(1)(i) to apply, the onus falls on the town to provide evidence to establish a reasonable basis for believing that endangerment could result from disclosure, specifically, the endangerment of a building, vehicle, system, or procedure. Although this provision is found in a section of the Act  dealing specifically with law enforcement matters, it has been found not to be restricted to law enforcement situations and can cover any building, vehicle or system which requires protection.³³

[85] As with section 8(1)(e), given the brevity of the town’s representations on the application of this exemption, I am not persuaded that the town has provided sufficient evidence to establish that the disclosure of the information contained in records 1, 2, or 3 could reasonably be expected to lead to the harm contemplated by section 8(1)(i). Although I am aware of the difficulty of predicting future events, in my view I have not been provided with sufficiently detailed and convincing evidence to demonstrate how the specific information contained in the records could result in such harm let alone that such reasonable expectation of harm is well beyond the merely possible or speculative.

[86] As a result, I find that the town has not established that its disclosure could reasonably be expected to endanger the security of a building or the security of a vehicle carrying items or of a system or procedure established for the protection of items, for which protection is reasonably required. Accordingly, I find that the records do not qualify for exemption under section 8(1)(i).

D. Do the discretionary exemptions at sections 11(a) and/or (f) apply to the records?

[87] In its decision letter and on its index, the town submits that sections 11(a) and (f) apply to the withheld portions of records 1 and 2, and record 3 in its entirety. Sections 11(a) and (f) state:

A head may refuse to disclose a record that contains,

(a) trade secrets or financial, commercial, scientific or technical information that belongs to an institution and has monetary value or potential monetary value;

(f) plans relating to the management of personnel or the administration of an institution that have not yet been put into operation or made public.

[88] The purpose of section 11 is to protect certain economic interests of institutions. The report titled Public Government for Private People: The Report of the Commission on Freedom of Information and Individual Privacy 1980, vol. 2 (the Williams Commission Report)³⁴ explains the rationale for including a valuable government information exemption in the Act :

In our view, the commercially valuable information of institutions such as this should be exempt from the general rule of public access to the same extent that similar information of non-governmental organizations is protected under the statute . . . Government sponsored research is sometimes undertaken with the intention of developing expertise or scientific innovations which can be exploited.

[89] Parties should not assume that harms under section 11 are self-evident or can be substantiated by submissions that repeat the words of the Act .³⁵

[90] The fact that individuals or corporations doing business with an institution may be subject to a more competitive bidding process as a result of the disclosure of their contractual arrangements does not prejudice the institution’s economic interests, competitive position or financial interests.³⁶

Representations

[91] Again, the town’s representations on the possible application of these exemptions to the records are brief. With the respect to the application of section 11 to the records it states:

[T]he IT platform is an economic interest of the institution. Its structure constitutes commercially valuable information which should be exempt from disclosure.

[92] The appellant submits that [a]t face value, it is difficult to comprehend how an IT network design for the town would constitute economic value within the meaning of the section 11 exemption. He submits that IT platforms are generic and would only have marginal value to the town, none of which would be in the competitive marketplace. He also submits that the requested information is not about future plans to be implemented but about what proponents would provide by way of IT services and products to the town.

[93] In reply, the town submits that the information contained in the audit is information that was yet to have been put into operation or made public and it opposes making public these plans for the stated reason. The town also states that releasing the costing information will remove any competitiveness in the acquisition of services and goods. These representations appear to be more relevant to the records at issue in a related appeal, Appeal MA13-438, but as the town submits that they also apply to the current appeal, I will consider how their representations relate to Records 1, 2, and 3.

Analysis and findings

Section 11(a): information that belongs to government

[94] For section 11(a) to apply, the town must show that the information:

1. 1. is a trade secret, or financial, commercial, scientific or technical information;
2. 2. belongs to an institution; and
3. 3. has monetary value or potential monetary value.

Part 1: type of information

[95] The types of information listed in section 11(a) are the same as those listed in section 10(1), defined above. I have already found in my discussion of the application of section 10(1) to the records that they contains information that qualifies as commercial and financial information. That finding is equally applicable for the purposes of my analysis of whether section 11(a) applies to records 1, 2, and 3, and I adopt it here.

[96] Accordingly, I accept that the part 1 of the section 11(a) test has been met with respect to the information that remains at issue.

Part 2: belongs to

[97] The term belongs to refers to ownership by an institution. It is more than the right simply to possess, use or dispose of information, or control access to the physical record in which the information is contained. For information to belong to an institution, the institution must have some proprietary interest in it either in a traditional intellectual property sense – such as copyright, trade mark, patent or industrial design – or in the sense that the law would recognize a substantial interest in protecting the information from misappropriation by another party.

[98] Examples of the latter type of information may include trade secrets, business-to-business mailing lists,³⁷ customer or supplier lists, price lists, or other types of confidential business information. In each of these examples, there is an inherent monetary value in the information to the organization resulting from the expenditure of money or the application of skill and effort to develop the information. If, in addition, the information is consistently treated in a confidential manner, and it derives its value to the organization from not being generally known, the courts will recognize a valid interest in protecting the confidential business information from misappropriation by others.³⁸

[99] The town indicates in its representations that information regarding the structure of its IT platform is commercially valuable information. It does not elaborate on this statement. From my review of the records, the three agreements describe the provision of management and maintenance services for different components of the town’s IT system. Although portions of the records identify in a very general manner the types of software and hardware used by the town a number of years ago, in my view, it is not clear on the face of these records, how this type of information would be of commercial value to the town. In the absence of specific evidence detailing how the town might have a proprietary interest (in the intellectual property sense) in this information or a substantial interest in protecting this specific information resulting from its inherent monetary value, I do not accept that this information can be said belong to the town within the meaning of part 2 of the section 11(a) test.

[100] As all three parts of the test must be established for the exemption to apply, I find that the discretionary exemption at section 11(a) does not apply to the remaining information.

Section 11(f): plans relating to the management of personnel

[101] In order for section 11(f) to apply, the institution must show that:

1. 1. the record contains a plan or plans, and
2. 2. the plan or plans relate to:
   1. (i) the management of personnel, or
   2. (ii) the administration of an institution, and
3. 3. the plan or plans have not yet been put into operation or made public.³⁹

[102] This office has adopted the dictionary definition of plan as a formulated and especially detailed method by which a thing is to be done; a design or scheme.⁴⁰

[103] The town has not provided any representations to describe how the records for which section 11(f) has been claimed amount to a plan relating to the management or personnel or the administration of the institution. Although in its reply representations the town refers information in the audit that is information that was yet to have been put into operation or made public, this appears to be specific to a record that is at issue in a related appeal, Appeal MA13-438.

[104] The records that are before me are agreements relating the management of the town’s IT network. In the absence of any evidence to the contrary, in my view it is not clear that records 1, 2, or 3 reveal a plan that relates either to the management of personnel or the administration of an institution. Additionally, given that each agreement identifies a precise contract period which has, on its face, expired, I find that I have not been provided with sufficient evidence to support a conclusion that even if the records do reveal such plan, that it has not yet been put into operation or made public. As this is a discretionary exemption and the town bears the burden of demonstrating that it applies, I find that the town has not discharged its burden and section 11(f) does not apply to the information at issue.

E. Does the discretionary exemption at section 13 apply to the records?

[105] The town takes the position that section 13 applies to records 1, 2, and 3 in their entirety. Section 13 states:

A head may refuse to disclose a records whose disclosure could reasonably be expected to seriously threaten the safety or health of an individual.

[106] For this exemption to apply, the town must provide detailed and convincing evidence about the potential for harm. It must demonstrate a risk of harm that is well beyond the merely possible or speculative, although it need not prove that disclosure will in fact result in such harm. How much and what kind of evidence is needed will depend on the type of issue and seriousness of the consequences.⁴¹

Representations

[107] With respect to the possible application of section 13 to records 1, 2, and 3, the town submits:

[T]he disclosure [of the information at issue] could reasonably be expected to seriously threaten the safety of the institution and individuals. In light of the world in which we live, it is difficult to see how the reasons for this could be frivolous or exaggerated.

[108] The appellant submits that the town’s claim that section 13 applies is frivolous and exaggerated. He submits that he is not seeking the town’s IT security policy, strategy, IT disaster recovery plan or its IT threat and risk mitigation strategy and there is no evidence provided to support a conclusion that knowledge of any component of the town’s previous outdated generic IT platform would lead to any harm.

[109] In reply, the town submits:

The fact is that leaving the town’s mission critical data vulnerable to security breaches would leave a great deal of information about identifiable individuals at peril. It is common for town staff and its agents to be subjected to threats in [the] course of its enforcement duties. There have in recent months been police investigations in response to such threats. Leaving employee (or agent) information vulnerable could reasonably be expected to result in a threat to the safety of an employee, agent or resident or business of the town.

Analysis and findings

[110] In its reply representations the town submits generally that it is common for its staff to be subjected to threats and refers vaguely to police investigations arising from these threats. However, it does not provide any description of the nature of such threats or provide any evidence to suggest that they resulted from the disclosure of information that is similar in any way to the type of information that is before me in this appeal. The records at issue amount to agreements regarding services provided by the affected party relating to the maintenance of its IT system. On their face, these agreements appear to have long since expired. In my view, the town’s representations do not elucidate, sufficiently, how the disclosure of any of the specific information that is before me could reasonably be expected to seriously threaten the safety or health of an individual, let alone demonstrate that any risk of such harm is well beyond the merely possible or speculative.

[111] In the absence of the requisite detailed and convincing evidence to establish that the disclosure of any of the information contained in records 1, 2, 3 could reasonably be expected result in the harm contemplated by section 13, I find that it does not apply in the circumstances of this appeal.

F. Did the institution conduct a reasonable search for records responsive to part 1 of the request?

[112] The requester takes the position that records relating to part 1 of his request should exist. In part 1 of his request, he sought access to the Targeted Research conducted for the roll-out of the Electronic Records Storage Initiative."

[113] Where a requester claims that additional records exist beyond those identified by the institution, the issue to be decided is whether the institution has conducted a reasonable search for records as required by section 17.⁴² If I am satisfied that the search carried out was reasonable in the circumstances, I will uphold the institutions decision. If I am not satisfied, I may order further searches.

Representations

[114] In support of its position that it conducted a reasonable search for records responsive to part 1 of the appellant’s request, specifically, the Targeted Research conducted for the roll-out of the Electronic Records Storage Initiative, the town provided an affidavit sworn by its Clerk who is responsible for the oversight of all requests that it receives under the Act .

[115] The Clerk advises in her affidavit that as the town operates with a small administrative staff, there were only four individuals with the knowledge and expertise required to respond to the request. She identifies those individuals as the Chief Administrative Officer, the Director of Corporate Services/Treasurer, the Manager of Financial Services, and herself, the Clerk. She explains that searches were conducted in the town’s electronic records management system, as well as through paper records. She explains that the only three records that were located that could be deemed to be responsive to the request were the three that are at issue in this appeal. She submits that to the best of her knowledge, no other records exist in relation to the request.

[116] During mediation, the appellant advised that it is his belief that records responsive to the first part of his request should exist, including technician’s notes. In his representations he submits:

It is the practice in the IT services and consulting industry to document, document and document their work. The IT Services Management framework, such as the IT Infrastructure Library, v. 3.0, COBIT5 (control objectives for information and related technology) methodologies place a significant emphasis on documenting IT processes and governance. For IT Practitioners to do otherwise would bring allegations of sloppy slipshod workmanship and a lack of professional standards in their work. Carrying a notebook and keeping a journal of what was or was not done and what observations were made beings at the lowest level of the IT hierarchy such as the Helpdesk analyst who logs every call and notes what actions were taken to restore the service to its original status. This practice in professional IT organizations continues all the way up the organizational ladder to the head of the entity. Furthermore, any buyer of the IT service would expect to receive an invoice itemizing what work had been done against the statement of work or work order, how many calls had been received and resolved, etc. before authorizing payment of the invoice. It is unusual for IT analysts to rely on a verbal culture to carry out their work. It is also unprofessional. Therefore records must exist.

[117] In reply, the town provided the following response to the appellant:

The town articulated the following both in a November 15, 2013 letter [to the appellant] and during mediation:

The Targeted Research was done in person by a technician from the supplier of the software for the town’s Electronic Records Storage. The supplier assessed each workstation which was to be used to run the Town’s Electronic Records System. Any workstation which did not meet the minimum operating system or hardware requirements for the town’s Electronic Records System was verbally conveyed by the supplier to town staff at that time. Therefore, access cannot be provided to the records as the records do not exist. We cannot search for something that does not exist.

Analysis and findings

[118] Although a requester will rarely be in a position to indicate precisely which records the institution has not identified, the requester still must provide a reasonable basis for concluding that such records exist.⁴³ In the circumstances of this appeal, I find that the appellant has not provided sufficient information to establish a reasonable basis for concluding that records relating to part 1 of his request should exist.

[119] A number of previous orders have established that a reasonable search is one in which an experienced employee knowledgeable in the subject matter of the request expends a reasonable effort to locate records which are reasonably related to the request.⁴⁴ The expectation is that the individual or individuals conducting the search must be familiar with the subject matter to which the records relate and have detailed knowledge of the institution’s information management systems.⁴⁵

[120] In appeals involving a claim that additional records exist, the Act  does not require the institution to prove with absolute certainty that further records do not exist; the institution must provide sufficient evidence to show that it has made a reasonable effort to identify and locate responsive records.⁴⁶

[121] I accept the town’s position that despite its search, it cannot locate any records related to part 1 of the appellant’s request. Nevertheless, in my view, I have been provided with sufficient evidence to conclude that it expended a reasonable effort to identify and locate any responsive records within its record-holdings. I accept that the individuals who conducted searches for these records are experienced employees familiar with its records holdings. Accordingly, I find that although the town’s search for the records related to part 1 of the request did not locate the record, it was reasonable as required by the Act , and I uphold it.

ORDER:

1. 1. I order the town to disclose records 1, 2 and 3, in their entirety, to the appellant by providing him with a copy by no later than May 6, 2015 but not before May 1, 2015.
2. 2. In order to verify compliance with this order, I reserve the right to require the town to provide me with a copy of the records disclosed to the appellant pursuant to Order Provision 1.
3. 3. I uphold the town’s search for responsive records and dismiss that aspect of the appeal.

Original signed by: Catherine Corban Adjudicator

March 30, 2015

---

¹ Boeing Co. v. Ontario (Ministry of Economic Development and Trade), [2005] O.J. No. 2851 (Div. Ct.)], leave to appeal dismissed, Doc. M32858 (C.A.).

² Orders PO-1805, PO-2018, PO-2184, and MO-1706.

³ Order PO-2010.

⁴ Order PO-2010.

⁵ Order P-1621.

⁶ Order PO-2010.

⁷ Order MO-1706.

⁸ Orders PO-2020 and PO-2043.

⁹Supra, note 1. See also, Orders PO-2018, and PO-2496, upheld in Grant Forest Products Inc. v. Caddigan, [2008] O.J. No. 2243 (Div. Ct.) and PO-2497, upheld in Canadian Medical Protective Association v. Loukidelis, [2008] O.J. No. 3475 (Div. Ct) (CMPA). See also HKSC Developments L.P. v. Infrastructure Ontario and Information and Privacy Commissioner of Ontario, 2013 ONSC 6776 (Can LII) and in Miller Transit Limited v. Information and Privacy Commissioner of Ontario et al., 2013 ONSC 7139 (CanLII) (Miller Transit).

¹⁰ 2015 ONSC 1392 (CanLII), upholding PO-3311.

¹¹ Order MO-1706, cited with approval in Miller Transit, supra note 9 at para. 33.

¹² Miller Transit, supra note 9 at para. 34.

¹³ See Orders PO-2384, PO-2497 (upheld in CMPA, supra note 9) and PO-3157.

¹⁴ Supra, note 9.

¹⁵ Miller Transit, supra note 9 at para. 44 and Aecon Construction, supra note 9 at paragraph 13.

¹⁶ Order PO-2020.

¹⁷ Orders PO-2043, PO-2371 and PO-2497.

¹⁸ Ontario (Community Safety and Correctional Services) v. Ontario (Information and Privacy Commissioner), 2014 SCC 31 (CanLII) at paras 52-54.

¹⁹ Order PO-2435.

²⁰ John Doe v. Ontario (Finance), 2014 SCC 36, at para. 43.

²¹ Ibid at paras. 26 and 47.

²² Orders PO-2028 and PO-2084, upheld on judicial review in Ontario (Ministry of Northern Development and Mines) v. Ontario (Assistant Information and Privacy Commissioner), [2004] O.J. No. 163 (Div. Ct.), aff’d [2005] O.J. No. 4048 (C.A.), leave to appeal refused [2005] S.C.C.A No. 564; see also Order PO-1993 upheld on judicial review in Ontario (Ministry of Transportation) v. Ontario (Information and Privacy Commissioner), [2005] O.J. No. 4047 (C.A.), leave to appeal refused [2005] S.C.C.A. No. 563.

²³ Supra note 10, at para. 51.

²⁴ Order PO-3315.

²⁵ Order P-363, upheld on judicial review in Ontario (Human Rights Commission) v. Ontario (Information and Privacy Commissioner) (March 25, 1994), Toronto Doc. 721/92 (Ont. Div. Ct.).

²⁶ Order PO-2677.

²⁷ Ontario (Attorney General) v. Fineberg (1994), 19 O.R. (3d) 197 (Div. Ct.).

²⁸ Order PO-2040 and Ontario (Attorney General) v. Fineberg, cited above.

²⁹ Ontario (Community Safety and Correctional Services) v. Ontario (Information and Privacy Commissioner), 2014 SCC 31 (CanLII) at paras. 52-4.

³⁰ Order PO-2085.

³¹ Order PO-2003.

³² Order PO-1817-R.

³³ Orders P-900 and PO-2461.

³⁴ Toronto: Queen’s Printer, 1980.

³⁵ Order MO-2363.

³⁶ Orders MO-2363 and PO-2758.

³⁷ Order P-636.

³⁸ Order PO-1736, upheld on judicial review in Ontario Lottery and Gaming Corporation v. Ontario (Information and Privacy Commissioner), [2001] O.J. No. 2552 (Div. Ct.); see also Orders PO-1805, PO-2226 and PO-2632.

³⁹ Orders PO-2071 and PO-2536.

⁴⁰ Orders P-348 and PO-2536.

⁴¹ Ontario (Community Safety and Correctional Services ) v. Ontario (Information and Privacy Commissioner), 2014 SCCC 31 (CanLII) at paras. 52-4.

⁴² Orders P-85, P-221, and PO-1954-I.

⁴³ Order MO-2246.

⁴⁴ Orders M-909, PO-2469 and PO-2592.

⁴⁵ Order MO-2986.

⁴⁶ Orders P-624 and PO-2559.