Federal Government Information Policy

An old but interesting article about this subject was produced by Michael Nelson, Secretariat at the Treasury Board of Canada (Ottawa), titled “Federal Information Policy: An Introduction,” and published in Government Information in Canada/Information gouvernementale au Canada, Vol. 1, No. 3.1. (1995):

“Government by its nature is an information-intensive endeavour. Vast amounts of information are required to deliver benefits such as pensions and unemployment insurance, and services related to health, safety and security. Complex information processing systems are needed to support programs such as mapping, taxation, scientific research, and economic statistics.

The information collected and created in such programs and services must be stored and protected, and in most cases, made available should access to it be requested. And along the way, communication must be maintained with the public about the work of the government and information products must be actively disseminated.

In response to these and other needs, the federal government has over the past several years, developed a comprehensive family of information policies:

• The Management of Government Information Holdings Policy
• The Government Communications Policy
• The Federal Identity Program
• The Access to Information Policy
• The Privacy and Data Protection Policy
• The Security Policy

The “circles chart” is often used by the Information, Communications and Security Division at Treasury Board Secretariat to illustrate the inter-related nature of the policies. For example, the document classification system set out in the Security Policy must be consistent with the legal authority to deny access contained in the Access to Information Act and Access to Information Policy. The Security Policy tells us what protective measures must be applied to protect personal information from disclosures which are not permitted under the Privacy Act and Privacy Policy.

The purpose of this article is to describe briefly each of these policies, leading the way to more detailed articles on specific issues in future issues of this journal.

The Management of Government Information Holdings Policy

See: Treasury Board of Canada, Secretariat. Treasury Board Manual: Information and Administrative Management Component: Information Management: Part 3, Government Information Holdings: Chapter 3-1, Policy on the Management of Government Information Holdings (Catalogue no. BT52-6/6). Ottawa: 1994.

The Treasury Board policy on Management of Government Information Holdings (MGIH) was issued in 1989. It represented the merging of a number of policy instruments that had been developing within the federal government for many years–some linking back as far as the Glassco Commission in 1963, and the Public Records Order of 1966. These policies included records management, information collection and public opinion research, micrographics, EDP records management and forms management.

The objective of the MGIH policy is to ensure the cost-effective and coordinated management of federal government information holdings. More specifically, departments are required to:

• manage their information holdings as a corporate resource to support decision-making, meet operational requirements, and protect legal, financial and other interest of the government and the public;
• make the widest possible use of information within government by ensuring that is organized to facilitate access by those who require it, subject to legal and policy constraints;
• reduce response burden on the public by eliminating unnecessary collection of information;
• identify and conserve holdings that serve to reconstruct the evolution of policy and program decisions, and ensure that this information is organized so as to facilitate study of decision-making in government and for other educational purposes.

The framework for implementation of the MGIH Policy is the information life-cycle, set out in the policy as:

• planning;
• collection or creation;
• organization, transmission, use and retrieval;
• storage, protection and retention; and
• disposition through transfer to the archives or destruction.

The planning stage involves assessing how to meet the information needs of the institution for operational, legislative and policy purposes. In keeping with that concept, institutions are to collect or create only information that relates to their mandate.

In the collection phase, the policy requirement to reduce the burden on the public comes into play, as does a requirement to ensure that information has not already been collected within government.

Anyone who has spent time in an organization of any size at all will recognize that in order to make the best use of information, it has to be organized. Consequently, the policy requires that institutions identify and describe their information holdings in a way that is most relevant to their operational needs. In organization, as well as in transmission and use, the linkages of the MGIH Policy to the access and privacy domain are strong. For example, the publication each year of Infosource (Treasury Board of Canada, Secretariat. InfoSource: Sources of Federal Government Information. Ottawa (annual)) by the Treasury Board Secretariat, in accordance with access and privacy legislation, relies on obtaining a description–albeit at a high level–of the information holdings of in excess of one hundred institutions across government.

The storage, protection and retention requirements are designed to ensure that while information is held it is protected. Further, institutions are required to maintain the information in media and locations that permit quick and easy access and retrieval by authorized users.

Finally, in the disposition stage of the life cycle, the requirements of the National Archives Act with respect to records, and the National Library Act with respect to published material, come into play. Key objectives of this stage are to ensure that information is only kept as long as it is needed, or as required by law, and that the corporate memory of the government is maintained.

The MGIH Policy shows signs of being the Cinderella of federal information policies. When it was first issued, it is probably fair to say that many institutions were overwhelmed by the cost and energy that would be required to implement it fully. And in 1989, there were still those who argued that information was unmanageable–you could manage data, or systems, or records, but information was too nebulous a commodity to declare as a corporate management function, and you might as well forget about it.

Well, times have changed. At the most senior levels of the public service, there is growing recognition of the need to manage information holdings as an integral part of delivering services effectively and efficiently. Areas of the policy that could not get attention a few years back are in the spotlight. For example the MGIH Policy is front and center in the government’s efforts to reduce the information collection burden on business. The issue of how to ensure that we are treating our email properly has been discussed among deputy ministers.

The importance of managing the government’s information holdings is now firmly established. The current challenge for policy makers in this area is to ensure that both policy and implementation continue to be relevant and helpful to those delivering government programs.

The Government Communications Policy

See: Treasury Board of Canada, Secretariat. Treasury Board Manual: Information and Administrative Management Component: Communications (Catalogue no. BT52-6/4), Chapter 1: Government Communications. Ottawa: 1991.

The federal government’s first-ever Communications Policy, put into effect in 1988, was intended to improve the public policy process by encouraging departments and agencies to adopt practices and procedures that emphasize the importance of communicating with, and listening to, Canadians.

The Policy sets out three objectives:

• To provide information to the public about its policies, programs and services that is accurate, complete, objective, timely, relevant and understandable;
• To take into account the concerns and views of the public in establishing priorities, developing policies and implementing programs; and
• To ensure that the government is visible, accessible and answerable to the public that it serves.

The Policy ascribes various roles and responsibilities to key government officials (ministers and their staff, deputy heads, policy and program managers, communications heads). It also sets out the roles of central agencies such as the Privy Council Office and Treasury Board Secretariat and provides direction on various communications activities ranging from advertising to strategic planning and public opinion research. It defines the communications function as having four primary elements–research and analysis, advice, planning, and general management.

The Policy was, all in all, a comprehensive management framework for one of the most fundamental functions of democratic society–government communications–and has been hailed as such, and emulated, by others in both the public and private sectors.

Well if it was so good in 1988 why is it today, not a decade later, undergoing review and revision?

The answer is both obvious and not so obvious.

First, a number of things have changed since the policy was approved by ministers almost seven years ago. Organizations and mandates have undergone change, and so too have various corporate requirements and general guidelines governing various aspects of communications.

Second, policy can only be assessed as good, bad or benign through regular “reality checks”. Is it axiomatic that what was good policy in 1988 will be similarly effective and robust five or ten years later? Not in today’s rapidly changing world.

Third, the environment in Canada has changed dramatically in recent years. Public dissatisfaction with, and distrust of, the political and bureaucratic processes dictate that the policy be reviewed to see how it can best contribute to an informed and involved citizenry. Our country’s demographic mix is less and less homogeneous; increasingly communications need to deal with differing cultures, values, languages and interests.

Finally–and as a matter of exploding significance–there have been enormous strides made in technology and these have profound implications for communications.

Where once organizational communications flowed from “a few to the many”, technology today allows far more people to communicate quickly and with increasing ease. Canadians can communicate as readily with government departments and agencies today, as those same organizations used to communicate one-way with them!

Technology is also bringing more and more choice to Canadians–they can decide what information they want and from where they intend to get it. The “sender-based” model of communications is gradually giving ground to a “receiver-based” society.

All of this, of course, has profound implications for the management (and managers) of the communications function. How do government departments and agencies ensure that technology aids and abets their communications efforts? How do principles of accessibility, affordability, openness and public participation work in a world in which faxes, Internet, WWW and gophers become the preferred communications vehicles for some Canadians, but not all ? Should the current policy be directive in what it says about technology and if so, what should it say ?

These are the kinds of questions that an advisory committee of experts from the public and private sectors will have to ask, and attempt to answer, as the 1988 policy is modernized.

At issue is not whether changes to the current policy will be made: the real question is whether the current review will result in a minor tune-up, or a major makeover.

The Federal Identity Program

See: Treasury Board of Canada, Secretariat. Treasury Board Manual: Information and Administrative Management Component: Communications (Catalogue no. BT52-6/4), Chapter 2: Federal Identity Program. Ottawa: 1991.

Have you ever been reminded of Canada’s role in space by seeing a picture of the word “Canada” on the famous robot space arm? Or of the federal role in transportation by glimpsing the unique red boxcarsthat carry wheat across the prairies? Or of our humanitarian efforts through packaging of food aid? Or in a relatively pedestrian application, have you ever found a government office by means of the signage that led you there?

If you have, then you have seen an important component of the Federal Identity Program (FIP).

A 1969 Task Force on Government Information reported in To Know and Be Known ( Canada. Task Force on Government Information. To Know and Be Known: The Report of the Task Force on Government Information. 2 v. Ottawa: Queen’s Printer, 1969) that the Canadian government was failing to make its presence known to Canadians, and that important federal programs were being carried out without public awareness of federal sponsorship. To make matters worse, federal government organizations did not project a uniform, clearly identifiable image as parts of the same government, and in many cases, their titles did not clearly distinguish public from private organizations, or federal from provincial.

As a result of the Task Force’s findings, the Federal Identity Program was created in 1970, under the responsibility at that time of Information Canada. Today, the federal government has one coherent graphic identity with three corporate symbols–the Coat of Arms, the Canadian Flag, and the Canada Wordmark. As with most corporate identity programs, the Federal Identity Program is based on the use of corporate symbols together with organizational titles. The resulting corporate signatures, such as that of the Treasury Board Secretariat serve to identify Canadian federal institutions and their programs worldwide.

Following the demise of Information Canada in the mid-1970s, the Program became the responsibility of the Treasury Board of Canada. It was about that time that the Treasury Board approved the first policy guidelines for the program, which included use of the two official languages and a management system for development and implementation of the program.

The Federal Identity Program is one of the largest corporate identity programs ever undertaken by a national government. It encompasses some 20,000 facilities, 18,000 government vehicles, and the signature of more than one hundred federal institutions in all regions of Canada and abroad.

The Program’s policy objectives are the following:

• to enable the public to recognize clearly all federal activities by means of consistent identification;
• to improve service to the public by facilitating access to programs and services;
• to project equality of the status of the two official languages, consistent with the Canadian Charter of Rights and Freedoms and the Official Languages Act;
• to ensure effective management of the federal identity consistent with government-wide priorities, and to achieve savings through standardization; and
• to promote good management practices in the field of corporate identity and information design.

Staff of the Treasury Board Secretariat provide functional leadership for the program, and are responsible for coordinating its implementation across government. But each institution manages its own corporate identity within the framework of government-wide policy and standards. These standards are based on the use of plain, non-bureaucratic language, functional graphic design, and a systems approach to identifying government, its programs and services.

The standards prescribe such design elements as signature and wordmark, size, color and layout. They apply to stationary, forms, markings for vehicles, signage, advertising, published material in all media, multimedia productions and expositions, personnel identification (such as badges), certificates, awards and commemorative plaques, packaging and labeling, and identification of equipment such as all-terrain vehicles, small watercraft, construction and maintenance equipment, and railway hopper cars.

As with most corporate identity programs, the Federal Identity Program is planning for change. Technology has already had an impact on the program in that the FIP policy and our corporate symbols are now produced in electronic format. The increasing presence of the government in the electronic domain, whether on the World Wide Web, on a kiosk in a mall, or by other means has caused us to do some rapid thinking about the meaning of identity in that domain. On another front, the government’s agenda on the environment has had an impact on FIP. The policy’s guidelines include the use of recycled paper for most publications, and the use of earth-friendly inks without petroleum residues or alcohol.

Through means such as these, the Program remains a relevant and important element of federal information policy.

The Access to Information Policy

See: Treasury Board of Canada, Secretariat. Treasury Board Manual: Information and Administrative Management Component: Access to Information (Catalogue no. BT52-6-10-1993). Ottawa: 1993.

As noted earlier, modern governments collect, create, use, analyze, share, retain and dispose of vast quantities of information. In fact, collecting, manipulating, and storing information forms a significant activity of most government departments. Management of information is therefore crucial to the effective operation of the government. The federal government is the nation’s largest single repository of information. Therefore its role as an information manager cannot be taken lightly.

In order to understand their government and its activities, Canadians need information about how the government operates and access to the information which is used in the decision-making processes. Providing access to the vast amounts of information held by the government not only facilitates participation in the decision-making process, it increases accountability for the government’s decisions and actions.

In July of 1983 the Canadian federal government enacted the Access to Information Act (Access to Information Act, Revised Statutes of Canada, 1985, c. A-1). As is stated in Section 2 of the Act, it is based on the principle that government information should be available to the public, that exceptions to the right of access should be limited and specific, and that decisions on the disclosure of government information should be reviewed independently of government.

The Act provides a legislative right of access to government information. But it also stipulates that it is intended to complement existing procedures for obtaining government information, not limit or replace them. In practice this means that submitting a formal Access to Information request should be a last resort, the ultimate legal step available to be used when all others have not been successful.

While recognizing that the Access to Information Act would be a powerful tool for obtaining information from heretofore cautious public servants, Parliament also realized that the right of access could not be absolute. Canada has always accepted the concept that in order to function effectively the ministers of the Crown need to be able to exchange ideas and proffer suggestions freely without concern for public disclosure or erosion of the collective responsibility. For this reason information contained in Cabinet confidences is not covered by the Act.

For very different reasons information which is published or which is library or museum material is also not covered by the Act. The supposition here is that such information is already available to the public through other means.

Within the Access to Information Act there is a framework of exemptions to the right of access. This framework is based on the concept that some information must be kept confidential by the government if it is to function effectively.

Some exemptions are mandatory, while others are discretionary. At the same time, exemptions are either based on a description of a class of exemptible information, or are based on a test of injury to a particular public interest. For example, the Act does not allow the disclosure of information received from other governments in confidence, while there is discretion to allow disclosure of information which could be injurious to the conduct of federal-provincial affairs. Other exemptions cover areas ranging from international affairs and national security to law enforcement to individuals’ personal information, businesses’ third party information, solicitor-client privilege and advice provided to Ministers.

The first level of review of decisions on access taken under the legislation is the Information Commissioner, a Parliamentary ombudsman with broad investigatory powers, but no power to compel departments to perform any action (or refrain from performing any action). The second level of review of disclosure decisions is the Federal Court, who may order an institution to reconsider a decision or order release of information.

In order for people to be able to exercise their rights under the Access to Information Act, they must first have some understanding of the structure of the government and the types of information it possesses. For this reason the Act requires the publication of a description of the organization and responsibilities of government institutions along with descriptions of the records they have under their control. As already mentioned, this requirement, which is carried out each year in InfoSource and other Treasury Board Secretariat publications, relates closely to the requirement for an inventory of information holdings contained in the policy on the Management of Government Information Holdings.

The Act is also closely connected to the portion of the Security Policy which deals with confidentiality of government information. Since the Act provides a framework for protecting information that Parliament views as sensitive, the same framework is used for making determinations of the protection level required for information under the Security Policy.

There are other connections. Since the Act is based on the benefit of an informed population and sets out procedures for responding to requests for government information, it is closely related to the government’s Communications Policy. And since the exemption contained in the Act for personal information refers to the definition of personal information contained in the Privacy Act, and the access mechanisms are parallel, there is a close relationship between the two Acts and their supporting policies.

The challenge facing the Access to Information Act and its policy is to support departmental initiatives to improve public access to government information and to ensure that the Act and the policy evolve in a manner that keeps pace with information technology as it is implemented.

Privacy and Data Protection

See: Treasury Board of Canada, Secretariat. Treasury Board Manual: Information and Administrative Management Component: Privacy and Data Protection (Catalogue no. BT52-6-11-1993). Ottawa: 1993.

In order to perform the business of government, the Canadian federal government collects, retains, analyzes, uses, stores and disposes of vast amounts of information about its citizens. As the responsibilities of government have become more complex, the amount of information about individuals required to support government operations has increased. In some cases information is voluntarily provided, in others the government has the authority to compel individuals to provide information about themselves.

To give Canadians a sense of confidence that the personal information they entrust to the federal government will be treated with respect and will not be misused or improperly disclosed to others, the government enacted the Privacy Act (Privacy Act, Revised Statutes of Canada, 1985, c. P-21) in 1983.

The purpose of the Privacy Act is to both protect the privacy of individuals with respect to personal information about themselves held by a federal government institution and to provide individuals with a right of access to that information. The principles of fair information practices contained in the Act coincide with the principles contained in the Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (Organization for Economic Co-operation and Development. Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Paris: OECD, 1981) of the Organization for Economic Co-operation and Development (OECD), to which Canada agreed in 1984.

The basic principle of the Privacy Act is that individuals should be able to exercise control over their personal information. Government institutions may not collect personal information unless the information is directly related to an operating program or activity of the institution. With few exceptions, individuals must be informed of the purpose for which their information is being collected and the information may only be used for the specified purpose unless the consent of the individual is obtained.

Government institutions are required to ensure that the information used in decision-making is accurate, complete and up-to-date and that the personal information they hold is properly protected from inadvertent loss, destruction or corruption or improper disclosure. Institutions must also respond to individuals’ requests for correction of their information.

Similar to the requirements of the Access to Information Act, the Privacy Act requires that government institutions publish descriptions of the categories of the personal information they have, and a description of the procedures individuals can follow to obtain access to their information. The Privacy Act also has a framework of exemptions to the right of access, although not as many as in the Access to Information Act.

The Privacy Commissioner is responsible for investigating complaints under the Privacy Act, either in relation to the management of personal information by the federal government or in relation to a denial of individual access. The second level of review of disclosure decisions is the Federal Court, who may order an institution to reconsider a decision or order release of the information.

The Privacy Act parallels most aspects of the Access to Information Act in the access and the exemption provisions and in providing the public with an instrument for gaining information on the government’s activities and for holding the government accountable for its actions.

The code of fair information practices contained in the Privacy Act parallel in many ways the principles of information management contained in the Management of Government Information Holdings Policy, requiring planning for collection and scheduling for retention and disposal.

Restrictions in the Privacy Act against improper use or disclosure of personal information and the definition of personal information contained in the Act are closely tied to the portion of the Security Policy which deals with the protection of personal information.

With expanding use of electronic information processing, a current challenge to data protection is the ease with which vast amounts of personal data can be collected, exchanged, compared and stored. A primary objective of the data protection policy is to ensure that possible impacts on privacy are assessed during the planning stage of initiatives to increase efficiency.

The Security Policy

See: Treasury Board of Canada, Secretariat. Treasury Board Manual: Information and Administrative Management Component: Security (Catalogue no. BT52-6/3-1994-1). Ottawa: 1994.

The Government Security Policy (GSP) is for some the policy area that seems initially to be an odd choice as one of the government’s core information policies. But as we understand more thoroughly the value of the information held by government, the threats against that information, and the risks of those threats being realized, the place of security in any discussion of information policy seems essential. In fact, those who are following the progress of the Information Highway Advisory Council’s work will recognize security as one of the key issues that the Council is exploring.

The GSP was first issued by Treasury Board in 1986. The policy was the result of an effort by the government to consolidate in one place the policies and practices that had evolved over time in a number of locations within government. The objective of the policy is to ensure that all classified and designated information or assets of the federal government are safeguarded in an appropriate manner. Without getting into too much detail here, it is important to understand the approach departments are expected to take in achieving this objective. The approach includes:

• making the deputy head accountable;
• classifying and designating information with reference to Access to Information Policy exemptions;
• addressing integrity and availability concerns as well as confidentiality issues;
• managing the various domains of security in an integrated way; and
• selecting safeguards on the basis of minimum standards and a risk management approach.

Deputy head accountability means that the senior executive in an organization (this would be the deputy minister, in the case of a department) is accountable for safeguarding the information and assets under his or her control. Responsibility may be delegated to a departmental security officer (DSO) for a security program within the department that is consistent with the Government Security Policy and its Standards.

Classifying and designating information is important. It is a key determinant of the degree and type of protection that the information will receive. The security policy requires that information be classified if its unauthorized disclosure or compromise could reasonably be expected to cause injury to the national interest. Such information includes information on federal-provincial relations, international affairs, defence, the economic interests of Canada, Cabinet confidences, and information involving security and intelligence. As noted earlier, this is consistent with the disclosure exemptions in the Access to Information and Privacy Acts. Depending on the degree of potential injury to the public interest, classified documents are marked as “Confidential”, “Secret”, or “Top Secret”.

The Policy also requires that other information that cannot be disclosed under the access and privacy legislation because of the possible injury to particular public or private interests be designated. This category includes such information as that concerning law enforcement investigations, the safety of individuals, medical records, personal information about federal employees such as performance appraisals. and business information of a third party. Such information is marked “Protected”.

The Security Policy considers that the security domain includes confidentiality, availability and integrity. This means that when thinking about protecting information, it is not enough, for example, just to protect unauthorized individuals from seeing the information (confidentiality). It is equally important to ensure that the information remains accurate, complete and authentic (integrity) and can be used when needed (availability).

The systems approach to security means that the Policy does not depend on single element of security for protection. Instead it relies on a combination of security organization and administration, physical security (use of physical barriers, locks, and so on), information technology security (including encryption and disaster recovery), and personnel screening (the screening of employees to assess their reliability and loyalty). The Policy includes standards for each of these elements of security.

The risk management approach to security provides a means for departments to manage their security requirements in a cost-effective way. Rather than a prescriptive one-size-fits-all approach, risk management requires that departments determine the specific security needs for the information and assets under their control by assessing the relevant threats and risks. For example, how could sensitive information be lost or changed? What impact would this have on client confidence in the department’s programs? Who would be affected and how? With a comprehensive threat and risk assessment in hand, a manager can then determine, with the advice of the security officer, the nature and scope of protective measures needed.

The Security Policy was most recently revised in November, 1994. The new policy takes into account the end of the Cold War and the change in the threats to Canada’s national interest that have occurred, the increasing importance of information technology security, the inclusion of disaster recovery, within the broader topic of business resumption planning, and other factors.

A key challenge for departments now and in the future will be to maintain security as a management priority as pressures on departmental budgets increase.”

Law is our Passion

This entry about Federal Government Information Policy has been published under the terms of the Creative Commons Attribution 3.0 (CC BY 3.0) licence, which permits unrestricted use and reproduction, provided the author or authors of the Federal Government Information Policy entry and the Encyclopedia of Law are in each case credited as the source of the Federal Government Information Policy entry. Please note this CC BY licence applies to some textual content of Federal Government Information Policy, and that some images and other textual or non-textual elements may be covered by special copyright arrangements. For guidance on citing Federal Government Information Policy (giving attribution as required by the CC BY licence), please see below our recommendation of "Cite this Entry".

• APA
• MLA
• MLA 7
• CHICAGO
• OSCOLA

Usage Metrics

589 Views

Google Scholar: Search for Federal Government Information Policy Related Content

 

Schema Summary

This entry was last updated: July 7, 2015