'The system doesn't really work': Nunavut ATIPP watchdog slams GN in annual report

Nunavut's Information and Privacy Commissioner says the Government of Nunavut (GN)'s access to information system isn't working.

Graham Steele tabled his office's annual report in the Legislature on Wednesday, as MLAs returned to the House to begin the spring sitting.

"The GN is in a rut when it comes to information," Steele told CBC News in an interview.

"The existing system doesn't really work like it should. But it works just well enough that GN leaders, ministers and deputy ministers, can ignore it. And that is not serving Nunavummiut very well."

In his report, Steele said Nunavut's current act needs to be updated, given it's now 25 years old.

"My only hesitation in recommending changes to the ATIPP (Access to Information and Protection of Privacy) law is that the GN is consistently unable to follow the existing law, never mind a new law that requires it to be better, smarter, and faster," Steele wrote.

No consequences for GN

Short of an overhaul of the system, Steele said the cheapest, simplest, and most effective change the GN can make is to give the Information and Privacy Commissioner the authority to issue orders.

Right now, Nunavut's privacy watchdog can only issue recommendations, meaning the GN can choose to ignore them. Steele said out of 20 reviews last year, three times did the GN not accept his recommendations in full.

"And that's one of the main reasons, in my view, why the system just doesn't work," Steele said.

"There has to be consequences to the GN for non-compliance. And if they know that I can order the release of information, then it makes them do a better job. And that's really what I'm after.

"There's nothing that says they have to do something that they don't want to do. And in that kind of system, the hard choices don't get made. Releasing information that the government doesn't want to release."

Half of Canada's provinces and territories give their Information and Privacy Commissioners the power to issue orders, including the N.W.T. which changed its laws two years ago.

'The right people'

Steele said long-term, the GN needs "the right people" in place with "the right attitudes toward information." He added the government's ability and competence to deal with information and privacy varies by department — though he lauded the work from the health department overall, and that of Nunavut's new ATIPP manager Yuri Podmoroff.

"I don't want the politicians to think this is going to be fixed by passing a new law in the Legislature," Steele said.

"Paper isn't going to fix this. It's getting the right people in the right positions in the right support."

In his report, Steele noted how the government has made no improvement in exercising its discretion in releasing information to the public.

"Public bodies are still routinely failing to follow the law," Steele wrote, a point he also raised in last year's report from his office.

"The [Act] lays out the minimum rules for disclosure. In most cases, the GN could release more than the minimum. Over the past year, I have seen no improvement in the way the GN exercises discretion."

Ransomware file closed

In his report, Steele also said he closed his office's investigation into the 2019 ransomware attack.

Among the reasons was the GN tabled its ransomware report in the Legislature last year. "Although the report is more self-congratulatory than analytical, it is a public report," Steele added.

He said a forensic report obtained by the GN also determined there wasn't any personal information stolen in the attack.

Steele also drew attention to how his office hasn't yet been consulted on the reworking of Nunavut's Police Act, which lawmakers had promised in the Legislature last year.