Canada Government Contractors Should Mind Data Access

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jeremy Hainsworth

Canadian companies entering into government contracts need to consider disclosure obligations that might make confidential corporate data public, a Canadian privacy regulator told Bloomberg BNA.

“Businesses have to come to the table knowing a contract may be released,” Saskatchewan Information and Privacy Commissioner Ronald Kruzeniski said Jan. 16. He suggested putting confidential information in a schedule to a contract, rather than in the contract itself, so it could be severed during an access-to-information release process.

Canada’s Access to Information Act gives individuals a right to access records under federal control, with exceptions, and provides for independent review of disclosure decisions. Provincially, access to information and privacy issues are handled by one commissioner. Federally, the role is divided into two offices.

Given knowledge that a disclosure risk exists, “caution should be exercised in providing highly confidential third-party information to government,” Canadian law firm Blake, Cassels & Graydon LLP said in a 2013 bulletin on the act.

Access to Information Request

The latest cautionary tale came when Saskatchewan’s Global Transportation Hub Authority (GTH), the operator of a self-regulating inland port, received an access-to-information request about certain business contracts with a development company.

The authority sells land to businesses with the goal of increasing provincial business. Brightenview International Developments Inc. was seeking to buy land.

The access request sought a property purchase agreement, a cooperation agreement and a confidentiality agreement. The GTH said the parties had signed a confidentiality agreement, and releasing the information could harm the purchase deal and release competitive information.

“I note that a government institution cannot contract out of its access and privacy obligations,” Kruzeniski said in Review Report 159-2016. “Government institutions should make potential clients aware of their access and privacy obligation.”

Third Party Protection

The access law includes provisions to protect third-party information related to potentially sensitive or competitive business information, Natalie Bartlett, spokeswoman for Canada’s Office of the Information Commissioner, which handles requests for business contracts with the Canadian government, told Bloomberg BNA Jan. 17.

Section 20 of that act allows refusal to disclose records containing:

  •  trade secrets of a third party;
  •  financial, commercial, scientific or technical information that is confidential information supplied to a government institution by a third party and is treated consistently in a confidential manner by the third party;
  •  information that, if disclosed, could reasonably be expected to result in material financial loss or gain to, or could reasonably be expected to prejudice the competitive position of, a third party, or
  •  disclosure that could reasonably be expected to interfere with contractual or other negotiations of a third party.
In the U.S., there are similar exclusions to the Freedom of Information Act (FOIA), which applies to the federal agencies but doesn’t create a right of access to records held by Congress, the courts, or state or local government agencies. The Department of State website details nine exclusions under FOIA, including:
  •  trade secrets and confidential business information;
  •  inter-agency or intra-agency memos or letters that are protected by legal privileges;
  •  information concerning bank supervision, and
  •  geological and geophysical information.

To contact the reporter on this story: Jeremy Hainsworth in Vancouver at

To contact the editor responsible for this story: Donald G. Aplin at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law Privacy and Data Security