Decisions > Federal Court Decisions > Westerhaug v. Canadian Security Intelligence Service

Federal Court Decisions

Decision Information

Decision Content


Date: 20090326

Docket: T-1903-07

Citation: 2009 FC 321

Ottawa, Ontario, March 26, 2009

PRESENT:     The Honourable Mr. Justice Zinn










 under the responsibility of












[1]               This is an application under section 41 of the Privacy Act, R.S.C. 1985, c. P-21 for a review of the response provided by the Canadian Security Intelligence Service (“CSIS”) to a request made by Mr. Westerhaug for access to personal information in CSIS’ possession.



[2]               Mr. Westerhaug made a request on January 31, 2006,to CSIS, pursuant to subsection 12(1) of the Privacy Act (“the Act”), for the disclosure to him of his personal information held by CSIS and contained in information banks SIS PPU 015, SIS PPU 020, and SIS PPU 045. 


[3]               CSIS responded by letter dated February 16, 2006, advising Mr. Westerhaug that searches of the three banks had been conducted and that no personal information concerning him had been located in either of banks SIS PPU 015 or SIS PPU 020.  With respect to bank SIS PPU 045, CSIS responded as follows:

The Governor-in-Council has designated this information bank an exempt bank pursuant to section 18 of the Privacy Act.  If the type of information described in the bank did exist, it would qualify for an exemption under section 21 (as it relates to the efforts of Canada towards detecting, preventing or suppressing subversive or hostile activities, or 22(1)(a) and/or (b) of the Act.


[4]               Mr. Westerhaug then filed a complaint with the Office of the Privacy Commissioner (OPC) pursuant to section 29 of the Act with respect to the response received from CSIS.  Mr. Westerhaug wrote that he believed that he had been subjected to surveillance and intrusions in his personal life over the previous 15 years, and that he was making the request in an effort to ascertain who was responsible for this surveillance and these intrusions and to eliminate those who were not.  Mr. Westerhaug made similar requests for his personal information to a number of government agencies and regulated institutions.


[5]               The OPC responded on September 14, 2007.  In its response, the OPC stated that the complaint relates to the request for disclosure of information contained in information bank SIS PPU 045.  The OPC had earlier confirmed with Mr. Westerhaug that this was his only area of concern.  At the hearing of this application, Mr. Westerhaug attempted to raise concerns other than CSIS’ refusal to disclose any personal information in bank SIS PPU 045.  These additional concerns cannot be dealt with by the Court on this hearing.  Section 41 of the Act makes it a mandatory precondition to any review by this Court that a refusal first be considered by the OPC, and as the only matter complained of to the OPC related to bank SIS PPU 045, that is the sole matter that this Court may now consider.  In any event, it was evident from the Mr. Westerhaug’s oral submissions that the matter of bank SIS PPU 045 was his principal concern. 


[6]               The OPC, in its September 14, 2007 response, stated that as a result of its inquiries it was satisfied that the response made by CSIS on February 16, 2006, was in accordance with the provisions of the Privacy Act.  The author of the response wrote that having reviewed the matter, he was satisfied that “if such information does exist, it could reasonably be expected to be exempted by one or more of sections 21 and 22(1)(a) and/or (b).”  The author then goes on to inform Mr. Westerhaug of the decision of the Federal Court of Appeal in Ruby v. Canada (Solicitor General), [2000] 3 F.C. 589, confirming a government institution’s right, under subsection 16(2) of the Act, to adopt a blanket policy of never disclosing whether personal information concerning an applicant exists in a particular personal information bank.  He also references the decisions of this Court in Ternette v. Solicitor General of Canada), [1984] 2 F.C. 486 and Zanganeh v. Canada (Canadian Security Intelligence Service), [1989] 1 F.C. 244, upholding the right of a government institution to neither confirm nor deny the existence of such personal information, and further holding that such secrecy does not contravene the Charter.


[7]               Not satisfied with this response, on November 2, 2007, Mr. Westerhaug filed an application in this Court pursuant to section 41 of the Act, for a review of CSIS’ decision as set out in its letter of February 16, 2006.


[8]               Following a motion by the respondent, the Court on July 4, 2008, ordered that the Supplementary Confidential Affidavit of Nicole Jalbert be filed with the Court as confidential pursuant to Rule 151 of the Federal Courts Rules and that the application, as it related to that confidential affidavit, be heard in camera in order that the respondent be able to make representations ex parte, on that confidential affidavit.  The public affidavit of Nicole Jalbert, sworn July 9, 2008, indicates at paragraph 19 that in her confidential affidavit, she advises “whether such information exists and, if so, why it is exempt from disclosure by virtue of ss. 21 or 22 of the Privacy Act.”  Pursuant to the Order of Justice Campbell, an ex parte hearing was held in camera in Ottawa on January 27, 2009, for the sole purpose of receiving representations related to the confidential affidavit of Nicole Jalbert.



[9]               This application stems from Mr. Westerhaug’s desire for disclosure of personal information held by CSIS in information bank SIS PPU 045, if indeed any such information exists.  Accordingly, the legal issue before the Court is whether CSIS erred by refusing to confirm or deny the existence of personal information in that bank.  Mr. Westerhaug also questions whether CSIS conducted a proper search of its information banks for his personal information.



Whether a proper search was conducted?

[10]           Mr. Westerhaug relies on an apparent discrepancy in the responses of CSIS made on February 16, 2006 and January 3, 2008, in support of his submission that it failed to conduct a thorough and proper search for personal information. 


[11]           In its letter of February 16, 2006, with reference to bank SIS PPU 020, CSIS wrote: “A search of this bank was conducted and no personal information concerning you was located.”  In response to a subsequent request under the Privacy Act made on October 29, 2007, CSIS responded on January 3, 2008 as follows: 

…please be advised that the personal information bank SIS PUP 020 – Access Request Records was searched on your behalf.  Please find enclosed a copy of the information being disclosed under subsection 12(1) of the Privacy Act.  Some of the information has been exempted from disclosure by virtue of section 21 (as it relates to the efforts of Canada toward detecting, preventing or suppressing subversive or hostile activities) of the Act.



[12]           Although CSIS’ response to this subsequent request under the Privacy Act is not at issue before the Court on this application, I am prepared to accept this evidence solely for the purpose of determining whether or not CSIS conducted a thorough and proper review of the applicant’s personal information prior to its response on February 16, 2006. 


[13]           The 2006-2007 edition of “Info Source,” published in accordance with section 11 of the Privacy Act, describes Personal Information Bank SIS PUP 020 as follows:

This bank contains personal information on individuals who have submitted a formal request under the Privacy Act or Access to Information Act for access to information originally obtained or prepared for CSIS.  Documents include access and correction requests, notations, consultations, disclosures, complaints, documents prepared for Court, and other documents pertaining to the processing of the request.



[14]           It is the view of this Court that there is nothing in CSIS’ responses that would suggest that the 2006 search was not thorough or proper.


[15]           The response of February 16, 2006, indicating that there was no personal information of Mr. Westerhaug’s in the information bank in question, in all likelihood reflected the fact that Mr. Westerhaug had not previously submitted a request under either the Personal Information Act or the Access to Information Act that may have generated a record of some sort.  On the other hand, when Mr. Westerhaug filed his second request on October 29, 2007, there had been a previous request – the request and response now under review.  It is not surprising that information generated in relation to the first request would have been recorded in the SIS PUP 020 bank.  One may speculate that the information in that bank would include the 2006 request and response, documents relating to the current proceedings, and notes and memoranda from staff relating to the request.  In fact, had CSIS responded in 2007 that there was nothing in information bank, then that would have raised a strong suspicion that it had not conducted a thorough review in 2007.  In short, there is no inconsistency in these responses, nor any basis to infer that the 2006 search was not done properly.


Whether CSIS erred in its response?

[16]           Justice Kelen conducted a detailed and thorough analysis of the provisions of the Privacy Act and exempt information banks in Cemerlic v. Canada (Solicitor General), [2003] F.C.J. No. 191, 2003 FCT 133.  Both parties referred to that Judgment. 


[17]           Section 16 of the Privacy Act permits a government institution to adopt a policy of neither confirming nor denying the existence of information in an exempt personal information bank.  Nonetheless, the Court may review the reasonableness of the institution’s decision to adopt such a policy:  Ruby v. Canada (Solicitor General), [2000] 3 F.C. 589 (F.C.A.), reversed on other grounds [2002] 4 S.C.R. 3. 


[18]           The Federal Court of Appeal in Ruby held that adopting a policy of non-disclosure was reasonable given the nature of the information bank in question, because merely revealing whether or not the institution had information on an individual would disclose to him whether or not he was a subject of investigation.  I agree.  If it is in the national interest not to provide information to persons who are the subject of an investigation, then it follows that it is also in the national interest not to advise them that they are or are not the target of an investigation.  It is one of the unfortunate consequences of adopting such a blanket policy that persons who are not the subject of an investigation and who have nothing to fear from the government institution will never know that they are not the subject of an investigation.  Nonetheless, and as was noted by Justice Kelen, this policy applies to every citizen of the country, and even judges of this Court would receive the same response as was given to Mr. Westerhaug and would not have any right to anything further.


[19]           I agree fully with the Reasons given by Justice Kelen in Cemerlic which involved the same information bank here under consideration.  CSIS acted reasonably in adopting a uniform policy of neither confirming nor denying the existence of information in bank SIS PPU 045.


[20]           For these reasons, the application must be dismissed.


[21]           The respondent seeks its costs of this application.  While the Court is sympathetic to the position in which the applicant finds himself – believing that he is under surveillance but knowing there is no reason why he should be – the law relevant to this application was previously canvassed and largely settled in Cemerlic.  Accordingly, the respondent shall be entitled to its costs, which the Court fixes at $500.





1.      This application is dismissed; and

2.      The respondent is entitled to its costs, fixed at $500.


"Russel W. Zinn"









DOCKET:                                          T-1903-07


STYLE OF CAUSE:                          KEVIN MARK WESTERHAUG v.

                                                            CANADA SECURITY INTELLIGENCE SERVICE (CSIS) under the responsibility of THE MINISTER OF PUBLIC SAFETY AND EMERGENCY PREPAREDNMESS                                                                                                                          

PLACE OF HEARING:                    Saskatoon, Saskatchewan


DATE OF HEARING:                      February 12, 2009



AND JUDGMENT:                          ZINN J.


DATED:                                             March 26, 2009






Kevin Mark Westerhaug


On His Own Behalf


Chris Bernier













Deputy Attorney General of Canada

Saskatoon, Saskatchewan





 You are being directed to the most recent version of the statute which may not be the version considered at the time of the judgment.


Date Modified: 2016-04-29