| Date: 20210901
|
| Docket: T-1665-19
|
| Citation: 2021 FC 910
|
| Toronto, Ontario, September 01, 2021
|
| PRESENT: Mr. Justice Andrew D. Little
|
| BETWEEN:
|
| ALEXANDRU-IOAN BURLACU
|
| Applicant
|
| and
|
| ATTORNEY GENERAL OF CANDA
|
| Respondent
|
JUDGMENT AND REASONS
[1] In this application for judicial review, the applicant asks the Court to set aside a final level grievance decision dated September 12, 2019 (the “Decision”
) of a delegate of the President of the Canada Border Services Agency (the “CBSA”
).
[2] The applicant submits that the Decision failed to grapple with a key issue or central argument he made in his grievance, rendering the Decision unreasonable on the principles in Canada (Minister of Citizenship and Immigration) v Vavilov, 2019 SCC 65. As explained in detail below, I have concluded that the absence of certain reasoning in the Decision did not render it unreasonable in the circumstances of this case.
[3] The application will therefore be dismissed, without costs.
I.
Events Leading to this Application
[4] The applicant is a federal public servant working at CBSA.
[5] The applicant’s grievance arose from events on April 19, 2018. Another CBSA employee, whose work description did not include managing employees, was permitted to access his personal information stored in two CBSA informational databanks: Attendance and Leave (PPSE 903) and Employee Personnel Record (PPSE 901). The applicant claimed that CBSA’s failure to implement the requirements of a provision in the Treasury Board Directive on Privacy Practices (the “Directive”
) allowed the non-management employee to access his personal information, as she was improperly assigned managerial duties.
[6] On April 20, 2018, the applicant presented an individual grievance to his employer under s. 208 of the Federal Public Sector Labour Relations Act, S.C. 2003, c. 22, s. 2 (the “FPSLRA”
). The applicant’s grievance stated:
I hereby grieve, pursuant to subsection 208(1) … the failure of the employer to exemplify, with respect to me, the values of “Respect for People” and “Respect for Democracy” and their respective expected behaviours, as mandated by the Values and Ethics Code for the Public Sector, which is a term and condition of my employment, by failing to establish policies, procedures, SOPs, etc. that comply with the requirements of sections 6.2.19, 6.2.20 and 6.2.21 of the Treasury Board Directive on Privacy Practices, when it comes to access to, as well as use of, my personal information contained in the following standard personnel information banks: Attendance and Leave (PPSE 903) and employee personnel record open brackets (PPSE 901).
[7] The applicant requested corrective action that mirrored his grievance, namely, that his employer establish policies and procedures to comply with the Directive. The applicant specifically requested that the employer:
establish policies, procedures, SOPs, etc. that comply with the requirements of sections 6.2.19, 6.2.20 and 6.2.21 of the Treasury Board Directive on Privacy Practices, when it comes to access to, as well as use of, my personal information contained in the following standard personnel information banks: Attendance and Leave (PPSE 903) and employee personnel record open brackets (PPSE 901).
[8] The grievance process was governed by a collective agreement that was not in evidence before this Court. It apparently contains several levels of decision-making in relation to grievances.
[9] The applicant’s grievance led to a written Reply to Grievance at each of the first, third and final levels, which set out the decisions of management representatives at those levels.
The First- and Third-Level Decisions
[10] The first-level decision dated June 4, 2018 and the third-level decision dated June 1, 2018 both denied the grievance. (Neither party explained the reverse order of the dates of these decisions but it was not an issue.) The applicant acknowledged receipt of both decisions on June 4, 2018.
[11] The first-level decision set out the grievance and the corrective action requested. It referred to a grievance consultation with the application on April 25, 2018. It set out excerpts from Treasury Board’s Directive. The Directive stated that “heads of government institutions are to establish practices for the protection and management of personal information under their respective institution’s control.”
The decision stated the introductory language in section 6.2 of the Directive, that “[e]xecutives and senior officials who manage programs or activities involving the creation, collection or handling of personal information are responsible for…”
The first-level decision then set out the executives’ and senior officials’ responsibilities in sections 6.2.19, 6.2.20 and 6.2.21, which were:
• identifying which positions or functions in the program or activity have a valid reason to access and handle personal information and limiting access to individuals occupying those positions (6.2.19);
• limiting access to and use of personal information by administrative, technical and physical means to protect that information (6.2.20); and
• adopting appropriate measures to ensure that access to, use of, and disclosure of personal information are monitored and documented in order to address the
“timely identification of inappropriate or unauthorized access to or handling of personal information”
(6.2.21).
[12] The first level decision stated that in order to meet the requirements of the Directive, the CBSA developed its Privacy Code of Principles. The decision stated that according to that Code, under the heading “Limiting Use and Disclosure”
,
it clearly states that ‘Personal information should never be used or disclosed for purposes other than those for which it was collected. This means that an employee must never access personal information that is not part of their assigned workload; otherwise it would constitute a security incident and privacy breach. CBSA employees have a duty to hold in strict confidence all personal information concerning clients or employees. And personal information should never be disclosed in any format… to employees that do not have a need to know.’
[13] The first-level decision concluded that consequently, the CBSA did establish principles, under the Privacy Code of Principles, in order to comply with the Directive. The grievance was denied.
[14] The applicant elected to waive the second-level grievance procedure.
[15] The third-level decision also set out the grievance and the corrective action requested. It essentially agreed with the reasons of the first-level decision. The third-level decision found that the CBSA had developed the Privacy Code of Principles, which stemmed from the Treasury Board’s Directive and “addresse[d] its requirements”
. The third-level decision denied the grievance and declined to take any corrective action.
The Final-Level Decision
[16] On April 24, 2019, the applicant provided an email to a management representative describing his grievance and then participated in a consultation for the final-level decision. On April 30, 2019, the applicant sent an email with submissions at the final level. The contents of these two emails were very similar. The applicant referred to a person (whose non-management role was classified at level 6) having access to his personal information, rather than a person in management (classified at level 8). However, the applicant characterized the issue as being not about the appropriateness of one employee over another having access to his personal information, but instead as “the failure of the CBSA to implement the requirements of the Directive, so that my privacy can be protected”
.
[17] The applicant’s emails to the employer’s representative stated that he could find nothing in the CBSA’s Privacy Code of Principles that addressed the concerns in his grievance, specifically, the requirement in section 6.2.19 of the Directive to identify which positions or functions have a valid reason to access and handle personal information and limiting access to individuals occupying those positions. In the applicant’s view:
absent a clear identification of positions or functions having a valid reason for handling personal information, management could arguably assigned the duty to access or handle personal information to any employee they wish and those employees could simply argue that accessing personal information is was part of their “assigned workload” as the Code indicates.
[Underlining added; original italics.]
In the applicant’s view, that situation was “not … what the Directive intended to have happen given the wording of section 6.2.19”
(applicant’s underlining).
[18] In his emails, the applicant also took the position that management was required by the Values and Ethics Code for the Public Sector to exemplify compliance with Treasury Board policies. The applicant stated that he could “not see how the failure to implement the requirements of section 6.2.19 represent[ed] such an exemplification”
.
[19] In his final email submissions, the applicant (on apparent request by the employer) reiterated that the corrective measures he requested were the establishment of policies, procedures, etc., that comply with the requirements of section 6.2.19 of the Directive.
[20] A management representative (Vice President, Human Resources) made the final-level Decision on September 12, 2019. The Decision was concise in five paragraphs.
[21] The Decision described the grievance as alleging that the employer “failed to establish policies that comply with the requirements of section 6.2.19”
of the Directive. It noted that as corrective action, the applicant requested that the employer establish policies that comply with the Directive. The Decision stated that the decision maker had carefully reviewed the circumstances giving rise to the grievance, and carefully considered the points raised during the grievance consultation and the applicant’s written submissions.
[22] The Decision stated that the decision-maker was satisfied that CBSA was in compliance with the Directive because CBSA’s Privacy Code of Principles was an “established policy document”
.
[23] In addition, the Decision found that it was a “legitimate managerial right to access employee leave balances in order to manage the different types of leave”
provided for in the collective agreement. For example, it was imperative for the approval of annual leave for management to confirm that an employee has enough leave credits to support a leave request. The decision-maker was satisfied that the use and disclosure of the applicant’s leave balance was in accordance with managerial rights and responsibilities and was in keeping with the governing privacy guidelines.
[24] As such, the Decision concluded that the Directive, the Privacy Code of Principles and the Values and Ethics Code for the Public Sector had been “complied with, respected and followed”
. The Decision concluded that the grievance was denied and no corrective action would be taken.
[25] The applicant now seeks judicial review of the final-level Decision.
II.
Standard of Review -- General Principles
[26] The parties both made submissions with respect to the Decision based on a reasonableness standard of review as set out in Vavilov. I agree with the parties that the standard of review for the substance of the Decision is reasonableness, as described in Vavilov.
[27] In conducting a reasonableness review, a court considers the outcome of the administrative decision in light of its underlying rationale, in order to ensure that the decision as a whole is transparent, intelligible and justified: Vavilov, at para 15. The focus of reasonableness review is on the decision made by the decision maker, including both the reasoning process (i.e. the rationale) that led to the decision and the outcome: Vavilov, at paras 83, 86; Delta Air Lines Inc v Lukács, 2018 SCC 2, [2018] 1 SCR 6, at para 12.
[28] The starting point is the reasons provided by the decision maker: Vavilov, at para 84. The reviewing court must read the reasons holistically and contextually to understand the basis on which the decision was made, and in conjunction with the record that was before the decision maker: Vavilov, at paras 91-96, 97, and 103; Canada Post Corp v Canadian Union of Postal Workers, 2019 SCC 67, at para 31.
[29] The reviewing court does not determine how it would have resolved an issue on the evidence, nor does it reassess or reweigh the evidence on the merits: Vavilov, at paras 75, 83 and 125-126; Canada (Citizenship and Immigration) v Khosa, 2009 SCC 12, [2009] 1 SCR 339, at paras 59, 61 and 64. The task of the reviewing court is to assess whether the decision maker reviewed and drew conclusions from the evidence and submissions in a manner that conforms to Vavilov principles.
[30] The onus to demonstrate that the decision is unreasonable is on the applicant: Vavilov, at paras 75 and 100; Canada Post, at para 33.
III.
Analysis
Preliminary Issues Raised by the Respondent
[31] The respondent raised two preliminary issues related to the applicant’s alleged lack of standing. Both relate to s. 208 of FPSLRA, which provides:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[32] The respondent’s first position was that the substance of the applicant’s grievance related to a policy matter: whether CBSA’s policy aligned with a Treasury Board directive. The respondent argued that the applicant was not personally affected by the policy issue he raised. The respondent contended that the applicant’s argument about the proper interpretation of the Directive was not properly the subject of an individual grievance and his proposed corrective action constituted a policy change, rather than a resolution of a grievance directly affecting his privacy rights or their alleged violation.
[33] The respondent’s second, related position was that the applicant did not have standing in this Court because his grievance did not meet the statutory conditions in subs. 208(1). The respondent submitted that the applicant was not “aggrieved”
by his employer under the chapeau language of subs. 208(1). In the respondent’s submission, his grievance also did not relate to an interpretation or application “in respect of the employee”
under paragraph 208(1)(a) and did not affect the terms and conditions of his employment under paragraph 208(1)(b). Rather, the substance of the grievance was prospective and concerned dissatisfaction akin to a public interest. If the grievance were permitted, the respondent argued that it would erode the distinction in the FPSLRA between individual grievances, group grievances and policy grievances: see FPSLRA, s. 206 (definitions) and ss. 208, 215 and 220. According to the respondent, Parliament assigned prospective grievances to bargaining agents, not individual employees, under the group grievance and policy grievance provisions.
[34] The applicant filed no written reply and made no written submissions on these preliminary issues. At the hearing, the applicant submitted that he was directly affected by the issues raised in his grievance. The final-level Decision did address the access to his personal information (i.e, his leave balance), demonstrating that the grievance was an individual grievance. In addition, there is no reason why the issues decided in an individual grievance cannot affect him and others. He also argued that if the employer believed it was not a proper grievance, the employer should have raised the issue at the point of the first, third, or final-level decisions – it is too late to raise them now. The decision maker whose decision is under review did not determine these issues, so they should not be considered or determined by this Court. According to the applicant, section 6.2.19 was central to his position on his individual grievance, had to be meaningfully addressed by the final-level Decision, and was not.
[35] I do not agree with the respondent that this application should be dismissed on a preliminary basis.
[36] The respondent did not contend that a final-level decision could not be the subject of judicial review. The case law indicates that a broad range of employment-related disputes that may be commenced under s. 208, and paragraph 208(1)(b) in particular: see McCarthy v. Canada (Attorney General), 2020 FC 930 (McHaffie J.), at paras 31-32; Nosistel c Canada (Procurer General), 2018 FC 618 (Gascon J.), at para 66; Bron v Canada (Attorney General), 2010 ONCA 71, at paras 14-15. In addition, since the hearing of this application, Zinn J. has held that the Values and Ethics Code was a term and condition of Mr Burlacu’s employment and that he was entitled to grieve alleged violations of it under paragraph 208(1)(a): Burlacu v Attorney General of Canada, 2021 FC 610, at paras 17-18. Reading the record and the Decision, there were facts and concerns related to the applicant’s leave balance that could have been considered a possible breach of the applicant’s privacy. Although there were other high-level policy or interpretation arguments raised, there was at least some basis on which the current grievance could rest under subs. 208(1).
[37] I also observe that the employer was on notice from the beginning about the breadth, content and nebulous wording of the grievance. The employer was also aware of the nature of the corrective action requested in the grievance (i.e., that CBSA establish policies and procedures). As far as I am aware, the employer did not raise any concerns about whether the grievance could be the subject of an individual grievance under subs. 208(1) until filing written submissions in this Court. That does not answer the point about standing in this Court. However, in my view, it would have been preferable for objections to the grievance to be raised by management at one of the levels of decision in the collective agreement.
[38] In these circumstances, I do not accept that the substantive arguments the applicant made or makes in support of his position should pre-empt a determination of his application for judicial review, or that the applicant has no standing to apply for judicial review in this Court given the factual circumstances that gave rise to his filed grievance under subs. 208(1).
Reasonableness of the Final Level Decision
[39] Replying on Vavilov, the applicant argued that the Decision was unreasonable because it failed to grapple with the central argument in his grievance. In the relevant passage on which the applicant relied, the Supreme Court held:
[127] The principles of justification and transparency require that an administrative decision maker’s reasons meaningfully account for the central issues and concerns raised by the parties. The principle that the individual or individuals affected by a decision should have the opportunity to present their case fully and fairly underlies the duty of procedural fairness and is rooted in the right to be heard: Baker, at para. 28. The concept of responsive reasons is inherently bound up with this principle, because reasons are the primary mechanism by which decision makers demonstrate that they have actually listened to the parties.
[128] Reviewing courts cannot expect administrative decision makers to “respond to every argument or line of possible analysis” (Newfoundland Nurses, at para. 25), or to “make an explicit finding on each constituent element, however subordinate, leading to its final conclusion” (para 16). To impose such expectations would have a paralyzing effect on the proper functioning of administrative bodies and would needlessly compromise important values such as efficiency and access to justice. However, a decision maker’s failure to meaningfully grapple with key issues or central arguments raised by the parties may call into question whether the decision maker was actually alert and sensitive to the matter before it. In addition to assuring parties that their concerns have been heard, the process of drafting reasons with care and attention can alert the decision maker to inadvertent gaps and other flaws in its reasoning: Baker, at para. 39.
[Emphasis added; citations omitted.]
[40] The applicant’s written submissions to this Court stated that his “central argument”
was that the CBSA had failed to comply with the requirements of the Values and Ethics Code by failing to establish policies, procedures, etc., that complied with the requirements of section 6.2.19. The “crux of the grievance”
was that nothing in CBSA’s Privacy Code of Principles addressed the requirements of section 6.2.19. The “central issue”
raised in his grievance was the failure by the CBSA to identify “which positions or functions”
have a valid reason to access and handle personal information. He maintained that the Decision’s reliance on the existence of the CBSA’s Privacy Code of Principles as an “established policy document”
did not answer his argument because its mere creation was not enough – the decision maker had to grapple with his argument that the content of the Privacy Code of Principles did not identify the positions or functions that could have access to and handle personal information. Because the Decision did not articulate how the Code did so and in fact nothing in the Code identified “positions or functions”
having a valid reason for handling personal information, the Decision was unreasonable. The applicant also relied on Vavilov, at para 95.
[41] The applicant also submitted that his grievance was “premised”
on the requirements of the Values and Ethics Code, a term and condition of his employment and therefore the “legal basis”
of his grievance. He submitted that management was required by the Values and Ethics Code to “exemplify compliance with Treasury Board policies”
and that the failure to implement the requirements of section 6.2.19 did not represent such an “exemplification”
. Thus, he argued, even if the Decision concluded that the “vague wording”
in the CBSA Privacy Code of Principles was sufficient to address the requirements of the Directive by identifying positions and functions that have a valid reason to access and handle personal information, the question at the final level was “whether that vague wording in the [Privacy Code of Principles] represented an exemplification of compliance with the requirements of the Directive”
(original bolding). According to the applicant, in “light of the context”
where a non-management individual had accessed his personal information as part of their “assigned workload”
, the Tribunal needed to grapple with the issue of whether the “provisions of the [Privacy Code of Principles] truly exemplified compliance with the letter and the spirit of section 6.2.19 of the Directive”
(original italics). This, he submitted, involved more than mere compliance – it was necessarily a higher standard. In his view, the Decision did not address his argument about “exemplification”
.
[42] At the hearing, the applicant submitted that the breach of the Values and Ethics Code was “ongoing”
. The applicant referred to statements in the Values and Ethics Code that require public servants to respect the rule of law and “carry out their duties in accordance with legislation, policies and directives”
and that public servants can expect to be treated in accordance with the values in that Code. He also submitted that if section 6.2.19 had been implemented, his breach of privacy would not have occurred. However, his own circumstances or situation was just “context”
(which I take to mean an example) for his argument that the Values and Ethics Code had not been respected. How his information was accessed was not relevant to the grievance he made.
[43] The respondent submitted that the Decision was reasonable, viewed as a whole and considering the record. The respondent argued that in substance, section 6.2.19 did not require CBSA to establish policies, procedures, etc., that identify positions or functions that have a valid reason to access and handle personal information. Rather, section 6.2.19 requires executives and senior officials to identify such positions or functions. The Directive does not require the establishment of a formal written CBSA policy or procedure that does so. On this basis, the Decision was justified having regard to the legal requirements in the Directive. No additional explanation was required in the Direction because its reasons simply had to be intelligible, justified and justifiable.
[44] The applicant’s reply was that the respondent’s position was essentially backfilling the reasons in the Decision. While one can infer a rationale for a decision under Vavilov principles, one cannot infer everything. A decision must be justified to the person affected: Vavilov, at para 95. The applicant argued that he put one central argument to the employer and it was not addressed in substance in the reasons. On his view, the Decision cannot be supported after the fact by the respondent’s counsel, or by looking at the first and third-level decisions for help. The final-level Decision could have incorporated the reasoning of the first and third-level decisions, but did not.
[45] On judicial review, administrative decision makers are read holistically and contextually, in light of the record and with due sensitivity to the administrative regime in which they were given: Vavilov, at paras 97 and 103; “Canada (Citizenship and Immigration) v Mason”, at para 32. A reasoned explanation may be found expressly, be implied or be implicit in a decision, and in some circumstances may be found outside the reasons themselves: Mason, at paras 31 and 38.
[46] The Federal Court of Appeal set out the following principles in Farrier v Canada (Attorney General), 2020 FCA 25:
[13] In Vavilov, the Supreme Court clearly indicated that when an administrative decision-maker must make a reasoned decision in writing (this is the case here […]), the assessment of the reasonableness of the decision must include an assessment of its justification and transparency. As the Supreme Court pointed out, the reasons given by the administrative decision-maker must not be assessed against a standard of perfection. The administrative decision-maker cannot be expected to refer to all of the arguments or details the reviewing judge would have preferred. “Administrative justice” will not always look like “judicial justice” (Vavilov at paragraphs 91 to 98).
[14] The sufficiency of reasons is assessed by taking into account the context, including the record, the submissions of the parties, practices and past decisions of the decision-maker (Vavilov at paragraph 94). However, the Supreme Court noted the principle that the exercise of the Appeal Division’s power must be justified, intelligible and transparent, not in the abstract, but to the individuals subject to it (Vavilov at paragraph 95).
See also para 19.
[47] Not all shortcomings, failures or omissions in a decision will cause a reviewing court to find that the decision is unreasonable. The decision need not address every argument and the standard for administrative reasons is not perfection. For a reviewing court to intervene, identified concerns in a decision must be of sufficient importance to cause the court to lose confidence in the decision. See Vavilov, at paras 91-92, 94, 99-100, 104, 106, 119, 122 and 194; Canada Post, at paras 52-53; Mason, at paras 36, 42, 46 and 48.
[48] In the passage from Vavilov relied upon by the applicant, the Supreme Court did not hold that a failure to grapple meaningfully with key issues or central arguments raised by the parties will automatically render the decision unreasonable. Rather, the Supreme Court held that it “may call into question whether the decision maker was actually alert and sensitive to the matter before it”
: Vavilov, at para 128.
[49] The applicant’s submission that the Decision was unreasonable for failure to provide reasoning has some initial appeal. However, after consideration and analysis, I am not persuaded that the Decision must be set aside as unreasonable as argued by the applicant. As explained below, there are several interrelated reasons related to the contents of the Decision and the specific context and facts that gave rise to this grievance. In the result, I am satisfied that the decision maker was in fact alert and sensitive to the contents of the grievance and the arguments raised by the applicant in it.
[50] In my view, the concern in this application is not that the Court is unable to understand the basis or rationale for the resolution of the grievance. I believe the basis or rationale for the Decision is discernible in its reasons, when taken in light of the nature of the grievance alleged by the applicant, the corrective action he requested, and the record.
[51] The issue here concerns the degree of justification contained in the Decision and, to some extent, the related transparency of the Decision, given the submission made by the applicant to management prior to the Decision. The applicant put his position to the employer twice by email. Yet the Decision did not provide reasons explaining why the management representative disagreed with applicant’s interpretation of the Directive and his argument that the Privacy Code of Principles did not in fact implement the requirements of section 6.2.19 of the Directive. Without reasoning on that specific point, the reasons for the Decision were facially incomplete (and unsatisfying) to the applicant. The addition of a substantive sentence or two expressing why the employer disagreed with the applicant’s interpretation of section 6.2.19 of the Directive, or why the Privacy Code of Principles was otherwise in compliance, would likely have sufficed. But it did not happen.
[52] I am aware that the Decision was made on September 12, 2019, several months before the Supreme Court released its decision in Vavilov on December 19, 2019. The decision maker also did not have the benefit of more recent legal guidance from the Federal Court of Appeal, albeit in other statutory contexts, on the need for explanation for reaching conclusions (see e.g. Bragg Communications v UNIFOR, 2021 FCA 59). These considerations do not relieve the Decision from the Court’s scrutiny under Vavilov principles.
[53] Does the omission from the reasoning in the Decision render it unreasonable? For the following reasons, the answer is No.
[54] First, starting at a general level, the Decision clearly recognized and stated that the applicant’s position was that the employer failed to establish policies that complied with the requirements of section 6.2.19 of the Directive. It also recognized and stated that the corrective action requested was the establishment of compliant policies. The Decision found that the CBSA had already established a policy document in the form of the Privacy Code of Principles. It concluded that the Directive, the Privacy Code of Principles and the Values and Ethics Code for the Public Sector had been “complied with, respected and followed”
.
[55] As I will described further, below, the Decision also addressed the specific privacy concerns raised by the applicant related to the access to his leave balance. It concluded, with reasoning, that the use and disclosure of his leave balance was in accordance with managerial rights and responsibilities and respected governing privacy guidelines.
[56] It is therefore clear that the decision maker turned its mind to the issues and specific argument raised by the applicant on section 6.2.19. On its face, the Decision addressed both the applicant’s request to establish a CBSA policy that complied with the Treasury Board Directive (concluding it had already been done), and the specific privacy issues raised by the applicant’s situation related to his leave balances (finding no breach). The Decision concluded that CBSA had in fact created a policy, that policy complied with the Directive and there had been no violation of the applicant’s privacy.
[57] The Decision must be taken at face value as having considered the applicant’s grievance in substance and his submissions, as it stated. Having done so, the Decision resolved the grievance by concluding expressly that the CBSA Privacy Code of Principles complied with both the Directive and the Values and Ethics Code and by concluding that there was no breach of the applicant’s privacy on the facts.
[58] Second, as the applicant acknowledged through his submissions on standing, the Decision was directly responsive to the incident that caused him to file his grievance on April 20, 2018. According to the applicant, on April 19, 2018, a non-management employee was allowed access to his personal information about his leave balance “as if [that] person were [the applicant’s] manager”
. He claimed that the fact that CBSA had not properly implemented section 6.2.19 of the Directive had allowed the non-management person to access his personal information. The non-management person had been assigned the duty of a manager or acting manager, allegedly improperly, which would not have occurred if CBSA had implemented section 6.2.19 of the Directive.
[59] The Decision did not agree with that argument, as is clear from both its overall conclusion and its reasons. The Decision concluded that the use and disclosure of the applicant’s leave balance was in accordance with managerial rights and responsibilities and was in keeping with governing privacy guidelines. The Decision referred to the “legitimate managerial right to access employee leave balances in order to manage the different types of leave”
as provided in the collective agreement and gave an example of ensuring that an employee has sufficient credits for a requested leave. These conclusions, and the brief supporting reasoning, were inconsistent with the applicant’s position as submitted at the final level.
[60] The reasoning in the Decision also demonstrated that management considered whether the access and use of the personal information was necessary to deal with the applicant’s request for leave (it was) and whether there had been any breach of applicable privacy requirements (there was not). The applicant did not challenge this conclusion on judicial review, but characterized the reasoning as a “straw man”
argument that was unresponsive to his central argument. I do not agree with that characterization and find that the reasoning in this paragraph of the Decision was directly relevant to the resolution of his grievance. I will return to it below.
[61] Third, the applicant’s argument was based on his interpretation of what the Directive intended when it stated, in section 6.2, that “[e]xecutives and senior officials who manage programs or activities involving the creation, collection or handling of personal information are responsible for… [6.2.19] identifying which positions or functions in the program or activity have a valid reason to access and handle personal information and limiting access to individuals occupying those positions …”
In his emails to management, the applicant interpreted this statement to mean that CBSA (not its executives and senior officials) must create a policy or procedures identifying which positions or functions could access and handle personal information.
[62] The employer clearly disagreed with the applicant’s interpretation, because the Decision stated that there was already an “established policy document”
and concluded that it complied with the Directive and the Values and Ethics Code.
[63] Fourth, the Decision was the third and final response by a management representative to the applicant’s grievance. As the respondent observed, the management representatives at levels one and three expressed their views in response to the applicant’s grievance in the two decisions, which were before the management representative who made the final Decision. They may be considered in understanding the basis or rationale for the Decision: Vavilov, at paras 91-95.
[64] The decisions at levels one and three had both reached the conclusion that the Privacy Code of Principles complied with the Directive. The two decisions referred to a provision in the Privacy Code of Principles about the limits on the use and disclosure of personal information, keeping it confidential, and its use for only the purposes for which it was intended. As the level one decision stated, an employee must never access personal information that is not part of their assigned workload. It was on that basis that the two decisions found that CBSA’s Privacy Code of Principles complied with the Directive.
[65] The respondent submitted further that the Directive did not require CBSA to create a list, written policy or procedure that identified the positions or functions that are permitted to access and handle personal information. The respondent referred to section 3.3 of the Directive, which provides that heads of government institutions are to establish “practices”
for the protection of personal information under their institution’s control to ensure that the Privacy Act, R.S.C. 1985, c. P-21 is administered in a consistent and fair manner. The respondent contended that unlike other provisions in section 6 of the Directive, section 6.2.19 does not require the creation of plans or procedures. It provides that executives and senior officials are responsible for identifying those positions and does not specify how they must do so. The CBSA Privacy Code of Principles contains restrictions on the use and disclosure of personal information and requires that such information be kept confidential. It also provides that an employee must never access personal information that is not part of their assigned workload.
[66] While I acknowledge the respondent’s submissions on the correct interpretation of the provisions in these documents, it is not the Court’s role on this application to assess whether they are correct or to provide its own view or interpretation.
[67] Fifth, the applicant’s position was that management was required by the Values and Ethics Code to exemplify compliance with Treasury Board policies. Although the applicant’s argument concerning “exemplification”
used a word from the Values and Ethics Code itself, the argument had little form or content in his emails to management before the final level Decision. The applicant stated that he could “not see how the failure to implement the requirements of section 6.2.19 represents such an exemplification”
. Not much was added in this Court to give it more definition. As noted above, the applicant argued that the Decision did not grapple with whether the provisions of the Privacy Code of Principles “truly exemplified compliance with the letter and the spirit of section 6.2.19 of the Directive”
.
[68] In my view, the Decision satisfactorily addressed applicant’s position on the Values and Ethics Code that management was required to carry out their duties in accordance with the Directive. The Decision found that management had done so. It identified section 6.2.19 as the issue at the final level. It concluded that the Privacy Code of Principles had been established, that management could access employee leave balances in order to manage the different types of leave and to ensure an employee has a leave balance that permits them to have such leave, that there had been no breach when the applicant’s leave balance was accessed, and that the Values and Ethics Code, Privacy Code of Principles and Directive had all been respected and complied with. If the applicant’s concept of “exemplification”
means providing an example or illustration of compliance by management with the Directive or the Privacy Code of Principles while carrying out their duties, his argument was answered in the negative, with an explanation. The reasoning may not be lengthy or perfect (or to the applicant’s expectations), but perfection is not the legal standard on judicial review: Vavilov, at para 91; Farrier, at para 13.
[69] The analysis above demonstrates that the Decision was alert and sensitive to the issues in the grievance, the remedy requested and the facts giving raise to the dispute. The overall basis or rationale for the Decision is apparent, when one also has an understanding of the grievance, the corrective action requested and the facts giving rise to the grievance. Although the final level management representative should have provided some additional reasoning in response to the applicant’s position on the interpretation of the Directive and the contents of the Privacy Code of Principles, I find that its absence is not determinative of whether the Decision was unreasonable in this case. The omission of the specific reasoning identified by the applicant does not cause me to lose confidence in this Decision.
[70] I therefore conclude that the applicant has not demonstrated that the Decision was unreasonable on Vavilov standards.
IV.
Remedy
[71] I will complete my analysis by adding some additional comments with respect to remedy, in case I am wrong on the unreasonableness analysis above.
[72] A reviewing court is not entitled to remedy deficient reasons by providing its own reasons. However, the court has some discretion and latitude in the remedy granted and may exercise discretion in deciding whether to remit a matter for redetermination; Farrier, at paras 20-21; Vavilov, at para 142. In Farrier, the Court of Appeal held that it would be pointless to refer the case back for reconsideration because there was only one possible outcome before the decision maker: at para 31. Norris J. recently reached the same conclusion in Burlacu v Attorney General of Canada, 2021 FC 339.
[73] In the circumstances, if I had concluded that the Decision lacked an element of justification that called for a remedy, I would have considered the following factors with respect to remitting the matter back for redetermination:
• This grievance was commenced in April 2018. Even accounting for the delays due to the pandemic and the time while this Judgment was under reserve, that is a long time ago. If the matter were remitted, it would take some additional time before a final level decision could be reached. That decision might also be the subject of a judicial review application.
• Individual employment grievances are supposed to be resolved quickly and inexpensively so that both employer and employee can have certainty as to the result, and can move on from their dispute.
• The issue as it concerned the applicant – access to his leave balance – was addressed satisfactorily in the Decision and indeed, in more detail than in the first and third-level decisions.
• The applicant’s grievance has already been addressed on its merits at three levels under the collective agreement, and now as to reasonableness by this Court.
• It is very difficult to believe that a final-level management representative on a re-determination would reach a different conclusion than the Decision.
• The corrective action requested by the applicant was to create a policy or procedure that complied with the Directive. Although he also asked to be made whole and for any other relief deemed appropriate, his grievance did not request any specific remedy to resolve or rectify anything that aggrieved him personally in relation to the facts that caused him to file his grievance.
• Considerable public resources have already been used in the resolution of this dispute. It would not be a sensible use of additional time and resources to remit the matter back for a new decision.
• In the context of exercising discretion on whether to remit this matter, I find the respondent’s submissions about the non-individualized and prospective nature of the applicant’s arguments and position at the final level are also relevant.
[74] Considering these factors together in exercising the Court’s remedial discretion, I would have decided not to remit the matter back for redetermination: Vavilov, at para 142. As the applicant made no alternative request for relief, I would have dismissed this application for judicial review.
V.
Conclusion
[75] For these reasons, the application is dismissed.
[76] There will be no order as to costs.
JUDGMENT in T-1665-19
THIS COURT’S JUDGMENT is that:
- The application is dismissed.
There is no order as to costs.
”A.D. Little”
Judge
FEDERAL COURT
SOLICITORS OF RECORD
| DOCKET:
|
T-1665-19
|
| STYLE OF CAUSE:
|
ALEXANDRU-IOAN BURLACU v ATTORNEY GENERAL OF CANADA
|
| PLACE OF HEARING:
|
TORONTO, ONTARIO
|
| DATE OF HEARING:
|
MARCH 22, 2021
|
| JUDGMENT AND REASONS:
|
little J.
|
| DATED:
|
September 1, 2021
|
APPEARANCES:
| Alexandru-Ioan Burlacu
SELF-REPRESENTED
|
For The APPLICANT
|
| Jena Montgomery
|
FOR THE RESPONDENT
|
SOLICITORS OF RECORD:
| SELF-REPRESENTED
|
For The APPLICANT
|
| Jena Montgomery
Attorney General of Canada
Toronto, Ontario
|
FOR THE RESPONDENT
|