GSB#2003-0001
UNION#2003-0999-0012
IN THE MATTER OF AN ARBITRATION
Under
THE CROWN EMPLOYEES COLLECTIVE BARGAINING ACT
Before
THE GRIEVANCE SETTLEMENT BOARD
BETWEEN
Ontario Public Service Employees Union (Union)
Union
- and -
Association of Management, Administrative and Professional Crown Employees of Ontario (Association)
Association
- and -
Ministry of Government Services
Employer
BEFORE
Susan L. Stewart Chair
FOR THE UNION Kate Hughes Cavalluzzo Hayes Shilton McIntyre & Cornish LLP Counsel
FOR THE ASSOCIATION Lorne Richmond Sack Goldblatt Mitchell LLP Counsel
FOR THE EMPLOYER Brian Loewen Ministry of Government Services Senior Counsel
SUBMISSIONS May 3 & June 18, 2010.
DECISION
1At issue in this proceeding is whether certain positions within the Ontario Disability Support Program (“ODSP”) and within the Ministry of Revenue (“MOR”) are properly subject to security checks. It is the position of the bargaining agents that they do not fall within the ambit of the Ontario Public Service Personnel Screening Checks Policy (“the Policy”), while it is the position of the Employer that they do. There was no objection to my jurisdiction to hear and determine these grievances.
2Some context is necessary to properly understand these disputes. The Employer initially developed a policy to implement security checks in 2003. That policy was the subject of grievances, with the bargaining agents raising a number of objections to the policy, including allegations that the policy was not reasonable and that it constituted an inappropriate invasion of the privacy of employees. In a decision dated April 17, 2003, I granted the request for interim relief sought by OPSEU and AMAPCEO. Subsequently, the parties entered into discussions about the matter and ultimately the Policy, dated March, 2005, was developed. In addition to the Policy, Operational Guidelines (‘the Guidelines”) and an OPS Position Threat Risk Assessment Form (“the Form”) were developed, with the parties signing off on those documents on December 7, 2005. These documents establish a process by which certain positions within the OPS are identified as requiring security or screening checks.
3The Policy is a 16 page document, including appendices. Its introduction, purpose and principles are set out below:
INTRODUCTION
Employees of the Ontario Public Service (OPS) are entrusted with protecting the public interest. Employees take great pride in their efforts at protecting the public interest and in communicating to the public that the public’s trust is warranted.
In order to ensure that the public trust continues to be protected, a policy regarding personnel screening checks is being introduced. This policy will ensure that there is consistent practice in screening across the OPS; that the level of intrusiveness related to screening is based on a consistent evaluation of risk and that in an age of increasing concern about identity theft, identity fraud and security, appropriate action is being taken.
Strengthening the organization’s security processes regarding its employees is part of a modern framework to risk management where processes are routinely examined to ensure that risk is identified and appropriately addressed. As well, personnel screening checks are one element of a modern framework for recruitment that provides for the ability to ensure that hiring decisions are well founded.
This personnel screening check policy will not only harmonize practice across the OPS but will align the practices of the OPS with the practices of other public, private, non-profit and volunteer organizations. Personnel screening checks will ensure:
An enhanced protection of the public interest.
A safe working environment for all employees.
Protection of the organization’s assets and people.
Due diligence on the part of the employer with respect to the recruitment and selection of individuals.
Informed decisions are made throughout the recruitment process.
Public confidence in the ability of the government to protect its interests.
PURPOSE
The intent of this policy is to support the Government of Ontario’s objective of providing appropriate protection for its employees, stakeholders, assets, information and business processes in the most effective and efficient manner within a modernized recruitment framework. The policy will:
Support the Government of Ontario’s business objectives by safeguarding employees and assets and assuring the continued delivery of services.
Provide a harmonized and consistent application of personnel screening practices in the Ontario Public Service.
Align the Government of Ontario’s personnel screening practices with established best practices acceptable in the security industry.
This document establishes the operational policy and certain procedures for personnel screening checks.
PRINCIPLES
A risk management approach to personnel screening will ensure appropriate levels of intervention and a balanced approach to the policy.
The applicant’s privacy will be ensured to the fullest extent possible. All reasonable measures will be taken to protect the privacy, security and confidentiality of the personal information of the applicant during the screening process.
Fundamental human rights will be respected to ensure clearances are based on factors specifically related to the duties and responsibilities of the positions being filled.
Decision-making undertaken as part of the screening check process will be transparent, fair and bias-free.
The principles of the staffing policy will continue to apply with respect to all recruitment and staffing activities.
4The Policy goes on, under the heading “Application and Scope” to provide as follows:
There are positions within the OPS where the government must necessarily place a great deal of trust in the integrity of the individual. These positions include responsibility for handling and processing highly sensitive documents, working with vulnerable individuals and providing law enforcement services. In order to reduce the risk that the public interest is jeopardized, individuals being considered for employment in these areas must be screened to assess their suitability for positions of trust in light of the security requirements of such positions. Accordingly, security inquiries such as police record checks must be completed. Positions of trust are characterized by:
Access to highly sensitive information;
Activities involving contact with, or responsibility for, the well being of children or vulnerable persons; and
Duties associated with the work of law enforcement
The Policy proceeds under this section to provide for its implementation in four phases, with phase one being prospective employees in six program areas which include the production of drivers’ licences and health cards, phase two being existing employees in the program areas identified in phase one, phase three being the harmonization of screening check processes within the OPS in areas then conducting checks, with phase four being “other key business areas as identified from time to time by ministries”. The matters before me fall within phase four. The parties have successfully proceeded through the first three phases and have recognized that the policy would be implemented in relation to phase four, as reflected in my order dated October 26, 2007. I would observe that the process has been highly successful, resulting in the completion of security checks for many positions within the OPS.
5The Policy sets out the components of the screening check process, involving at the outset what is described as a “Threat Risk Assessment”, described at p. 7 as follows:
Screening types are determined on the basis of the sensitivity of the information and assets that can be accessed or the threat to vulnerable individuals. This must be undertaken by conducting a Position Threat Risk Assessment (TRA) as outlined in the operational guidelines using the TRA form. The TRA is a multi-step process used to ensure that the resources devoted to mitigating the risk and impact of various threats is appropriate for the circumstances. TRAs involve:
Establishing the scope of the assessment and identifying positions and assets to be safeguarded.
Determining the threats to employees and assets by assessing the likelihood an[d] impact of the threat occurrence.
Assessing the risk based on the adequacy of existing safeguards for identified vulnerabilities.
Implementing any supplementary safeguards that will reduce the risk to an acceptable level.
At p. 14 of the Policy there is reference to the Operational Guidelines, which are to “provide measures to guide implementation on the personnel screening check process” and to the inclusion of a threat risk assessment document in the Guidelines.
6The Operational Guidelines at page 3 refer to a Threat Risk Assessment [TRA] Form as “an aid in determining whether a position requires a screening check” and p. 4, under the heading “Position Identification”, reads as follows:
A determination is made by the manager or ministry contact on whether the position requires a screening check by completing a Position Risk Assessment Form, which contains a list of questions and is intended as an aid in determining access to highly sensitive information and/or assets.
7The TRA Form is a 4 page document. Its introduction refers to the obligation of Ministries to “limit access to highly sensitive information and other valuable assets” to those who have had a security check, to be initiated by a TRA which is described as “a multi-step process used to determine access to highly sensitive information and/or assets”. It goes on to set out the following guide and questionnaire:
Guide for the assessment of the sensitivity of information and assets to be accessed by person in the identified position.
The following chart gives a general description and examples of highly sensitivity [sic] information and assets in the OPS to guide you in assessing the information and assets that will be accessed by the person performing the duties of the identified position. Use this as a guide when answering the assessment questions.
| Sensitivity | General Description | Examples |
|---|---|---|
| Highly Sensitive Information and Assets | Improper use could reasonably be expected to cause serious injury, significant financial loss, loss of life or public safety, social hardship and major political or economic impact to the Ontario Government and/or a third party that does business with the government. Examples of financial loss would be in the order of hundreds of thousands to many millions of dollars. These documents and assets have a value attached to them and require appropriate measures to protect them against unauthorized use. The information and assets may be protected by high-security areas where access is restricted by physical barriers, electronic measures or by security/police personnel. In addition, cards, tokens or badges may be used by personnel to gain access to the restricted or high-security areas. |
Identity or Foundation Documents: This is a document that, under normal and approved use, can be used to authenticate applications for many services such as: • Birth and death certificates • Licenses (e.g., driver’s hunting, fishing), • Minister’s permits, environmental permits (e.g., hazardous waste, taking of water, pesticide use) • Health records, health cards, cheques, receipts, or other fiduciary assets • Passwords, certificates or tokens that allow access to government of Ontario information systems containing highly sensitive data Other items such as blank stock, legal seals, cheque writing machines or digital signatures should also be treated as highly sensitive material assets. Source Code: A series of statements in human readable computer programming language which constitutes a software program allowing system manipulation. Highly Sensitive Records: Examples include: pending legal proceedings by the government and information including document preparation, not yet public, related to any legal proceeding; Witness Protection records; Budget documents; Cabinet documents; Cabinet deliberations and supporting documents. Significant Amounts of Cash: Where improper use could result in financial loss in the order of hundreds of thousands to many millions of dollars. Portable, Valuable Assets: Examples include government assets used by individuals such as laptop computers, blackberries, and any other mobile equipment that has the capacity to store highly sensitive information that can be easily moved or removed from a premises [sic]. Personnel screening is not required for individual for the sole reason of being in possession of a blackberry or a laptop. |
STEP 2: RISK ASSESSMENT QUESTIONAIRE
| Y/N | The following list of questions is intended as an aid in determining access to highly sensitive information and/or assets. Additional rows have been added to capture access to additional highly sensitive information and/or assets not listed. |
|---|---|
| 1 | Do the duties of this position involve access to highly sensitive records? |
| 2 | Do the duties of the position involve access to confidential or personal information in the custody of the government that would not be available to the public? |
| 3 | Do the duties of the person require the responsibility for accessing significant amounts of cash, negotiable or other portable, valuable assets? |
| 4 | Do the duties of the position require access to highly sensitive I&IT assets, including source code? |
| 5 | Do the duties of the position involve access to identity or foundation documents? |
| 6 | Do the duties of the position involved access to personal health records/information (as defined in the Personal Health Information Protection Act)? |
If you have answered YES to one or more of questions listed above, a screening clearance will be required.
If you have NOT answered YES to any of the above questions, the person in the position does not require a screening clearance.
8The Ministry of Revenue administers Ontario’s major tax statutes, tax credit programs, tax benefit programs and collects tax revenue. According to the statutory declaration of S. Butson-Lewis, Senior Manager of Business Development at the Ministry of Revenue, a project was launched in 2008 to address adherence to the Policy and a Canada Revenue Agency requirement for security checks for positions with access to information that it provides. An undated letter from the Canada Revenue Agency which was provided by the Employer to AMAPCEO in connection with this matter provides in part as follows:
The CRA requires that employees of its external partner organizations who require and use information released by the CRA be granted a reliability status, at the enhanced level, involving the same elements as those described in the TBS Personnel Security Standard.
We understand that the Ontario Public Service is in the process of implementing a Personnel Screening Checks Policy (PSCP) [and] that all provincial employees with access to protected information will undergo screening pursuant to that policy. Furthermore, we understand that the provisions of the PSCP are substantially similar to those of the TBS [Treasury Board Secretariat’s] Personnel Security Standard.
9The Employer also provided AMAPCEO with the Personal Security Standards of the Government of Canada and the Policy on Government Security of the Government of Canada. Approximately 214 members of AMAPCEO were identified as requiring security checks, following the completion of the Threat Risk Assessment forms, and approval by the Security Service and Contingency Planning Branch, on the basis that their positions involve access to highly sensitive records and involve access to confidential information in the custody of the government that would not be available to the public. The information in issue, which is set out in Appendix B of Ms. Butson-Lewis’ statutory declaration, includes a database of personal and corporate tax remittance information, personal information such as Social Insurance Numbers, Business Information Numbers and Employer Health Tax information.
10There is no dispute that this type of information, provided by the Federal government, has long been utilized by OPS employees to carry out their duties. There is also no dispute that this information is confidential information that must be protected. Such protection is fundamental to the positions of trust assumed by all employees of the Ontario Public Service, reflected not only in the oath of office but in the case of Ministry of Revenue employees, by relevant statutory provisions. Mr. Richmond referred me to a decision of the Information and Privacy Commissioner, Interim Order PO-2059-I, which not only represents the sedulous nature of the Ministry’s protection of tax information in its possession, but also, at p. 12 refers to a report on the Freedom of Information and Protection of Privacy Act prepared by the then Chair of Management Board, wherein it is noted that: “There are eleven confidentiality provisions in statutes administered by the Ministry of Revenue which provide for the secrecy of information submitted on tax returns and other records relating to the tax liability of taxpayers”. Mr. Richmond also referred me to a Ministry of Revenue report, Service Commitments and Standards in Tax Administration for the period April 1, 2008 to March 31, 2009, which refers to a review conducted by Ontario Internal Audit that reported that controls were adequate. As well, he referred me to the Government of Ontario IT Standard Number 25, which sets out general security requirements, including access control, the segregation of duties and the separation of development and operational facilities. It provides for an independent security audit. A Manual produced by the Office of the Chief Information and Privacy Officer prescribes security measures in relation to information technology and refers to tracking systems which monitor the use of data and which identify the system user. Mr. Loewen acknowledged the existence of high standards of security and the ability to track usage, however, he emphasized that security checks allow for a preventative measure to be taken, ensuring that an individual whose background was indicative of untrustworthiness had no encounter with confidential information that the Crown is responsible for safeguarding.
11I turn now to the ODSP. Managed by the Ministry of Community and Social Services, the ODSP provides income and employment support for eligible people with disabilities. Eligibility for income support is based on disability, which is determined by the Disability Adjudication Unit, and on the basis of financial circumstances, which is determined by employees in Regional offices. At issue here are security checks for those in Regional offices. The initial impetus for these security checks was a requirement of the Federal government in relation to the use of its database, National Child Benefit Supplement (“NCBS on the Net”). This database contains information about the client’s finances, family status and living situation. The EI database contains information relating to employment history, finances and family status. OPSEU has agreed, on a without prejudice basis, that employees who are “designated users” with direct access to Federal databases would be security checked.
12Designated employees may also have access to information stored in a number of provincial databases, including a database maintained by the Family Responsibility Office which contains information about family status and financial information, a database maintained by the MTO that includes information about vehicles and driver’s licences, and an OSAP database, containing information about an individual’s academic history and financial status.
13The primary data tool employed by employees at the ODSP is Service Delivery Model Technology (“SDMT”) which aggregates all of the information that the ODSP has obtained with respect to a particular client and thus contains information about matters such as an individual’s finances, family status, living situation, employment history and immigration status.
14The forms that are required to be completed by the person seeking benefits elicit personal information such as employment history and financial status. Verification of identity is required and thus a birth certificate, driver’s licence or passport is to be provided. A photocopy of this document is attached to a master file, along with other information obtained in the initial interview.
15There are 28 OPSEU positions in Regional Offices. However, there are five core positions that are common throughout the offices, representing the bulk of the employees in question. In the course of their employment, ODSP employees utilize information provided by various federal and provincial government databases for a variety of purposes.
16ODSP staff who are not designated users but require information from the database are able to obtain the information by submitting requests and receiving print outs of the requested information from their office’s designated users. These print outs are attached to the client’s master file record and retained. An audit trail monitors all requests.
17It was agreed that it would be appropriate for me to address only the Income Support Specialist (“ISS”) position, in contemplation that my ruling on that position would be of assistance to the parties in relation to the other positions. The risk assessment questionnaire responds in the affirmative to questions 1, 3 and 5, indicating that in the view of the assessor, the duties of the position involve access to highly sensitive records, access to confidential or personal information in the custody of the government that would not be available to the public, and access to identity or foundation documents.
18The purpose of the ISS position as set out in the Position Specification is: “To assume responsibility for determining eligibility and on-going entitlement for income support and related benefits and to provide information, advice, assistance and liasing with the community on a client’s behalf”.
19The documentation collected and utilized by the ISS includes the application and other forms, the accuracy of which is verified on the basis of information such as birth certificates, social insurance numbers, health card numbers, rent receipts, financial records showing assets and earnings and court orders for child support. The information that verifies birth and identity is photocopied and retained on a master file, as previously indicated, and other information is recorded in the SDMT, but is typically not photocopied and retained. Information captured in the SDMT includes payment, personal information such as birthdate, SIN, Health Card Number, financial and asset information and living arrangements.
20The ISS has the ability to modify the SDMT to create or delete a benefit unit, to grant or terminate income support, to change financial information including bank deposit information, to add or delete members in a benefit unit, to create and modify payments and overpayments and to create and amend notes. The ISS has the ability to view other areas within SDMT and Ontario Works information, but cannot modify this information. The ISS has access to the information contained in the master file in order to review eligibility and determine whether information is missing. These files are located in a secure area of the office and the files are tracked.
21Third party information, such as CRA, EI, NCBS, OSAP and support and vehicle information is obtained by the ISS through designated users. In most circumstances that information is then included as part of the master file.
22There are two decisions that I found helpful in considering the issue before me. The first is a decision of the Federal Court of Appeal, Attorney General of Canada 2009 FCA 234, that involved a reference to the Court by the Attorney General for a determination of the constitutional validity of the Marine Transportation Security Regulations. Those Regulations created a scheme for screening workers in security sensitive positions in ports in Canada, requiring employees to provide information about themselves and their spouse, in order to determine whether they represented a threat emanating from terrorism or organized crime. That information included a requirement for identity, residence, employment, educational and travel information, as well as spousal identity information, to be followed by checks and verification including a criminal record check and, if necessary, a CSIS security assessment. At issue in the reference was whether the Regulations breached Charter rights by constituting an unreasonable intrusion into privacy. The Court concluded that Charter rights were not violated and referred in paragraph 67 to:
… the substantial and pressing nature of the public interest that the Regulations are designed to advance: protection from threats to public safety and the economy from the activities of terrorist groups and organized crime.
The Court went on to conclude that the requirement of the Regulation for the provision of information was not unreasonable and stated at paragraph 69 that:
I am not persuaded that, in view of the potentially grave nature of the threats to the security of marine transportation from terrorists and organized crime, the information required by the Regulations can be seen to be overly intrusive and insufficiently tailored to the perceived risks.
23The second case is Re Ottawa (City) and Ottawa Professional Firefighters Association (2007), 169 L.A.C. (4th) 84 (Picher). In that case the Employer sought to have current employees in the position of firefighter authorize consent to the disclosure of any criminal record. The arbitrator found that to be an inappropriate infringement of privacy rights and in paragraph 43 states as follows:
In approaching this issue the Arbitrator considers that there is a significant distinction between the point of initial hire and the normal course of business in an ongoing employment relationship. The person who presents him or herself at the door of a business or other institution to be hired does so as a stranger. At that point the employer knows little or nothing about the person who is no more than a job applicant. In my view, the same cannot be said of an individual who has, for a significant period of time, been an employee under the supervision of management. The employment relationship presupposes a degree of ongoing, and arguably increasing, familiarity with the qualities and personality of the individual employee. [T]he extraordinary waiver of privacy which may be justified when a stranger is hired is substantially less compelling as applied to an employee with many months, or indeed many years, of service.
The decision goes on to note that there are obviously some types of employment that by their very nature justify employee security checks, such as in airport operations, particularly in the management of restricted areas, but that a broad and expansive approach would justify security checks on virtually all employees, thus effectively negating privacy interests and the desirable balance of interests.
24In this case, of course, the issue is the interpretation to be given to the terms of the Policy and Guidelines and Threat Risk Assessment Form agreed to by the parties. The modern principle of statutory interpretation, which, as described in Sullivan on the Construction of Statutes, as applied to a contractual analysis, requires that the words be read in their ordinary sense, harmoniously with the scheme and the objects of the agreement.
25The purpose of the Policy, as Mr. Loewen pointed out, includes a reference to the protection of information as well as public trust and public confidence in the ability of the government to protect its interests. However, in setting out its application and scope, the Policy contains a specific reference to employees involved in “handling and processing highly sensitive documents” and a reference to “highly sensitive information”. The Operational Guidelines refer to the TRA Form and the questions contained therein as “an aid in determining access to highly sensitive information and/or assets”. Mr. Loewen points out quite correctly that question 2 refers to “access to confidential and personal information in the custody of the government that would not be available to the public” and that it is expressly provided that an affirmative answer to any one of those questions will result in a requirement for a security check. There is no doubt that the information that is in issue here, and in particular the information provided by the federal government, can be construed as falling within the ordinary meaning of those words. However, preceding that question, along with all the other questions, is the specific statement that the questions are intended as “an aid in determining access to highly sensitive information and/or assets”. In my view, Ms. Hughes and Mr. Richmond persuasively argue that the questions must be interpreted in this context. To accept Mr. Loewen’s primary argument would, in my view, require me to ignore that general provision that is clearly applicable to all questions.
26As previously indicated, the page preceding the questionnaire sets out what is described as “a general description and examples” of highly sensitive information and assets, with the general description clearly contemplating very significant implications of improper use, with the measure being “loss of life or public safety”, “major [emphasis added] political impact to the government and/or a third party” and potential financial losses of “hundreds of thousands to many millions of dollars”. The nature of the interests at issue is exemplified by the reference to examples of highly sensitive records, which include documents relating to legal proceedings, witness protection records, budget documents and documents relating to Cabinet deliberations. Accepting Mr. Loewen’s point that confidential and personal information is not explicitly exemplified, as are other phrases utilized in the questionnaire, the conclusion that the question must relate to confidential or personal information of a similar nature is nevertheless inescapable. When all of the questions, and in particular question 2, are considered in context, it is readily apparent that they intend to elicit whether there is access to “highly sensitive information and/or assets”. This reading is consistent with the provisions of the Policy and the Guidelines. In context then, it is my view that question 2, along with all of the other questions, contemplates an assessment in light of the description of what the previous page sets out under the heading of “General Description”. This analysis is one that allows a meaningful interpretation to be given to the documents as a whole, while the interpretation urged upon me by Mr. Loewen requires an interpretation that would require me to ignore that context. Mr. Loewen is clearly correct in his observation that question 2 must be given meaning, as must the concluding directive in the questionnaire advising that a security check will be required if there is an affirmative response to any of the questions. However, the directive and the question must be viewed in the context of whether the duties involve access to confidential or personal information in the custody of the government that is not available to the public that is consistent with the examples of highly sensitive information specifically referred to on the previous page.
27Do the circumstances here involve access to highly sensitive information or assets? The examples provided in relation to the TRA refer to identity or foundation documents and I will address this matter first. From the outset, the need for security checks has been justified on the basis of heightened security consciousness throughout the world and, while the Policy is certainly broader than that, as Mr. Loewen emphasized, a major concern of the Employer from the outset has been the potential for the fraudulent creation of identity documents. Identity or foundation documents are described as documents that can be used to authenticate applications for many services and examples given include birth and death certificates. Reference is made in the same context to access to cheque writing machines and to digital signatures. It is contemplated that this information “may be protected by high security areas where access is restricted by physical barriers, electronic measures or by security/police personnel”. Positions in which identity documents are created are clearly intended to be captured, and the potential for fraud on a significant scale that could be associated with the ability to create such documents or to utilize cheque writing machines is readily apparent. As previously noted, these kinds of positions were the focus of the parties at the outset, and these positions were subject to security checks at Phase 1, the first priority of the Policy. At issue here, however, is whether the Policy extends further, to capture the positions in dispute here.
28In her submissions, Ms. Hughes emphasized the ubiquity of the need to present identification in order to obtain government services and suggested that if the Employer’s position were to prevail, the need for the presentation of a driver’s licence to a park ranger would require that the park ranger have a security check, given that he or she is being provided with an identity or foundation document. In her submission, such a comprehensive right to obtain security checks was not in the contemplation of the parties, and this is apparent from the description and examples of highly sensitive information in the TRA document. Mr. Loewen noted that the example of a park ranger, which he agreed would clearly not fall within the Policy, is not the situation before me. In relation to the ISS position Mr. Loewen emphasized that identity documents are photocopied and retained. He also made reference to the many types of information that incumbents in that position are able to view and require in order to fulfill the duties of the position, as well as the extent of decision making authority in relation to the payment of benefits. Mr. Loewen also made reference to the breadth of information that the Ministry of Revenue employees are able to view and need to view in order to carry out their duties. He emphasized the expectation of privacy that would be associated with tax information. Mr. Loewen acknowledged that the existence of a federal requirement with respect to security checks is not determinative of the matter under the Policy, but submitted that the nature of the information that is provided is such that the confidence that would be afforded by a security check is reasonable and appropriate.
29There is, of course, no question that the information provided to those in the identified Ministry of Revenue and ODSP positions is confidential and/or personal information. Its improper use would be an obvious breach of public trust and of the government’s responsibility as custodian of that information. However, it is also obvious, in my view, that it is not the type of information that is encompassed by the agreement of the parties as expressed in the Policy, Guidelines and the Threat Risk Assessment Form. The information is simply not of the same kind, class or nature as the documents that are identified as exemplifying the highly sensitive information that is associated with a requirement for a security check. It is not similar in nature to budget information, Cabinet documents, documents relating to legal proceedings or witness protection records. There was no indication of how its improper use could result in financial loss in the order of hundreds of thousands to many millions of dollars. Unlike positions involved in the creation of identity documents, there is no ability to change these documents. I note in this regard that the definition of “access” in relation to records contained in Black’s Law Dictionary encompasses “a reasonable opportunity to avail oneself of the same”. While those who create foundation documents potentially have the opportunity to avail themselves of such documents and thus an opportunity for misuse in the sense that the policy is clearly intended to address, the opportunity to view confidential information in the context before me is in a different category. To accept the Employer’s analysis would potentially involve many OPS employees, with an effect that is inconsistent with the purpose of the Policy and the balancing of interests that the parties sought to achieve.
30With respect to the ability of the ISS to create a basis for payments, a matter that was emphasized by Mr. Loewen, I agree that this is a matter requiring trust and properly attracting safeguards and scrutiny. However, these responsibilities are simply not commensurate with access to cheque writing machines or digital signatures, nor was there any indication of how improper use could potentially result in losses in the order of hundreds of thousands to many millions of dollars.
31There was reference to certain positions represented by AMAPCEO in the Ministry of Finance, positions which may involve access to a software program allowing system manipulation which would fall within the ambit of positions that require security checks, and I remain seized with this aspect of the dispute, should the parties be unable to resolve it themselves.
32The new requirement of its federal partner in relation to the provision of security checks for its employees in order to continue to obtain its data has created an understandable desire on the part of the Employer to provide these checks. However legitimate and understandable the Employer’s rationale for its approach, the issue before me is whether screening or security checks for current employees fall within the ambit of the circumstances that the parties have agreed would be operative. It is my view that the circumstances of the ISS ODSP and MOR positions do not fall within that ambit. I note, parenthetically, that while the issues before me turn on the balance that is articulated in the Policy and Guidelines, the result here is consistent with the analysis in the cases that I have referred to.
33The grievances are allowed in accordance with the foregoing. Given my conclusions, it is unnecessary to address the submission, primarily advanced by AMAPCEO, that a true threat risk assessment was not conducted here, and in particular the argument that there was no assessment of whether other measures would mitigate any threat. I retain jurisdiction specifically in relation to the MOF positions and in general in relation to the other matters in order to deal with any difficulties that the parties may experience in implementing this decision. I also note that the parties have been very successful in overcoming the evolving obstacles associated with balancing the interests at stake in connection with these important issues. Their ongoing constructive approach to these issues will no doubt continue to be productive.
Dated at Toronto this 6th day of August 2010.