One of the first things Freedom of Information (FOI) professionals learn is that everyone has a right of access to general records of public institutions, and that the identity of the requestor should not be relevant when processing a request.
It is considered good practice for FOI professionals not to share the identity of the requestor with other employees at the institution when processing a request; this helps ensure that requestors are treated fairly, and reduces the possibility of bias by institutional employees when retrieving records for potential disclosure. It’s generally considered unhelpful for other staff to try to ascertain whether a request is coming from an “friendly” or an “unfriendly” source, or whether the requestor is “known” to the institution or not, as such information raises the possibility that the quality of the disclosure provided in response to the request may vary depending on who is asking.
However, in practice, the FOI professional who actually receives the request will know the identity of the requestor. This is because the vast majority of requests arrive either by letter or are submitted using a Freedom of Information request form on which the requestor provides their name. And even in cases where a request is delivered in person, by law, requests must be submitted in writing, and a written request will ordinarily include the name and contact information of the person making the request.
But what should an institution do when a requestor has not provided their name, and even refuses to do so when asked? Does the institution still have an obligation to process the request, even without knowing who the request is coming from?
How can a requestor refuse to provide their name?
First off, it’s worth thinking about how this scenario might occur, and whether it is even possible.
The vast majority of FOI requests are received by regular mail. If a request is mailed into the institution, the requestor will generally have to include a return address to allow the institution to respond with the records requested. In this “regular mail” scenario, it is unlikely that the requestor will refuse to provide their name, because without a name, the institution will be unable to send the results from the FOI request back to the requestor. Therefore, in the normal course, it is impossible for the requestor not to provide a name when making a request.
However, there are situations where a requestor could potentially not provide their name:
Requests made in person: A requestor could appear at the front desk of an institution, pay the $5.00 application fee with cash, and submit a written description of the documents they wish to receive. (Note that under Ontario’s FOI legislation and the legislation of most other jurisdictions, FOI requests must be made in writing, so a purely verbal request would definitely not be sufficient.) This written “request” might not contain any identifying information of the requestor—rather, the requestor may offer to “get a file number today and come back later”.
Email requests: Alternatively, an FOI request may be submitted to the institution by email. By submitting a request by anonymous email, the requestor provides the institution with a method of responding to the request (i.e., by replying to the email) without having to know the requestor’s name. Payment of the $5.00 application fee using this method presents something of an obstacle, but this can be circumvented by paying the fee separately, either in person or though the mail, and using an anonymous method of payment such as cash or a money order.
Online requests: Some institutions may provide an online system for accepting online requests. Depending on how the system has been configured, such system may allow for the submission of FOI requests without requiring the requestor to provide their name.
Why might a requestor refuse to provide their name?
There are a few valid reasons why a requestor might prefer not to disclose her identity to the institution, as alluded to above. The requestor might be apprehensive about the potential for bias by the institution, or even reprisals. For example, a vendor who submits an FOI request regarding a project they unsuccessfully bid on might worry that the institution will avoid awarding contracts to them in the future because of their access request. There may be concerns about other types of bias as well, whether racial, sexual, political, or economic.
However, there are other reasons a requestor might wish to hide their identity that would seem inappropriate. Institutions are allowed to assess a requestor’s pattern of conduct when determining whether a request should be deemed frivolous or vexatious, and so a requestor may wish to mask their identity to avoid having their pattern of conduct detected. Other requestors may simply lack respect for legal process, and may even purport to have the right to refuse to use their legal name when dealing with the government (see, for example, “Freeman on the Land”).
Are institutions obligated to process anonymous requests?
Personal Information Requests
For requests for personal information, the analysis is straightforward. Institutions are generally required to confirm that the individual requesting personal information is entitled to it, and therefore cannot proceed without confirming the identity of the individual, or that the person requesting the information has been authorized by the individual to whom the personal information relates. Therefore, for personal information requests, institutions must be permitted to require confirmation of the identity of the individual who has made the request before proceeding.
General Records Requests
For general records requests, the analysis is a little more complicated. The Ontario Freedom of Information and Protection of Privacy Act (FIPPA) and Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) themselves (the “Acts”) do not explicitly state that the requestor’s name must be included in the written request for records, nor do the regulations under the Acts. Presumably, the drafters of the Acts had it in mind that requests would generally be received by mail, where the name of the requestor would always be included.
What does the Privacy Commissioner’s Office say?
I was unable to find any relevant decisions or guidance documents on the website of the Information and Privacy Commissioner of Ontario (IPCO). Out of curiosity, I called IPCO to see whether they had any information on this that they could provide over the phone. The employee I reached said she had heard this question before and she “did not believe this was possible” because on the “request form”, the requestor had to fill out their name. (I assume she was talking about this request form, which is used by many provincial institutions, and appears to require the name and even the signature of the requestor.) I said that this was very helpful to hear but that I knew that not every institution used a request form, and that requestors were not required to use it because they could also submit requests by letter. She said she still believed it was “not possible” but didn’t offer any other reason.
Although IPCO’s answer was helpful, it was not conclusive. Yet even in the absence of any explicit directive or guidance, one can still consider the FOI process as a whole to arrive at an informed opinion on whether accepting anonymous requests makes sense as part of the bigger picture.
Requirement that requests be “in writing”
Under both FIPPA and MFIPPA, Freedom of Information requests must be made “in writing”. It seems reasonable to ask, can a request really be considered clear and complete if it does not include the name of the person who is making it, to whom the response should be sent?
Determining a Pattern of Conduct
Part of deciding whether a request is frivolous or vexatious is considering the “pattern of conduct” of a requestor—this seems to me a strong indication that institutions are expected to know the identities of their requestors. And it does not seem right that a requestor who has a history of frivolous requests could simply submit a new request “anonymously” to evade detection.
The practicality of knowing who you are dealing with
I would take the position that an institution should have the right to know who they are dealing with, even if it’s just to ensure the institution can fulfill their responsibility of dealing only with the person who submitted the request. If a request is submitted from an anonymous email address, who else might have access to that email address? If a requestor offers to return in person, how is the institution to know that it is the same person who appears later on to check on the status of the request? For this reason, some institutions may even insist on collecting the requestor’s signature (or using a similarly effective method of confirming identity, such as accepting a credit card payment for the application fee) to help to ensure they know the identity of the requestor and to help prevent the institution from inadvertently sharing information about a request-in-progress with anyone else.
The Information and Privacy Commissioner of Ontario requires each institution to submit a statistical report after the end of each year. This report includes a tally of how many requests were received by requestors in a variety of categories. An institution processing requests anonymously would not be able to categorize its requestors into one of these categories and therefore would not be able to fulfill its annual statistical reporting obligation.
The Appeal Process
If a requestor wished to dispute an institution’s decision to refuse to accept a request, they would presumably do so by filing an appeal with IPCO. It seems quite likely the requestor would have to provide their name and contact information at that time, i.e., that IPCO would not allow an appeal to proceed “anonymously”. If an institution were to refuse, in good faith, to accept an anonymous request, the requestor would presumably have to reveal their name (to the Privacy Commissioner’s office at least) in order to move his request forward.
The might explain why I could not find any IPCO decision on point—to proceed with an appeal, a requestor would have to disclose their identity, so it may quickly become something of a moot point.
Alternatives are available for requestors who wish to remain anonymous
For general records requests, if an individual wishes to keep their identity a secret, they can always have someone else submit the request on their behalf. It’s not unusual for an individual to hire a law firm or other agent to submit a request in order to keep their identity private, or even for someone to ask a friend to file a request on their behalf. In this situation, the law firm or other agent becomes the requestor from the perspective of the institution, and the person being represented by the agent can remain anonymous.
Although the legislation does not set out an explicit requirement that requestors must provide their name when submitting an FOI request, and there does not appear to be any decision or written guidance from IPCO on this point, for all the reasons outlined above, I would take the position that it is reasonable for an institution to require a requestor’s name when processing an FOI request, and to refuse to process the request until the requestor has disclosed their identity.
If you have any thoughts on this article, or if your institution has ever been put in this position, I would love to hear from you, especially if there was any escalation to IPCO or other resolution! Please feel free to add a comment below, or to contact me directly.