Access to Information: A Practical Guide for Food Companies
How to use ATIP, and how to resist it, when the records that matter are held by the federal government.
The federal Access to Information Act gives Canadians a statutory right to records held by government institutions. For food companies, this right works in both directions. On one side, a company uses ATIP to pry open government files, requesting enforcement records, competitor inspection histories, or the internal analysis behind a regulatory decision. On the other side, the same company receives a notice that someone else has requested records that contain its confidential commercial information, and the government intends to release them.
It is not unusual for both to happen on the same file, at the same time, for the same client. A company can be requesting its own enforcement records while simultaneously objecting to the disclosure of its formulation data in response to a competitor's request. The two sides of ATIP - the sword and the shield - are not different practice areas serving different clients. They are often the same engagement.
This page is a practitioner's overview of how the federal ATIP regime works for food companies: what you can request, how to do it efficiently, what happens when someone requests records about you, and what your options are when the government decides to disclose. It covers the federal Access to Information Act and the Privacy Act. Provincial freedom-of-information regimes (Ontario, Québec, British Columbia) operate on different mechanics and are noted but not covered in detail.
The ATIP Framework at a Glance
Two federal statutes create the ATIP regime. The Access to Information Act (ATIA) gives Canadian citizens and permanent residents a right to records held by government institutions: records about the government's business, its decisions, and its interactions with regulated parties. The Privacy Act gives individuals a right to their own personal information held by government institutions: records about the individual, not about the government.
For food companies, the ATIA is the primary instrument. The institutions that hold the records food clients care about are the Canadian Food Inspection Agency, Health Canada, the Canada Border Services Agency, the Public Health Agency of Canada, the Competition Bureau (under Innovation, Science and Economic Development Canada), and Statistics Canada.
The mechanics are straightforward. A request is made in writing to the institution that controls the record, with enough detail for an employee to identify it. The application fee is $5. The institution has 30 days to respond, though extensions are routine, particularly where the records touch third-party commercial information or require consultations across institutions. If the institution fails to respond within the time limit, it is deemed to have refused access, which opens the complaint process.
The Privacy Act in Brief
The Privacy Act is for individuals seeking their own personal information, not for companies seeking government records. A food company cannot make a Privacy Act request. But individuals involved in food-regulatory matters sometimes can: a company officer named in a prosecution, a former employee whose complaint triggered a CFIA investigation, or an inspector whose conduct is at issue. Privacy Act disclosures can surface information that is strategically relevant to a company's own ATIA work, including the sequence of internal government decisions or the identity of a complainant.
Provincial FOI
Provincial regulators hold records that matter. Ontario's Freedom of Information and Protection of Privacy Act (FIPPA) covers the Ontario Ministry of Agriculture, Food and Rural Affairs. Québec's access-to-documents legislation covers MAPAQ. British Columbia's FIPPA covers the BC Centre for Disease Control. The mechanics are different (different exemptions, different timelines, different commissioners) and they are not covered on this page. We handle provincial FOI requests regularly.
Using ATIP as a Sword
Food companies use ATIA requests for competitive intelligence, enforcement preparation, and regulatory research. The records that food clients typically seek from CFIA, Health Canada, and CBSA include:
Enforcement files. Inspection reports, non-compliance records, corrective action correspondence, and the internal analysis leading to an enforcement decision. These records are critical when a company is facing, or anticipates, regulatory action and needs to understand the institution's evidentiary basis.
Competitor compliance history. Inspection frequency, violation records, and recall history for a competitor's establishment. Useful for understanding how an industry sector is being treated and whether the company's own treatment is consistent.
ERA risk profiles. The Establishment-based Risk Assessment model drives CFIA's inspection frequency allocation. Requesting ERA-related records reveals how the institution scores and categorizes the establishment. We obtained the ERA algorithm formula, the 17-pathogen DALY calculation, and the mitigation factor cap mechanism through this route. (The ERA is CFIA operational policy, not statute. We wrote about how the model works and where it breaks down.)
Policy and internal guidance. Unpublished CFIA operational procedures, decision frameworks, and compliance-and-enforcement policies that inform how the institution exercises discretion.
Import and border records. CBSA refusal data, import alert records, and border-hold documentation.
Not everything is released. The ATIA contains over 20 exemptions. The ones food clients encounter most are personal information (s. 19), third-party commercial information (s. 20; see below), advice and recommendations to the Minister (s. 21), and solicitor-client privilege (s. 23). Heavily redacted releases are common. The right of access is not a right to useful disclosure.
When the institution refuses access, the requester can complain to the Information Commissioner of Canada, who has broad investigative powers, including the power to examine records that the institution claims are privileged. The 2019 amendments gave the Commissioner the power to issue binding orders. If the complaint does not resolve the matter, the requester can apply to the Federal Court for a de novo review.
Piggybacking on Previously Released Requests
Before filing a formal ATIA request, check whether the records have already been released. The Government of Canada maintains a completed-requests portal at canada.ca/en/search/ati that allows anyone to search summaries of completed requests made to federal institutions after January 2020. When a request of interest is found, the portal includes an inline form to request a copy of the previously released records.
These informal requests are free. They are not subject to ATIA timelines or requirements. The records are provided as released; any redactions from the original release remain.
Piggybacking is often the first move on any new enforcement file. A competitor, journalist, or advocate may have already requested exactly the records the company needs. The same records can be obtained again at no cost and with faster turnaround than a formal ATIA request. For a company entering a new product category or considering an acquisition, a piggybacking search of the target establishment's CFIA file is a low-cost way to surface compliance history before committing resources to a formal request.
Using ATIP as a Shield
The other direction. A company receives a letter from CFIA, Health Canada, or CBSA informing it that someone has made an ATIA request for records that contain the company's information, and the institution is considering releasing them. This is a third-party notice under section 27 of the Access to Information Act.
The notice tells you that an unidentified requester wants records that may include your confidential commercial information: formulations, test results, compliance data, pricing, supply chain relationships, or proprietary processes. The institution is inclined to release them. You have 20 days to object.
The Section 20 Exemption
Section 20(1) of the ATIA is the mandatory exemption for third-party information. Unlike most ATIA exemptions, which are discretionary, section 20(1) requires the institution to refuse disclosure of records containing:
Trade secrets of a third party (s. 20(1)(a)).
Confidential commercial, financial, scientific, or technical information supplied by a third party and treated consistently in a confidential manner (s. 20(1)(b)). This is the most important paragraph for food companies and the most litigated.
Information whose disclosure could reasonably be expected to result in material financial loss or prejudice the competitive position of a third party (s. 20(1)(c)).
Information whose disclosure could reasonably be expected to interfere with contractual or other negotiations of a third party (s. 20(1)(d)).
The mandatory character of section 20(1) is now qualified. The 2019 amendments added a public interest override in section 20(6), which allows the institution to disclose despite the exemption if the public interest in disclosure outweighs the financial loss or competitive prejudice to the third party. The override is relatively new and its boundaries are not yet defined by the courts.
For section 20(1)(b), the Supreme Court of Canada set out the controlling test in Merck Frosst Canada Ltd v Canada (Health), 2012 SCC 3. The information must meet three requirements: it must be financial, commercial, scientific, or technical; it must be confidential and have been treated consistently in a confidential manner by the third party; and it must have been supplied to the institution by the third party. All three branches must be met. The "treated consistently as confidential" branch is the most frequently contested and the most vulnerable.
One practical consequence of piggybacking: once a record containing your information has been disclosed to a single requester, the information is effectively public. Anyone can obtain the same records through the informal route. This undermines the "treated consistently as confidential" branch of the Merck Frosst test for any future objection. The lesson: take the first section 27 notice seriously. A failure to object, or an unsuccessful objection, creates a permanent vulnerability.
A separate point worth knowing: the Supreme Court held in H.J. Heinz Co. of Canada Ltd v Canada (Attorney General), 2006 SCC 13 (a food-sector case) that a third party objecting under section 27 is not limited to the section 20 exemption. The third party may raise any exemption that applies to the record. A food company receiving a notice should consider all applicable exemptions, not just the commercial-information exemption.
Writing a Usable Objection
The objection must be in writing and must establish a factual foundation for each exemption claimed. A bare assertion that "this information is confidential" is insufficient. An effective objection identifies which specific information in the record falls under which paragraph; for section 20(1)(b), it demonstrates that the information was supplied by the company, qualifies as commercial or scientific or technical, and has been treated consistently as confidential, with evidence (confidentiality markings on the original submission, internal confidentiality policies, NDAs with counterparties, absence of prior disclosure). For section 20(1)(c), it identifies the specific competitive harm that disclosure would cause, with enough specificity that the institution can assess the claim.
The 20-day window is tight. Companies that receive a section 27 notice often do not appreciate how quickly they need to assemble evidence and frame the objection. The evidence of confidential treatment (the policies, the markings, the contractual provisions) needs to exist already. If it does not, the objection rests on assertion rather than evidence, and assertions lose.
When the Same Client Is on Both Sides
The sword-and-shield scenario arises more often than clients expect. A company receives a section 27 notice about a competitor's ATIA request. To frame its objection effectively, particularly to establish that its information has been "treated consistently as confidential," it needs to know whether the same or similar information has already been disclosed in a prior release. A piggybacking search reveals whether it has.
At the same time, the company may want to file its own ATIA request for the competitor's compliance records, the same category of records the competitor is seeking about the company. The two requests move in parallel: one offensive, one defensive. The information from each informs the other. A company that knows its own compliance history is public (because a journalist already requested and received it) approaches its shield-side objection differently than one that has maintained confidentiality throughout.
The practical takeaway is that ATIP work on both sides is frequently concurrent, not sequential. Counsel who handles only the objection without checking what is already public, or who files a request without considering how the resulting disclosure might affect a pending objection, is working with half the picture.
Primary Authorities
Access to Information Act (R.S.C. 1985, c. A-1) - the federal statute creating the right of access. Key provisions: s. 4 (right of access), s. 7 (30-day response), s. 9 (extensions), s. 11 (fees), s. 20 (third-party exemption), s. 20(6) (public interest override), s. 27 (third-party notice), s. 28 (representations), s. 41 (Federal Court review - requester), s. 44 (Federal Court review - third party). https://laws-lois.justice.gc.ca/eng/acts/a-1/
Privacy Act (R.S.C. 1985, c. P-21) - governs access by individuals to their own personal information held by government institutions. Relevant when individuals involved in food-regulatory matters (officers, employees, complainants) seek their own records. https://laws-lois.justice.gc.ca/eng/acts/P-21/
Canadian Food Inspection Agency Act (S.C. 1997, c. 6) - establishes CFIA. CFIA's institutional practices around third-party notice interact with its enforcement files. https://laws-lois.justice.gc.ca/eng/acts/C-16.5/
H.J. Heinz Co. of Canada Ltd v Canada (Attorney General), 2006 SCC 13 - a third party may raise any exemption under the ATIA, not just s. 20. https://www.canlii.org/en/ca/scc/doc/2006/2006scc13/2006scc13.html
Merck Frosst Canada Ltd v Canada (Health), 2012 SCC 3 - the three-branch test for s. 20(1)(b): the information must be commercial/financial/scientific/technical, confidential and treated consistently as such, and supplied by the third party. https://www.canlii.org/en/ca/scc/doc/2012/2012scc3/2012scc3.html
Government of Canada - Completed ATI Request Summaries - the portal for searching and piggybacking on previously released records. https://open.canada.ca/en/search/ati?_ga=2.69692565.406018153.1536604353-1818651053.1522773341
How We Help
GSJ&Co. handles ATIP work for food companies on both sides. On the sword side, we scope and draft ATIA requests, manage the process through extensions and redactions, file complaints with the Information Commissioner when necessary, and advise on how to use the results, whether for enforcement defence, regulatory due diligence, or competitive intelligence. On the shield side, we draft objections to disclosure under section 27, advise on the section 20 exemption framework and the Merck Frosst test, and if necessary, bring applications for Federal Court review under section 44.
ATIP work is often part of a broader engagement. A company facing CFIA enforcement action may need its own enforcement file to understand the Agency's position. A company involved in co-packing or contract manufacturing may need to protect formulation data from a competitor's request. A company conducting regulatory due diligence on an acquisition target may use ATIP to surface the target's compliance history before the deal closes.
If you have received a section 27 notice and need to respond within the 20-day window, or if you are considering an ATIA request and want to scope it properly, contact us at info@gsjameson.com or 647-638-3994.
Last updated: April 2026. This page is maintained by GSJ&Co. and updated when there are material changes to ATIP practice or the governing legislation.