Executive Summary: Key Legal and Evidentiary Issues

• Central issue was whether Immigration, Refugees and Citizenship Canada (IRCC) still had any records relating to a “Z file” (Z011837640) allegedly tied to an asylum claim made in Kiev in 2009, and whether those records were improperly withheld from the applicant under the Privacy Act.

• The court held that the applicant bore the burden to prove, on a balance of probabilities, that the requested records existed at the time of her 2023 access request and were in IRCC’s possession, and found she offered only suspicions and inferences rather than admissible supporting evidence.

• IRCC’s evidence showed that the “Z file” was a temporary “non-computer-based” entry linked to an internal “Watch For” notice, subject to short retention and automatically purged by 2014, and that reasonable searches using the applicant’s own identifiers (name, UCI, and Z-file number) did not locate any existing records of a refugee claim or a five-year ban.

• The court confirmed that in an application under section 41 of the Privacy Act, the only meaningful remedy is an order for further disclosure; broader relief such as declarations of wrongdoing, record “reconstruction” or rewriting immigration files lies outside the court’s jurisdiction in this type of proceeding.

• Several documents relied on by the applicant were ruled inadmissible because they were not proven by affidavit, and even if considered, they did not establish that the Z file should still have existed under IRCC’s retention policies at the time of the 2023 request.

• Given the applicant’s pattern of abusive, accusatory and disrespectful conduct toward IRCC staff, opposing counsel, and the court, the application was dismissed and substantial costs of $9,000 were awarded in favour of the Attorney General of Canada.

Facts and outcome of the case

Parties and nature of the dispute
The case involved an application by Oksana Nevostruyeva against the Attorney General of Canada, arising from an access to personal information request submitted to Immigration, Refugees and Citizenship Canada (IRCC) under subsection 12(1) of the Privacy Act. The applicant believed IRCC had created and maintained a “Z file” bearing number Z011837640 in relation to an asylum claim she says she made at the Canadian embassy in Kiev in 2009, and that IRCC had withheld information connected to this file when answering her 2023 access request. IRCC maintained that no such records existed any longer and that, after a reasonable search, it had disclosed all information still in its systems.

Background to the access request and complaints
In October 2023, the applicant filed an access to information and privacy (ATIP) request seeking the electronic notes of immigration or citizenship officers for an IRCC refugee claim file concerning her, referring specifically to FOSS notes showing file number Z011837640 and indicating she wanted the reasons for its appearance and the document itself. IRCC requested clarifying details and was told the asylum claim had allegedly been made on May 12, 2009, in Kiev. After searching its systems, IRCC advised internally that it could not find the Z file and instead released all FOSS entries linked to the unique client identifier the applicant had provided. In November 2023, IRCC sent a six-page release package of FOSS entries, with some redactions under sections 22(1)(b) and 26 of the Privacy Act relating to law enforcement information and third-party personal information, and advised her of her right to complain to the Privacy Commissioner. The applicant then lodged two complaints with the Commissioner. The first, a delay complaint, was closed at early resolution. The second alleged that IRCC had failed to disclose information she sought about the Z file and had misapplied exemptions. The Commissioner obtained details from IRCC about its searches, the meaning and handling of “Z” files and “Watch For” notices, and IRCC’s retention practices, and ultimately found that IRCC had properly applied exemptions and that no documents existed relating to the alleged refugee claim, dismissing the complaint as not well-founded.

Evidence about the Z file and document retention
Before the court, the applicant relied primarily on a 2010 ATIP response from IRCC which mentioned Z011837640 and showed it as an “NCB” (non-computer-based) entry with a “valid until” date of May 12, 2014. She asserted this proved the Z file’s existence and argued that because IRCC had produced notes about earlier applications in 2023, it must also have retained the Z file or documents created from it. She further claimed that certain remarks in the 2023 disclosure came directly from the Z file, though she did not identify them specifically and had redacted the comparable remark in her 2010 exhibit, preventing any verification. IRCC, through an affidavit from a team leader in its ATIP office and contemporaneous correspondence with the Commissioner, explained that “NCB” denoted a temporary non-computer-based entry created where there was not enough information to complete a formal report or immigration document, automatically purged upon expiry. The “valid until” date on the Z file was described as the purge date, not an expiry of a ban. IRCC also explained that the “Z” prefix historically marked “Watch For” notices requiring staff to give a file special attention because of some concern, that the Watch For system ended in 2011 with no new naming convention, and that historic guidelines (from 2011–2013) showed even contentious public-safety-related information was generally destroyed within two to five years of the last administrative action. A thorough search of GCMS and FOSS using the applicant’s name, unique client identifier, and the Z-number did not locate any refugee claim or a five-year ban, only two study-permit applications (approved) and two permanent residence applications (one withdrawn, one refused).

Limits of the court’s jurisdiction and evidentiary rulings
The court emphasized that an application under section 41 of the Privacy Act is not a judicial review of the Privacy Commissioner’s report, but a de novo assessment of whether the federal institution properly responded to the access request. The onus was on the applicant to provide admissible evidence, not suspicions or theories, that the requested records existed at the time of her 2023 request and were being withheld. The court noted that key pieces of the applicant’s record were not supported by affidavit, including hundreds of pages she said were from earlier ATIP responses and online materials about IRCC’s personal information banks and retention policies. These were treated as inadmissible and, in any event, did not directly address the specific category of “non-computer-based” Z entries or show that such a file had to be retained until 2023. The court also stressed that, under section 48 of the Privacy Act, its practical remedial power in this type of proceeding is to order further disclosure if records exist and have been improperly withheld; it cannot order IRCC to reconstruct or rewrite its databases, declare criminal or intentional wrongdoing in records management, or comprehensively revise the applicant’s immigration files based solely on her own narrative.

Findings on existence of records and IRCC’s conduct
After weighing the evidence, the court found that the only proven fact was that a Z file entry existed in or around 2010 and was an “NCB” Watch For-type note with a validity date in 2014. There was no admissible evidence that the Z file still existed when the 2023 ATIP request was made, nor that any derivative records tied uniquely to that entry remained undisclosed in IRCC’s systems. By contrast, IRCC had described its searches and retention practices in detail, explained the short-term nature of such entries, and demonstrated that it had disclosed all remaining FOSS notes linked to the applicant’s identifier. The court concluded that the applicant had not shown, on a balance of probabilities, that IRCC possessed any additional responsive records, nor that it had failed to conduct a reasonable search or had acted in bad faith or as part of a cover-up. As a result, the application to compel further disclosure under the Privacy Act was dismissed, and the Attorney General of Canada was recognized as the successful party.

Conduct of the litigation and costs award
In an extended obiter discussion, the court reviewed the applicant’s pattern of disrespectful, accusatory and abusive communications toward IRCC personnel, opposing counsel and the court itself, both in this proceeding and in earlier Federal Court files. The court noted prior warnings about her conduct, examples of scandalous language and baseless allegations of criminal misconduct and terrorism, and a December 2025 direction restricting further communications in this case to the issue of costs because her behaviour was considered an abuse of the court system. Taking into account the objectives of costs—compensation, encouraging reasonable conduct, and deterring abuse—the court found that an enhanced award was justified. The Attorney General of Canada sought just under $9,000 in fees and disbursements; using its discretion to set a lump-sum figure, the court ordered the applicant to pay costs in the amount of $9,000 in favour of the Attorney General of Canada.