Key Takeaways
- The ArriveCan app grew from an $80 000 prototype to nearly $59.5 million in costs, sparking intense public and parliamentary scrutiny.
- Minh Doan, former CBSA VP and CIO, was accused of deliberately destroying records tied to an access‑to‑information request about the GCStrategies contractor.
- Information Commissioner Caroline Maynard found that the alleged loss stemmed from an unintentional corruption of an Outlook file during a laptop migration, not from willful deletion.
- Doan made reasonable efforts to recover the corrupted data, and the commissioner concluded no offence under the Access to Information Act was committed.
- Separate from the Outlook issue, the CBSA’s 2023 deletion of its Slack workspace erased potentially relevant ArriveCan discussions, highlighting broader record‑keeping gaps.
- Parliamentary testimony featured accusations of lying and threats, which Doan denied; counsel for the complainant warned the report leaves many questions unanswered.
- The case underscores the need for stronger federal data‑retention policies, proper archival of collaboration tools, and routine oversight of large‑scale IT projects.
Background on the ArriveCan app and its cost escalation
The ArriveCan application was launched by the federal government as a COVID‑19 declaration tool for international travellers, allowing users to self‑screen for symptoms and submit travel information electronically. Initially developed at a modest cost of roughly $80,000, the app’s scope expanded through numerous software updates and feature additions, driving expenditures upward. An Auditor‑General report released earlier this year revealed that total spending on ArriveCan had ballooned to nearly $59.5 million, prompting widespread criticism, multiple watchdog reviews, and heightened scrutiny of federal procurement practices. The dramatic cost increase turned ArriveCan into a focal point of debate over government efficiency and accountability during the pandemic.
Origin of the allegations against Minh Doan
The controversy surrounding Minh Doan began with an internal complaint filed to the Canada Border Services Agency’s professional integrity unit in early 2024. The complainant, an unidentified IT worker at CBSA, alleged that Doan deliberately manipulated records during a file‑transfer process, resulting in the destruction of documents pertinent to an access‑to‑information request concerning the agency’s dealings with GCStrategies, one of the ArriveCan contractors. The complaint further claimed that Doan had moved emails to hide evidence and had threatened a subordinate. These accusations set off a chain of events that culminated in parliamentary hearings and a formal investigation by the Information Commissioner.
Information Commissioner Caroline Maynard’s investigation scope
Information Commissioner Caroline Maynard launched her investigation in February 2024 after receiving the CBSA complaint. Her inquiry focused narrowly on whether Minh Doan had willfully destroyed records related to the ArriveCan project, particularly those that might have been relevant to pending access‑to‑information requests. The commissioner examined email archives, file‑transfer logs, and interviewed IT staff to reconstruct the circumstances surrounding the alleged loss of data. Throughout the process, she emphasized that her mandate was to determine whether any offence under the Access to Information Act had been committed, rather than to assess the broader management of the ArriveCan contract.
Findings on the corrupted Outlook file
The commissioner’s report concluded that the records in question were not intentionally destroyed but were lost due to an unintentional corruption of a Microsoft Outlook file. During a routine migration of data from Doan’s aging laptop—whose battery was failing—to a new computer, the Outlook file became damaged and could no longer be opened. Ms. Maynard noted that Doan repeatedly sought assistance from the CBSA IT division in an attempt to recover the missing information. Ultimately, all records within the corrupted file that were relevant to the access request were located and restored, leading her to state that Doan had made reasonable efforts to salvage the data and that no offence had been committed.
Parliamentary testimony and the heated exchange
The allegations against Doan resurfaced dramatically during a 2024 meeting of the House of Commons Standing Committee on Government Operations and Estimates. Cameron MacDonald, one of Doan’s former subordinates, testified that Doan had lied to parliamentarians when he claimed he had not personally selected GCStrategies for the ArriveCan contract. MacDonald also asserted that Doan had threatened to tell the committee that the decision to award the contract to GCStrategies had been MacDonald’s own. In response, Doan denied both the accusation of deliberate file manipulation and the claim of issuing threats, insisting that the statements were allegations without factual basis. The exchange highlighted the partisan tensions surrounding the ArriveCan affair.
Responses from Minh Doan and counsel for the complainant
Following the release of the Information Commissioner’s report, Minh Doan declined to comment directly to The Globe and Mail, referring inquiries to his office. Chris Spiteri, lawyer for Cameron MacDonald, issued a statement characterizing the commissioner’s findings as addressing only a “narrow access‑to‑information issue” concerning a single corrupted file. Spiteri cautioned that the report did not settle whether any emails were deleted, whether records were lost, whether the missing material was irrelevant, or whether MacDonald’s testimony was inaccurate. He argued that important questions remain about CBSA’s overall record‑keeping practices, the completeness of the ArriveCan record, and the broader implications for government transparency.
Additional record‑keeping losses identified: Slack workspace deletion
While investigating the corrupted Outlook file, Commissioner Maynard uncovered a separate loss of ArriveCan‑related information stemming from the CBSA’s decision to delete its Slack workspace in 2023. Slack, a digital collaboration platform comparable to Microsoft Teams, had been used extensively by CBSA staff, vendors, and contractors for discussions about the development, testing, and maintenance of the ArriveCan app between April 2020 and May 2023. The commissioner determined that the conversations housed in Slack could have fallen within the scope of several access‑to‑information requests received by the agency. Consequently, the deletion of the workspace represents another avenue through which potentially relevant records may have been irretrievably lost, independent of any actions by Minh Doan.
Implications for government accountability and oversight
The combined findings of the Information Commissioner’s report underscore ongoing challenges in federal record‑management, especially during rapid‑response initiatives like ArriveCan. Although Doan was cleared of willful destruction, the episode highlights the vulnerability of digital records to accidental corruption, inadequate backup procedures, and the premature decommissioning of collaboration tools without proper archival safeguards. Watchdog agencies and parliamentary committees have called for stronger policies governing data retention, mandatory exit‑interviews for departing officials, and routine audits of electronic communications to prevent similar lapses. The ArriveCan scandal continues to fuel demands for greater transparency and stricter oversight of large‑scale government IT projects.
Conclusion and outlook
Minh Doan presently serves as the Chief Technology Officer for the Treasury Board of Canada Secretariat, a position that places him at the forefront of federal digital strategy. While the Information Commissioner’s investigation cleared him of criminal wrongdoing regarding the corrupted Outlook file, the broader controversies surrounding ArriveCan—its escalating costs, alleged procurement irregularities, and lost communications—remain unresolved. Ongoing scrutiny from the Auditor General, parliamentary committees, and watchdog organizations suggests that the ArriveCan affair will continue to serve as a case study in the complexities of managing high‑visibility, emergency‑driven government technology programs. Ensuring robust record‑keeping and accountability measures will be essential to restore public confidence in future initiatives.