Federal Court says open courts principle overrides Privacy Act

29 Aug

On June 5th the Federal Court of Appeal held that material filed in a Canadian Transportation Agency dispute resolution proceeding is accessible to the public notwithstanding the prohibition on disclosing personal information in the federal Privacy Act.

The CTA exercises, in part, a quasi-judicial dispute resolution function. In excercising this function the CTA passed rules requiring that materials filed in a proceeding be placed on the public record unless subject to a confidentiality order. The applicant argued that records filed and not subject to a confidentiality order are “publicly available” and therefore exempt from a prohibition on disclosure arising under sections seven and eight of the Privacy Act. The Office of the Privacy Commissioner of Canada, an intervener, argued that information is not publicly available unless it is “obtainable from another source or available in the public domain for ongoing use by the public.”

The Court agreed with the applicant. It said:

From the time of their placement on the Public Record, such documents are held by the Agency acting as a quasi-judicial, or court-like body, and from that time they become subject to the full application of open court principle. It follows, in my view, that, once on the Public Record, such documents necessarily become Publicly Available.

Lukács v. Canada (Transport, Infrastructure and Communities), 2015 FCA 140 (CanLII).

BCCA says arbitrators have discretion to identify grievors despite PIPA

15 Aug

On August 12th the Court of Appeal for British Columbia held that British Columbia labour arbitrators are bound by British Columbia’s provincial private sector privacy legislation but do not need consent to collect, use or disclose grievor and witness personal information.

This was an appeal of a decision by Arbitrator Lanyon issued in October 2013. Mr. Lanyon dismissed a union claim that the Personal Information Protection Act prevents arbitrators from disclosing personal information of individuals in a final decision without their consent. Mr. Lanyon made his decision on multiple bases, perhaps because the union had put him on notice that it would appeal any unfavourable decision!

The Court of Appeal’s decision is much more simple. It held that PIPA applies to labour arbitrators when the term “organization” is read purposely. It then held that disclosure without consent is “required or authorized by law” based on a provision in the Labour Relations Code that requires arbitrators to file a copy of their awards for publication. Although this provision does not specifically require the filing of an award that includes personal information, the Court said:

It is difficult to see how a decision-maker, who is obliged to provide reasons that are subject to various levels of review, could possibly avoid disclosing personal information, as required by PIPA. The suggestion of the Union of using initials would not, in many cases, comply with the requirements of PIPA.

Arbitrators, the Court noted, have a discretion to use initials of parties or witness to protect privacy interests or “however they see fit.”

This is a matter in which the outcome reached by Mr. Lanyon and the Court of Appeal is very sensible and supportable on a policy-based analysis. One may question, however, whether the Court of Appeal’s simplistic basis for determining the matter is open to attack.

United Food & Commercial Workers Union, Local 1518 v Sunrise Poultry Processors Ltd, 2015 BCCA 354 (CanLII).

Arbitrator issues helpful video surveillance award

20 Jul

Arbitrator Paula Knopf’s May 19th video surveillance decision is helpful to management on two points. 

First, she validates the management need to investigate wrongdoing rather than immediately confront a suspected wrongdoer: “if the suspected employees had been confronted with the Employer’s suspicions in late April or May as the Union suggested, while that might have had an immediate, albeit temporary, deterrent effect, that would have prevented any real hope of discovering the true extent of the problem.”

Second, Arbitrator Knopf analyzed whether inadmissibility was an appropriate remedy for the employer’s breach (rather than ruling the evidence to be inadmissible as an automatic consequence of the breach).

Ottawa-carleton District School Board v Ontario Secondary School Teachers’ Federation, District 25, 2015 CanLII 27389 (ON LA).

Arbitrator demands more of employer in excluding e-mail evidence obtained from work system

18 Jul

On May 16th, Arbitrator Allen Ponak ruled that e-mails an employer collected from its IT system were inadmissible in a discharge case because the employer collected the e-mails in breach of the grievor’s privacy.

The employer (a public sector union) discharged the grievor for being a known associate of a motorcycle club and denying the association when confronted. The employer proceeded with the discharge after finding incuplatory e-mails between the grievor and his wife. It retrieved these e-mails after receiving an e-mail from the Ministry of Justice indicating that it had received a “letter of concern” about the grievor from a local police force. It did so without following up with the Ministry of Justice.

Arbitrator  Ponak dismissed the employer’s “no expectation of privacy” argument based on the Supreme Court of Canada reasoning in R v Cole. He held that the intrusion associated with the employer’s search was “heightened” given it was examining e-mails between the grievor and his wife and said:

I am satisfied while the need for an investigation of the Grievor was justified, the search of emails to and from his spouse was not reasonable at the time it was carried out. Relying only on second or third hand information about the Grievor, the Employer’s first and immediate response was to scrutinize his personal emails. There was no evidence that alternatives to this invasive search were considered, possibly because the Employer believed that it owned the email system and no barrier existed to such scrutiny. It was also relatively simple to carry out.

I accept the Doman principle that it is unreasonable to conduct a highly intrusive search before other less intrusive alternatives are considered. For example, the Employer did not contact the Grievor for an explanation after receiving new information on January 15 about his exclusion from corrections facilities and about a police investigation that seemingly implicated the Grievor. The Employer did not seek more details from the Ministry of Justice or the police regarding the allegations. Other LRO’s who might have relevant information were not canvassed. Any concerns about possible permanent deletion of emails and files (I hasten to add there was no evidence to suggest such a concern) could have been handled by putting a temporary freeze on the Grievor’s account. If these and other investigation avenues had proved unsatisfactory, then perhaps the legitimate interests of the Employer in obtaining more information would have trumped the Grievor’s right to privacy, justifying, with safeguards, a search of personal emails. Instead, the Employer went immediately to the Grievor’s email, discovered multiple and obviously personal emails with photo attachments from the Grievor’s wife in a file of deleted emails, and examined the photos. It is difficult to imagine a more intrusive invasion of personal privacy.

This is the first case I’m aware of in which a labour arbitrator has excluded evidence because an employer breached an employee’s privacy in searching its own IT system. It is, however, more illustrative than it is significant because of the facts outlined in the two paragraphs above. After R v Cole employers simply cannot continue to act as if employees have no expectation of privacy in information stored on a work system. Rather, they must conduct investigations in a manner that demonstrates respect for the an existent, albeit limited, employee privacy interest.

Saskatchewan Government and General Employees Union v Unifor Local 481, 2015 CanLII 28482 (SK LA).

With CASL, a little due diligence goes a long way

3 Jul

Everyone’s talking about Porter Airlines’ recent agreement to pay a $150,000 penalty for various CASL violations. Porter is a sophisticated marketer yet slipped up, so other organizations are now wondering what whether they are similarly exposed. (Perhaps this was the CRTC’s enforcement aim.)

CASL is a regulatory instrument that includes a due diligence defence. In other words, organizations can violate the act without liability if they have taken all reasonable steps to avoid the violation.

Due diligence is about using good, systematic processes to avoid bad things. Here’s a simple process for due diligence that me and my colleagues have employed and continue to employ with our clients:

  • Define your operational units and prioritize them in accordance with risk
  • If you can’t do them all, select key units for review
  • Identify a key individual for each unit, someone with the best knowledge of messaging practices
  • Ask the key individual to complete (in writing) a list-centric survey – a survey that aims to gather some basic information about all formal and informal address lists (It’s easier to identify lists than activities.)
  • Review the survey response and applicable website or sites and follow-up in writing with questions that help close major gaps
  • Have a telephone call to confirm understanding and discuss potential compliance issues
  • Draft a compliance memo – a point-form document that identifies the steps taken in the compliance review, the activities of concern and the compliance advice
  • Conduct any follow-up information gathering in response to the memo
  • Send the memo the the key individual for feedback on completeness
  • Finalize the memo

This is a not a difficult or costly process for review and remediation, though you should also budget for (a) some project management costs for a multi-unit review and (b) some multi-unit training, which is normally an appropriate follow-up to the review and remediation process.

If the Porter agreement is causing you worries, following a process like this is well worth it.

 

BCCA affirms order requiring Google to render domains unsearchable

14 Jun

Last Thursday, the Court of Appeal for British Columbia issued an important decision about the power of a domestic court to make orders against non-party, internet “intermediaries” – in this case, search engine provider Google.

The matter involved an order made to help a network hardware manufacturer enforce its intellectual property rights against a former distributor who had gone rogue. After the plaintiff sued the former distributor, it went underground – essentially running a “clandestine” effort to pass off its own products as the plaintiff’s products. This scheme relied on the internet and, to a degree, Google’s market-dominant search engine.

Google voluntarily took steps so searches conducted at the Google.ca search page would not return specific web pages published by the defendants. The plaintiffs sought and obtained an order to block entire domains and to block searches originating from all jurisdictions. Google appealed, making a number of broad arguments about the impact of the order (and its kind) on comity principle of private international law as well as international (internet-based) freedom of expression.

The Court of Appeal dismissed Google’s appeal, demonstrating significant sympathy for the perils facing the British Columbia plaintiff. And while the Court was sensitive to the principles raised by Google (along with the Canadian Civil Liberties Association and the Electronic Frontier Foundation as interveners), it held that the principles were not engaged in the matter:

… Courts should be very cautious in making orders that might place limits on expression in another country. Where there is a realistic possibility that an order with extraterritorial effect may offend another state’s core values, the order should not be made.

In the case before us, there is no realistic assertion that the judge’s order will offend the sensibilities of any other nation. It has not been suggested that the order prohibiting the defendants from advertising wares that violate the intellectual property rights of the plaintiffs offends the core values of any nation. The order made against Google is a very limited ancillary order designed to ensure that the plaintiffs’ core rights are respected.

This reasoning by the Court of Appeal relates back to a significant admission by Google – an admission recorded by the chambers judge as follows: “Google acknowledges that most countries will likely recognize intellectual property rights and view the selling of pirated products as a legal wrong.”

The Court of Appeal decision is therefore relatively balanced. In general, it will help those seeking civil remedies deal with global internet intermediaries such as Google. However, global search engine “takedown orders” of the kind issued in this case will not necessarily be easy to obtain and enforce.

Equustek Solutions Inc. v. Google Inc., 2015 BCCA 265 (CanLII).

Ontario decision suggests corporation can sue for breach of privacy

23 May

On February 19th, the Ontario Superior Court of Justice declined to strike a pleading that alleged a company unlawfully interfered with a competitor’s economic relations by receiving confidential information about a client (BC Cancer) that was sought after by both organizations. The Court held that the pleading was sustainable because BC Cancer had an arguable claim against the recipient organization based on the “intrusion upon seclusion” tort, suggesting that the tort is available to natural persons and corporations. As stressed by the Court, on a motion to strike a court errs on the side of permitting a novel but arguable claim to proceed to trial.

Fundraising Initiatives v Globalfaces Direct, 2015 ONSC 1334 (CanLII).

Follow

Get every new post delivered to your Inbox.

Join 1,577 other followers