Arbitrator upholds sniffer dog search grievance

25 Feb

On January 5th, Arbitrator Norman of Saskatchewan held that an employer breached its collective agreement by periodically deploying drug detection dogs to screen people entering its mine.

Arbitrator Norman held that the process intruded on a reasonable expectation of privacy based on evidence that the dogs would likely identify off-duty drug use. Though Arbitrator Norman characterized the search invited by a dog sniff as minimally intrusive (and less intrusive than the sampling of bodily substances), he nonetheless held that the employer’s safety-related process was unreasonable. He drew heavily from the Supreme Court of Canada’s Irving Pulp and Paper decision, stating:

The prior threshold stage in the justificatory argument limiting rights under the Charter sets the bar very high; calling for proof of a pressing and substantial objective demonstrably justifiable in a free and democratic society, for the challenged measure. Under ‘Charter values’ analysis, I take the threshold bar to have been set by Irving as “… evidence of enhanced safety risks, such as evidence of a general problem with substance abuse in the workplace.”

While many might agree with the outcome, this reasoning is questionable. The resolution of privacy issues call for a highly contextual balancing of interests. Irving speaks to a particular balance that relates to universal random drug and alcohol testing, a process Arbitrator Norman reasons is relatively intrusive; Irving establishes no “bar” to meet in implementing other safety measures in the workplace whether or not they are related to drug and alcohol use. Moreover, the reference above to the Oakes test is flawed; under a Charter analysis (if such analysis is necessary), the question of whether a search is an “unreasonable search” is distinct from the question of justification under section 1 and Oakes.

USW, Local 7552 and Agrium Vanscoy Potash Operations (5 January 2015, Norman).

IPC tweaks data security guidance from HO-013

30 Jan

Yesterday the Information & Privacy Commissioner/Ontario issued a paper called “Detecting and Deterring Unauthorized Access to Personal Health Information.” The paper adjusts and augments the detailed guidance on hospital data security the IPC provided in December when it issued HO-013.

In issuing HO-013 the IPC articulated numerous requirements in near checklist form. The IPC adds new requirements in Detecting and Deterring. Hospitals that are currently using HO-013 to conduct a gap analysis should now refer to Detecting and Deterring.

One exception to the augmentation is the IPC’s handing of “search controls” – controls that rest on limiting the search functionality of patient record systems. The IPC has backed off noticeably from HO-013 in Detecting and Deterring, which states:

With respect to search controls, it is important to note that open-ended search functionality may facilitate unauthorized access to personal health information in electronic information systems. For example, in the privacy breach involving the use and disclosure of personal health information for the purpose of selling or marketing RESPs, agents of the hospital were able to obtain lists of women who had recently given birth by performing open-ended searches of a patient index. To prevent this, custodians should ensure that the amount of personal health information that is displayed as a result of a search query is limited, while still enabling agents to carry out their employment, contractual or other duties. Open-ended searches for individuals should be prohibited by the search functionality and search capabilities of electronic information systems containing personal health information. Ideally, electronic information systems should be configured to ensure that search criteria return only one record of personal health information. If that is not feasible, then electronic information systems should be configured so that no more than five records of personal health information are displayed as a result of a search query.

The withdrawal makes sense. Search controls can put patient safety at risk, yet even rigid search controls are a questionable deterrent to intentional unauthorized access. Are bad actors really more likely to engage in unauthorized access because information is easy to find?

Hospitals should beware of the distinction between prescriptions that are recommendatory and prescriptions the IPC has the power to enforce. This is most important in considering the heavily-augmented breach response section of Deterring and Detecting. The IPC, for example, returns to an accountability-related idea it has pressed since making order HO-010 in 2010 by suggesting that hospitals should provide affected individuals with the name of “the agent that caused the privacy breach” in a breach notification letter. The IPC has the power to enforce breach response requirements that are derived from section 12 of PHIPA. A number of the prescriptions it makes on breach response (not necessarily the one I have identified above) have a tenuous connection to section 12 and can reasonably be viewed as recommendatory.

BC employee medical information case of note

4 Jan

On August 7th, British Columbia labour arbitrator Julie Nichols issued a decision that addressed the discharge of an employee who refused to consent to an independent medical examination.

The decision is notable for two reasons.

First, the facts are common. The employee went off and provided medical evidence from a family physician that indicated he needed to change jobs on account of an “acute stress/anxiety reaction.” After receiving three communications from the family physician that were not helpful, the employer sought an IME based on a discretion set out in the collective agreement. Arbitrator Nichols held the employer acted reasonably in the circumstances because it had grounds to question whether the employee had “medicalized” a workplace issue.

Second, the award deals with the scope of information available to an IME provider. Arbitrator Nichols held that non-medical parties (employers, unions, employees) are not in a good position to determine the information needed to conduct an IME and that a reasonable IME process contemplates the collection of some extraneous information by the IME provider. The form at issue permitted the IME physician “to review copies of all medical and/or employment records related to my condition that will assist” and limited this permission by date range. Arbitrator Nichols held the form was reasonable.

Metro Vancouver v Greater Vancouver Regional District Employees’ Union, 2014 CanLII 74955 (BC LA).

IPC notes an inconsistency in its treatment of OHIP billings as personal information

2 Jan

The IPC/Ontario issued an order on December 17th in which it noted an inconsistency in its treatment of OHIP billing information as personal information. It said:

As the parties have noted, a number of IPC orders have considered the issue of whether OHIP billings reveal personal information of doctors.  In these orders, this office has concluded that OHIP billings that can be connected with specific doctors are their personal information.  For example, in Order P-1502, the Commissioner found that payment to a physician for services rendered in connection with the prescription of home oxygen services was a “financial transaction” within the meaning of section 2(1)(b) of the Act, and therefore qualified as personal information.  I followed this above approach in Order PO-3200.

Interestingly, the above approach can be contrasted with the treatment of other professionals whose billing information has been ordered disclosed under the Act.  In Order PO-3207, I found that information about legal fees paid to a lawyer by a hospital was not exempt from disclosure under the personal privacy exemption, as it was not personal information.  In Orders MO-2363 and MO-2927, among others, this office found that the details of fee arrangements between government institutions and professional consultants did not qualify as the personal information of the consultants.

Though making this note, it was unnecessary for the IPC to resolve the inconsistency or depart from its prior decisions to make the order. The information at issue related to payments made to group practice. The IPC held that, in the circumstances, the information did not reveal anything about an individual physician.

Ministry of Health and Long-Term Care (Re), 2014 CanLII 77316 (ON IPC).

Arbitrator awards privacy damages for implying an employee suffered from mental distress

31 Dec

On December 4th, Arbitrator Andrew Sims ordered the Edmonton Police Service to pay a grievor $5,000 in damages for breach of privacy.

The case arises out of the Service’s handling of an intense interpersonal conflict between the grievor, a police detective, and his staff sergeant. The conflict led to a formal review in which the reviewing investigator recommended the grievor’s transfer to a new unit due to interpersonal problems, the responsibility for which was borne by the grievor and others. Before the Service addressed the recommendation, however, the grievor and his staff sergeant had an altercation.

The altercation invited an immediate decision to pursue the recommended transfer. Although the formal review had raised no concerns about the grievor’s mental health, when superintendent met with the grievor to advise him of the transfer she became concerned about his mental health on account of his reaction.

The superintendent raised the need for a psychological assessment, which the grievor undertook grudgingly but voluntarily. While this assessment was pending the superintendent met with the department and implied that the grievor was mentally unwell, in essence conveying the same opinion that was the basis for the pending assessment. In the end, a psychologist determined the grievor was “psychologically intact and functional.”

Based on the following analysis, Arbitrator Sims ordered the Service to pay $5,000 in damages:

Had the Employer described to a work group a physician’s diagnosis of a co-worker, that it had obtained in its role as employer, disclosure would clearly be a breach of the employee’s right to privacy of their personal medical information.  To anticipate a diagnosis, based only on personal observations, however genuine the concerns,and to discuss that in public, is just as serious a breach of privacy.  Arrangements were underway to get the grievor assessed.  Implying anything as to his state of health pending that assessment was inappropriate and unnecessary. The decision was made to transfer the grievor based on the problems he was having with his Staff Sergeant and the Unit Review.  This was decided before the health concerns arose from the interview.  Given that, there was really no need to go into whether the grievor had health issues at all. The emphasis on the grievors “H.R. issues” had the effect of adding undue emphasis to the suggestion that the broader issues in the unit, which were serious in themselves, were due to the grievor’s health issues.  That too was unjustified given the more balanced assessment in the unit review itself.  The grievor’s reputation amongst his peers, his need and ability to interact with them in future, and his sense of employment security were all impacted by the excessive commentary during this meeting.  While I accept that the comments were made out of genuine (although to a significant degree unfounded) concern, they amounted to a breach of privacy and caused harm to the grievor’s privacy interests. Police officers are particularly dependent upon their reputation amongst their peers.  Any suggestion of mental problems or unreliability can seriously hurt their working relationships and their careers.  I find these breaches of privacy sufficiently serious to justify financial compensation which, based on a review of the authorities discussed above, I award at $5,000.

Edmonton Police Service v Edmonton Police Association, 2014 CanLII 73072 (AB GAA).

A broader implication of the SCC’s decision in Fearon

25 Dec

The Supreme Court of Canada issued R v Fearon on December 11th. A 4-3 majority held that the police can search a cell phone incident to arrest without a warrant but subject to various limitations prescribed by the Court. One always must be careful in drawing too much from the Court’s handling of a specific issue in a specific context, but the dialogue between the majority and minority about the mitigating effect of a computer inspection protocol is notable for organizations.

The majority allows warrantless searches, in part, based on a finding that the privacy impact of a cell phone search incident to arrest can be meaningfully mitigated by the application of a “tailored” inspection. Justice Cromwell explains:

First, the scope of the search must be tailored to the purpose for which it may lawfully be conducted. In other words, it is not enough that a cell phone search in general terms is truly incidental to the arrest.  Both the nature and the extent of the search performed on the cell phone must be truly incidental to the particular arrest for the particular offence. In practice, this will mean that, generally, even when a cell phone search is permitted because it is truly incidental to the arrest, only recently sent or drafted emails, texts, photos and the call log may be examined as in most cases only those sorts of items will have the necessary link to the purposes for which prompt examination of the device is permitted. But these are not rules, and other searches may in some circumstances be justified. The test is whether the nature and extent of the search are tailored to the purpose for which the search may lawfully be conducted. To paraphrase Caslake, the police must be able to explain, within the permitted purposes, what they searched and why: see para. 25.

This approach responds to the privacy concerns posed by the virtually infinite storage capacity of cell phones by, in general, excluding resort to that capacity in a search incident to arrest.  It would also provide these protections while preserving the ability of the police to have resort to basic cell phone data where this serves the purposes for which searches incident to arrest are permitted.

Given the Crown bears the onus of establishing a reasonable search incident to arrest, the majority makes clear that police must take “detailed notes” of their inspection process.

For the minority, the privacy interest in a cell phone is too great to permit any warantless intrusion. Justice Karakatsanis also calls the majority’s reliance on the mitigating effect of a tailored inspection protocol “complicated,” “impractical” and inviting of “after-the-fact litigation.”

Organizations have been reckoning with an expectation of privacy on workplace computers since the Supreme Court of Canada’s 2012 finding in R v Cole. I’ve argued elsewhere that, notwithstanding Cole, the standard for employer searches will likely remain reasonably permissive. The reasoning in Fearon can be used by employers to argue for a permissive search standard. Employers should be careful, however, to (1) document the purpose of their inspections and (2) follow a logical, documented inspection process. Justice Karakatsanis is correct; litigation about the manner in which a computer inspection has been conducted is too easy to foresee.

 R v Fearon, 2014 SCC 77 (CanLII).

 

FOI matter moot because the stated reasons for a request spent

20 Dec

On December 15, the Alberta Court of Appeal held that an FOI matter was moot, in part, because the stated reasons for a request were spent. It said:

Second, the dispute about whether certain records can remain private is of no further consequence or practical utility. The ATA wanted SBEBA’s records for reasons that are, now, purely academic. There is no longer any need for the ATA “to gain a full understanding of the operation of SBEBA with its member school boards”; there is no longer any risk of the ATA not “following correct procedures related to the SBEBA” or “interfering with or being seen to interfere with the SBEBA”. Further, the collective agreement entered into between the ATA and Buffalo Trail has long since expired, such that there is no longer any need “to act fully on” it. SBEBA was not revived for the most recent collective bargaining process and will not be the bargaining agent for, or otherwise negotiate on behalf of, Buffalo Trail in any future such process or dispute.

The Court also held that the OIPC lacked standing to pursue an appeal because the issue under appeal did not go to its jurisdiction.

This is another example of the very tough go the OIPC has had in the Alberta courts.

Alberta Teachers’ Association v Information and Privacy Commissioner, 2014 ABCA 432 (CanLII).

Follow

Get every new post delivered to your Inbox.

Join 1,524 other followers