On April 2nd, the Court of Appeal of Alberta held that the Alberta Freedom of Information and protection of Privacy Act does not give the Alberta OIPC the power to compel the production of records over which a public body has asserted solicitor-client privilege.
The Court considered the power granted by the following provision:
Despite any other enactment or any privilege of the law of evidence, a public body must produce to the Commissioner within 10 days any record or a copy of any record required under subsection … (2).
It held that this language was not clear, unequivocal and ambiguous enough to overcome the presumption against abrogation of solicitor-client privilege. The ratio, at paragraph 48, is very clear and simple: “This [authorization of infringement] requires specific reference to solicitor-client privilege.”
Also of significance, the Court held that the chambers judge (below) erred by construing provision according to “modern approach,” which it said cannot be reconciled with the rule of strict construction established by the Supreme Court of Canada in Blood Tribe. The Court allowed the appeal and ordered the OIPC to pay the institution’s costs.
University of Calgary v JR, 2015 ABCA 118.
The Information and Privacy Commissioner/Ontario issued a notable investigation report on March 20th. It held that the City of Vaughan did not breach the Municipal Freedom of Information and Protection of Privacy Act by publishing personal information from a minor variance application on the internet.
The information in a minor variance application is required by statute to be accessible to the public, but by statutory language that speaks to “making available” and allowing for “inspection.” The complainant did not take issue with access to her information, but did not want her information published on the internet. The IPC essentially held that disclosure was authorized, and also that disclosure by internet publication was just another disclosure. Its key text is as follows (with my emphasis):
A concern raised in Gombu was that disclosing records in an electronic format was detrimental
to privacy because it removed the de facto privacy protection created by the relative obscurity of
paper records. As noted by the Court, circumstances have changed such that records are expected
to be provided in electronic format. Part of this is the ease of use for individuals wishing to
access records and databases which in turn increase transparency. Indeed, in Gombu this was the
complainant’s stated purpose for requesting an electronic copy of the database.
In confirming that the records could be disclosed in bulk electronic format, the Court noted that
this would make them more easily accessible with minimal further intrusion upon personal
information contained within given that they were already subject to disclosure.
In the circumstance of this complaint, sections 1.0.1. and 44(10) of the Planning Act and 253 of
the Municipal Act, taken together, specifically override the privacy interest of individuals
engaging the minor variance process and, as in Gombu, mandate the disclosure of personal
information in association with that process. I conclude that the City’s decision to disclose the
complainant’s personal information in electronic format is in compliance with the Act.
In response to the argument that this information should not be disclosed via the Internet, in the
circumstances of this complaint I cannot identify any basis that would prohibit information
otherwise subject to the section 32 exceptions from being disclosed via the Internet. I note that
Committees of Adjustment are required to demonstrate accountability via a transparent process
that permits individuals to participate, scrutinize and to hold institutions such as the City
accountable. As such, making these records available online facilitates this goal in a manner
consistent with the Act.
The IPC praised the City for administering a public record redaction procedure that allows individuals to request redaction. It also said the City should explore the use of web search exclusion technologies so that personal information it publishes on the internet is not readily searchable. This seems like a recommendation about best practices rather than one that is rooted in the statute.
Privacy Complaint Report MC13-67
Today, the Office of the Information and Privacy Commissioner for British Columbia held that the District of Saanich breached the British Columbia Freedom of Information and Protection of Privacy Act by installing endpoint monitoring software on employee workstations.
The District’s plan was not well conceived – apparently arising out of a plan to shore up IT security because the District’s new mayor was “experienced in the area of IT.”
The District installed a product called Spector 360 – a product billed as a “comprehensive user activity monitoring solution.” This is software that enables the collection of detailed data from “endpoints” on a network. It is not intrusion detection software or software that helps analyze events across a network (which the OPIC noted is in use at other British Columbia municipalities).
The District enabled the software on 13 workstations of “high profile users” to capture a full range of endpoint data, including screenshots captured at 30 second intervals and data about all keystrokes made. The purported purpose of this implementation was to support incident response, a purpose the OIPC suggested could only support an inadequate, reactive IT security strategy.
The OIPC held that the District collected personal information without the authorization it required under FIPPA and failed to notify employees as required by FIPPA. I’ll save on the details because the OIPC’s application of FIPPA is fairly routine. I will note that the OIPC’s position is balanced and seems to adequately respect institutions’ need to access system information for IT security purposes. It acknowledges, for example, that some limited data collection from endpoints is justifiable to support incident response. Not surprisingly, the OIPC does not endorse taking screen shots or collecting keystroke data.
Investigation Report F15-01, 2015 BCIPC No. 15.
Here’s a presentation my partner Ian Dick and I gave today to an audience of in-house counsel. It’s about the why’s and how’s of breach response planning. The wonderful Karen Gordon of Squeaky Wheel Communications also presented on communicating a data breach, and her slides are attached.
On January 5th, Arbitrator Norman of Saskatchewan held that an employer breached its collective agreement by periodically deploying drug detection dogs to screen people entering its mine.
Arbitrator Norman held that the process intruded on a reasonable expectation of privacy based on evidence that the dogs would likely identify off-duty drug use. Though Arbitrator Norman characterized the search invited by a dog sniff as minimally intrusive (and less intrusive than the sampling of bodily substances), he nonetheless held that the employer’s safety-related process was unreasonable. He drew heavily from the Supreme Court of Canada’s Irving Pulp and Paper decision, stating:
The prior threshold stage in the justificatory argument limiting rights under the Charter sets the bar very high; calling for proof of a pressing and substantial objective demonstrably justifiable in a free and democratic society, for the challenged measure. Under ‘Charter values’ analysis, I take the threshold bar to have been set by Irving as “… evidence of enhanced safety risks, such as evidence of a general problem with substance abuse in the workplace.”
While many might agree with the outcome, this reasoning is questionable. The resolution of privacy issues call for a highly contextual balancing of interests. Irving speaks to a particular balance that relates to universal random drug and alcohol testing, a process Arbitrator Norman reasons is relatively intrusive; Irving establishes no “bar” to meet in implementing other safety measures in the workplace whether or not they are related to drug and alcohol use. Moreover, the reference above to the Oakes test is flawed; under a Charter analysis (if such analysis is necessary), the question of whether a search is an “unreasonable search” is distinct from the question of justification under section 1 and Oakes.
USW, Local 7552 and Agrium Vanscoy Potash Operations (5 January 2015, Norman).