Here’s a copy of a 10 minute prepared address I gave to a client seminar today on CASL readiness. Four practical points to guide your readiness initiative.
Happy New Year!
2013 was a good and busy year for your AAI primary contributor. I’ve paddled a traditional paddleboard for about twelve years now but committed to a dedicated year of competition in 2013, knocking off my first Molokai 2 Oahu crossing with a surprisingly good result and a win (!) against a small but core group of prone paddlers at the Chattajack 31 in Tennessee. I’m over 40 but feel like a kid again and am going to channel my current paddling obsession into another year of competition. If all goes well, I’ll repeat the Molokai 2 Oahu crossing and add a first time result in the famed and highly-competitive Catalina Classic. If you’re in Toronto and prone paddling looks interesting get in touch in the Spring. I’d be glad to loan a board and go for a paddle.
This is all to say that AAI suffered slightly from paddling-, family- and practice-induced anemia in 2013. We posted about 75 entries. They were on the most relevant of content, selected more conservatively than in years past, but this was lower output for a blog that’s now has 825 entries since its birth in the summer of 2007. We’ll aim for more of the same in 2014, thank you for reading and hope you enjoy. We hope you had a nice holiday and are feeling invigorated and ready for a good 2014!
Here is Paul Broad and my summary of today’s remarkable Supreme Court of Canada decision in Alberta (Information and Privacy Commissioner) v United Food and Commercial Workers, Local 401. (The Court struck down Alberta PIPA as violating section 2(b) of the Charter.)
I’m more open in this forum to think openly about the decision, which strikes me as being most characterized by its unrestraint. The Court could have issued a pronouncement clearly confined to the precise labour-relations context before it, but did not. The general questions it raises about how privacy legislation operates may be quite well-founded, but are not helpful. The decision today is likely to cause litigation that – after much time and energy – leads to necessary clarification and confinement.
There are “narrowing cues” in the decision. For example, the Court suggests that our federal commercial privacy statute (PIPEDA) is better positioned to withstand a challenge because restrains only commercial expression. The Court also signals that some publicly available information will warrant privacy protection.
These cues are mixed in with big questions that are dealt with briefly and in no factual context. The policy makers should not over-react, and should brace themselves for a fight!
On August 28th, the British Columbia OIPC affirmed two elevator companies’ (Kone’s and Thyssenkrup’s) use of telematic data for the purpose of managing their service employees.
The outcome is not surprising. The Commissioner herself affirmed another elevator company’s fleet management program in a thoroughly-reasoned decision last December. Also, all Canadian decisions (by privacy regulators and arbitrators) have recognized the legitimacy of such programs (which rest on the collection of location data and vehicle operation data). Kone’s program was unique in that it collected data from cellar telephones (rather than vehicle units). The OIPC held that Kone’s program collected more sensitive personal information but was nonetheless reasonable.
The decisions are notable for the OIPC’s conclusion that an organization in BC does not need a stand alone GPS or Telematics policy to comply with the notice and “policies and practices” requirements in BC PIPA. It held that Kone complied with its obligation by giving a detailed PowerPoint presentation that outlined the specific purposes for which it would use employee personal information in advance of implementing its program. Thyssenkrup breached its obligations; it had difficulty establishing that it had a formal communication program that addressed the purposes of its program in any detail.
On June 27, the Superior Court of Québec certified a class action about the alleged intrusive nature of free applications offered through Apple’s “App Store.”
The petitioner alleges that Apple breached various Québec statutes by failing to inform users that free applications would facilitate the collection and use of their personal information, including their “geolocation.” The petitioner also claims that individuals were harmed (a) by the loss of computing resources and (b) by being led to overpay for their Apple devices, such devices being “inextricably linked” to undesirable characteristics associated with free applications distributed through the App Store. The petitioner asked the Court to grant certification so he could prosecute Apple on on behalf of all residents in Canada who downloaded free applications from December 1, 2008 to present.
Apple attacked the action’s suitability for certification on a number of bases. Most fundamentally, it complained that the action provided for an “infinite variety of classes” – for example (and at the least), classes of individuals who were exposed to applications with different information-gathering characteristics. Nonetheless, the Court granted certification of a Québec only class. Its analysis is very forgiving, especially in addressing Apple’s (very valid) concerns about the individualized nature of a consent dispute, which the Court dismissed as follows:
In the Court’s view, all of the Respondents’ arguments regarding the consent or lack thereof, the voluntary provision of information by Class Members and other similar elements that distinguish Class Members between them can be raised by them in their defence or alternatively when dealing with the « lien de causalité ».
Hat tip to BLG and its privacy law blog for this post.
Although somewhat off-topic for this blog, here are the slides that I spoke to this morning at the Canadian Association of College and University Student Services annual conference. The presentation was to university and college student conduct professionals and has a heavy administrative law focus.
In this week’s Information and Privacy Commissioner/Ontario report on the deletion of e-mails by the Ontario government, the IPC decries a “verbal culture” in government and recommends a government “duty to document.” What might this duty entail? Is deliberating about difficult decisions through verbal dialogue really objectionable?
This is not the first time this duty to document has been proposed. In March of this year the British Columbia Office of the Information & Privacy Commissioner also endorsed a duty to document. The BC report includes a good history of efforts made to advance the duty in Canada, efforts that date back to 1994 in the BC Commissioner’s account. The BC Commissioner also notes a federal private member’s bill – Bill C-301 - that features a duty to document.
There are two variants of the duty that we should distinguish from each other – one that requires documentation of “actions, decision and reasons” and another that extends to “advice” and “deliberations.”
The BC Commissioner endorses the narrower version. In 2009, former BC Commissioner DavidLoukidelis argued for a duty to document “actions and decisions and reasons therefor” in a submission to the federal Standing Committee on Access to Information, Privacy and Ethics. The March report from BC contains the same recommendation:
I would reiterate that this requirement need not be an onerous one. The duty to record actions, decisions and reasons are not merely a question of creating records for the purposes of openness and accountability, but also go to good governance, the state of information management and information holdings of government.
Bill C-301 features the broader version. Here’s the language:
2.1 Every officer and employee of a government institution shall create such records as are reasonably necessary to document their decisions, actions, advice, recommendations and deliberations under this Act.
The recent IPC report is ambiguous, and unfortunately, suggests that the BC Commissioner has embraced a duty to document deliberations:
Commissioner Denham notes [in her March report] that a number of Information Commissioners have called for the creation of a legislated duty for institutions to document matters related to deliberations, actions and decisions. Commissioner Denham stated:
Among the reasons for instituting a legislated duty to document include good governance, historical legacy of government decisions, and the protection of privacy and access to information rights. Without a legislated duty to document, government can effectively avoid public scrutiny of the rationale for its actions.
She goes on to note that the legislated duty to document is a critical element of the open government movement and an important element of proactive disclosure.
The underlined statement above is correct but misleading; the BC Commissioner did note that others have endorsed a duty to record deliberations but did not do so herself.
The distinction between the broader and narrower versions of the duty to document is one that should become part of the public dialogue, especially because a duty to record deliberations runs against advice that counsel (including this counsel) regularly give public sector institutions; do not think aloud over e-mail.
Deliberating via e-mail (or text message) is a terrible decision-making practice that has only been invited recently by changes in communication technology. The dialogue invited by such a practice will either be too stilted to be effective or too dangerous because every creative, bona fide and ultimately un-pursued idea will be available in the end to undermine a final decision.
Yes, meetings represent a more private decision-making venue, but that is why they support good decision making. Public sector officials should record the actions flowing from meetings along with all decisions made and their rationale. This is, agreed, a matter of good governance. They should also be given the continued ability to discuss matters in confidence.
Whether a duty to document should encompass “advice” also deserves debate. It may not be objectionable if it is decipherable from a duty to document deliberations. Notably, the degree to which the exemption for “advice and recommendations” under our freedom of information legislation protects the deliberative aspects of decision-making will be addressed in an important Supreme Court of Canada case to be heard this November. The Ontario Commissioner will be joined by four other commissioners in arguing for a narrow interpretation of the exemption so that recorded deliberations will be more accessible to the public. If they succeed, public officials will face greater pressure to engage in verbal dialogue. They should not be castigated for craving a zone of privacy.
Here is list of good links recent information and privacy developments:
@zephoria: “When Your Twitter Friend Turns Out To Be The Boston Bomber” analysis of Dzhokhar’s network by @gilgul: http://bit.ly/14TPb7S ”
@DanPinnington: #Apple keeps your #Siri voice file data for up to two years @wired #privacy http://ow.ly/khiEZ ”
@IPCinfoprivacy: Canadian brokers demand answers on missing… data http://bit.ly/178qMsG ” Can’t notify when you’ve got nothing to say!
@MortonsMusings: Porter launches $4M libel lawsuit against union http://www.ctvnews.ca/business/porter-launches-4m-libel-lawsuit-against-union-1.1242440 … via @CTVNews”
- Cyber Security and Cyber Espionage: A CCCA Panel http://bit.ly/13idAPB
@MackenzieDRS: This Week at the SCC (12/04/2013) http://buff.ly/Zr8YDH leave granted in case about mediation confidentiality”
- IPC considers and rejects journalist’s 2(b) claim. His e-mails to govt ordered to be disclosed http://canlii.ca/t/fwzpq
- Are law firms asleep at the cyber security switch?: http://wp.me/p1OhjK-HQ via
- BSSC: Er had cause to dismiss IT ee who accessed confidential file in another ee’s confidential folder w/o permission http://canlii.ca/t/fwsgt
- Craig Ball advocating for meaningful dialogue between counsel on discovery. Good one. http://bit.ly/ZaCOfD
- Concise article ON SCJ case about whether legal advice conveyed to physician is producible http://www.lawtimesnews.com/201304019709/Commentary/Personal-Injury-Law-Dupont-provides-little-comfort-on-protecting-legal-advice-from-disclosure?utm_source=responsys&utm_medium=email&utm_campaign=20130401_CLNewswire …
- Arbitrator Considers the Possibility of Liver Enzyme Test For Alcoholic Employee If Employer Can Demonstrate Need http://www.canlii.org/en/on/onla/doc/2013/2013canlii14493/2013canlii14493.html …
- Security Lessons from the Big DDoS Attacks http://bit.ly/10j99Cg
@kdmacneill: Motion for injunction to remove allegedly defamatory videos and comments from YouTube dismissed. http://canlii.ca/t/fwn9x “
@Canuckflack: Solid advice from @privacyprivee on preventing identity theft – and it’s an infographic! http://www.priv.gc.ca/resource/tool-outil/infographic/idt_info_201303_e.asp …”
- Fleeting reference to starlet in song not a misappropriation of personality http://bit.ly/ZnXsYs
- Alberta court finds that grievance response is privileged http://wp.me/p6aAc-22X
- Another Credit Card Breach Lawsuit Fails – Willingham v. Global Payments http://blog.ericgoldman.org/archives/2013/03/plaintiffs_whos_1.htm …
@RichNet: Storing Passwords, or The Risk of a No-Salt Diet via Tech @ FTC http://buff.ly/Y2DlmR #infosec”
- Survey Reports High Percentage of Employee Misuse and Theft of Company Data http://bit.ly/Y2Ej4J
- No maintenance or champerty despite university’s agreement to pay costs of prof’s defamation suit http://canlii.ca/t/fwjn7
@BobMunroeLawyer: Cyberbullies and insurance coverage. #technology #data http://www.lawyersweekly-digital.com/lawyersweekly/3243/m3/Page.action?folio=11 …”
@BusinsJGreenwal: Harvard’s secret e-mail search is an intersection of internal investigations and digital privacy. http://onforb.es/WA4OMW ”
@BCInfoPrivacy: New guidance document: Use of personal email accounts for public business http://ow.ly/jbAUa #bcpoli“
I’ve been posting less than I’d like to lately have a BIG pile of cases to catch up on. My apologies. I’ve been training very hard and getting ready for an event that I’ve always dreamed of doing and have finally committed to.The “M2O” is a 32 mile paddle race from Molokai to Oahu across the Ka’iwi Channel – the “channel of bones.” I’ll do it solo on a prone paddle board (paddling with my hands). The distance is not so bad, but the channel conditions are going to make the race very hard. My only goals is to finish with my dignity.
I’ve spent the last four months building some base and learning from paddlers in the community. At this point I’m extremely excited and feeling fit and positive, but the hard work is just starting. Forgive me for posting a bit about my progress here. I love the writing about the developing law, but the developing law is going to be competing for my attention for the next while!
Lots of good information and privacy content flowing through my Twitter network lately. Here are the highlights:
- Ottawa takes a leaf from Ontario on freedom of information http://www.thestar.com/news/city_hall/2013/02/28/ottawa_takes_a_leaf_from_ontario_on_freedom_of_information.html …
- Think of BlackBerry PIN-to-PIN messages as scrambled, not encrypted, says CSEC http://bit.ly/XHae4z
#privacy via @ilone
@feisty_jenn: Private Member’s Bill – C-475, putting order-making power in PIPEDA http://tmblr.co/Zg0QCyf5xt9L ”
- Not surprisingly, faxing intercepted communications for another is not an intrusion upon seclusion http://canlii.ca/t/fw5c3
- Chris Dale on Why We Can’t Just Use Google for eDiscovery http://bit.ly/XaTIvD
- Thrown Off a United Airlines Flight for Taking Pictures! http://upgrd.com/matthew/thrown-off-a-united-airlines-flight-for-taking-pictures.html … Terrible story. Good policy issue. Via
- Review: The Problem with Our Data Obsession http://techre.vu/15u1pBC HT
- Magistrate Recommends Dismissal with Prejudice of Claims Against Global Payments http://bit.ly/YnIT6A
- Information security on campus – lessons from the US http://gu.com/p/3dj6z/tw via
- Termination for receipt of unsolicited porn seems the subject of “puritanical” motivation – no cause (NBCA) http://canlii.ca/t/fw3w3
- Perell J augments his discovery thoughts in judgement on discovery and admissions http://canlii.ca/t/fw1gn
- Busted! How Happy Accidents Help Forensic Examiners Prove Data Theft (quite awesome) http://bit.ly/Ygh6VB
@LancasterCanada: HRTO: Union blog, like union meetings/newsletters, shouldn’t usually be considered ‘in workplace’ http://canlii.ca/t/fw0m5#par53 “
- IP address admissible as business record on strength of affidavit of Facebook employee (ONCJ) http://canlii.ca/t/fvzsm
- “There are few things more cowardly and insidious than an anonymous blogger…” Goldstein J. of ONSC. http://canlii.ca/t/fw0xk
@bsookman: BYOD could open businesses to copyright litigation http://bit.ly/UTzWoJ “
It’s getting very near the end of winter paddling season. The highlight was the Paddle With Purpose event from a couple weekends back. A group of us paddled 27 miles from St. Petersbug to Lido Key for Wounded Warriors Family Support. We paddled with the spirit of aloha, which you can FEEL in watching the beautiful video below. I’ve swung an invite to do another crazy paddle next weekend in California with some of same characters. I’m very excited. Story to be told later.
I’ve managed a few blog posts lately but haven’t been so active on Twitter. Here, however, is what is worth a re-post:
- V-C Hayes (as arbitrator) decides to receive surveillance evidence and then consider consequence of any impropriety http://canlii.ca/t/fvj32
- “@labourlawguy: Divisional Court confirms HRTO can rely on hearsay http://canlii.ca/t/fvsfr ” Nice win Michael!
- “@FaskenMartineau: Cloud Computing Survey http://dlvr.it/2rHnSv ” Good job here.
- “How far should privacy commissioners roam?” in Can. Priv. Law Rev. by the man who speaks the unspeakable, Chris Berzins. Worth reading.
- “@wiselaw: Sotomayor: Lawyering is a gift, and unhappy lawyers should ‘go back to square one’
#law #legal http://bit.ly/UmuF8S “
- Fine victory for Jennifer Penman in excluding electronic evidence (via @DerstinePenman) http://www.durhamregion.com/iphone/news/article/1569712–durham-man-s-child-porn-charge-tossed-over-charter-breach …
- Take caution with pension committee email – http://tinyurl.com/bdvkn45
- “@HayeseLaw: No privacy if bags checked, court told | The Chronicle Herald http://lnkd.in/T7juvk ” Didn’t realize that went up!
- “@DanPinnington: Lawyers should (almost) never use BCC (SLAW Tips) http://ow.ly/h2zSf
- “@kdmacneill: Driver’s seconds-long coughing incident causes pedestrian death; due diligence shown, acquittal entered http://canlii.ca/t/fvp39 “
- “@bsookman: Is Canada’s Anti-Spam Law a joke? http://bit.ly/13Oxkep ” This is quite awesome.
Thanks to all those who shared these good links.
In two weeks I’ll be flying down to Tampa to paddle 27 miles with a good group of other prone paddlers from the area and across North America. The energy is building around the event, but it’s going to be hard. If you’re a regular reader of this blog please consider donating to the charity for whom we will paddle – the Wounded Warriors Family Support organization, an organization that provides support to the families of American soldiers wounded, injured or killed in battle. Or, if you’d rather, please consider making a donation to an alternative Canadian charity here.