Sask CA says Commissioner’s request for privileged communications unnecessary

18 May

On May 16th the Court of Appeal for Saskatchewan held that the Office of the Information and Privacy Commissioner, Saskatchewan should not have required the University of Saskatchewan to produce communications that it claimed were subject to solicitor-client privilege.

The Commissioner began by inviting the University to provide evidence that supported its privilege claim. The University filed an affidavit from a non-lawyer stating that legal counsel had advised that “some” of the withheld documents are subject to solicitor-client privilege. It did not file an index of records.

This led the Commissioner to immediately request the records. Although the Commissioner had asked the University for a index of records, it did not ask again – an omission that the Court held to breach the principle that demands an adjudicator only review solicitor-client communications when absolutely necessary to assess a privilege claim.

This fact-specific decision illustrates how strictly the absolute necessity principle will be enforced. The Court also spoke about what privilege claimants ought to be required to present in support of their claims. In doing so, it suggested that an index that identifies records will ordinarily provide an adequate basis for assessing a privilege claim in the absence of any evidence suggesting a claim is “ill founded”.

University of Saskatchewan v Saskatchewan (Information privacy Commissioner), 2018 SKCA 34.

Advertisements

Ontario Court says FOI statute fails in providing access to administrative tribunal records

29 Apr

Yesterday the Ontario Superior Court of Justice held that the Ontario Freedom of Information and Protection of Privacy Act violates section 2(b) of the Charter because it goes too far to protect the privacy of parties, witnesses and others in matters heard by the Ontario Human Rights Tribunal, Ontario Labour Relations Boards and other statutory tribunals.

The Toronto Star brought the Charter application. It argued that the access regime created by FIPPA is too restrictive and too slow to meet its Charter-based right of access to “adjudicative records” – records of things filed before tribunals like pleadings and exhibits as well as tribunal decisions. A number of Ontario tribunals process requests for adjudicative records formally under FIPPA while others provide access more informally. The Star argued that the informal process must be the norm.

Justice Morgan allowed the application and declared that FIPPA violates the Charter by imposing a presumption of non-disclosure of “personal information” in adjudicative records. It is a puzzling decision for two reasons.

First, there is virtually no discussion about whether the open courts principle ought to apply to administrative tribunals. The Court’s application of the open courts principle appears to be derived from a provision requiring openness in the Statutory Powers Procedure Act:

All parties acknowledge that administrative hearings governed by the Statutory Powers Procedure Act (“SPPA”) are required to be open to the public. In principle, therefore, it is uncontroversial that “[t]he ‘open court’ principle” – at least in some version – “is a cornerstone of accountability for decision-making tribunals and courts.”

One might argue that the Court elevates a statutory presumption (which ought to be read in harmony with FIPPA) into a constitutional right. One might also argue that there are policy imperatives for administrative justice that weigh against recognition, in respect of tribunals, of the same level of openness that applies to courts – expediency and ease of access, for example. These two imperatives in particular are likely to suffer if administrative tribunal records are treated similarly to court records.

Second, the Court’s decision rests on what it says is a flawed “presumption of non-disclosure” – one that makes personal information in adjudicative records presumptively inaccessible. According to the Court this presumption arises out of the framing of FIPPA’s section 21 “unjustified invasion of privacy exemption,” which states that personal information shall be withheld unless its disclosure would not constitute an “unjustified invasion of privacy.”

It is too strong to call this a presumption, particularly in light of section 53 of FIPPA, which states, “Where a head refuses access to a record or a part of a record, the burden of proof that the record or the part falls within one of the specified exemptions in this Act lies upon the head.” To the contrary, all records in an institution’s custody or control are presumptively accessible under FIPPA, with limitations on the right of access dictated to be “limited and specific” as stipulated FIPPA’s purpose provision.

It’s quite arguable that FIPPA grants a right of access subject to a balancing of interests that has been carefully calibrated by the legislature and ultimately governed by an expert tribunal – the Information Privacy Commissioner/Ontario. Justice Morgan did not hide his views about the IPC, stating “In terms of the expertise of the institution heads and, in particular, the IPC, it is fair to say that the jury is still out. ”

 Toronto Star v. AG Ontario, 2018 ONSC 2586.

BCCA addresses public right of access to “a record of a question”

21 Apr

On April 13th, the Court of Appeal for British Columbia held that a rubric for an undergraduate admissions test administered by UBC was excluded from British Columbia’s public sector access and privacy act as a “record of a question.” It interpreted this phrase purposely, as encompassing “anything that is inregral to the question such that disclosure would defeat the purpose of the question for future use.”

University of British Columbia v. Lister, 2018 BCCA 139 (CanLII).

Financial institution compliance presentation – privacy, data security and anti-spam

31 Mar

I’ve been doing a survey presentation in the Osgoode PDP program on financial institution compliance for the last five years now. Here’s this year’s deck.

What’s new? The V-Tech security measures report by the Office of the Privacy Commissioner of Canada, the Canadian Securities Administrators Staff Notice 33-321 (and some much more meaty guidance by the CSA) and the reduction of the Compufinder fine under CASL. See below for more.

 

The right to be forgotten comes to Canada

28 Jan

On Friday, the Office of the Privacy Commissioner of Canada issued a new position on the protection of online reputation. In doing so the OPC recognized a right to have personal information de-indexed from search engine results if it is inaccurate, incomplete or out-of-date. Although the position is in draft, is nonetheless of critical significance to Canadians’ use of the internet – creating a broader variant of the so-called European “right to be forgotten.”

The OPC says the right arises out of two longstanding parts of the Personal Information Protection and Electronic Documents Act – Principle 4.6 and section 5(3).

Principle 4.6 is the accuracy principle. It reads as follows:

4.6 Principle 6 — Accuracy

Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

4.6.1

The extent to which personal information shall be accurate, complete, and up-to-date will depend upon the use of the information, taking into account the interests of the individual. Information shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual.

4.6.2

An organization shall not routinely update personal information, unless such a process is necessary to fulfil the purposes for which the information was collected.

4.6.3

Personal information that is used on an ongoing basis, including information that is disclosed to third parties, should generally be accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.

Principle 4.6 dovetails in part with Principle 4.9, which requires organizations to “amend” personal information if it is demonstrably “inaccurate or incomplete.” (Principle 4.9 does not mention currency.)

The OPC’s reasoning is simple. Search engines use and disclose personal information to “provide people with access to relevant information from the most reliable sources available.” This purpose is not served by presenting search results that are not accurate, complete or up-to-date. Though accuracy, completeness and currency are they key concepts, the OPC says that search engines should interpret and apply them in light of the how materially the impugned content affects individuals’ interests and the countervailing (public) interest in continued accessibility.

Section 5(3) of PIPEDA restricts organizations to handling personal information for purposes that a “reasonable person would consider are appropriate under the circumstances.” The OPC says that section 5(3) could also be the basis of a valid de-indexing request, giving the following two examples:

  • Where content is unlawful, or unlawfully published (e.g. where it contravenes a publication ban, is defamatory, or violates copyright; etc.)
  • Where the accessibility of the information may cause significant harm to the individual, and there is either no public interest associated with the display of the search result, or the harm, considering its magnitude and likelihood of occurrence, outweighs any public interest

This newly-recognized right invites de-indexing requests to search engines as the primary means of obtaining relief from online reputational harm, though the OPC has also recognized a right to take down content. The right to take down content is a more limited right, in part because the OPC only has jurisdiction over those who publish personal information “in the course of commercial activity.”

The significance of the new position cannot be understated; there are many Canadians who feel plagued by internet posts that are unflattering if not disparaging. Search engines will not embrace this development – leaving a possibility of an enforcement dispute (and Federal Court input) and vigorous lobbying for a legislative amendment. It may take some time, but watch for a Charter challenge.

You can read the draft report here.

BCCA – No privacy claim against lawyer

13 Jan

On January 9th, the Court of Appeal for British Columbia affirmed the dismissal of a claim against a lawyer that was based in part on his service of application materials and in part on his conveyance of information about the plaintiff in a casual conversation with another lawyer.

The application that became the subject of the claim was made in an earlier family law proceeding. It was for production of financial documentation from the plaintiff relating to seven companies in which he had an interest.

The defendant represented the plaintiff’s wife. He served the companies with application materials (a notice plus affidavit) without redaction and in an unsealed envelope. Apparently his process server left the materials with two unrelated companies in an attempt to affect service. The plaintiff also argued that the defendant should have crafted his application materials to protect the plaintiff’s privacy – serving notices “containing only information relevant to the particular relief that might concern each company.”

The Court held that the impugned action was deemed not to be an invasion of privacy based on section 2(3)(b) of the British Columbia Privacy Act, which states that the publication of a matter is not a violation of privacy if “the publication was privileged in accordance with the rules of law relating to defamation.” The defendant, the Court explained, was acting in the course of his duty to his client, and occasion protected by absolute privilege.

The “casual conversation claim” arose from a discussion the defendant had with another lawyer during a break in discovery in another case. The defendant said he represented a woman whose former husband had sold a business in Alberta for $15 million and that the couple had three young children. Another person who was present came to believe the defendant was speaking about the plaintiff.

The Court affirmed the trial judge’s finding that the plaintiff failed to prove the information disclosed was private and subject to a reasonable expectation of privacy. More significantly, it affirmed an obiter finding that that the defendant’s disclosure was not wilful.

Duncan v Lessing, 2018 BCCA 9 (CanLII).

 

Surreptitious recording of IME warrants a re-do

3 Jan

On December 28th, Justice Sweeny ordered a plaintiff to submit to another medical examination because he surreptitiously recorded a prior examination, commenting:

The surreptitious recording of the examination was improper. The effect of this recording is the doctor would now, most likely, be subject to cross-examination on issues as to what exactly happened in the course of the examination. The evidence of the plaintiff is also relevant. Mr. Cruz may be examined or cross-examined on the transcript. If the doctor was aware of the recording, he may have conducted his examination a different way. He may have been clearer in the language used. He may have been more specific is instructions given to the plaintiff. Much of the communication that goes on is nonverbal. The doctor was denied an opportunity to ensure that his words and conduct were being accurately recorded.

Cruz and Cruz v. Saccucci, 2017 ONSC 7737.