Peg Duncan has recently updated the e-Discovery Canada case law digest, and includes an interesting Alberta Court of Queen’s Bench decision from January 2008 called Design Group Staffing v. Fierlbeck. It’s about an employee who e-mailed himself a great number Alberta Treasury Branch records before departing from employment from a company who provided IT services to the ATB and the service provider’s very aggressive reaction. Any employer’s counsel will tell you that this is a very common occurrence.
The service provider applied for an Anton Piller order based on its concern about ATB client privacy and the risk of identity theft (though there was no evidence the defendant had any motive to perpetrate identity theft or sell the information). It turned out the records taken did not contain any client information. The Court criticized the service provider for its lack of diligence and vacated the Anton Piller.
It’s interesting to me how non-party privacy issues can play out in litigation. Was the service provider prepared to take whatever steps necessary to demonstrate its vigilance in protecting customer data to its client given its employee had caused a data breach? Or did it have its own motive for seeking an order and was the privacy claim simply a convenient justification for making a non-genuine demand? (I think it was the former in this case.) Where non-party privacy is engaged, should potentially affected individuals receive notice and have a right of standing? For another recent case in which these issues arise, see Datatreasury Corporation.