US Secret Service issues noteworthy report on targeted school violence

The United States Secret Service has issued a follow-up to its landmark 2002 report that reinforces the need for sound institutional threat assessment procedures. The full new report is here. It is a noteworthy read for school administrators responsible for risk management and security.

Threat assessment is a process by which institutions aim to collect and process behavioral information that raises a potential concern to so, when appropriate, they can engage in “robust” intervention aimed at helping a student at risk and preventing violent acts. It has been a best practice at K-12 and post-secondary institutions in Canada for over a decade and should not be controversial, though it does invite tension with privacy and anti-discrimination laws. And though it’s very easy to understand that privacy interests and accommodation rights give way when an individual poses a risk of harm that is “serious and imminent,” good threat assessment rests on intervention at much lower risk levels. As the Secret Service’s new report states, “The threshold for intervention should be low, so that schools can identify students in distress before their behavior escalates to the level of eliciting concerns about safety.”

The Secret Service’s new report is based on an analysis of 41 incidents of targeted school violence that occurred at K-12 schools in the United States from 2008 to 2017.

The following statistic – about failures in reporting – is the first thing that caught my attention.

Canadian institutions encourage classmates to report concerning behaviors to a single point of contact and often mandate employees to make such reports. The new report tells us nothing about whether that is working in Canada, but it’s a good question to consider given the above.

The report also identifies that the attackers in four out of the 41 incidents were referred to threat assessment, which invited a response summarized in the following table:

In Cases 1 and 3 the attacker appears to have been mis-assessed. (See the full report on Case 3 here.) Cases 2 and 4 may relate to a prescription the Secret Service gives based on a statistic that showed that 17 of the 41 attacks occurred after a break in school attendance: “These findings suggest that schools should make concerted efforts to facilitate positive student engagement following discipline, including suspensions and expulsions, and especially within the first week that the student returns to school.”

Fed CA orders removal of witness names in administrative tribunal decision

On September 30th, the Federal Court of Appeal held that the Public Service Labour Relations and Employment Board ought not to have referred to witnesses by name in a disciplinary decision about a suspension for “inappropriate acts involving a number of young female subordinate employees.”

This was a second time the matter of the witnesses’ anonymity came before the Court.  In 2017, it had held that the Board’s decision to publish witness names was unreasonable and directed the Board to re-weigh the interests at stake.

The Board again declined to refer to witnesses by initials, seemingly put off by the employer’s pre-hearing “promise” to the witnesses that their identities would be protected from publication. What the employer said to the witnesses, the Court held, was not right inquiry. For that and other reasons, it quashed the Board’s second decision as unreasonable and (extraordinarily) substituted its own judgement.

Here are two points of significance:

  • the Court suggested that the (strict) Dagenais/Mentuck test applied by courts is the test to be applied by administrative tribunals like the Board; and
  • the Court recognized the public interest in encouraging the reporting of inappropriate sexual behavior by protecting the anonymity of witness, comparing the interest to the interest in encouraging the reporting of sexual assaults.

Canada (Attorney General) v. Philps, 2019 FCA 240 (CanLII).

Privacy, Identity, and Control: Emerging Issues in Data Protection

This post marks the official death of my reading pile, which involved a read of the current edition of the Canadian Journal of Comparative and Contemporary Law – one entitled Privacy, Identity, and Control: Emerging Issues in Data Protection.

I’m admittedly still digesting the ideas, so am just pointing to a good resource for reckoning with the Euro-centric forces that are bound to affect our law. Top reads were “Regaining Digital Privacy? The New ‘Right to be Forgotten’ and Online Expression” and Fiona Brimblecombe & Gavin Phillipson and Information “Brokers, Fairness, and Privacy in Publicly Accessible Information” by Andrea Slane. Check it out.

BCSC denies access to total legal costs spent on ongoing litigation

On July 12th, the British Columbia Supreme Court held that a requester had not rebutted the presumption of privilege that applied to the total amount spent by government in an ongoing legal dispute. Here is the court’s argument for the withholding of such information:

[61]        The Adjudicator’s reasoning, adopted by CCF on this review, is in brief that it is clear from the facts available in the public record that the amount of legal expenditure is high. Knowing how high could only confirm this, and no more. This echoes CCF’s submission to the Adjudicator, cited at para. 35 of the Decision, that “knowing whether the total cost to date are ‘$8 million or $12 million or $20 million’ may prove embarrassing for the Province, but will not reveal privileged communications”.

[62]        In my view this line of reasoning is not sufficient to discharge the onus of proof to rebut the presumption of privilege, particularly in circumstances of ongoing litigation. I agree that the Cambie Litigation is an important constitutional case, that it is hard fought on both sides and that the amount of legal cost is undoubtedly substantial. However, in my view, an assiduous inquirer, aware of the background available to the public (which would include how many court days had been occupied both at trial and in chambers applications, the nature of those applications, the issues disclosed in the pleadings, and the stage of the litigation for the period covered by the request), would, by learning the legal cost of the litigation, be able to draw inferences about matters of instruction to counsel, strategies being employed or contemplated, the likely involvement of experts, and the Province’s state of preparation. To use the CCF submission quoted by the Adjudicator, the difference between an $8 million expenditure and a $20 million expenditure would be telling to the assiduous inquirer and would in my view permit that inquirer to deduce matters of privileged communication.

British Columbia (Attorney General) v British Columbia (Information and Privacy Commissioner), 2019 BCSC 1132 (CanLII)

Advocates’ Society Tricks of the Trade – A Privacy Update

Here are the slides from my Advocates’ Society presentation today. I addressed the following two questions:

  1. Today, is a right-thinking judge (in a non-criminal case) likely to exclude evidence obtained in breach of privacy?
  2. The intrusion upon seclusion tort. What have we learned about elements and defences since Jones v Tsige?

The second question was to honour the birthday of the intrusion upon seclusion tort, which turned six last week. Happy birthday privacy tort!

BC arbitrator admits surveillance that captures “sexual relations” in the office

Vernon Professional Firefighters’ Association I.A.F.F. LOCAL 1517 v Corporation of the City of Vernon is a well argued video surveillance case in which Arbitrator Dorsey held that a fire service properly employed video surveillance in response to a suspicion that documents had been taken from a filing cabinet in the (interim) Chief’s office. The surveillance captured two employees having “sexual relations,” an act for which they were terminated.

The Association’s theory was the decision to employ surveillance was a product of “paranoia and distrust” arising out of bad labour relations. The Employer argued the bad labour relations in its favour, ultimately convincing Mr. Dorsey that protecting its information was one concern, but determining who it believed had accessed the information without authorization was an equally legitimate objective in the context. It’s a decision that turns on its facts, though there are some other notable findings. Namely, Mr. Dorsey found that:

  • the installation of surveillance in this context was an  “indirect collection” of personal information under British Columbia’s public sector privacy legislation (para 79);
  • the standard for employing surveillance under public sector privacy legislation and a collective agreement ought to be the same (para 239);
  • having a meeting with staff about the the terminations was a legitimate means of addressing rumors and speculation about the terminations and did not invite a further breach of privacy as alleged (para 93).

Arbitrator Dorsey does suggest, problematically in my view, that surveillance evidence ought to be excluded if collected via “an unjustified employer invasion of employees’ privacy rights.” Like many arbitrators, Arbitrator Dorsey frames the power to exclude evidence as discretionary but links the exclusion analysis to one factor above all others – justification. If the exclusion analysis is to be undertaken reasonably, it must encompass “all relevant factors,” including the impact of any exclusion decision on the administration of (administrative) justice and ongoing labour relations.

Vernon Professional Firefighters’ Association I.A.F.F. LOCAL 1517 v Corporation of the City of Vernon, 2018 CanLII 111669 (BC LA).

No civil claim for misappropriated contact information says Ont SCJ

On October 25th the Ontario Superior Court of Justice dismissed certification motions in two actions that claimed damages for the misappropriation of contact information from a hospital information system. The information was taken and used to sell RESPs to the families of newborns.

Most significantly, the Court held there was no viable cause of action for intrusion upon seclusion because the information that was misappropriated did not support a breach that was serious enough to meet the standard established by the Court of Appeal for Ontario in Jones v Tsige. Justice Perell explained:

[151]      I generally agree with the Defendants’ arguments. It is plain and obvious in the case at bar that there is no tenable cause of action for intrusion on seclusion because there was no significant invasion of personal privacy and a reasonable person would not find the disclosure of contact information without the disclosure of medical, financial, or sensitive information, offensive or a cause for distress humiliation and anguish. The contact information that was the objective of the intrusion in the immediate case was not private, there was not a significant invasion of privacy, and the invasion of privacy was not highly offensive to an objective person.

[152]      In other words, in the immediate case, it is not the case that the disclosure of just contact information intrudes on the class members’ significant private affairs and concerns, and in the immediate case, it is not the case that the disclosure of contact information would be highly offensive to a reasonable person and cause her distress, humiliation, and anguish.

[153]      Generally speaking, there is no privacy in information in the public domain, and there is no reasonable expectation in contact information, which is in the public domain, being a private matter. Contact information is publicly available and is routinely and readily disclosed to strangers to confirm one’s identification, age, or address. People readily disclose their address and phone number to bank and store clerks, when booking train or plane tickets or when ordering a taxi or food delivery. Many people use their health cards for identification purposes. Save during the first trimester, the state of pregnancy, and the birth of child is rarely a purely private matter. The news of an anticipated birth and of a birth is typically shared and celebrated with family, friends, and colleagues and is often publicized. The case at bar is illustrative. All the proposed representative plaintiffs were not shy about sharing the news of the newborns.

Much will be said about this judgement. Here are some thoughts.

First. There’s an ambiguity . Justice Perell says there’s no reasonable expectation of privacy in the circumstances and the invasion is not “highly offensive.” How can there be an invasion if there’s no reasonable expectation of privacy? Reading the analysis as a whole, Justice Perell seems to be saying that there is an expectation of privacy (and a privacy breach), but not one that meets the “highly offensive” standard set in Jones v Tsige. This is a first.

Second. Justice Perell doesn’t use the “reasonable expectation of privacy” concept to delineate whether or not there has been an intrusion. I wish he did. For clarity’s sake, I’d like to see a merging of the REP doctrine developed in the Charter jurisprudence with the tort analysis. We’re talking about the same thing.

Third. Justice Perell was able to view the incident through a technical lens, analyzing each data element on its own and not in the broader context. Compare how he viewed the matter to the Toronto Star editors of this article. The difference is amazing.

Fourth. I don’t read paragraph 153 as endorsement of so-called “third-party doctrine.” Rather, it’s a very broad finding about the publicity of contact information. Contact information is too public in its quality to attract the protection of the common law, says Justice Perell. Compare this view to that of the Alberta OPIC, who has found that the loss of e-mail addresses alone (to a hacker, mind you) gives rise to a “real risk of significant harm.” Justice Perell’s finding (consistent with Jones v Tsige) suggests that the privacy statutes offer greater protection than the common law.

Fifth, I can’t help but think we’ll be litigating about what is and isn’t a breach of privacy for an eternity.

Broutzas v. Rouge Valley Health System, 2018 ONSC 6315 (CanLII).