On January 27th, the IPC/Ontario held that records stored only on a legacy backup system were not “records” accessible under Ontario’s public sector access statute.
The requester asked for all records that showed access by a named employee to their own and their spouse’s service department records at a municipality.
The institution provided a fee estimate of $130 for data going back 28 months. For older data, the institution needed to restore data from tapes from a backup system that it had discontinued. It produced estimates (of $19,000 and $13,000) that included work to purchase a new tape drive and software, but on appeal argued the backup records were not accessible because they were not capable of being produced “by means of computer hardware and software or any other information storage equipment and technical expertise normally used by the institution.” The IPC agreed.
Sudbury (City of Greater) (Re), 2020 CanLII 8240 (ON IPC).
On December 9th, the British Columbia Supreme Court held that the British Columbia OIPC erred in its handling of a claim that the identities of BC Hydro employees who had evaluated an RFQ for services at a controversial hydroelectric project should be withheld. Hydro argued that identifying information may be withheld due to the potential harm to the employees’ physical and mental health.
The Court held that the OIPC improperly elevated the test for harm set out in the Supreme Court of Canada’s Merck decision – more than a possibility but less than a probability. Helpfully, it said the OIPC was wrong to suggest that Hydro “had to establish some employees were physically hurt or employees suffered from mental health issues before bringing itself within the [applicable exemption.” It also said, “I am also troubled by the Delegate’s comment that there was no evidence proffered from employees regarding how the disclosure of their names might threaten their mental health… It was unreasonable to expect such evidence in the circumstances.”
British Columbia Hydro and Power Authority v British Columbia (Information and Privacy Commissioner), 2019 BCSC 2128 (CanLII).
Here’s the second paper that relates to the panel I will be sitting on later this week. It is a collection of FOI case digests about the hacking threat with a covering thesis about the need for greater protection from disclosure. This one particularly caught my interest and includes some ideas I will come back to. Enjoy, and again, please send comments by PM.
On October 9th, Justice McHaffie of the Federal Court held that firearm serial numbers, on their own, are not personal information. His ratio is nicely stated in paragraphs 1 and 2, as follows:
Information that relates to an object rather than a person, such as the firearm serial numbers at issue in this case, is not by itself generally considered
personal information”since it is not information about an identifiable individual. However, such information may still be personal information exempt from disclosure under the Access to Information Act, RSC 1985, c A-1 [ATIA] if there is a serious possibility that the information could be used to identify an individual, either on its own or when combined with other available information.
The assessment of whether information could be used to identify an individual is necessarily fact-driven and context-specific. The
other available information relevant to the inquiry will depend on the nature of the information being considered for release. It will include information that is generally publicly available. Depending on the circumstances, it may also include information available to only a segment of the public. However, it will not typically include information that is only in the hands of government, given the purposes of both the ATIA and the personal information exemption.
This is not a bright line test, though Justice McHaffie did say that the threshold should be more privacy protective than if the “otherwise available information” requirement was limited to publicly available information or even information available to “an informed and knowledgeable member of the public.”
Canada (Information Commissioner) v Canada (Public Safety and Emergency Preparedness), 2019 FC 1279 (CanLII).
Here’s some commentary I submitted in support of my panel appearance on Wednesday at the above-named OBA conference.
It appears there are not too many fans of the Toronto Star decision among administrative tribunal practitioners, though the tribunals themselves seem to be more ambivalent. I’m among those who don’t like the policy implications of Toronto Star. For insight please read my commentary.
On Wednesday I spoke about the practical impact of practicing under truly presumptive, court-like openness in which no adjudicative decision (with due process rights) stands between a requester and a client’s filings. In short, it will invite the application of a new analysis prior to making any filing. What in here is confidential? Can I compromise – making my client’s case without it? At what cost? Is it better to seek a confidentiality order of some sort? At what cost? Does the media require notice of my motion? At what cost? Did I mention cost?
I encouraged tribunal staff in attendance to think about how critical a concern privacy has become and how individuals expect and are owed, at a minimum, due process. In my view requiring applications for access (made on notice) is a model for access that’s more consistent with the object of administrative justice – specialized, low cost, accessible justice.
As reported widely, yesterday the Court of Appeal for Ontario affirmed an IPC/Ontario finding that gross revenue earned by Ontario’s top earning doctors was not their personal information.
There’s not much to the decision. (A number of the grounds for appeal were “optimistic.”) The decision illustrates that information must reveal something of a personal nature about an individual (in the relevant context) to be the individual’s personal information. In the doctors’ case, the link between gross income and the personal finances was not strong, as noted by the Court:
The information sought was the affected physicians’ gross revenue before allowable business expenses such as office, personnel, lab equipment, facility and hospital expenses. The evidence before the Adjudicator indicated, however, that, in the case of these 100 top billing physicians, those expenses were variable and considerable.
In another context, gross revenue information could be personal information. What is and is not personal information is a VERY contextual matter.
Ontario Medical Association v. Ontario (Information and Privacy Commissioner), 2018 ONCA 673.
On June 18th the Court of Appeal for Ontario held that the Ministry of the Attorney General is not in custody or control of records in a Children’s Lawyer litigation file even though the Children’s Lawyer, for administrative purposes, is part of MAG. The finding turns on the Children’s Lawyer’s independence and the privacy interests of the children it represents. These kind of contextual factors are important to the custody or control analysis. As stated by the Court, “an organization’s administrative structure is not determinative of custody or control for purposes of FIPPA.”
This decision is consistent with other law that suggests records within an institution are not always in custody or control of an institution – e.g., certain faculty records and personal e-mails. Custody or control is therefore no simple concept to administer and is prone to dispute. At least for now IPC decisions will be subject to judicial review on the correctness standard, another (surprising) finding the Court of Appeal made in rendering its decision.
Ontario (Children’s Lawyer) v. Ontario (Information and Privacy Commissioner), 2018 ONCA 559 (CanLII).