Duty to document in the news again

I finally got around to reading Access Denied – the British Columbia OIPC’s October 22nd bombshell of an investigation report on the processing of freedom of information requests.

You’ve likely heard about the OIPC’s finding that a Ministerial Assistant in the Ministry of Transportation and Infrastructure commandeered an executive assistant’s workstation to wilfully “triple delete” e-mails responsive to an FOI request. While shocking, you may be just as interested in the OIPC’s less headline-catching recommendation that government re-configure its e-mail system so e-mails cannot be deleted by users before they are captured in monthly backups “for investigative and legal purposes.” The OIPC doesn’t back this recommendation with many details, but it seems to treat backups as a data source with an all-too-routine reason to access.

You may also be interested in the OIPC’s recommendation to create a legislative duty to document. I’ve wrote about the duty to document in some detail in this June 2013 post.

In Ontario, amendments to FIPPA and MFIPPA relating to the preservation of records come into force on January 1st. Read more here.

The science of breach prevention and the art of breach response

Data loss prevention and response is a big topic now! The HRSDC lost hard drive is about a huge (but seemingly benign) incident that has attracted great attention. We also have the Obama administration’s attention to corporate network security – such attention given at a time in which sacrifices are being made to corporate network security based on trends such as BYOD.

Here is a practical guide that we’ve prepared to address the salient issues. We hope it’s useful to you.

Union does not get access to employer info for monitoring adherence to CA

On May 14th, Arbitrator Lanyon held that a union has no right to access employer records for the purpose of monitoring adherence to a collective agreement unless the right is contained in the collective agreement itself. He distinguished British Columbia and Ontario case law that establishes a right of access to bargaining unit member contact information that flows from a union’s representational rights, stating:

I conclude that the Millcroft and P. Suns lines of authority apply specifically to the provision of contact information; for example, the names and addresses of employees. However, these decisions cannot be read to compel an employer to provide information whose sole purpose is to assist the union in monitoring the terms and conditions of the collective agreement. Therefore, the B.C. Labour Relations Code does not compel employers to disclose documents whose whole purpose is to assist the union to monitor provisions of the collective agreement outside the grievance/arbitration procedure. If there is such an obligation on an Employer it must be found within the terms of the collective agreement.

In this case, Arbitrator Lanyon held a teachers’ federation had no right to information about occasional teacher assignments under its agreement with a school board. It’s not clear why this analysis was necessary, but Arbitrator Lanyon also held that individual privacy interests weighed against disclosure.

Mount Arrowsmith Teachers’ Association and School District 69 (Lanyon, 14 May 2012).

Unauthorized Secondary Use Claim To Proceed, Unauthorized Retention Claim Dismissed

On May 12th, the British Columbia Supreme Court allowed a novel privacy class action to proceed.

While most civil privacy claims relate to claims of improper disclosure, the plaintiffs here objected to the unauthorized retention and use of personal information – specifically, the retention of newborn blood samples for medical purposes and (secondary) research purposes that were not disclosed at the time of collection. The Court held that liability for the secondary use was a genuine issue for trial.

The Court rejected the plaintiffs’ claim that rested on the alleged unauthorized long term retention of samples for medical purposes, a practice the plaintiffs claimed created a “fully functional DNA database.” The Court held that authorization to retain for medical purposes was not in doubt given the plaintiffs consented to collection for medical purposes and, at the time, did not raise any concerns about retention for the same purposes.

D. (L.) (Guardian ad litem of) v. Provincial Health Services Authority, 2011 BCSC 628 (CanLII).

Sunset Clause Doesn’t Demand Physical Removal of Disciplinary Notes From File

On December 3, 2010, Arbitrator Goodfellow held that the following collective agreement language does not require the physical removal of expired disciplinary documentation from an employee personnel file:

ARTICLE 8 – ACCESS TO FILES

8.01 – Access to Personnel File

Each employee shall have reasonable access to his/her personnel file for the purpose of reviewing any evaluations or formal disciplinary notations contained therein, in the presence of the Director of Labour Relations & Human Resources or designate. An employee has the right to request copies of any evaluations in this file.

8.02 – Cleaning of Record

Any letter of reprimand, suspension or any other sanction will be removed from the record of an employee eighteen (18) months following the receipt of such letter, suspension or other sanction provided that such employee’s record has been discipline free for one year. All leaves of absence in excess of ten (10) calendar days will not count toward either of the above periods.

Arbitrator Goodfellow appears to rely most strongly on the apparent distinction drawn in the above language between a “record” and a “personnel file.” More broadly, he says, “any such physical ‘removal’ would be secondary to the primary purpose of any sunset clause, which, in our view, is to preclude Employer reliance on stale discipline, except in the kind of limited circumstance(s) to which the Union refers [e.g., to rebut an affirmative statement made by an employee about having a clean record] .”

Carillion Services v. Canadian Union of Public Employees, Local 942, 2011 CanLII 10605 (ON L.A.).

BCCA Ruling Suggests that Duty to Preserve is not Based on Size of Potential Claim

On February 4th, the British Columbia Court of Appeal affirmed a ruling that a gaming company had no duty to preserve betting slips redeemed by an individual to whom it denied a prize claim for over $6.5 million.

The plaintiff claimed he submitted 20 to 25 betting slips into the gaming company’s redemption machine, and that the machine retained five to 10 tickets as winning slips. The machine then produced a voucher for $6.5 million, which the gaming company would not pay based on a claim that the voucher was produced in error. It based this conclusion on an examination of a winning slip that was stamped by the machine as associated with a $6.5 million win but that did not reveal a winning wager at all. At the time it denied a payout, the gaming company also denied the plaintiff’s request to see his other slips that were retained by the machine. The gaming company destroyed these slips in the ordinary course of its business a week or two later, well before the plaintiff threatened or commenced an action.

Last March, Justice Fisher of the British Columbia Supreme Court held that the gaming company had no duty to preserve when it destroyed the records. She said:

While perhaps it may have been prudent for the defendants to have contacted Mr. Patzer before the betting slips were destroyed, I cannot accede to Mr. Laxton’s submission that they had a positive duty to do so. I appreciate that the error of issuing a cash voucher for such a large amount of money is significant. I accept that Mr. Patzer asked to see his betting slips on November 6, 2004 but he did not follow up this request further. More importantly, if Mr. Patzer was not satisfied with the explanation he had been given, he should have advised the defendants. They would then have been at least put on notice that the matter had not been put to rest.

Here, the slips were destroyed in the ordinary course of business before the defendants were aware that Mr. Patzer was considering litigation or even challenging their explanation for the error. While it is unfortunate that they were destroyed so soon after the event, the defendants did not intentionally destroy the winning betting slips in an effort to suppress the truth. Accordingly, there is no basis to apply the doctrine of spoliation.

As there is no common law duty to preserve property which may possibly be required for evidentiary purposes and given these findings, the plaintiff’s claim based on the defendants’ destruction of the betting slips must fail.

The Court of Appeal affirmed this ruling. It stressed that the gaming company had provided the plaintiff with an immediate denial and explanation and that the plaintiff, despite attending one day later with legal counsel, did not provide the company formal notice of his intention to claim before he sued two years later.

Patzer v. Hastings Entertainment Inc., 2011 BCCA 60 (CanLII).

Retaining Pension Records: New Regulatory Policy

As one can imagine, pension plans can operate for years.  Over the life of a pension plan thousands of documents are generated containing information vital to the operation of the plan itself as well as the personal information of members (and their spouses and beneficiaries).  One question has always been – how long must an administrator retain plan documents and records?

That question has been answered in part by a new policy of the Ontario pension regulator, the Financial Services Commission of Ontario (“FSCO”).  FSCO has finalized a new policy — Management and Retention of Pension Plan Records by the Administrator – containing rules regarding the manner in which plan administrators retain and manage all of the information and records of a pension plan, both current and historical.  The new policy is important given that new pension legislation will expressly require plan administrators to retain records for prescribed periods.

The policy generally divides the records relating to a pension plan into three categories: (i) records pertaining to legislated requirements, (ii) records pertaining to the day-to-day operation of the plan, and (iii) member specific information.  Falling into the first two categories are all documents that create and support the pension plan (i.e., plan texts and funding documents), as well as financial documentation (i.e., actuarial reports and financial statements) and documents relating to governance and administration (i.e., committee meeting minutes and advisor reports).  Member specific information includes personal information used to determine benefit entitlements (i.e., age, years of employment) and details regarding spouses and beneficiaries.

The policy requires administrators to retain documentation pertaining to legislated requirements indefinitely.  The Pension Benefits Act does not currently contain a limit on the retention period for such records.  Administrators are permitted to make decisions regarding the retention period for documents relating to day-to-day administration.

The retention period as it relates to member specific information is contingent on whether the member retains an entitlement under the plan or the entitlement has been paid out in full.  All member specific records must be retained until the last dollar has been paid out to the member and his or her spouse or beneficiary (which could be decades after the member starting participating in the plan).  Following the final payout, administrators are still expected to retain a summary of the member’s information in case a challenge is raised in the future.  Other legislation regarding personal information may also apply to these records (i.e., Freedom of Information and Protection of Privacy Act), but the other legislation will not overrule an administrator’s duties under pension laws.

Clearly, the FSCO policy results in administrators retaining records and information for many, many years.  Even where a plan terminates, it is important for the administrator to retain a summary of all vital information regarding the plan and its members long after the plan is wound up.  Thankfully, the policy permits electronic record retention and allows administrators to convert records into electronic form subject to certain conditions.

This policy is an important read for anyone who sponsors or administers a pension plan or provides services to a plan administrator.  As a matter of good governance, plan administrators should consider whether they have sufficient policies regarding the retention of plan and member information and records and consider preparing a written guideline that complies with the FSCO policy.