Archive | Uncategorized RSS feed for this section

The privacy and security implications of AI, big data and predictive analytics

13 Nov

Today’s presentation for your enjoyment and use!

US Secret Service issues noteworthy report on targeted school violence

11 Nov

The United States Secret Service has issued a follow-up to its landmark 2002 report that reinforces the need for sound institutional threat assessment procedures. The full new report is here. It is a noteworthy read for school administrators responsible for risk management and security.

Threat assessment is a process by which institutions aim to collect and process behavioral information that raises a potential concern to so, when appropriate, they can engage in “robust” intervention aimed at helping a student at risk and preventing violent acts. It has been a best practice at K-12 and post-secondary institutions in Canada for over a decade and should not be controversial, though it does invite tension with privacy and anti-discrimination laws. And though it’s very easy to understand that privacy interests and accommodation rights give way when an individual poses a risk of harm that is “serious and imminent,” good threat assessment rests on intervention at much lower risk levels. As the Secret Service’s new report states, “The threshold for intervention should be low, so that schools can identify students in distress before their behavior escalates to the level of eliciting concerns about safety.”

The Secret Service’s new report is based on an analysis of 41 incidents of targeted school violence that occurred at K-12 schools in the United States from 2008 to 2017.

The following statistic – about failures in reporting – is the first thing that caught my attention.

Canadian institutions encourage classmates to report concerning behaviors to a single point of contact and often mandate employees to make such reports. The new report tells us nothing about whether that is working in Canada, but it’s a good question to consider given the above.

The report also identifies that the attackers in four out of the 41 incidents were referred to threat assessment, which invited a response summarized in the following table:

In Cases 1 and 3 the attacker appears to have been mis-assessed. (See the full report on Case 3 here.) Cases 2 and 4 may relate to a prescription the Secret Service gives based on a statistic that showed that 17 of the 41 attacks occurred after a break in school attendance: “These findings suggest that schools should make concerted efforts to facilitate positive student engagement following discipline, including suspensions and expulsions, and especially within the first week that the student returns to school.”

Privacy, Identity, and Control: Emerging Issues in Data Protection

27 Jul

This post marks the official death of my reading pile, which involved a read of the current edition of the Canadian Journal of Comparative and Contemporary Law – one entitled Privacy, Identity, and Control: Emerging Issues in Data Protection.

I’m admittedly still digesting the ideas, so am just pointing to a good resource for reckoning with the Euro-centric forces that are bound to affect our law. Top reads were “Regaining Digital Privacy? The New ‘Right to be Forgotten’ and Online Expression” and Fiona Brimblecombe & Gavin Phillipson and Information “Brokers, Fairness, and Privacy in Publicly Accessible Information” by Andrea Slane. Check it out.

BCSC denies access to total legal costs spent on ongoing litigation

20 Jul

On July 12th, the British Columbia Supreme Court held that a requester had not rebutted the presumption of privilege that applied to the total amount spent by government in an ongoing legal dispute. Here is the court’s argument for the withholding of such information:

[61]        The Adjudicator’s reasoning, adopted by CCF on this review, is in brief that it is clear from the facts available in the public record that the amount of legal expenditure is high. Knowing how high could only confirm this, and no more. This echoes CCF’s submission to the Adjudicator, cited at para. 35 of the Decision, that “knowing whether the total cost to date are ‘$8 million or $12 million or $20 million’ may prove embarrassing for the Province, but will not reveal privileged communications”.

[62]        In my view this line of reasoning is not sufficient to discharge the onus of proof to rebut the presumption of privilege, particularly in circumstances of ongoing litigation. I agree that the Cambie Litigation is an important constitutional case, that it is hard fought on both sides and that the amount of legal cost is undoubtedly substantial. However, in my view, an assiduous inquirer, aware of the background available to the public (which would include how many court days had been occupied both at trial and in chambers applications, the nature of those applications, the issues disclosed in the pleadings, and the stage of the litigation for the period covered by the request), would, by learning the legal cost of the litigation, be able to draw inferences about matters of instruction to counsel, strategies being employed or contemplated, the likely involvement of experts, and the Province’s state of preparation. To use the CCF submission quoted by the Adjudicator, the difference between an $8 million expenditure and a $20 million expenditure would be telling to the assiduous inquirer and would in my view permit that inquirer to deduce matters of privileged communication.

British Columbia (Attorney General) v British Columbia (Information and Privacy Commissioner), 2019 BCSC 1132 (CanLII)

Advocates’ Society Tricks of the Trade – A Privacy Update

25 Jan

Here are the slides from my Advocates’ Society presentation today. I addressed the following two questions:

  1. Today, is a right-thinking judge (in a non-criminal case) likely to exclude evidence obtained in breach of privacy?
  2. The intrusion upon seclusion tort. What have we learned about elements and defences since Jones v Tsige?

The second question was to honour the birthday of the intrusion upon seclusion tort, which turned six last week. Happy birthday privacy tort!

Financial institution compliance presentation – privacy, data security and anti-spam

31 Mar

I’ve been doing a survey presentation in the Osgoode PDP program on financial institution compliance for the last five years now. Here’s this year’s deck.

What’s new? The V-Tech security measures report by the Office of the Privacy Commissioner of Canada, the Canadian Securities Administrators Staff Notice 33-321 (and some much more meaty guidance by the CSA) and the reduction of the Compufinder fine under CASL. See below for more.

 

Arbitrator issues principled decision on identification of grievors and other complainants

17 Nov

On September 5th, Arbitrator Abramsky dismissed a motion to anonymize the name of an individual who had grieved harassment, discrimination and a reprisal.

In  making its request, the Union rested heavily on the fact the grievance would invite the disclosure of the grievor’s medical information – information about a learning disability and back problems. It also argued that no purpose would be served by publication of the grievor’s identity.

Ms. Abramsky held that the open court principle applied to the statutory tribunal for whom she was sitting (the GSB in Ontario) and that openness was therefore presumed absent a “compelling reason.” In doing so, she endorsed the following statement about the identification of individuals who file serious complaints:

This rationale – that litigants who make serious accusations should not do so “from behind a veil of anonymity, assured that they will not be identified if they are found not to be credible, their allegations are rejected” – has significant resonance.  It is very easy to make serious assertions and claims.  When doing so – and pursuing such a claim – litigants should not be able to hide behind anonymity, absent a compelling reason to allow it.  Confidence in the administration of justice – and the open court principle – requires it.

Ms. Abramsky also held that medical information can vary in sensitivity and that, in the circumstances, anonymization was not justified.

Ontario Public Service Employees Union (Cull) v Ontario (Health and Long-Term Care), 2017 CanLII 71798 (ON GSB).