Today’s presentation for your enjoyment and use!
The United States Secret Service has issued a follow-up to its landmark 2002 report that reinforces the need for sound institutional threat assessment procedures. The full new report is here. It is a noteworthy read for school administrators responsible for risk management and security.
Threat assessment is a process by which institutions aim to collect and process behavioral information that raises a potential concern to so, when appropriate, they can engage in “robust” intervention aimed at helping a student at risk and preventing violent acts. It has been a best practice at K-12 and post-secondary institutions in Canada for over a decade and should not be controversial, though it does invite tension with privacy and anti-discrimination laws. And though it’s very easy to understand that privacy interests and accommodation rights give way when an individual poses a risk of harm that is “serious and imminent,” good threat assessment rests on intervention at much lower risk levels. As the Secret Service’s new report states, “The threshold for intervention should be low, so that schools can identify students in distress before their behavior escalates to the level of eliciting concerns about safety.”
The Secret Service’s new report is based on an analysis of 41 incidents of targeted school violence that occurred at K-12 schools in the United States from 2008 to 2017.
The following statistic – about failures in reporting – is the first thing that caught my attention.
Canadian institutions encourage classmates to report concerning behaviors to a single point of contact and often mandate employees to make such reports. The new report tells us nothing about whether that is working in Canada, but it’s a good question to consider given the above.
The report also identifies that the attackers in four out of the 41 incidents were referred to threat assessment, which invited a response summarized in the following table:
In Cases 1 and 3 the attacker appears to have been mis-assessed. (See the full report on Case 3 here.) Cases 2 and 4 may relate to a prescription the Secret Service gives based on a statistic that showed that 17 of the 41 attacks occurred after a break in school attendance: “These findings suggest that schools should make concerted efforts to facilitate positive student engagement following discipline, including suspensions and expulsions, and especially within the first week that the student returns to school.”
This post marks the official death of my reading pile, which involved a read of the current edition of the Canadian Journal of Comparative and Contemporary Law – one entitled Privacy, Identity, and Control: Emerging Issues in Data Protection.
I’m admittedly still digesting the ideas, so am just pointing to a good resource for reckoning with the Euro-centric forces that are bound to affect our law. Top reads were “Regaining Digital Privacy? The New ‘Right to be Forgotten’ and Online Expression” and Fiona Brimblecombe & Gavin Phillipson and Information “Brokers, Fairness, and Privacy in Publicly Accessible Information” by Andrea Slane. Check it out.
On July 12th, the British Columbia Supreme Court held that a requester had not rebutted the presumption of privilege that applied to the total amount spent by government in an ongoing legal dispute. Here is the court’s argument for the withholding of such information:
 The Adjudicator’s reasoning, adopted by CCF on this review, is in brief that it is clear from the facts available in the public record that the amount of legal expenditure is high. Knowing how high could only confirm this, and no more. This echoes CCF’s submission to the Adjudicator, cited at para. 35 of the Decision, that “knowing whether the total cost to date are ‘$8 million or $12 million or $20 million’ may prove embarrassing for the Province, but will not reveal privileged communications”.
 In my view this line of reasoning is not sufficient to discharge the onus of proof to rebut the presumption of privilege, particularly in circumstances of ongoing litigation. I agree that the Cambie Litigation is an important constitutional case, that it is hard fought on both sides and that the amount of legal cost is undoubtedly substantial. However, in my view, an assiduous inquirer, aware of the background available to the public (which would include how many court days had been occupied both at trial and in chambers applications, the nature of those applications, the issues disclosed in the pleadings, and the stage of the litigation for the period covered by the request), would, by learning the legal cost of the litigation, be able to draw inferences about matters of instruction to counsel, strategies being employed or contemplated, the likely involvement of experts, and the Province’s state of preparation. To use the CCF submission quoted by the Adjudicator, the difference between an $8 million expenditure and a $20 million expenditure would be telling to the assiduous inquirer and would in my view permit that inquirer to deduce matters of privileged communication.
Here are the slides from my Advocates’ Society presentation today. I addressed the following two questions:
- Today, is a right-thinking judge (in a non-criminal case) likely to exclude evidence obtained in breach of privacy?
- The intrusion upon seclusion tort. What have we learned about elements and defences since Jones v Tsige?
The second question was to honour the birthday of the intrusion upon seclusion tort, which turned six last week. Happy birthday privacy tort!
I’ve been doing a survey presentation in the Osgoode PDP program on financial institution compliance for the last five years now. Here’s this year’s deck.
What’s new? The V-Tech security measures report by the Office of the Privacy Commissioner of Canada, the Canadian Securities Administrators Staff Notice 33-321 (and some much more meaty guidance by the CSA) and the reduction of the Compufinder fine under CASL. See below for more.
On September 5th, Arbitrator Abramsky dismissed a motion to anonymize the name of an individual who had grieved harassment, discrimination and a reprisal.
In making its request, the Union rested heavily on the fact the grievance would invite the disclosure of the grievor’s medical information – information about a learning disability and back problems. It also argued that no purpose would be served by publication of the grievor’s identity.
Ms. Abramsky held that the open court principle applied to the statutory tribunal for whom she was sitting (the GSB in Ontario) and that openness was therefore presumed absent a “compelling reason.” In doing so, she endorsed the following statement about the identification of individuals who file serious complaints:
This rationale – that litigants who make serious accusations should not do so “from behind a veil of anonymity, assured that they will not be identified if they are found not to be credible, their allegations are rejected” – has significant resonance. It is very easy to make serious assertions and claims. When doing so – and pursuing such a claim – litigants should not be able to hide behind anonymity, absent a compelling reason to allow it. Confidence in the administration of justice – and the open court principle – requires it.
Ms. Abramsky also held that medical information can vary in sensitivity and that, in the circumstances, anonymization was not justified.
Here’s a deck from a Monday panel presentation that I participated in with some colleagues from the sector. It features a cyber incident scenario and some questions. See if you can answer them, and if you’d like to have a discussion, please comment or get in touch.
Ten years ago on a Saturday morning in early August something inspired me to upload a post on employee surveillance to a WordPress site. I can’t remember what I called the site at that time, but the title was lame and had my name in it. Ten years and 973 posts later, “All About Information” still exists. It has facilitated a good deal of my learning and has fostered connections with some valued colleagues who work outside of my own firm, Hicks Morley. As for its merits, at the very least All About Information is now a sizable catalog of notable Canadian cases that are… well… about information. Thank you to those who have made guest posts and comments and those who have kindly corrected my numerous typos. And thank you especially to you, the reader.
On June 30th, the Divisional Court affirmed an Information and Privacy Commissioner/Ontario decision that the amounts billed to OHIP by top billing doctors did not constitute the doctors’ personal information.
The Court’s decision is a standard of review decision – i.e., one that accepts the IPC’s decision as reasonable. Notably, the Court was influenced by an argument made by the doctors that (pre-expense) billing amounts do not fairly represent personal income yet could be misconstrued as such by the public. The answer to such arguments is an easy one for most FOI adjudicators and courts: provide an explanation to the public if you think you’ll be misunderstood. The Court didn’t say that in this case, but noted that the doctors’ argument was supportive of the IPC decision that their billing amounts were not revealing enough to be personal information.
Otherwise, the Court made short work of the doctors’ attempts to impugn the IPC’s reasoning and an argument that the IPC procedure gave rise to a reasonable apprehension of bias.