Ont CA articulates detriment requirement for a breach of confidence claim

On December 24th, the Court of Appeal for Ontario affirmed the dismissal of a breach of confidence claim because the plaintiff did not make out a “detriment.” Despite its affirmation, the Court held that the trial judge erroneously said that a breach of confidence plaintiff must prove “financial loss.” It explained, “The concept of detriment is not tied to only financial loss, but is afforded a broad definition, including emotional or psychological distress, loss of bargaining advantage, and loss of potential profits.”

CTT Pharmaceutical Holdings, Inc. v. Rapid Dose Therapeutics Inc., 2019 ONCA 1018 (CanLII).

ABCA overturns Alberta OIPC’s lawyer invoices decision

Onus weighs heavily in resolving an access request for information in lawyer invoices. Given the presumption of privilege established by the Supreme Court of Canada in Maranda v Richer, an institution need only identify the information at issue as information in lawyer invoices and ride the Maranda v Richer presumption.

The University of Calgary did just that in claiming that “narrative information” in certain legal invoices was exempt from the right of public access. The OIPC rejected the University’s claim, relying on the basic statutory onus embedded in section 71(1) of the Alberta Freedom of Information and Protection of Privacy Act and noting that the University provided no affidavit evidence. Regarding Maranda v Richer, the adjudicator said:

A common law principle such as that articulated in Maranda and one which is not clearly applicable in a circumstance other than when the state is contemplating exercising a search warrant in a law office, cannot serve to supplant the clear statement of Legislative intent set out in section 71(1) – that a public body must prove its case.

The Court held that this reasoning invited a reversible error. Long live Maranda v Richer.

University of Calgary v Alberta (Information and Privacy Commissioner), 2019 ABQB 950 (CanLII).

US Secret Service issues noteworthy report on targeted school violence

The United States Secret Service has issued a follow-up to its landmark 2002 report that reinforces the need for sound institutional threat assessment procedures. The full new report is here. It is a noteworthy read for school administrators responsible for risk management and security.

Threat assessment is a process by which institutions aim to collect and process behavioral information that raises a potential concern to so, when appropriate, they can engage in “robust” intervention aimed at helping a student at risk and preventing violent acts. It has been a best practice at K-12 and post-secondary institutions in Canada for over a decade and should not be controversial, though it does invite tension with privacy and anti-discrimination laws. And though it’s very easy to understand that privacy interests and accommodation rights give way when an individual poses a risk of harm that is “serious and imminent,” good threat assessment rests on intervention at much lower risk levels. As the Secret Service’s new report states, “The threshold for intervention should be low, so that schools can identify students in distress before their behavior escalates to the level of eliciting concerns about safety.”

The Secret Service’s new report is based on an analysis of 41 incidents of targeted school violence that occurred at K-12 schools in the United States from 2008 to 2017.

The following statistic – about failures in reporting – is the first thing that caught my attention.

Canadian institutions encourage classmates to report concerning behaviors to a single point of contact and often mandate employees to make such reports. The new report tells us nothing about whether that is working in Canada, but it’s a good question to consider given the above.

The report also identifies that the attackers in four out of the 41 incidents were referred to threat assessment, which invited a response summarized in the following table:

In Cases 1 and 3 the attacker appears to have been mis-assessed. (See the full report on Case 3 here.) Cases 2 and 4 may relate to a prescription the Secret Service gives based on a statistic that showed that 17 of the 41 attacks occurred after a break in school attendance: “These findings suggest that schools should make concerted efforts to facilitate positive student engagement following discipline, including suspensions and expulsions, and especially within the first week that the student returns to school.”

Privacy, Identity, and Control: Emerging Issues in Data Protection

This post marks the official death of my reading pile, which involved a read of the current edition of the Canadian Journal of Comparative and Contemporary Law – one entitled Privacy, Identity, and Control: Emerging Issues in Data Protection.

I’m admittedly still digesting the ideas, so am just pointing to a good resource for reckoning with the Euro-centric forces that are bound to affect our law. Top reads were “Regaining Digital Privacy? The New ‘Right to be Forgotten’ and Online Expression” and Fiona Brimblecombe & Gavin Phillipson and Information “Brokers, Fairness, and Privacy in Publicly Accessible Information” by Andrea Slane. Check it out.

BCSC denies access to total legal costs spent on ongoing litigation

On July 12th, the British Columbia Supreme Court held that a requester had not rebutted the presumption of privilege that applied to the total amount spent by government in an ongoing legal dispute. Here is the court’s argument for the withholding of such information:

[61]        The Adjudicator’s reasoning, adopted by CCF on this review, is in brief that it is clear from the facts available in the public record that the amount of legal expenditure is high. Knowing how high could only confirm this, and no more. This echoes CCF’s submission to the Adjudicator, cited at para. 35 of the Decision, that “knowing whether the total cost to date are ‘$8 million or $12 million or $20 million’ may prove embarrassing for the Province, but will not reveal privileged communications”.

[62]        In my view this line of reasoning is not sufficient to discharge the onus of proof to rebut the presumption of privilege, particularly in circumstances of ongoing litigation. I agree that the Cambie Litigation is an important constitutional case, that it is hard fought on both sides and that the amount of legal cost is undoubtedly substantial. However, in my view, an assiduous inquirer, aware of the background available to the public (which would include how many court days had been occupied both at trial and in chambers applications, the nature of those applications, the issues disclosed in the pleadings, and the stage of the litigation for the period covered by the request), would, by learning the legal cost of the litigation, be able to draw inferences about matters of instruction to counsel, strategies being employed or contemplated, the likely involvement of experts, and the Province’s state of preparation. To use the CCF submission quoted by the Adjudicator, the difference between an $8 million expenditure and a $20 million expenditure would be telling to the assiduous inquirer and would in my view permit that inquirer to deduce matters of privileged communication.

British Columbia (Attorney General) v British Columbia (Information and Privacy Commissioner), 2019 BCSC 1132 (CanLII)

Advocates’ Society Tricks of the Trade – A Privacy Update

Here are the slides from my Advocates’ Society presentation today. I addressed the following two questions:

  1. Today, is a right-thinking judge (in a non-criminal case) likely to exclude evidence obtained in breach of privacy?
  2. The intrusion upon seclusion tort. What have we learned about elements and defences since Jones v Tsige?

The second question was to honour the birthday of the intrusion upon seclusion tort, which turned six last week. Happy birthday privacy tort!

Financial institution compliance presentation – privacy, data security and anti-spam

I’ve been doing a survey presentation in the Osgoode PDP program on financial institution compliance for the last five years now. Here’s this year’s deck.

What’s new? The V-Tech security measures report by the Office of the Privacy Commissioner of Canada, the Canadian Securities Administrators Staff Notice 33-321 (and some much more meaty guidance by the CSA) and the reduction of the Compufinder fine under CASL. See below for more.

 

Arbitrator issues principled decision on identification of grievors and other complainants

On September 5th, Arbitrator Abramsky dismissed a motion to anonymize the name of an individual who had grieved harassment, discrimination and a reprisal.

In  making its request, the Union rested heavily on the fact the grievance would invite the disclosure of the grievor’s medical information – information about a learning disability and back problems. It also argued that no purpose would be served by publication of the grievor’s identity.

Ms. Abramsky held that the open court principle applied to the statutory tribunal for whom she was sitting (the GSB in Ontario) and that openness was therefore presumed absent a “compelling reason.” In doing so, she endorsed the following statement about the identification of individuals who file serious complaints:

This rationale – that litigants who make serious accusations should not do so “from behind a veil of anonymity, assured that they will not be identified if they are found not to be credible, their allegations are rejected” – has significant resonance.  It is very easy to make serious assertions and claims.  When doing so – and pursuing such a claim – litigants should not be able to hide behind anonymity, absent a compelling reason to allow it.  Confidence in the administration of justice – and the open court principle – requires it.

Ms. Abramsky also held that medical information can vary in sensitivity and that, in the circumstances, anonymization was not justified.

Ontario Public Service Employees Union (Cull) v Ontario (Health and Long-Term Care), 2017 CanLII 71798 (ON GSB).

Cyber insurance and incident response practice

Here’s a deck from a Monday panel presentation that I participated in with some colleagues from the sector.  It features a cyber incident scenario and some questions. See if you can answer them, and if you’d like to have a discussion, please comment or get in touch.