We ran a webinar for college administrators today on administering FOI requests in Ontario. It’s a narrow topic, but I thought I’d post our process map (here) and slides anyway.

If you have any colleagues in municipal or provincial institutions who may be interested please pass on this link.

Regards!

Dan

On January 22nd, the New Brunswick Court of Appeal held that the Federal Court is the proper forum for a broad challenge to the powers granted to the federal Privacy Commissioner by PIPEDA.

The Court held that the matter was essentially a request for judicial review of an OPC decision despite the applicant’s constitutional validity argument, which it had made in the alternative. Given this characterization, the Court held that the Federal Court was the proper forum.

This is not a privacy judgement, but it is nonetheless worth note given the thrust of the applicant’s substantive objection. As a defendant’s insurer, it claimed the OPC had no jurisdiction to deal with its video surveillance of a plaintiff. The Court explained the argument as follows:

State Farm raises a core issue in its application: whether it engaged in “commercial activity” within the meaning of PIPEDA when it collected information about Mr. Gaudet in discharging its duty to defend Ms. Vetter. It contends that the only relationship that exists between Mr. Gaudet and Ms. Vetter stems from the accident, which is not a commercial activity. Section 4 of PIPEDA applies to the collection, use and disclosure of personal information in the course of commercial activities. “Commercial activity” is defined in PIPEDA as a transaction, act, or regular course of conduct that is of a “commercial character”. Whether State Farm’s actions amounted to “commercial activity” is the very question the Privacy Commissioner must investigate and report on in accordance with her mandate and expertise.

The resolution of this argument would have broad significance in defining the meaning of PIPEDA’s application provision, which triggers application where an organization collects, uses or discloses personal information “in the course of commercial activity.” The OPC considered a similar case in 2006 and held, perhaps surprisingly, that it had jurisdiction to investigate two lawyers who collected information on behalf of their “commercial” clients. Some would argue that Parliament did not intend a collection through a paid agent to trigger application. Others would argue that application based on this theory raises constitutional issues where it attracts PIPEDA application to information flows that are, in their essence, about matters within the exclusive jurisdiction of the provinces such as property and civil rights and employment.

State Farm Mutual Automobile Insurance Company v. Privacy Commissioner of Canada, 2009 NBCA 5 (CanLII)

On January 13th, the Alberta Court of Appeal held that a third party (who was also the plaintiff’s next friend and mother) was not required to answer questions at examinations for discovery relating to the injuries suffered by the infant plaintiff.

The plaintiff claimed against a school bus operator for injuries arising out of an accident. The defendant third partied the mother, alleging that she was negligent in failing to provide instruction to her son. The mother denied negligence and causation but did not dispute the plaintiff’s claim against the defendant or the quantum of damages claimed.

In these circumstances, the Court held that the mother was adverse in interest to the defendants on the issue of liability and therefore could be examined. However, it also held that the defendant could not ask questions about the plaintiff’s injuries on discovery because it was not adverse in interest to the mother on the damages issue:  “In this case, the happenstance that the third party is the mother of the plaintiff should not be allowed to extend the scope of discovery beyond what is ‘relevant and material’ in the pleadings.”

Briggs Bros. Student Transportation Ltd. v. Collacutt, 2009 ABCA 17 (CanLII).

On January 8th, the Alberta Court of Queen’s Bench quashed an order of the Information and Privacy Commissioner of Alberta that dealt with a City of Edmonton directive to second hand goods dealers that required them to collect the personal information of individuals selling used goods.

The City required dealers to collect the name, date of birth, gender, eye colour, hair colour and identification details of all sellers and upload this and other information to a database hosted by a third-party under contract to the City. The police could access the database, but the information also remained available to dealers (presumably) for use in their business.

In February 2008 the IPC ordered the City to stop collecting information and destroy its database. It held that the scheme established a “collection” by the City, but that this collection violated the Alberta Freedom of Information and Protection of Privacy Act because it was not authorized by law, was not collected for the purpose of law enforcement and was not necessary for an operating program or activity of the City. The key finding was that the City’s longstanding by-law, which required used goods dealers to make information available to peace officers, did not allow the City to implement a scheme whereby information is uploaded to a database under the City’s control.

The Court of Queen’s Bench held that the IPC’s reading of the by-law was too strict and that that by-law provision that required dealers to “record” and “make available” information authorized it to direct the uploading of personal information to a secure database to be accessed on a standing basis. The outcome of the Queen’s Bench decision did not turn on this finding, because it held in any event that the City was not collecting information through dealers. Since dealers had their own purpose for collecting the information and also collected and uploaded additional information than that required by the City, the Court held they were not the City’s agents. According to the Court, the scheme entailed a collection by the police rather than the City, a collection that was lawful because it was made for the purpose of law enforcement. Finally, the Court held that the Commissioner erred in ordering the destruction of the database.

The Queen’s Bench decision is lengthy and includes more findings than described in this post. Though most of the Court’s conclusions are technical, it does seem to comment generally on the interpretation of municipal powers as they pertain to personal privacy and on the proper characterization of data flows. Moreover, the Court’s rather quick but clear conclusion that the collection was for “law enforcement” purposes is significant and appears to conflict with the Ontario Court of Appeal’s finding in the 2007 Cash Converters case. These points of significance aside, there is also an interesting subtext that is illustrated by the Court’s rather complete and forceful quashing of the OIPC order.

Business Watch International Inc. v. Alberta (Information and Privacy Commissioner), 2009 ABQB 10.

On December 24th, the Ontario Court of Appeal issued a judgement on the deemed undertaking rule. It held:

• That it only proscribes use and disclosure of information obtained in discovery by the recipient (and not by the provider, whose privacy interest the rule protects)
• That it acts as a shield against production in a subsequent action subject to its exceptions, including the exception for court-ordered relief
• The “interests of justice” versus “prejudice” balancing test for court-ordered relief does not protect the personal privacy interest of an individual in the records at issue

The last point arose because the records being considered by the Court included video surveillance footage and medical information of the plaintiff. She had obtained these records from her opponent in prior litigation, thereby engaging her opponent’s privacy interest. It appears that she attempted to argue that her personal privacy interest in the records was relevant to the exercise of discretion in ordering relief given the content of the records. The court disagreed, and said the only privacy interest engaged by the rule is that of a party compelled to produce records.

Kitchenham v. AXA Insurance Canada, 2008 ONCA 877 CanLII.

This is a pitch for the OBA Privacy Law section’s “What every lawyer needs to know about privacy” session.  It’s at the Metro Convention Centre on February 2nd from 1:15 pm to 4:30 pm.  Details here.

There’s a good line up, with a year-in-review talk along with sessions on the new telemarketing regulation and privacy and litigation (a favorite topic of mine).

I’ll be speaking with Professor Avner Levin on workplace privacy in a discussion moderated by Howard Simkevitz.  We’ve been planning the discussion for the last couple of days and have decided to spend a good deal of it on the workplace privacy issues related to Web 2.0.  Dr. Levin and other members of the Ryerson University Privacy and Cyber Crime Institute at the Ted Rogers School of Management have recently published a leading study on the perceptions of risk of young Canadians engaged in online socializing and how their behaviors meet with the use of online social networks by business for commercial and human resources purposes.  The study is entitled The Next Digital Divide:  Online Social Network Privacy and has attracted significant attention. We plan to hit on the major legal and policy issues relating to the workplace that flow from the study as well as touch on the key other “need to knows” about workplace privacy.

We’d love to see you there!

Dan