On January 31, the Alberta Court of Appeal quashed a procedural appeal brought by a non-party to a longstanding commercial litigation dispute and, in doing so, made some comments on the use of information gathered in the discovery process.

The non-party appealed from an order which granted the plaintiffs partial relief from the implied undertaking and a confidentiality order. The non-party claimed the order caused it prejudice in a second related action, presumably in which it was a defendant. The Court rejected the prejudice argument (emphasis in original):

Since counsel for the appellant argued that he would be prejudiced if his client could not appeal, we went beyond mere status and inquired into the nature of the prejudice or injustice suggested. He seemed to think that the order under appeal put into evidence in the second suit against him, information gathered largely without his participation, even his knowledge, in the first suit.

That suggestion of ex parte injustice is not correct. Both the implied undertaking restricting the use of information got through discovery, and confidentiality orders, merely add an extra impediment to attempts to use evidence for purposes outside the original lawsuit. If those impediments are removed, then the information in question simply has the same status as all other information lying about in the great wide world.

The first rule of the law of evidence is that courts will not receive all information as evidence. Much of it is inadmissible: most hearsay, for example, and all irrelevant information. Therefore, waiving the implied undertaking rule, or lifting a confidentiality order, has no effect on such inadmissibility. What is inadmissible as evidence for other reasons other than confidentiality or implied undertakings remains inadmissible. To lift a confidentiality order or the implied undertaking merely allows the parties to another action to tender the information as evidence. It has no influence whatever on the judge or master’s decision about whether to accept it as evidence. The usual common-law rules of evidence (as modified by statute or Rules of Court) still apply.

The Court also noted that the order appealed from gave the non-party an express right to raise the matter of fairness in the second action.

Dreco Energy Services v. Wenzel Downhole Tools, 2008 ABCA 36 (CanLII).

The judiciary should confine itself to those incremental changes which are necessary to keep the common law in step with the dynamic and evolving fabric of our society.

Iacobucci J. in R. v. Salituro

* * *

I’ve stayed away from Web 2.0 issues on this blog until now. But when a colleague who I wouldn’t have guessed called me the other day and was quite obviously flabbergasted about how powerful the Facebook application is, it confirmed my very non-original opinion that this phenomenon of people posting personal stuff on the internet could change the shape of privacy law.

I was a resister at first, not of the technology, but of the technology as something that was going to change the law as we know it. You see, I’m a former research lawyer and (as you know) like to follow developing case law. Through this affair of the heart I’ve learned that nine out of ten judgements are confined to their facts. The tenth is usually one I can squeeze some meaning out of, formerly in our internal firm newsletters and now in this blog. I know well that incremental change is truly the norm for the common law. So even as a user of Facebook that was fully-aware of the new masses of people taking control of the internet’s content, I was sceptical (or clueless) that Web 2.0 meant much for privacy law.

My non-belief was aided by my practice as a management-side employment lawyer. We get asked to help employers manage employees who post bad things on the internet all the time. Most of the time we rely on contractual rights, hopefully ones that are helped by a nice “blogging” policy so employer interests can be protected without having to rely on an argument that “employees ought to have known.” Like maybe a policy that tells employees that saying an improper thing to 350 Facebook friends can cause just as much harm as saying it to the world and, hence, will be treated as such. Disputes about off-duty conduct and about how far an employer’s right to regulate an employee’s private life goes have been litigated in Canada for years. Not simple by any means, but nothing new.

Then came the harder files. Former employees don’t have employment contracts. They can have a duty to keep information confidential, but in Canadian law the duty is based on the circumstances under which information is communicated and received. Disparagement of a former manager doesn’t fit, and as a result I’ve gained a rather quick interest in the law of defamation. But what if a former employee publishes a true but embarrassing or harmful fact about a former manager? Or a patient or client? Think about an accurate and fair account of bad management. Say it includes a manager’s home phone number stolen from a personnel file. Or maybe a nurse posts information about a patient’s medical condition on a Facebook page. If employee and patient privacy is regulated, the organization may be in for a problem with a privacy regulator (though not likely for disclosure of the bad management story). But does it have a legal means of acting against the rogue former employee to contain the breach? Does the manager or patient for that matter? What the heck is the basis for the claim?

What’s that? “A new common law right of privacy,” you say?

I am happy that I work with many fair and reasonable organizations, but I’m not really in the running for the “new invasion of privacy tort and implied (contractual) privacy rights advocate-of-the-year” award. We’re only inching our way towards court-based recognition of privacy rights in Canada. Though a newly-recognized privacy right would cause some constraint on management, the example above shows that new bases for protecting privacy would at least fit with some management interests. I think most employers would feel compelled to take action to protect a manager whose privacy is under attack by a former employee simply as a matter of good human resources. A novel confidentiality clause in an employment contract may take employers part of the way provided it hits the right level of post-employment restrictiveness, but such a clause would only invite the truly important question: what types of restrictions on expression ought to be imposed or enforced by a court in the name or privacy?

So I’m a believer now. I’ve mentioned before that I recently read Daniel Solove‘s book, The Future of Reputation. It’s a great read, and got me thinking about privacy law and its relationship to freedom of expression, an issue of balance that I don’t get exposed to when working with very technical privacy regulation on a day-in and day-out basis. It also helped me unlock a link between privacy, the law of defamation and even intellectual property that I hadn’t fully understood and that is critical to our developing common law of privacy. Web 2.0 will push the common law along, maybe incrementally, but likely at a pace that reflects a true social phenomenon. We might expect bad decisions and confusing jurisprudence given the pace of change, but we’ll soon enough have a rational governing common law.

But, of course, the significance of Web 2.0 raises other challenging issues.

There’s the increasing significance of the principle of practical obscurity – the one that says information can still be private (or one’s interest in keeping something private can subsist) even if it is exposed to some unauthorized or limited authorized access if it is so buried that the information remains obscure. This has been a part of privacy law for some time, recognized as early as 1989 by the United States Supreme Court in Reporters Committee, but it is a principle that should now have an increasing importance as privacy law develops.

Then there’s the merging of professional and personal reputation and its impact on workplace privacy law. My loving and understanding wife accepts that I “work” all the time and in turn brings her own laptop to our dinner table – which, appropriately enough, is four feet high and more of a casual dinner “bar.” I also have a mainly professional blog but a deep craving to blow the barrier between my personal and professional personas apart by revealing more and more of myself online. If I’m going to be on-duty all the time I’d better do it in my own skin or I’ll be bound for misery and burnout eh?

I assume the way I work is not atypical for a year 2008 knowledge worker in his or her mid-30s, and therfore ask the following: Have we surrendered all privacy to our employers? Or is a new legal framework for employee privacy needed now that the “workplace” is boundless and there is no true “off-duty?” If the boundary between the workplace and the outside world is disintegrating, where should courts now draw the line between what an employer is and is not allowed to know about its employees?

Can you tell I’m excited? Thanks for listening to my story and my ramblings. I’m looking forward to watching this play out and following the developments. If you have any good readings to further feed my interest please let me know. See ya!

Not bad for a dead of winter weekend. A monochrome out and back paddle from the famous R.C. Harris Water Filtration Plant to the not-so-famous Ashbridges Bay Water Filtration Plant on Saturday. On Sunday, a nice brunch with Seanna and Hugo and then another paddle with just me and the long-tail ducks that winter on the lake.

Here are my good reads of the week.

• Ronald K. Perkowski, Coping With the EDD Drumbeat. There are lots of articles on controlling the cost of electronic discovery, but I’d call this one “contrarian” and even “radical” in that it shoots hard at consultant, vendor and external counsel practices. By in-house counsel at Haliburton Company. (Law.com)
• Stewart Weltman, Lean Litigation Practice. I like the ideas here: avoid the lawyer as firefighter syndrome; analyze the case in advance; develop your best case story; create a roadmap and a budget; and litigate with the goal of winning, not settling. (ABA Section of Litigation)
• Jennifer Stoddart, Response to Industry Canada’s PIPEDA Consultation. A letter from the Privacy Commissioner of Canada. Includes an interesting request for a new discretion to decline to hear complaints that are frivolous or (confining her mandate even further) not in the public interest. (Privacy Commissioner of Canada)
• David Fraser, US Department of Commerce privacy incident response plan. David links to the Department’s risk assessment matrix for breach notificaiton. I like the concept of having a tool for rapid risk assessment for supporting breach response. You’re sometimes forced to make big dollar decisions on gut without one, and finding an expert to put him or herself on the hook is hard. This is about the most practical model I’ve seen, but I wonder how valid it is. If anyone knows of any other risk assessment models please let me know. (Privacylawyer.ca)

I’ve been listening to the Great Lake Swimmers all weekend too. Just a great indie-folk band from Toronto. You can listen here. See ya!

On January 22, the British Columbia OIPC released an investigation report dealing with a complaint brought by eight environmental organizations which alleged three ministries were suffering from systemic flaws in their processing of FOI requests. Commissioner Loukidelis held that further analysis would be required to make a firm finding, but that there was some basis for an allegation of a “systemic problem” at the MOE. This was enough to make the MOE agree to a remedial plan with six core tasks.

Investigation Report FO8-01, [2008] B.C.I.P.D. No. 5 (QL).

No paddling this weekend. You’d be surprised how warm today’s wetsuits are. They can take you to minus ten centigrade comfortably, but in fresh water you get a lot of ice-up below minus five and if its windy getting in and out of the water can be pretty unpleasant. To rub my landlocked status in, I got surf reports (with pictures) from my friends Alex in Nova Scotia, Jean-Luc in Santa Barbara and Jan in Raglan, New Zealand. Can you tell that I get cranky when I don’t get in the water?!

Anyway, I came back to the law on the basis that pursuits of the legal kind can be as good a means of finding enlightenment as the aquatic. On that note, here’s what I read of interest this week.

• Randy Cohen (The Ethicist), Anonymity Breach. An ethical (and legal dilemma) on investigating the identity of a student who writes discriminatory teaching evaluation under a promise of confidentiality. (New York Times)
• Ellen Nakashima, In Child Porn Case, A Digital Dilemma. Covers an appeal that addresses whether a decryption order in furtherance of a child pornography investigation would violate the right against self-incrimination. (Washington Post)
• Pete Yost, White House Missing CIA, Iraq E-Mails. The Washington Post has had the leading coverage on the allegations that the White House has failed to comply with the Presidential Records Act, now scheduled for a February 15th hearing by the Committee on Government Oversight and Reform. (Washington Post)
• Ellen Perlman, Delete at Your Own Risk. Food for thought for freedom of information coordinators and government records managers. I agree with the basic premise, but disagree to the extent the article suggests that retention beyond statutorily-mandated retention periods is necessarily a good risk-management practice. (Governing.com)

Enjoy!