As I’ve posted about here and written about here, the Virginia Tech shooting has served as a good discussion point for how a post secondary institution’s duty to maintain a safe campus environment should be balanced against its duty to respect student privacy. Yesterday the University released reports from three internal committees struck shortly after the incident to examine the strengths and weaknesses of its systems. One of the reports, that of the school’s “Interface Group,” examines the security/privacy balance and echoes some of thoughts about the need for information sharing that were first expressed in the special report made to President Bush on June 13, 2007. For a flavour, here’s of one of the internal group’s seven recommendations:
Effective communication among units regarding at-risk students is essential. There are a number of recommendations intended to enhance communication in the system including conducting on-going training for personnel on the application of the Family Educational Privacy Act (FERPA) in the discussion of cases, clarifying public statements in university policy on how FERPA is applied, establishing a central university contact who has a comprehensive picture of distressed students who have been assessed by the system, clarifying policies for communicating with external agencies regarding acutely distressed students, and implementing a new policy for emergency notification for students.
According to the New York Times, a report from a panel struck by Virginia Governor Tim Kaine will be released late next week.
On July 3rd the Ontario Superior Court of Justice dismissed a motion for an interlocutory injunction in a departing employee case where the plaintiff claimed breach of fiduciary duty, breach of contract (notice of resignation and non-solicitation provisions) and breach of confidence. The claim and motion were brought after a senior investment advisor and his two subordinates joined a competitor.The award is most notable for its clear statement on the standard to be applied on the first part of the RJR-MacDonald test.
I agree that where alleged breaches of restrictive covenants or fiduciary duty are asserted in an attempt to restrict a person’s ability to engage in their chosen vocation the higher standard strong prima facie case should be applied. Where the allegation relates to breach of common law duties regarding use of confidential information to compete, the test is serious issue because it involves protection of employer’s rights as opposed to restraint of trade.
The Court held that the plaintiff did not establish the strong prima facie case necessary to support an injunction restraining further solicitation of its clients. Although the Court held that the plaintiff did establish a serious issue to be tried in its request for an injunction to restrain further use of its confidential information (client lists), the Court held that the plaintiff did not establish irreparable harm and did not establish that the balance of convenience favoured an injunction. In addressing the balance of convenience, the Court stated, “I think it is also important to consider in this discussion the interests of clients about who the fight is really all about and who are entitled to have access to the investment adviser of their choice.”
BMO Nesbitt Burns Inc. v. Ord, 2007 CanLII 2463 (Ont. S.C.J.).
On July 24, the Federal Court ordered a portion of the information that had been redacted from the report of the Maher Arar Commission to be released.
In September 2006 the Commission objected to the government’s decision to redact 1500 words from its public report on the grounds their disclosure would cause injury to Canada’s international relations, national defence or national security. It gave notice of its position and, in response, the government applied for an order prohibiting disclosure under section 38.04 of the Canada Evidence Act.
The information ordered to be released by the Federal Court can only be discerned by viewing the Commission’s Addendum because the publicly-available court decision (for security reasons) discusses principles but does not apply them to the information in dispute.
The Court applied the three-part test from Canada (Attorney-General) v. Ribic while also acknowledging that its jurisdiction should be exercised in a manner respectful of the uniqueness and utility of commissions of inquiry. Here are some of the principles it endorsed:
- A section 38.04 application is not a judicial review proceeding, and the Federal Court does not owe any measure of deference to government or its delegate. At the same time, the Court held that the Commission’s decision should be considered in answering the first and third part of the Ribic test.
- In determining whether disclosure would be injurious to national security, national defence or international relations, courts should give deference to decisions of the executive. However, the executive’s opinion must have a factual basis and be established by evidence.
- Disclosure of information that is in the public domain may still be injurious. It depends on how much information has been disclosed, whether it is widely-known, whether its authenticity has been confirmed or denied and the circumstances in which inadvertence led to its disclosure.
- Information that is critical of or embarrassing to the government cannot be protected on that basis.
- “National security,” as it is protected by the Canada Evidence Act, means “the preservation of the Canadian way of life, including the safeguarding of the security of persons, institutions and freedoms in Canada.”
- The “third party rule” (an understanding that intelligence agencies providing information to other agencies will control the information’s subsequent use and disclosure) is “of essence to guarantee the proper functioning of modern police and intelligence agencies.” Intelligence allegiances of importance should be given greater protection.
- The “mosaic effect” (an understanding that information which in isolation appears meaningless or trivial could, when fitted together, permit a comprehensive understanding of the information being protected) on its own will not usually provide sufficient reason to prevent disclosure of what would otherwise appear to be an innocuous piece of information. There must be some factual basis for the government’s mosaic effect claim.
The Court also identified seven factors to be assessed and weighed against one another to determine whether the public interest lies in disclosure or in non-disclosure.
Canada (Attorney-General) v. Commission of Inquiry into the Actions of Canadian Officials in Relation to Maher Arar, 2007 FC 766 (CanLII).
On July 7th the Ontario Superior Court of Justice dismissed a motion for an interlocutory injunction brought, in part, on a breach of confidence claim.
The treatment of the confidentiality claim is very fact-specific. Not surprisingly, Madam Justice Low held that it would not be reasonable for her to draw an inference that a company that developed and hosted an online retailer’s website misused the retailer’s confidential information merely because it had started a directly competitive business (in the adult footed pajama market, if you care).
Although intellectual property is beyond the scope of my real interest (and what I will normally speak to in this blog), you may be interested in Madam Justice Low’s obiter comments about the defendant’s improper use of the plaintiff’s trade name as a meta tag. She said:
It seems to me that an obvious (though not necessarily the only) reason for FOW’s use of the phrase “Jumpin Jammerz” as a meta tag for its website was to draw members of the internet public to its site who had some prior knowledge of Jumpin Jammerz as a vendor of pajamas and believed that they could find footed pajamas at the website associated with the words “Jumpin Jammerz”.
Had it been necessary, I would have made an order restraining the use of the phrase “Jumpin Jammerz” as a meta tag in association with FOW’s website in these circumstances given that the phrase is not descriptive of the wares and an arguable case could be made that its use as a meta tag was for the purpose of diverting or luring members of the public to a site that was not in fact connected with the business known as Jumpin Jammerz at all. It was not necessary, however, for the motion to be pursued on this issue, as the defendants have removed the meta tags to which the plaintiffs objected and do not assert an intention or desire to recommence using them.
The defendant had agreed to remove the offending tag from its website, thereby making an order unnecessary.
Pandi v. Fieldofwebs.com, 2007 CanLII 27028 (Ont. S.C.J.).
I imagine I’ve broken a cardinal rule of blog branding, but I thought I’d change the name before I do this for too much longer. I wanted to replace “Michaluk’s Information & Privacy Pages” with “All About Information” to reflect the blog’s breadth.
Privacy is a rapidly-developing area of substantive law, but it is not all that’s driving my interest. Lateral employee movement is putting pressure on organizations as they attempt to protect their confidential business information. And if the experience in the United States is a valid basis for prediction, electronic records management (or non-management as it be) is going to cause some extremely interesting developments in the law of production and access to information law in the next while.
So there it is. Part privacy, and part more. I hope you’ll enjoy!
Arbitrator Michael Bendel has recently taken a very strong stance favouring the admission of evidence collected by way of surrepetitious video surveillance. His position is encapsulated in the following statement, made in Re Greater Toronto Airports Authority and P.S.A.C, 2007 CanLII 21:
It follows that the discussions in many of the arbitral awards, on the existence of a right to privacy (or an expectation of privacy) in various jurisdictions, on the parametrs of such an interest, on the actionability of invasions of privacy, and on the reasonableness of resorting to videotape surveillance of an employee suspected of sick leave abuse, are quite beside the point. Interesting though these debates may be, I express no views on them. They proceed on the wholly mistaken assumption that there exists a discretion to exclude evidence that is tainted by an invasion of privacy. In the absence of any such discretion, either at common law or by virtue of provisions such as section 16(c), I an unable to detect any point in these discussions about the existence of a right to privacy.
Mr. Bendel endorsed these comments again in Re General Electric Canada and C.E.P., Local 544, 2007 CanLII 408.
On June 26th, the Information and Privacy Commissioner of British Columbia held that a school board met the “necessary collection” standard in the British Columbia Freedom of Information and Protection of Privacy Act in its use of an online assessment tool for teacher recruiting. He also held that the Board had complied with the FIPPA security standard and the Act’s requirement for storing and accessing personal information outside of Canada (as the assessment was administered by a third-party with databases located in Nebraska).
The “necessity” ruling is broad in its analysis. The Commissioner held that the meaning of necessity depends on the context:
At the same time, I am not prepared to accept, as the Complainants contend, that in all cases personal information should be found to be “necessary” only where it would be impossible to operate a program or carry on an activity without the personal information. There may be cases where personal information is “necessary” even where it is not indispensable in this sense. The assessment of whether personal information is “necessary” will be conducted in a searching and rigorous way. In assessing whether personal information is “necessary”, one considers the sensitivity of the personal information, the particular purpose for the collection and the amount of personal information collected, assessed in light of the purpose for collection. In addition to FIPPA’s privacy protection objective is also relevant in assessing necessity noting that this statutory objective is consistent with the internationally recognized principle of limited collection.
On this standard, he held the Board’s collection of personal information was necessary. Although the Board had successfully recruited teachers for years before implementing the new assessment process, he accepted evidence that the new process was efficacious in identifying the best teachers and allowed the Board to more rapidly screen a large number of candidates.
The USA Patriot Act part of Commissioner Loukidelis’s award is more fact-specific, but also demonstrates a pragmatic approach. Although he held that the Board was compliant, the Commissioner did recommend that the service provider take steps to replace identifying information with unique numerical identifiers for the purposes of permanently storing data.
Note that the collection standard in the British Columbia Act is essentially the same as is included in Ontario’s public sector privacy legislation. The Ontario standard was recently considered by the Ontario Court of Appeal for the first time the Cash Converters Canada Inc. v. Oshawa (City) decision, released on July 4th. The Court adopted the standard endorsed by the Ontario Commissioner, which arguably more rigid and restrictive than the one described above.
Order F07-10 (B.C.I.P.C.).
On July 31st the British Columbia Court of Appeal held that a plaintiff who was granted an Anton Piller order based on a material non-disclosure should not be prohibited from using an e-mail obtained in the search.
The plaintiff (who was unrepresented) obtained an ex parte order requiring the defendant to disgorge computer hardware and electronic and physical records related to his claim. At the same time he, was denied an Anton Piller order and granted leave to re-apply if he served a notice of application on the plaintiff the same day. The plaintiff executed the disgorgement order but did not serve the notice. When the defendant did not comply, the plaintiff applied for an Anton Piller order before a different judge and did not disclose service condition imposed by the first judge. He also drafted and entered an order broader than disclosed in the transcript of the proceeding (in that it allowed for both seizure and copying and not just seizure).
Although the Court acknowledged the high standard on a party seeking an Anton Piller and noted that the plaintiff deliberately mis-drafted the order, it held that enjoining use of the e-mail would do too great an injustice to the plaintiff. In balancing interests, it relied on (1) the fact that the motion to discharge the search order that was under appeal was brought over a year after the search, (2) that the defendant did not have clean hands in that the search was ordered after his failure to comply with the disgorgement order (in which the e-mail ought to have been produced) and (3) that the e-mail was central to the dispute. The Court also held that the chambers judge erred in excluding a single e-mail because of its relevance to the dispute.
Solara Technologies Inc. v. Beard, 2007 BCCA 402.
Hello? Is anyone there?
I’m Dan Michaluk, and this is my blog. In the last few years I’ve spent a lot of time on the internet reading other people’s blogs. The medium is amazing and I’ve learned lots from other’s generosity in sharing their information and knowledge. Now that I’m writing this, part of me’s wondering what I’ve been waiting for.
I am a lawyer at a firm in Toronto, Canada called Hicks Morley. We’re the biggest management-side labour and employment law boutique in Canada, but my practice is a little anomalous for the firm because I specialize in information and privacy, which I like to define broadly as including (fascinating) subjects such as the law of confidential business information, the law of production (including e-discovery) and records management. We also have a very strong client base in the secondary and post-secondary education sectors, and I’ve been lucky to do a significant amount of rewarding work with education sector clients. My official bio is here, and for more about me please check out my about page.
I got inspired to do this when I had a thought at about routine e-mail surveillance but didn’t know where to publish it. We have a client newsletter called the Hicks Information and Privacy Post. I edit it with my good colleague Paul Broad, but its a quaterly and essentially a case law update. I really enjoy it (and please e-mail me if you’d like to subscribe) but it’s written in my “Hicks voice.” My thought about e-mail surveillance was the kind of thought you write in an e-mail to a colleague just so you have it down – also the kind of thought you could work into a paper by spending a lot of time on it (but that will never have significantly more value than when it was simply a thought). So I decided I needed to start this blog.
My plan is to make at least a couple of posts a week. I like to scan and read a lot of information and privacy case law, so I’ll post summaries here regularly. I’ll also try my best to post an original thought once and a while.
If it all works out as planned I’ll learn lots while making some friends and business contacts. I hope you come back often and enjoy.