ONSC affirms damages award for “friend’s” leak of work schedule

On April 8th, the Ontario Superior Court of Justice affirmed a $1,500 damages award for a privacy breach that entailed the disclosure of information that the defendant received because she was the plaintiff’s social media friend.

The plaintiff and defendant were pilots who worked for the same airline. The plaintiff shared his work schedule with the defendant though an application that allowed him to share his information with “friends” for the purpose of mitigating the demands of travel. The airline also maintained a website that made similar information available to employees. The defendant obtained the schedule information through one or both of these sites and shared it with the plaintiff’s estranged wife.

There are a number of good issues embedded in this scenario. Is a work schedule, in this context, personal information? Does one have an expectation of privacy in information shared in this context? Does the intrusion upon seclusion tort proscribe a disclosure of personal information?

The appeal judgement is rather bottom line. In finding the plaintiff had a protectable privacy interest, the Court drew significance from the airline’s employee privacy policy. It said:

The policy of Air Canada, that must be followed by all employees, emphasises the privacy rights of the employees. This policy specifically prohibits any employee from disseminating personal information of another employee to third parties without express permission of the other employee. The sharing of personal information between employees is clearly restricted for work related purposes only. Permission to review and obtain this information is not given unless it is for work related purposes. If the information is reviewed and used for any other purpose, this results in conduct that constitutes an intentional invasion of the private affairs or concerns. In addition, I find that a reasonable person would regard this type of invasion of privacy as highly offensive and causing distress, humiliation and anguish to the person.

The defendant did not appeal the $1,500 damages award.

John Stevens v Glennis Walsh, 2016 ONSC 2418 (CanLII).

BCCA affirms its position on text message privacy

On April 11th, the Court of Appeal for British Columbia held that a defendant convicted of internet luring and sexual touching of a minor had a reasonable expectation of privacy in direct messages he sent to the complainant and others via a social media platform.

The trial judge had found no such expectation – a finding that rested in part on the nature of the messages. The trial judge held that the messages contained no personal information that the defendant had not posted in his public profile and were not sent to an intimate, trustworthy contact. The Court of Appeal viewed the messages differently – as “flirtatious” – and held that the trial judge rested too heavily on the “risk analysis” that characterizes American Fourth Amendment law. It reasoned:

While recognizing that electronic surveillance is a particularly serious invasion of privacy, the reasoning is of assistance in this case. Millions, if not billions, of emails and “messages” are sent and received each day all over the world. Email has become the primary method of communication. When an email is sent, one knows it can be forwarded with ease, printed and circulated, or given to the authorities by the recipient. But it does not follow, in my view, that the sender is deprived of all reasonable expectation of privacy. I will discuss this further below. To find that is the case would permit the authorities to seize emails, without prior judicial authorization, from recipients to investigate crime or simply satisfy their curiosity. In my view, the analogy between seizing emails and surreptitious recordings [as considered by the Supreme Court of Canada in R v Duarte] is valid to this extent.

In then end, the Court found a breach of section 8 but held the evidence was admissible after conducting its section 24(2) analysis.

The Court’s reasonable expectation of privacy finding follows its earlier similar finding in R v Peluco. For the context see this Law Times article.

R v Craig, 2016 BCCA 154 (CanLII).

 

 

ONSC grants permanent injunction to address vitriolic internet campaign

On April 17, Justice Broad of the Ontario Superior Court of Justice issued a permanent injunction against a privacy and defamation defendant who he said engaged in a vitriolic campaign to discredit the plaintiff and her father – victims of a violent attack and hostage taking in which the plaintiff’s eight-year-old son was killed by the defendant’s brother-in-law.

A jury found in the plaintiffs’ favour and awarded damages in an amount that has not been published. Justice Broad issued a permanent injunction – an extraordinary remedy – because there was a real possibility that the plaintiffs would not receive any payment. He reasoned:

A possibility means a chance that something will happen, and a real possibility connotes a possibility that is not speculative or lacking in support. It is axiomatic that past behavior can act as a indicator of future behavior. In my view Richard Chmura’s failure to pay the outstanding costs awards, dating back up to more than four years ago, provides a sufficient basis for a finding that there is a real possibility that Julie Craven and John Craven will not receive any compensation, given that enforcement against Mr. Chmura of the damage award may not be possible. The test for the issuance of a permanent injunction preventing any continued or repeated publication of libelous statements about Julie Craven and John Craven has therefore been satisfied.

Craven v Chmura, 2016 ONSC 2406 (CanLII).

Alberta CA comments on meaning of “personal information”

Whether information is “personal information” – information about an identifiable individual – depends on the context. The Court of Appeal of Alberta issued an illustrative judgement on April 14th. It held that a request for information about a person’s property was, in the context, a request for personal information. The Court explained:

In general terms, there is some universality to the conclusion in Leon’s Furniture that personal information has to be essentially “about a person”, and not “about an object”, even though most objects or properties have some relationship with persons. As the adjudicator recognized, this concept underlies the definitions in both the FOIPP Act and the Personal Information Protection Act. It was, however, reasonable for the adjudicator to observe that the line between the two is imprecise. Where the information related to property, but also had a “personal dimension”, it might sometimes properly be characterized as “personal information”. In this case, the essence of the request was for complaints and opinions expressed about Ms. McCloskey. The adjudicator’s conclusion (at paras. 49-51) that this type of request was “personal”, relating directly as it did to the conduct of the citizen, was one that was available on the facts and the law.

The requester wanted information about her property because she was looking for complaints related to her actions. The request was therefore for the requester’s personal information. Note the Court’s use of the word “sometimes”: context matters.

Edmonton (City) v Alberta (Information and Privacy Commissioner), 2016 ABCA 110 (CanLII).

USB key treated as a private receptacle by labour tribunal – but why?

On March 29th the Grievance Settlement Board (Ontario) held that a government employer did not breach its collective agreement or the Charter by examining a USB key that it found in the workplace.

They key belonged to an employee who used it to store over 1000 files, some of which were work-related and allegedly confidential and sensitive. Remarkably, the employee also stored sensitive personal information on the key, including passport applications for his two children and a list of his login credentials and passwords. The key was not password protected and not marked in any way that would identify it as belonging to the employee.

The employee lost the key in the workplace. The employer found it. An HR employee inserted they key in her computer to read its contents. She identified the key as possibly belonging to the employee. She gave the key to the employee’s manager, who inserted it in his computer on several occasions. The manager identified that the key contained confidential and sensitive information belonging to the employer. The manager then ordered a forensic investigation. The investigation led to the discovery of a draft of an e-mail that disparaged the manager and had earlier been distributed from an anonymous e-mail account.

The GSB held that the employee had a reasonable expectation of privacy – one so limited as not to be as “pronounced” as the expectation recognized in R v Cole. The GSB also held, however, that the employer acted with lawful authority and reasonably. The reasonableness analysis contains some helpful statements for employers, most notably the following statement on the examination of “mixed-use receptacles” (my words):

The Association argues that the search conducted by Mr. Tee was “speculative” and constituted “rummaging around” on the USB key. It asserts that if Mr. Tee had been interested in finding files which might contain government data, he would have or should have searched directories which appeared to be work related, such as EPS, TPAS or CR. I do not find this a persuasive argument. As noted in R. v. Vu, in discussing whether search warrants issued in relation to computers should set out detailed conditions under which the search might be carried out, such an approach does not reflect the reality of computers: see paras. 57 and 58. Given the ease with which files can be misfiled or hidden on a computer, it is difficult to predict where a file relevant to an inquiry will be found. It may be filed within a directory bearing a related name, but if the intention is in fact to hide the file it is unlikely that it will be. Further, the type of file, as identified by the filename extension, is not a guarantee of contents. A photograph, for example can be embedded in a Word document. Provided that the Employer had reasonable cause to view the contents of the USB key in the first place (as I have found there was in this case), an employee who uses the same key for both personal and work related purposes creates and thereby assumes the risk that some of their personal documents may be viewed in the course of an otherwise legitimate search by the employer for work related files or documents.

I learned about this case shortly before it was decided and remarked that it was quite bizarre. I couldn’t fathom why anyone would be so utterly irresponsible to store such sensitive information on a USB key. This is one reason why I’m critical of this decision, which treats this employee’s careless information handling practice as something worthy of protection. The other reason I’m critical of  this decision is that it suggests the expectation of privacy recognized in Cole is higher than contemplated by the Supreme Court of Canada – which remarked that Richard Cole’s expectation of privacy was not “entirely eliminated” by the operational realities of the workplace. Not all of our dealings with information demand privacy protection, and in my view we need to make the reasonable expectation of privacy threshold a real, meaningful threshold so management can exercise its rights without unwarranted scrutiny and litigation.

I also should say that it’s very bad to stick USB keys found lying around (even in the workplace) into work computers (or home computers), at least without being very careful about the malware risk. That’s another reason why USB keys are evil.

Association of Management, Administrative and Professional Crown Employees of Ontario (Bhattacharya) v Ontario (Government and Consumer Services), 2016 CanLII 17002 (ON GSB).

Late apology and lack of correction results in increased privacy damages award

There has been some public discussion of the recent arbitration award by Arbitrator Knopf in which she awarded an employee $1,000 in damages for breach of privacy. The following is my view about what organizations should take from Ms. Knopf’s award.

The case is about one employer who shared a medical note with another employer. The other employer also employed the employee and wanted to confirm its understanding of her fitness for work and need for accommodation.

The note the employer disclosed stated, “pt is able to perform the duties of Dietary Aide at St. Pat’s home.” The disclosure was made by a contractor who managed the employee. He also told the other employer that the employee (a) was not currently being accommodated, (b) had no work-related restrictions and (c) was working her regularly scheduled shifts.

The employer admitted liability, and it appears that damages were awarded based only on the disclosure of the medical note. This is notable because it is debatable whether it was wrong for the employer disclose “a” and “c” as noted above. The information I’ve noted as “a” is not received from a health information custodian and therefore is not regulated by statute. The information I’ve noted as “c” is also note received from a health information custodian and is also arguably not personal information. I’m not suggesting the employer was clearly right in disclosing “a” and “c,” but it was also not clearly wrong.

The most important part of the award is the damages analysis, most notably Ms. Knopf’s comments the employer’s delayed apology and lack of corrective action. She said:

This Employer has apologized to the Grievor in the course of these proceedings and affirmed its desire to maintain and to continue a positive relationship with the Grievor. However, this apology was only offered once the Union refined and narrowed the claim for relief in the course of preparation for this hearing, even though the breach of the Confidentiality Policy was apparent from the outset. Therefore almost three (3) years had gone by. The evidence also disclosed that the Employer had not required its contractors to abide by this Policy and there is no evidence to suggest that it has done so to date. Employers often criticize grievors who do not offer timely apologies in situations of wrongdoing. Employers should be held to the same standard. The apology from the Employer is clearly meaningful and significant, but it did come very late and it lacks completion, given the apparently continuing failure to insist on compliance with its Confidentiality Policy by the contractors who serve the residents and interact with the members of this bargaining unit.

The most common and preferred strategy for responding to a loss of data is to conduct a good early assessment and “take lumps” – including by issuing an appropriate apology and committing to corrective action. This case supports the use of that strategy.

St. Patrick’s Home of Ottawa Inc. v Canadian Union of Public Employees, Local 2437, 2016 CanLII 10432 (ON LA).

Data breach response – Examining evidence and determining credibility

Having good investigative capacity is essential to good data breach response. More often than not, a post-incident investigation involves gathering evidence from witnesses. Digital forensics is also a common part of a breach investigation, but digital forensic evidence typically complements other testimonial and documentary evidence. For this reason I’m sharing a presentation I did with student conduct officers at Canadian colleges and universities last week, in which my aim was to prepare the audience to deal with a more challenging “credibility case.” It is relevant to human resources practitioners engaged in an investigative capacity post-incident and is relevant to lawyers and others who act as “breach coaches.”

Big data and the workplace – a briefing note

I was recently asked to create a minimalistic briefing note on “big data and the workplace” for a group of experienced employment lawyers. Here is what I wrote.

Employers are using data analytics to derive insights about their employees. They are then using the insights to make decisions about individual employees and potential employees. The objective is to make better human resources decisions.

The first and major big data application for employers was hiring. Hiring analytics involves merging historical data about candidates and employees into a database and using software to analyze the data to identify measurable candidate attributes that correlate with successful employment.

Today, employers use data analytics for a range of other applications – those supporting performance management, health and safety and security, for example. All these applications involve a similar process, similar technology and similar techniques to those involved with hiring analytics.

The use of workplace data analytics is popular and legitimate. It is naïve to suggest that the use of data analytics is wrong-headed, though there are legal risks.

The greatest risk is the risk of liability under anti-discrimination statutes. One can hardly blame employers for attempting to determine which candidates are most likely to be successful. Some argue that the use a good predictive model can actually reduce discriminatory bias!

This optimistic view of workplace data analytics is theoretically sound, but problematic in practice. The discrimination risk exists, in part, because the predictive models are typically developed by third-parties can be poorly understood by the employer-enduser – i.e., predictive models exist in a “black box.” This may make defending the use of even the most sound model very costly and risky. And when a model produces a result that disadvantages those with certain protected personal characteristics, a human rights tribunal will certainly question “Why?” “Is there a systemic discrimination problem that underscores the result?” When diversity is now valued by business, workplace data analytics, if used mechanically, can lead organizations to swim against the flow.

Privacy is also an issue, though there is a disconnect between potential employee perceptions and actual privacy impact. Strictly speaking, analyzing data to derive insights about a population is not a use of personal information at all. Service providers and employers are wary of privacy concerns, and  usually do not publish insights about small populations (where the risk of identification is high). Employers should also communicate with employees about the nature of their analysis with a view to putting employees at ease and reducing the risk of complaints that arise out of a misunderstanding.

Ensuring the analysis is “true statistical analysis” will address part of the privacy concern associated with the the use of workplace data analytics, though there is still a significant data handling issue that will remain. Workplace data analytics involves compiling existing data (and sometimes augmenting it) to create a large data source. Even if the data source may only be used to understand a populations or groups within a population, to support sound statistical analysis it must include data that is linked to individuals. The data source could therefore be compromised and cause harm to individual privacy. Data security – particularly given the data source will almost always be handed by a third party) – is of paramount importance.

Lawyer’s communications with witnesses to harassment privileged, privileged waived

In late June of last year, Arbitrator Moore held that communications between a lawyer retained to investigate a harassment complaint and various bargaining unit members were subject to solicitor-client privilege, but that the employer waived privilege by relying on the investigator’s conclusions in its discipline letter.

The employer used a very strong retainer letter that clearly established the investigator’s mandate was to gather facts and evidence for the purpose of providing legal advice. The letter (admitted into evidence by the Union without challenge) was sufficient to establish that the sought-after communications were privileged. Significantly, Arbitrator Moore held that communications with unionized employees undertaken for the purpose of providing legal advice can still be privileged communications:

Thus, I have not been referred to any authority that supports the proposition that employees, by virtue of being unionized, are to be regarded as third parties.  While the legal rights of unionized employees are certainly impacted by the exclusive representational rights accorded to unions by statute, and may be further altered by collective agreement provisions, the employees are, in my view, still fundamentally employees of the employer.Accordingly, I do not find the fact that the employees are unionized to be a relevant consideration.  It does not alter my conclusion that they are not third parties.  The communications between the lawyer and the employees, therefore, took place within the relationship between the solicitor and the client and fall within the scope of the privilege.

Arbitrator Moore also rejected a very bold argument from the union that arbitrators should apply a distinct concept of solicitor-client privilege that provides “practical labour relations results for the participants.” Arbitrator Moore reasoned that the license given to labour arbitrators was not so broad “as to abrogate a principle as fundamental and protected as solicitor-client privilege.”

Although the employer established solicitor-client privilege and did not seek to rely on the investigator’s report at arbitration, Arbitrator Moore held that it waived privilege by relying on the investigator’s conclusion in its disciplinary letter. The letter read as follows:

The investigator concluded that your  conduct towards the complainant violated  Metro Vancouver’s Workplace Harassment Prevention Policy and directly contributed to a detrimental  work  environment  for  the  complainant  while he  was  employed  by  Metro Vancouver. Specifically, the investigator found that you were responsible for creating a harassing and discriminatory posting about the complainant and placing it in the Coquitlam guard house. In addition, the investigator found that you made discriminatory and harassing statements about the complainant in the work place. The investigator also concluded that you were not fully forthcoming with him during the investigation process. We accept the investigators [sic] findings and conclusions regarding your conduct. We conclude that your behaviour has been both discriminatory towards the complainant and has also violated Metro Vancouver’s expectations of appropriate employee behaviour.

As effective as the employer’s retainer letter was at establishing privilege, the employer’s discipline letter was a clear invitation to a waiver finding. This employer’s efforts nonetheless leaves other employers with a good road map for investigating sensitive internal matters under the protection of solicitor-client privilege. The retainer letter used by the employer is included in the award. It is a good model.

Vancouver (Regional District) v Greater Vancouver Regional District Employees’ Union, 2015 CanLII 87692 (BC LA).

Party can call evidence about contents of lost video

On January 22nd, Vice-Chair Harris of the (Ontario) Grievance Settlement Board held that an employer can call testimony from witnesses who had viewed a video tape before it was inadvertently destroyed. He held that exclusion was an inappropriate remedy for inadvertent spoliation given the employer’s case rested on the proposed evidence. He also held that the proposed evidence was not hearsay and was not excluded because the best evidence was unavailable.

The overwhelming strength of the authorities is that such secondary evidence is admissible when the trier of fact is satisfied that the original existed, has been lost or destroyed and a proper explanation has been given of the absence of the better evidence. Here, that explanation has been given and accepted by the union.

Ontario Public Service Employees Union (Phagau) v Ontario (Liquor Control Board of Ontario), 2016 CanLII 7445 (ON GSB).