Information Roundup – Volume 2013, Edition #3

Lots of good information and privacy content flowing through my Twitter network lately. Here are the highlights:

It’s getting very near the end of winter paddling season. The highlight was the Paddle With Purpose event from a couple weekends back. A group of us paddled 27 miles from St. Petersbug to Lido Key for Wounded Warriors Family Support. We paddled with the spirit of aloha, which you can FEEL in watching the beautiful video below. I’ve swung an invite to do another crazy paddle next weekend in California with some of same characters. I’m very excited. Story to be told later.

Master McLeod sets out parameters of hard drive review

Last September Master McLeod of the Ontario Superior Court of Justice issued an e-discovery order that was just brought to my attention and that makes some points about the discovery of a hard drive.

The order involves an external hard drive that a departed employee (and defendant) admitted contained his former employer’s (and plaintiff’s) information and turned over to plaintiff counsel for “forensic review.” Plaintiff counsel did not use a forensic IT specialist to review the drive. It reviewed the drive itself and segregated a number of potentially privileged files. It also discovered over 400 zip files that contained backups of information from the defendant’s personal laptop.

Master McLeod held that the defendant should review the files that plaintiff counsel had segregated as potentially privileged. In doing so, he commented that there was an honest misunderstanding about the meaning of “forensic review” and that plaintiff counsel took adequate steps to protect itself from exposure to privileged communications. Nonetheless, according to Master McLeod “conducting the document review in house without specific agreement or disclosure was less than prudent.”

Master McLeod also held that the plaintiff could continue to review the 400 plus zip files through its forensic expert. He said:

In my view this kind of analysis is best conducted by an arm’s length expert for two reasons. The first is that the data ostensibly belongs to the opposing party and will contain irrelevant confidential information (as anticipated) and apparently privileged information (which does not appear to have been anticipated by the defendant at least). The second reason is that the personnel conducting the analysis may have to be witnesses at trial and that militates against the use of in house I.T. or paralegal staff.

Notably, Master McLeod rejected a defendant argument that the zip files should not be reviewed at all based on a statement in the Sedona Canada Principles that indicates recourse to backup files should not ordinarily be within the scope of production. He held that, In the circumstances, the backup files were a potentially critical source of evidence that the plaintiff was prepared to review. The plaintiff would bear the cost of the review subject to cost recovery at the end of the day.

Descartes v Trademerit, 2012 ONSC 5283.

Nova Scotia court orders hard drive review to disclose usage patterns

On February 8th, the Supreme Court of Nova Scotia ordered the forensic review of an injured plaintiff’s hard drive because it would likely contain evidence relevant to a claim that he could only work at a computer for two to three hours a day. Although the computer was used by others (perhaps through separate user profiles, though this is unclear on the record), the Court held that use by others went to the weight of the evidence, a matter to be assessed at trial. Notably, the order contemplates a search to be conducted by a third party under a protocol proposed by the defendant.

Hat tip to Barry Sookman.

Laushway v Messervey, 2013 NSSC 47 (CanLII).

OLRB dismisses vehicle telematics policy grievances

On January 21st, the Ontario Labour Relations Board dismissed three policy grievances that challenged the use of vehicle telematics and a rule against the personal use of company vehicles without permission. Vice-Chair Silverman stressed that use of company vehicles to get to and from work was optional but of benefit to employees and said the following about the union’s “less intrusive means” argument:

The union’s suggestion that the employer use another system for monitoring use such as the PDA or the vehicle’s odometer or gas consumption,either is not germane to what the employer is permitted to do. The issue is whether the employer is precluded from using the Telematics device not whether some other device, is adequate to the purpose.

In assessing the reasonableness of the personal use prohibition, Vice-Chair Silverman recognized that the employer exercised a discretion to relieve against the prohibition and it was reasonable to do so based on a disclosure of off-work plans.

International Union of Elevator Constructors, Local 50 v Otis Canada Inc, 2013 CanLII 3574 (ON LRB).

Complaint challenging timidity of employer response to attack blog dismissed

On January 22nd, the Ontario Grievance Settlement Board dismissed a group complaint alleging that an employer failed to respond appropriately to a union blog that attacked members of management.

Vice-Chair O’Neil heard the complaint. The following is her description of the content of the blog:

The more objectionable posts in evidence allege managerial corruption or negligence, such as never seeing inmates or having “screwed up” the previous attendance management program. Others insult managers in general, using terms such as useless, pathetic, vindictive, morons and misfits. Cartoons and comments referred to attendance management procedures and imposition of discipline as “kangaroo courts”. Suspensions for excessive use of force were referred to as attacks on people just trying to do their best, and it was suggested that the safety of the staff was never a concern. Mocking allusions to acquiescing to being strip searched were used to describe those in the union accused of lacking courage to take action against policies the blogger did not like. Staff who took acting assignments and worked overtime were criticized as siding with management, and managers who work significant amounts of overtime accused of having social problems. Pay for performance was characterized as bonuses for screwing up, and it was suggested that the superintendent and deputies would get a higher percentage of pay for performance the more short-staffed the institution was.

Some, but not all of the blog’s authors were identifiable. Nonetheless, the employer chose to take a measured approach to dealing with the blog and did not discipline any perpetrators. Instead, it authored a joint memo with the local union president that encouraged respectful conduct and issued its own warning letter to those responsible for the blog. The blog then became password-protected, which members of the targeted management group did not feel was an adequate resolution. They complained.

In dismissing the complaint, Vice-Chair O’Neil said the following about an employer’s duty to respond to workplace harassment:

In respect of providing a harassment-flee workplace, it is important to acknowledge that it is not humanly possible to prevent all behaviour that amounts to harassment, defamation or disrespectful behaviour towards employees. There are very real limits to the power of an employer to anticipate and control such behaviour even in the workplace, let alone outside its physical bounds. In recognition of this reality, the law does not make the employer responsible for all actions of its employees that have a negative impact on other employees. In the area of harassment in the workplace, arbitral case law has generally found, in the absence of a contractual provision requiring it to take particular action, that an employer will not be held liable unless it has been negligent or fails to act.

Vice-Chair O’Neil held that the employer did not fail to meet any specific requirement of the applicable policy and otherwise acted within its discretion.

Lee v Ontario (Ministry of CommunitySafety and Correctional Services), [2013] O.P.S.G.B.A. No. 1 (G.S.B.).

Sask CA affirms union right to observe job interviews despite privacy claim

On January 31st, the Court of Appeal for Saskatchewan affirmed a union’s right to observe job interviews with external candidates notwithstanding the employer’s claim that the observation right should be “read down” to protect individual privacy.

The case involves a collective agreement provision that gives a union a right to observe job interviews “for which any [bargaining unit member] has applied.” At arbitration, the employer argued that the union’s observation right extinguishes after all bargaining unit members have been eliminated from a competition. It raised the privacy rights of external applicants in making this argument.

The arbitration was a disaster for the employer. The arbitrator held that the union’s right to observe was unlimited. The arbitrator also suggested that the Saskatchewan Local Authority Freedom of Information and Protection of Privacy Act required the employer to notify external candidates of the union’s observation rights and obtain their consent. The employer managed to have the latter finding overturned on judicial review by successfully arguing that the disclosure to the union was for a “consistent purpose.” It did not upset the arbitrator’s interpretation of the collective agreement provision, however, so appealed.

The Court of Appeal affirmed the arbitrator’s interpretation of the collective agreement based on the reasonableness standard of review. It also suggested that the employer’s privacy argument was disingenuous, questioning how the employer could argue that observation by the union was okay so long as bargaining unit members were in the competition but offensive to external candidate privacy interests if they were not.

Saskatchewan Institute of Applied Science and Technology v Saskatchewan Government, 2013 SKCA 8 (CanLII).

Municipality breaches privacy statute by communicating via Facebook

Last September 27th, the Newfoundland and Labrador OIPC held that a municipality breached the Newfoundland Access to Information and Protection of Privacy Act because an employee, in the course of her duties, identified the Facebook accounts of two members of the public and messaged them through her own Facebook account.

The OIPC held that this use of Facebook led the municipality to engage in an improper use of personal information and breach its safeguarding duty. One problem, according to the OIPC, was the use of a means of communication not governed at all by the municipality:

Facebook is a social media website that is accessible from any computer or device which is capable of accessing the internet. In this sense, the use of Facebook by the Town employee may be akin to the removal of personal information from the Town office. This is further exacerbated by the use of the employee’s own personal account to engage in this communication. From this perspective, the information must be protected in the same manner as used by other public bodies which allow for the removal of personal information from their facilities.

The OIPC made clear, however, that communicating personal information through a Facebook account in a public body’s name is also inappropriate. It said:

For the various security and identification issues outlined above, there is no way to ensure that personal information is properly protected on these websites. If an individual requests that communications with a public body be carried out in this manner, the public body must first satisfy itself that the identity of the Facebook account holder is confirmed, and furthermore that express consent be obtained from the individual acknowledging that the privacy of the communication cannot be guaranteed.

The OIPC gives little reasoning about why communicating through a Facebook account in a public body’s name is less secure than communicating through other kinds of corporate email services, but the concept of channelling communications that include personal information through a consumer service like Facebook (which is neither designed as an email service nor targeted at business) raises obvious concerns.

Report P-2012-001 (27 November 2012, OIPC Newfoundland).

Information Roundup – Volume 2013, Edition #2

I’ve managed a few blog posts lately but haven’t been so active on Twitter. Here, however, is what is worth a re-post:

Thanks to all those who shared these good links.

In two weeks I’ll be flying down to Tampa to paddle 27 miles with a good group of other prone paddlers from the area and across North America. The energy is building around the event, but it’s going to be hard. If you’re a regular reader of this blog please consider donating to the charity for whom we will paddle – the Wounded Warriors Family Support organization, an organization that provides support to the families of American soldiers wounded, injured or killed in battle. Or, if you’d rather, please consider making a donation to an alternative Canadian charity here.

566148_10200339847282501_1710139173_n

Social media and the law – three nuggets and one blawger’s tale #ALC2013

I’m posting this from beautiful Edmonton, where I presented at the Alberta Law Conference social media session together with Diane McLeod-McKay (Alberta OIPC, Director, Alberta PIPA) and Doug Jasinski (Skunkworks Creative Group). Thank you to our Chair and warm host, uber-librarian Shaunna Mireau (Field Law). It was a nice balanced session, with a little marketing and communication, a little core privacy and a little “other,” all of which came together nicely to give helpful picture to our lawyer audience.

I was the “other.” My slides are below and deal with (1) the “licensed communicator” concept for governing business use of social media, (2) the social media civil production cases and (3) preservation of social media evidence. I also (as asked) spoke a little about my own blogging experience, an enjoyable first.

BC Information and Privacy Commissioner Orders Release of Union Pension Plan Information

The British Columbia Information and Privacy Commissioner (IPC) recently released a decision ordering the provincial pension regulator (Financial Institutions Commission or FICOM) to release certain information about union-run pension plans to the Independent Contractors and Business Association (ICBA), an employers’ association.  What is interesting about this case is the basis upon which the unions and trustees of the union pension plans attempted to avoid disclosure; they argued that release of the requested information would harm the business interests of the pension plans.

ICBA requested copies of pension plan filings for 16 pension plans that the trade unions had sponsored.  The information requested related to the following issues: the average annual pension paid; the average accrued monthly pension; the surplus or unfunded liability from the previous valuation report; and the surplus or unfunded liability from the current valuation report for each of the pension plans.  ICBA has asked for this information to be extracted from the filings made with FICOM, rather than copies of the actual documents which were filed with FICOM.  FICOM withheld some of the information under s. 21 of the Freedom of Information and Protection of Privacy Act (FIPPA) on the grounds that disclosure would harm the business interests of the pension plans.   FICOM subsequently changed its decision to apply s. 21 of FIPPA and gave the trustees of the 16 pension plans formal notice under FIPPA that it would release the information in full.  Trustees of 13 of the 16 pension plans (“Objecting Trustees”) objected to the disclosure of the information about their pension plans and requested that the IPC review the decision of FICOM to release the information.

The pension plans were all registered under the Pension Benefits Standards Act (PBSA) which includes a provision allowing any person to request pension plan documents (generally understood to be the plan texts and amendments, rather than filings regarding funded status).  This is unlike most other provinces, which limit access to pension information to employers, members and other beneficiaries of pension plans.  (As an aside, British Columbia will be enacting new pension legislation in 2014 and has not carried this broad right of access through to the new legislation.)

In opposition to the disclosure, the unions and Objecting Trustees made the following arguments:

1. The Objecting Trustees asserted that despite being averages, two pieces of requested information “provide personal information about the members of the plans, being the income plan members draw in retirement and the amount Plan members accrue each year before reaching retirement.”  The Objecting Trustees referred to this as “sensitive personal information about its members”.

The IPC found that because the information consists of only average amounts, the information at issue was not about identifiable individuals and the information would also not reveal information about identifiable individuals, and therefore did not constitute “personal information”.

2. The Objecting Trustees argued, with the support of FICOM, that they submitted the filings from which the requested information would be obtained in confidence.  Both the Objecting Trustees and FICOM took the position that s. 22 of the PBSA did not apply to financial filings, only pension plan documents, and the financial filings were submitted in confidence.

The IPC accepted that the filings were submitted in confidence and also found that just because the filed documents may be available to pension plan members does not make such documents widely or publicly available.

3. The Objecting Trustees and the unions argued that ICBA’s motives were tainted with anti-union malice and that the ICBA’s goal is to promote an “open-shop” workplace.  The unions focused on the fact that the ICBA offers retirement savings plans (group RRSPs) that directly compete with the union pension plans.  The Objecting Trustees argued that FIPPA is not intended to give a competitive advantage, and that it is relevant that the ICBA is not seeking the information in order to ensure that FICOM is accountable, but to assist its own members in their competition for labour.

With respect to the harm to the pension plans or the unions, the IPC held that the ICBA’s motivations in seeking release of the information cannot be relevant to the outcome of the FIPPA analysis and specifically stated that whether the ICBA was motivated by a legitimate desire to promote government accountability or by its opposition to unions was not a matter which needs to be adjudicated. 

4. The Objecting Trustees also argued that  the information at issue would be used to  “undermine political and economic support for the pension plans” by allowing ICBA to generate a comparison between the pension benefits paid and accrued under the plans and the benefits paid under RRSP arrangements, with a particular focus on the under-funded status of the union pension plans.  Similarly, the unions also argued that disclosure would harm their financial interests in collective bargaining on the basis that if an employer was aware of the actual funded status of the pension plan, this would significantly and negatively affect the bargaining position of union with respect to negotiating employer contributions to the pension plan.

FICOM also recognized that the type of information requested “could reasonably be expected to harm significantly the competitive position of the union, and interfere significantly with the negotiating position of the sponsoring union and other union and non-union employers when negotiating work rates since the financial information is key to establishing competitive wage or bid rates and securing business contracts”.  However, it decided to release the information because “the date of the data is no longer such that it would place the union sponsors under a competitive disadvantage or interfere with labour relations to the extent that significant harm might reasonably result from the disclosure of the records.”

As to whether the release of the information requested regarding the pension plans would cause harm to the business interests of the pension plans or the unions, the IPC was not persuaded that disclosure of the information at issue could reasonably be expected to cause the pension plans to lose members.  The IPC also accepted that the under-funded status of the pension plans was widely and publicly known, as it has been the source of public news and information for some time.  The IPC also did not accept that the release of the information would enable ICBA to develop significantly more attractive retirement vehicles than the registered pension plans offered by the unions.  Finally, the IPC found that past disclosures of similar information have failed to evidence the harm argued by the Objecting Trustees and the unions and the IPC found that the assertion the pension plans would lose members was merely speculative and was not supported by objective evidence. 

As a result, the IPC ordered FICOM to release the requested information to the ICBA.