SCC articulates rule on testimonial self-incrimination

On Wednesday a 6 – 3 majority of the Supreme Court of Canada held that section 13 of the Charter does not prevent a Crown prosecutor from using prior compelled testimony for impeachment purposes if the testimony does not prove or assist in proving one or more essential elements for which the witness is being tried.

The accused crashed a motorcycle. His passenger sued and the police laid dangerous driving and impaired driving charges. On discovery in the civil matter the accused said he had no memory of the events of the day. At his criminal trial the accused gave a detailed account of the events of the day. The Court granted the Crown leave to cross-examine the accused on his discovery testimony. The Crown successfully discredited the accused based on his conflicting testimony.

The majority, in a judgment written by Justice Moldaver, held that use of the discovery testimony for impeachment purposes did not breach the accused’s rights under section 13 because the discovery evidence was not “incriminating.”

Justice LeBel, for the minority, strongly criticized the majority for causing an unprincipled departure from the Court’s unanimous 2005 judgment in R v Henry. This departure, he argued, will invite uncertainty in criminal matters and discourage full and frank testimony. The latter issue was of interest to the Advocates’ Society, who argued in intervention that a bright-line rule is needed to protect the integrity of the civil discovery process.

R v Nedelcu, 2012 SCC 59 (CanLII).

Nova Scotia judge deals with FOI requests, responsiveness and “mixed” e-mails

On October 22nd, Justice Scanlan of the Nova Scotia Supreme Court said the following about the responsiveness of e-mails in disposing of an FOI appeal:

There are a couple of issues that I wish to address further. It appears the initial review officer may have taken the position that the Respondent could not withhold documents on the basis that they were irrelevant. The Respondent referred to those materials as “not applicable”. According to the Respondent the Review Officer suggested there was no recognized exemption under FOIPOP legislation for “non applicable” materials. Any such ruling would defy commonsense. What possible relevance would it be to the Appellant if someone commented in a document that their grandmother had a wart removed from her nose. (Not that any such comment was made in the redacted materials). With e-mail communications the author on a number of occasions mixed personal or non relevant communications with information which was properly disclosed. The personal, non relevant, information is not something to which the Appellant is entitled to access. There are some things in records, such as e-mail, which are clearly irrelevant and should not be disclosed. The types of documents that fall inthe “not applicable” category include, for example notes from unrelated investigations or proceedings. The Appellant has no right to see those types of documents just because they are in an officer’s notebook. As I have noted, to suggest non relevant documents are to be produced on a FOIPOP application defies common sense and the scope of the legislation.

Under a strict analysis the “responsiveness” of an entire record is assessed against the wording of an FOI request. Justice Scanlan supports a more purposive approach (which reflects common practice) in which parts of records that are unresponsive may be redacted.

Stevens v. Nova Scotia (Labour ), 2012 NSSC 367 (CanLII).

Ont CA rejects Charter challenge to health regulator investigation power

Today, the Court of Appeal for Ontario held that the power to issue a summons without judicial authorization that is granted to investigators appointed under the Health Professions Procedural Code complies with section 8 of the Canadian Charter of Rights and Freedoms.

Section 76(1) of the Code gives investigators appointed by a college of a regulated health profession the power to summon a person to give evidence on oath or produce evidence relevant to the subject matter of an investigation. The appellant – a doctor whose license was revoked for engaging in acts of sexual misconduct with three boys – argued that the power is wide-sweeping, prone to misuse and disproportionate in light of the legislative purpose underlying the Regulated Health Professions Act and its Code.

The Court dismissed this challenge.

In interpreting section 76(1) (subsequently amended), the Court held that it creates a power to inquire into all forms of professional misconduct and not merely inquire into the treatment of patients. Though this scope is associated with a greater intrusion into members’ private lives, the Court noted that the profession itself controls the scope of the conduct it regulates by articulating what “otherwise private” activity constitutes professional misconduct. It further held that section 76(1) is narrow in the sense that it only authorizes a seizure of information that is relevant to an investigation that has been duly authorized under the Code based on reasonable and probable grounds. The Court held that the registrar of a college must specify the misconduct alleged in authorizing an investigation so that an investigator’s powers are properly constrained, but also held that the Code‘s failure to require such specification did not render it unconstitutional.

The Court then endorsed the Divisional Court’s finding that the power in section 76(1) is reasonable based on the following factors:

  •  The investigation it supports is a regulatory investigation and not a criminal or quasi-criminal investigation.
  • A power of summons is less intrusive than a power to enter and search a premises because it can be challenged prior to being answered.
  • Appointment by a college based on a belief in misconduct on reasonable and probable grounds is a precondition to exercising the summons power.
  • There is a strong public interest in regulating health professionals.

The Court also dealt with an abuse of process/delay argument that I have not covered here.

Sazant v College of Physicians and Surgeons of Ontario, 2012 ONCA 727.

HRTO dismisses complaint that school board used Ontario Student Record in its defence

On September 19th, the Human Rights Tribunal of Ontario dismissed an application that alleged a school board breached the Ontario Human Rights Code by using an Ontario Student Record in defence of a prior application.

Section 266 of the Ontario Education Act deems an OSR to be “privileged for the information and use of supervisory officers and the principal, teachers and designated early childhood educators of the school for the improvement of instruction and other education of the pupil.” It also explicitly states that an OSR is not admissible in evidence without parental consent.

In the prior application (which involved the same parties), the board had used the OSR in its response. This led the applicant to seek an order prohibiting the respondent from further relying on the OSR. The Tribunal denied the applicant’s request and, instead, held that it would dismiss the application as an abuse of process unless the applicant provided a consent. The applicant withdrew its application and filed a subsequent application that directly attacked the board’s use of the OSR, which the applicant alleged was discriminatory and a reprisal.

The Tribunal held that the board’s actions were absolutely privileged. It said:

The entire Application in this case is based on statements made in the respondent’s pleadings and the pre-hearing disclosure of documents to the applicant by the respondent in the course of a proceeding before the Tribunal. The respondent’s impugned statements and actions were thus clearly made and/or performed on occasions of absolute privilege. The applicant therefore cannot rely on them to found a claim under the Code. The Application must be dismissed on this basis alone.

The Tribunal also held that there was no reasonable prospect that the applicant would succeed on the merits.

GA v York Region District School Board, 2012 HRTO 1787 (CanLII).

Alberta OIPC deals with use and disclosure of work e-mails in recent order

On September 11, 2012 the Alberta Office of the Information and Privacy Commissioner upheld a complaint that dealt with an employer’s retrieval and use of e-mails from its work e-mail system. The decision suggests that information in e-mails from a work e-mail system that are accessed and used as reasonably required for an employment-related purpose are regulated as “employee personal information” under Alberta PIPA regardless of their content.

Background

The employer is a union who temporarily employed the complainant as a business agent. Towards the end of his employment, the complainant applied for selection into a permanent position by way of a job competition. On his last day of employment, while the competition was underway, some members of the internal evaluation committee for the competition reviewed the complainant’s e-mails; at times the OIPC decision frames this review as being for the (routine) purpose of performance assessment and at other times it frames the review as investigatory (and in response to some specified concerns).

Upon review of the e-mails, the committee members discovered an e-mail received by the complainant that invited him and a member of the selection committee to a meeting about “defeating” the employer’s president and another candidate for the position. This e-mail and 13 others of a similar kind were of concern to the employer because they suggested its job competition process would not produce a fair result. Later, the employer’s president read parts of the 14 e-mails aloud at a meeting of the general membership to support an executive committee recommendation to disband the internal evaluation committee.

Issue

The complainant argued that the employer’s use and disclosure of his e-mails contravened Alberta PIPA. Apparently he did not take issue with the employer’s search itself given the e-mails in question were all sent and received on the employer’s system.

Decision

Most importantly, the OIPC held that the employer’s initial use of the 14 e-mails was a use of “employee personal information.” It said:

While the E-mails were not always in relation to the Complainant’s own employment duties, they were in relation to the affairs of the Organization, which is sufficient for them to “relate” to the parties’ employment relationship.

Therefore, when the Organization initially reviewed the E-mails for the purpose of evaluating the Complainant’s performance as Relief Business Agent, the Organization was, in that particular context, reviewing the Complainant’s personal employee information. In further reference to the definition of “personal employee information”, the E-mails were “reasonably required” by the Organization in that they were part of the record of the Complainant’s performance, which he was reasonably required to create by virtue of his 89-day trial period in the position. Nothing turns on the fact that some of the E-mails were not in relation to the Complainant’s specific duties, as the fact that he sent or received them was still relevant to his overall performance.

This reasoning suggests that an employer’s purpose in dealing with e-mails on its system (even “personal use” e-mails) will govern how the information in the e-mails is characterized under the Act. The review of system e-mails for an employment-related purpose will generally mean the information in the e-mails qualifies as “personal information,” but provided the review is reasonably required, the same information will also qualify as “employee personal information.” This is of critical significance to Alberta employers because consent is not required to collect, use and disclose employee personal information under Alberta PIPA unless an exception to this general rule applies.

One such exception, which the OPIC held was engaged in this case, is an exception for a failure to provide “reasonable notification that the information is going to be used and of the purpose for which the information is going to be used.” In essence, the OIPC held the employer lost the ability to rely on the more liberal rules that apply to the use and disclosure of employee personal information under Alberta PIPA because it had no acceptable use or other policy to make the employee aware that his e-mails might be reviewed for an employment-related purpose or otherwise. Most Alberta employers will have an applicable policy, but to avoid the fate that befell this employer they should ensure their policies articulate the specific business purposes for which e-mails may be accessed. (For more on this point, see here.)

Please note that there is more to this complicated decision than the aspects that I’ve covered here, including content on the scope of the so-called “investigations exemption.” Ultimately, the employer was not able to establish that it was properly authorized to use the e-mails for either its employment-related purpose or its (secondary) administrative purpose.

Order P2012-06 (Alberta OIPC, 12 September 2012).

Hat tip to Barbara McIssac, who is now blogging with a team of BLG lawyers at The Law of Privacy in Canada Blog. Welcome to the blawgosphere!

Arbitrator upholds discipline for taking photos in the workplace and refusing to delete

On October 2nd, Arbitrator Albertyn partly upheld a suspension issued for taking photos in the workplace without authorization and refusing to delete them as directed. Here is what he said:

I have found that the Grievor refused to delete the photographs of the restaurant from his cellphone when asked to do so by the Employer. The images were likely of the restaurant, of an employee and of its proprietor. These images did not belong to the Grievor. All or some of them belonged to the Employer. The Employer was entitled to require that the Grievor delete them. That was a legitimate instruction from the Employer to the Grievor. His refusal amounted to insubordination.

The employer did not have a policy, and posted a memo that addressed photo taking in the workplace after the incident. Arbitrator Albertyn suggests that the employer did not need a policy to order the photos to be deleted.

Swiss Chalet Restaurant #1178 v United Food & Commercial Workers Canada, Local 206, 2012 CanLII 57387 (ON LA).

ISP disclosure decision touches deep questions about anonymity, third-party interests

The Court of Appeal for Ontario issued a significant judgment yesterday in which it held that the police did not breach section 8 of the Charter by obtaining the identity of an anonymous internet user without judicial authorization. The decision touches deep questions about anonymity and the rights of citizens (corporate or otherwise) to help law enforcement.

The case is about a child pornography investigation that started with a concern about the trading of contraband on a German website. The trading was done openly, but under the cover of pseudonyms. The RCMP obtained information that child pornography had been downloaded to computers at various IP addresses in Canada. It requested and obtained information from a Canadian internet service provider (ISP) that linked three downloads to the accused.

The key issue for the Court was whether the accused had a reasonable expectation of privacy in the circumstances. The same issue was before the Court of Appeal for Saskatchewan in two cases last year, and it reached a different reasonable expectation of privacy finding in each case, arguably because the commercial terms imposed by the ISP in each case differed.

One key to the Court of Appeal for Ontario’s rejection of a privacy claim is its characterization of the information at issue. The Crown argued that the ISP merely disclosed a name and address. The defence argued that the ISP disclosed information that would reveal “browsing history” and “the details of an individual’s Internet activities.” The Court accepts neither position. It characterizes the information as follows:

The police did not want the subscriber information so as to be able to identify the appellant as a customer of Bell Sympatico. That fact alone was of no value to the police. Nor does the appellant contend that he has a reasonable expectation of privacy with respect to the fact that he is a client of Bell Sympatico. The police wanted the information because they believed it could potentially identify the appellant as the person who had anonymously accessed child pornography on three separate occasions over the Internet. Translated into the content neutral language required for the purposes of s. 8, the police wanted the information because of what it could potentially tell them about the appellant’s Internet activity on three occasions. They sought to connect an identity to certain activity: see Slane & Austin, at pp. 500-503.

The Court’s reference to “content neutral” pays heed to case law that establishes that the protection afforded by section 8 of the Charter should not be debased by framing the activity that the proponent seeks to protect as criminal and therefore unworthy of protection. R v Wong, for example, was a case about the surveillance of unlawful gaming in a hotel room. The Supreme Court of Canada said that the privacy interest at stake was about the right to use a hotel room in private, not the right to use a hotel room for unlawful activity in private.

But does yesterday’s decision really treat the privacy interest at stake as neutral?

In the above quote the Court links the interest at stake to the anonymous downloading of pornography. It explains that broader, more neutral framing is not possible based on the record:

I cannot, however, go so far as Mr. Dawe, and counsel for the intervener, who relying on the comments of Cameron J.A. in Trapp, at paras. 32-37, argue that the information sought by the police would provide “an electronic roadmap of the appellant’s travels on the Internet”. That description, while consistent with the language used in Trapp, at para. 36, goes beyond the evidentiary record in this case. Adapting the intervener’s metaphor to the evidence adduced here, I would say that the police sought information capable of putting the appellant at a specific place, at a specific time in the course of his travels on the Internet.

The only activity occurring at the specific place and specific time at issue is criminal activity. The Court’s framing is proper based on evidence that established the dynamic nature of IP addresses, but it points to criminal activity and is therefore not neutral.

Then, in another very significant part of its analysis, the Court assigns significant weight to the ISP’s interest in “preventing the criminal misuse of its services.” It says that it is legitimate for an ISP to choose, for reasons relating to civic engagement or out of pure self-interest, to make a limited, voluntary disclosure to police – especially so given the repugnance of child pornography.

This analysis rests on far more fundamental concerns than an analysis that focuses on the commercial terms between an ISP and its subscribers. As the Saskatchewan cases might illustrate, an analysis that rests on commercial terms is flimsy and leaves to much to depend on a private arrangement that may vary by circumstance. An analysis that rests on a system owner’s interest in preventing the use of its property as an instrument of crime is strong. It is the kind of analysis that employers (also system owners) have said is missing from the Court of Appeal for Ontario’s last third-party disclosure decision, R v Cole.

Recognizing that system owners have a legitimate interest in preventing misuse of their systems may be strong and proper, but it is not neutral. The Court addresses this by saying that the nature of the offence under investigation is relevant to the reasonableness of an ISP’s response to a police request, but not the reasonable expectation of privacy analysis itself. Is this really a meaningful distinction?

All of this is to stress the complexity of this decision, with which I agree. People who trade child pornography engage in criminal activity in public and in a manner that creates an obvious digital trail. They hold the thinnest veil of anonymity, the maintenance of which rests on the outlook of an ISP. Whether an ISP should be able to take a value-laden, non-neutral stance against crime seems like it will be the fighting ground on any appeal.

R v Ward, 2012 ONCA 660.

SCC grants protection to cyberbullied youth – two questions

The Supreme Court of Canada issued a decision in a highly-anticipated cyberbullying decision today. It held that children who are subject to sexualized cyberbullying, as a class, deserve privacy protection – at least enough protection to justify allowing them to proceed anonymously. After a quick first read of what will be a very discussed decision, I raise two questions for consideration.

Question one – What does proceed anonymously mean?

The Court used the term “proceed anonymously,” which it did not define. The applicant, notably, had merely requested that she and her litigation guardian be referred to by initials in all documents on the court record. By the Court’s somewhat qualified rejection of the applicant’s (other) request to ban publication of the allegedly defamatory Facebook postings, the Court seems to suggest that “proceed anonymously” means something more. The Court said, “If the non-identifying information [in the Facebook postings] is made public, there is no harmful impact since the information cannot be connected to A.B.” This suggests that “proceed anonymously” refers to an allowance to use initials plus a limited publication ban on identifying information.

Question two – What is the protected class?

The other question about the decision is about the scope of the class the Court intended to protect. Some text in the decision would suggest the class is limited to children subject to sexualized cyberbullying:

The girl’s privacy interests in this case are tied both to her age and to the nature of the victimization she seeks protection from. It is not merely a question of her privacy, but of her privacy from the relentlessly intrusive humiliation of sexualized online bullying

As a result, in an application involving sexualized cyberbullying, there is no need for a particular child to demonstrate that she personally conforms to this legal paradigm.

At the same time, the Court made a number of broad statements about the impact of bullying on children in general, whether online or in the physical world and whether sexualized or based on some other vulnerability. For example:

If we value the right of children to protect themselves from bullying, cyber or otherwise, if common sense and the evidence persuade us that young victims of sexualized bullying are particularly vulnerable to the harms of revictimization upon publication, and if we accept that the right to protection will disappear for most children without the further protection of anonymity, we are compellingly drawn in this case to allowing A.B.’s anonymous legal pursuit of the identity of her cyberbully.

Perhaps the best way to read the decision is that its binding effect extends to sexualized cyberbullying, but it is also authority for like protection in other bullying scenarios experienced by children.

AB v Bragg Communications Inc, 2012 SCC 46.

IPC/Ontario issues report on outsourcing to USA resident vendors and more

On June 27th, the Information and Privacy Commissioner/Ontario issued a significant report on the Ministry of Natural Resources’ use of an American company to maintain the primary database for its hunting and fishing licensing system.

The Commissioner has made public statements downplaying the significance of the USA PATRIOT Act to data security outsourcing risks, but this is the first time she has expressed these views formally. She says:

There may be no greater area of confusion and misunderstanding than fear of the PATRIOT Act. The PATRIOT Act has invoked unprecedented levels of apprehension and consternation – far more than I believe is warranted. For the reasons outlined on pages 5 and 6, the feared powers were available to law enforcement long before the passage of the PATRIOT Act, through a variety of other legal instruments. In my view, these fears are largely overblown, and focusing on them unduly constitutes a pointless exercise. I believe it is far more productive to compel organizations to be fully responsible and accountable for the services they provide or outsource. As noted earlier, my position on this remains that you can outsource services, but you cannot outsource accountability. Flowing from that, one critical question prevails: Have reasonable steps been taken to ensure privacy and security, regardless of where the data resides? The measures taken by MNR, as described in this report, represent a good example of such accountability.

This is of help to Ontario public sector institutions who have needed to account for significant perceived risks related to the PATRIOT Act in approaching hosted service projects, many likely associated with lower risks than the MNR project. One might wonder how many useful, cost-saving initiatives have been parked because of a requirement that all personal information be stored in Canada by a Canadian company. The Commissioner’s report should be liberalizing, though outsourcing in and outside of Canada will always be associated with special data security risks that institutions need to carefully manage.

Fortunately, the Commissioner also uses this report to give some good guidance on outsourcing in the Ontario public sector, largely approving of the manner by which the MNR went about its outsourcing. Her focus is on the commercial contract between the MNR and its vendor, which she held contained nine “necessary provisions” to achieve the “reasonable measures” data protection standard under FIPPA. Ontario public sector institutions should pay heed to these provisions and, more generally, the design and development process described towards the front of the Commissioner’s report.

Hat tip to David Fraser, who gets a nice nod in this report from the Commissioner for his work on the PATRIOT Act.

Reviewing the Licensing Automation System of the Ministry of Natural Resources: A Special Investigation Report (June 27, 2012).