ABCA divided on application of Charter to university disciplinary proceedings

Yesterday the Alberta Court of Appeal rendered a significant decision ab0ut whether a university is obligated to consider students’ Charter rights in disciplinary proceedings.

This case involved University of Calgary students found guilty of non-academic misconduct in disciplinary proceedings for posting criticisms of a course and its instructor on Facebook. The Court unanimously upheld that part of a judicial review decision which found that the students should not have been found guilty of non-academic misconduct. However, the Court was sharply divided on whether the Charter would apply to this case.  Paperny J.A. found that the Charter applied to the disciplinary proceedings undertaken by the University and that a review committee had failed to take into account the students’ freedom of expression right as protected by the Charter. She rejected the University’s argument that “the application of the Charter in these circumstances undermines the University’s academic freedom or institutional autonomy,” finding that academic freedom and freedom of expression are not competing values. McDonald J.A. found that while it may be time to reconsider whether or not universities are subject to the Charter, the judicial review court erred in undertaking such an analysis in this particular case. O’Ferrall J.A. found that the issue here was not whether the university was a “Charter-free zone,” but whether the university’s disciplinary body ought to have considered whether its discipline violated the students’ right to their freedoms of expressions and association, freedoms which long pre-dated the Charter.

More to come on this decision in a while.

Pridgen v. University of Calgary, 2012 ABCA 139

ABCA modifies spoliation remedy, preserves sanction

On March 7th, the Alberta Court of Queen’s Bench found a departed employee in contempt for counseling a contact to destroy evidence for the purpose of interfering with the administration of justice. The Court ordered the employee:

  • to produce any and all computers and electronic media in his possession, power or control, for a forensic review to be conducted by a computer expert retained by the plaintiffs;
  • to pay for the review and post $30,000 in security for costs; and
  • to pay the costs of the contempt motion on a full indemnity basis.

Yesterday the Court of Appeal for Alberta varied the order because it was not well-proportioned. It explained:

As a remedy for the contempt, the chambers judge ordered that the individual appellant pay the cost of the application on a full indemnity basis. While acknowledging that “in the present case no information has been lost”, he nevertheless ordered a full computer forensic investigation. The chambers judge speculated that “it is unclear what else may have been deleted”. The contempt application was based entirely on the efforts to delete the HSE Manual. No allegation was made of the destruction of any other document, nor is there any evidence of any other destruction. Embarking on an expensive fishing expedition at this stage of the litigation is unwarranted. Should the discovery process produce evidence of other problems, further applications for relief can be brought.

Despite allowing the appeal in part, the Court ordered the appellant to pay the full costs of the appeal “to ensure an effective sanction.”

Fuller Western Rubber Linings Ltd. v Spence Corrosion Services Ltd., 2012 ABCA 137 (CanLII).

Sale of business to proceed under the cover of a PIPEDA exemption order

On April 26th the Ontario Superior Court of Justice issued an order under section 7(3)(c) of the Personal Information Protection and Electronic Documents Act to allow to credit unions to merge without gaining the express consent of members. It’s not clear that such an order is actually authorized by PIPEDA (and the applicants don’t appear to have given notice to members), but Justice Lauwers listed a number of Ontario commercial list matters in which such permissive orders have been made. He echoed comments made by Justice Farley in “urging that a route be provided that will permit the disclosure of the necessary personal information in such circumstances as these to avoid wasting the court’s time and the parties’ funds.” Bill C-12 received first reading way back last September and will add a “business transaction” exemption to PIPEDA. Its time is obviously overdue!

In the Matter of an Application Under Rules 14.05(3)(d), 2012 ONSC 2530 (CanLII).

Alberta CA uses cyber-picketing case to raise fundamental doubts about scope of privacy regulation

The Alberta Court of Appeal dropped a bomb on April 30th by raising extremely broad questions about the constitutionality of Alberta’s commercial sector privacy statute in disposing of a dispute about the right of a union to take images of people who cross a picket line.

Last September the Alberta Court of Queen’s Bench held that the Alberta Personal Information Protection Act violated the right of expression guaranteed by section 2(b) of the Charter because it was disproportionate in restricting unions from engaging in “union journalism” relating to labour disputes and picket lines. The Court’s focus was relatively narrow though, and its Charter-based order focused on the breadth of a scope provision meant to protect journalistic activity and an exclusion for publicly available information.

The Court of Appeal first re-framed the expressive interest at stake as related to labour relations and not journalism. It then held that the statute interfered with this interest in a manner that could not be justified in a free and democratic society.

The Court’s proportionality analysis is remarkable in its breadth. It weighs the purpose of Alberta PIPA – protecting reasonable expectations of privacy, protecting expectations that one can control one’s own image and personal information and limiting the misuse of personal information – against the right of free expression in general. The Court says:

There is, however, a problem relating to proportionality. The constitutional problems with the Act arise because of its breadth. It does not appear to have been drafted in a manner that is adequately sensitive to protected Charter rights. There are a number of aspects to the over-breadth of the Act:

-It covers all personal information of any kind, and provides no functional definition of that term. (The definition of “personal information” as “information about an identifiable individual” is essentially circular.) The Commissioner has not to date narrowed the definition in his interpretation of the Act in order to make it compliant with Charter values.

-The Act contains no general exception for information that is personal, but not at all private. For example, the comparative statutes in some provinces exempt activity that occurs in some public places.

-The definition of “publicly available information” is artificially narrow.

-There is no general exemption for information collected and used for free expression.

-There is no exemption allowing organizations to reasonably use personal information that is reasonably required in the legitimate operation of their businesses.

This appeal clearly demonstrates the impact that the Act can have on protected rights. The legitimate right of the union to express itself and communicate about the strike and its economic objectives have been directly impacted by the Adjudicator’s order. The appellant has not demonstrated why this heavy handed approach to privacy is necessary, given the impact it has on expressive rights.

Regarding remedy, the Court issued a declaration that the restrictive order at issue was unconstitutional and invited the Alberta legislature to “decide what amendments are required to the Act in order to bring it in line with the Charter.”

Look for a leave to appeal application in which the Alberta Commissioner is joined by her counterparts from other provinces at the leave to appeal stage.

United Food and Commercial Workers, Local 401 v Alberta (Attorney General), 2012 ABCA 130 (CanLII).

Alberta court issues important e-FOI decisions – faculty e-mails not in custody or control

The Alberta Court of Queen’s Bench issued a pair of judgements about access to faculty e-mails on April 23rd, ultimately deciding that the Alberta OIPC erred in finding that faculty member e-mails relating to participation on a Social Sciences and Humanities Research Council of Canada committee were in the custody or control of the University of Alberta.

Here are the four points of significance.

First, the Court held that the standard of review for custody or control decisions is reasonableness based on the strong presumption established by the Supreme Court of Canada last December in Alberta (Information and Privacy Commissioner) v. Alberta Teachers’ Association. This is a change, albeit a predictable one in light of Alberta Teachers’ Association. Despite the outcome in this case, custody or control decisions will generally be harder to challenge on judicial review than in the past.

Second, the Court held that the Association of Academic Staff of the University of Alberta did not have a right to notice of standing in the OPIC’s hearing as an affected party or as a matter of fairness. It held that the AASUA interest in the precedential effect of the OIPC’s finding did not give it an interest in the request under appeal sufficient to justify a right to notice and standing.

Third, the Court held that the OIPC erred in finding that the records at issue were under the university’s custody or control.

In part, the Court’s reasoning highlights the growing importance of assessing the purpose of access to information legislation in deciding custody or control issues. It held the OPIC erred by failing to recognize that the faculty member’s e-mails related to a grant funding process in which the university had no role. They therefore shed no light on the university’s own operation in furtherance of the statutory aims. Rather, the records at issue shed much more light on another public institution’s operations, something the Court said the OIPC also ought to have considered.

The Court’s reasoning also suggests that standard technical processes used in the management of business e-mail systems will not govern whether e-mails are in the custody or control of a public institution. It held that the OIPC erred by inferring too much from the routine backup of e-mails and the right to monitor. The Court said, “It was unreasonable to focus on the general computer use policy, rather than considering the particular records in question.”

Finally, the Court declined to address a bold argument by the AASUA that all records produced by faculty members in the course of participating in external committee work and in the context of their internal research and other academic work are not subject to a university’s custody or control. The Court said, “Academic freedom may be one relevant factor in considering whether a university has custody or control of records, but until the Commissioner considers that question in a hearing that raises the issue at first instance, this Court need not address it here.”

University of Alberta v. Alberta (Information and Privacy Commissioner), 2012 ABQB 247 (CanLII) (standard of review, custody or control).

Association of Academic Staff of the University of Alberta v University of Alberta, 2012 ABQB 248 (CanLII) (notice and standing).

FCA affirms order to provide home contact information to bargaining agent

On March 16th the Federal Court affirmed a Public Service Labour Relations Board order that requires the Canada Revenue Agency to provide the Professional Institute of the Public Service of Canada (a trade union) with the home address and telephone numbers of its bargaining unit members on a quarterly basis.

The order under review was re-issued by the Board after being quashed in 2010 because the Board had simply blessed the parties’ consent order without considering the privacy interests of affected parties. In re-issuing the order (with some newly-imposed security features), the Board held that the disclosure did not breach the federal Privacy Act because CRA’s purpose for obtaining home contact information (contacting employees about the terms and conditions of their employment) was consistent with the use for which PIPSC would use it (discharging its statutory duties as bargaining agent by contacting employees about employment-related matters). The applicant sought review before the Federal Court of Appeal.

The Court of Appeal’s disposition is unremarkable, and turns mainly on the standard of review and other technical matters.

Bernard v. Canada (Attorney General), 2012 FCA 92.

BC case illustrates when sending a preservation letter to opposing counsel really matters

Sending preservation letters to opposing counsel can be quite a useless exercise when done as a matter of routine. A March 20th decision of the British Columbia Supreme Court illustrates when a hold letter can serve a critical purpose. It also illustrates how a party’s duty to preserve evidence that is likely to be relevant in foreseeable litigation can weigh heavily in favor of allowing an adversary to inspect evidence where no direct duty to allow for such an inspection exists.

The facts are simple. A fire started on the defendant’s premises and spread to the plaintiff’s premises. The defendant denied the plaintiff’s insurer access to its premises, which led the plaintiff’s insurer to write. The insurer said that it would likely bring a subrogated claim and that the plaintiff should preserve all physical and other evidence. This left the defendant with an option to allow the requested inspection or stop cleaning the damaged property and debris. It did neither.

The plaintiff raised a spoliation claim in the context of a production dispute. It claimed that privilege in certain communications should be waived in the interests of justice on account of the defendant’s spoliation. Master Baker of the BCSC agreed.

Hat tip to Seva Batkin of the B.C. Business Litigation Blawg for this one. Seva’s post on the case is here.

Brown v. Wilkinson, 2012 BCSC 398 (CanLII).

BCCA splits on privilege given to lawyers’ trust account ledgers

On March 27th, the Court of Appeal for British Columbia split on whether lawyers’ trust account ledgers are presumptively subject to solicitor-client privilege.

Mr. Justice Smith dissented. He held that, in Maranda v. Richer, the Supreme Court of Canada held that “all information arising out of solicitor-client relationships whatever may be their legal context” is presumptively privileged. Facts are not privileged, but Smith J.A. explained that the Supreme Court adopted a broad and protective rule for a records related to the solicitor-client relationship because solicitor-client privilege is so important and because “it is difficult to segregate single professional acts from the complex of facts, events, and communications that characterizes ongoing solicitor-client relationship.”

Mr. Justice Chiasson (Madam Justice Newbury concurring) held that Maranda was about a search for lawyer fee accounts in the course of a law enforcement investigation and could not be applied directly to a dispute about the production of trust account ledgers in the civil context. Trust accounts, according to the majority, “generally record facts.” Therefore, the party claiming privilege over trust account ledgers must establish that the entries claimed “arise out of the solicitor-client relationship and what transpired within it” to establish a rebuttable claim. In applying this test, the majority held that some entries met this test and others related strictly to a real estate transaction and did not.

The Court also unanimously rejected application of the crime and fraud exception to solicitor-client privilege in the circumstances and made comment on the procedure for hearing privilege claims in a manner that protects privilege but is also fair and transparent.

 Donell v. GJB Enterprises Inc., 2012 BCCA 135.

British Columbia OIPC beats bold challenge to jurisdiction to adjudicate privilege claims

On March 23rd, the Supreme Court of British Columbia held that the British Columbia Freedom of Information and Protection of Privacy Act empowers the British Columbia OIPC to adjudicate questions of solicitor-client privilege for the purpose of determining whether government records are exempt from the right of public access.

In rendering this jurisdictional decision, the Court stressed that the OIPC has the power to adjudicate, including the power to “decide all questions of fact and law arising in the course of an inquiry.” It also rejected an argument that the legislature could not have intended a “lay tribunal” to adjudicate privilege claims and an argument that the OPIC’s power to report information about offences to the Attorney General weighed against a power to adjudicate on privilege.

In the end, the Court held that the OIPC erred in rejecting part of the institution’s privilege claim because the institution had not adduced any evidence to establish that certain records were privileged. The request was for records about the expenditure of legal fees. The Court held that the responsivness of the records was sufficient to create a rebuttable presumption of privilege.

School District No. 49 (Central Coast) v. British Columbia (Information and Privacy Commissioner), 2012 BCSC 427 (CanLII).

Access to job candidates’ password-protected social media accounts: an employer friendly perspective

Hiring an employee is a big step, and the costs of getting a hiring decision wrong can be significant. One can’t blame employers for wanting greater insight into candidates’ backgrounds, but what are the limits?

Now, just as Canadian employers are grappling with searching the internet for publicly available information about candidates, a new background check tactic has come to light – checking candidates’ password-protected social media sites. What better record of a candidate’s candid behavior than his or her Facebook account? Why not have a look?

The great negative reaction to this tactic makes clear that it is not in step with common values. Unfortunately the public dialog has not included any employers’ voice, leaving those of us with faith in employers to question “Why?” and “How exactly?” Also unfortunately, there have been statements about the legal rules that apply to the tactic that are too categorical. What conflicts with common values does not necessarily conflict with law.

In this post, I propose a model for conducting responsible searches for publicly available information about candidates. I then comment on the negative reaction to reports that employers, including Canadian employers, are seeking access to candidates password-protected social media accounts in the course of hiring.

Searches of publicly available information from the internet

There is great pressure on employers, charged with making a duly diligent hiring decision, to search the internet for publicly available information on candidates.

Compliance with anti-discrimination legislation is a competing concern, but risks can be managed by respecting two key principles – justification and objectivity.

Compliance with privacy legislation can be more technical and varies by jurisdiction, but only private sector employers in British Columbia, Alberta and Quebec are regulated. Application of the Personal Information Protection and Electronic Documents Act to federally regulated employers’ hiring processes is questionable until PIPEDA is amended by the proposed Bill C-12, which will expand the statute’s reach to encompass employees and “applicants.”

With the key principles of justification and objectivity in mind, employers may abide by the following practices to manage the legal risks associated with conducting social media background checks:

  1. Check at the end of the hiring process. This is a background check, not an evaluative process. It should come as the next to last step in the hiring process.
  2. Check only when there is a demonstrable need. What’s the need? What are the alternatives? Why is this the better alternative? Document your needs analysis.
  3. Search based on objective criteria. It will be very hard to establish the validity of a profiling exercise – i.e., an exercise in which you attempt to draw broad inferences about job performance or trustworthiness based on social media activity. Unless you have a qualified expert prepare a defensible predictive model, don’t profile. Look for objective behaviors that raise legitimate concerns in light of job responsibilities. For example, you may look for statements that a candidate for a sales or marketing position has made critical comments about your company or industry that are incompatible with becoming a representative of the company.
  4. Have someone other than the decision-maker search. This is a means of ensuring that the decision-maker does not see irrelevant information that may be related to a personal characteristic that is protected by anti-discrimination legislation.
  5. Direct a written report to the decision-maker. The report (which contains only feedback on the objective search criteria) goes in the hiring file and is part of the formal record upon which the hiring decision is made. This record is designed to assist in the defence of discrimination claims and is a record of due diligence. It makes the actual (forensic) record of the internet search irrelevant to a discrimination claim, which should minimize e-discovery risks.
  6. Validate negative information. Positively identifying the author of internet publications can be difficult. Validate authorship and seek an explanation.

In addition, employers should consider whether to provide advance notice to candidates. Bear in mind however, that this is a unique kind of background check because the source of information is under the control of candidates (unlike with checks of criminal, credit and education records). Some employers will feel that the purpose of the check is likely to be frustrated by providing advance notice. Such employers should review the requirements of any applicable privacy legislation with legal counsel. Public sector employers who are subject to legislation that establishes requirements for “indirectly” collecting employee personal information may need to give notice.

Searching password-protected social media sites

There has been much discussion about searching candidates’ password-protected social media sites in the last week. On March 20th, the Toronto Star published an article about a Canadian employer who asked a candidate for a by-law enforcement position for his Facebook password. Professor David Doorey of York University published a blog post the same day alleging that the tactic “clearly” violates the Ontario Human Rights Code. The Ontario Human Rights Commission responded to Professor Doorey on March 23rd by issuing a more qualified statement that employers “should not ask job applicants for access to information stored on social media or other online sites.” Also on March 23rd, Facebook issued a statement highlighting that it is a breach of its Statement of Rights and Responsibilities to share a Facebook password and that it might initiate legal proceedings to protect its users in appropriate circumstances.

What’s a Canadian employer to make of all this? Here are four points.

First, there is a disconnect between the positions taken by those critical of the tactic and the view that a post to a social media account, even if password protected, is a communication to the public. Facebook friends do not undertake to keep friends’ information secret, and experience demonstrates that things posted to Facebook tend to get around quite easily. There is case law that upholds employers’ right to discipline for postings to password-protected social media accounts and, in Ontario, there is express judicial recognition that Facebook communications are not private communications.

Employers understand this. They warn their employees to be careful of what they post on password-protected sites in their social media policies. What, then, is the consistent and duly diligent employer who conducts searches of the public internet to do? Why should it hold its current employees accountable for postings to their Facebooks but refrain from checking candidates’ Facebooks because of a privacy concern?

Second, with great respect to Professor Doorey (who I follow and whose commentary I appreciate greatly), the issue of compliance with anti-discrimination legislation is not clear. Professor Doorey relies on section 23(2) of the Ontario Human Rights Code. Section 23 reads:

23. (1) The right under section 5 to equal treatment with respect to employment is infringed where an invitation to apply for employment or an advertisement in connection with employment is published or displayed that directly or indirectly classifies or indicates qualifications by a prohibited ground of discrimination.

Application for employment

(2) The right under section 5 to equal treatment with respect to employment is infringed where a form of application for employment is used or a written or oral inquiry is made of an applicant that directly or indirectly classifies or indicates qualifications by a prohibited ground of discrimination.

Questions at interview

(3) Nothing in subsection (2) precludes the asking of questions at a personal employment interview concerning a prohibited ground of discrimination where discrimination on such ground is permitted under this Act.

Though section 23(2) will often apply when an employer collects information associated with a protected personal characteristic, it is not a prohibition on the collection of information. An employer only violates section 23(2) if it “classifies” an employee by a protected personal characteristic or “indicates qualifications” by a reference to a protected personal characteristic. An employer who merely accesses a social media account that may contain information related to a protected personal characteristic in order to review the account for objective behaviors that raise legitimate concerns has neither classified an employee nor indicated job qualifications by reference to a protected personal characteristic. Both Professor Doorey and the Ontario Human Rights Commission seem to conflate access to information with collection and use of information, yet the language of the statute makes clear that only use of information for certain purposes is prohibited.

Third, the newly-recognized “intrusion upon seclusion tort” protects against “unauthorized” collections of information in certain limited circumstances. Concerns about candidate vulnerability noted, it is a stretch to frame this collection as unauthorized. For the same reason, we should rule out liability under the Criminal Code computer crime provisions. This seems a matter about reasonableness and justification rather than consent, and a private matter between employer, candidate/user and social media provider.

Fourth, legal risks can be reduced by conducting a supervised review instead of requesting passwords. Requesting passwords raises potential liability for intentionally inducing a breach of candidates’ contract with Facebook. It also opens employers to accusations of identity fraud. These concerns can be answered by using a process that features a supervised review – i.e., a process by which the candidate logs in and permits the review under supervision. This could be extremely awkward, especially if the check is done without notice. It seems an imperative, however.

In the end… employers beware

My aim is to contribute an employer-friendly perspective to the ongoing dialog about checking job candidates’ password-protected social media accounts in the hiring process. I’m not encouraging employers to adopt the tactic, but respect that some employers will feel that they have a demonstrable need and can accept the legal and non-legal risks. The negative public reaction is a sign that great caution is in order.