On February 10th, the Ontario Superior Court of Justice struck a claim that alleged a breach of the privacy part of the Municipal Freedom of Information and Protection of Privacy Act because an alleged breach of statute cannot found a civil cause of action.

Sampogna v Smithies, 2012 ONSC 610.

Today the Court of Appeal for Ontario took a significant step to clarify the scope of the “advice and recommendation exemption” in Ontario access-to-information legislation. It held that the Information and Privacy Commissioner/Ontario erred in applying an extremely restrictive interpretation of two 2005 Court of Appeal decisions.

The Court first affirmed the meaning of “advice” and “recommendations” it articulated in 2005. “Advice” is “material that permits the drawing of inferences with respect to a suggested course of action.” A “recommendation” actually suggests a preferred course of action. Background facts that support advice and recommendations are not exempt from disclosure.

The Court then made two important clarifications.

First, the Court clarified that the entire deliberative process is protected. The IPC erred, it held, by imposing a requirement that exempt information must go to the final decision maker. In doing so, it quoted Justice Evans of the Federal Court of Appeal, who said “It would be an intolerable burden to force ministers and their advisors to disclose to public scrutiny the internal evolution of the policies ultimately adopted.”

Second, the Court clarified that the presentation of a range of options may be properly withheld. The IPC erred, it held, by imposing a requirement that exempt information identify a single course of action.

The advice and recommendation exemption is a very important exemption that has always been interpreted extremely narrowly by the IPC. This decision breathes life into the exemption in a manner that will please institutions which, quite legitimately, crave a healthy zone of privacy in which to deliberate so they can make optimal decisions about policy and other matters.

Ontario (Finance) v. Ontario (Information and Privacy Commissioner), 2012 ONCA 125.

On February 22nd, Ontario arbitrator George Surdykowki held that the Court of Appeal for Ontario’s recognition of an “intrusion upon seclusion” tort does not change rights and obligations related to the use of employee medical information for employment purposes. He said:

I agree with the Union that Jones v. Tsige reinforces the premium value of privacy in Canadian society. But the decision does not establish an additional premium or value
in that respect.

I agree with the Employer that whatever Jones v. Tsige actually stands for in terms of the non-legislated or non-contractual right to privacy, it does not stand for the proposition that asking for or even demanding that an employee disclose confidential medical information for a legitimate purpose constitutes an improper or actionable intrusion on the employee’s right to privacy. Jones v. Tsige does not posit any absolute right to privacy. Although, Jones v. Tsige does mean that the comments about the common law of privacy in paragraph 20 of Hamilton Health Sciences #1 are no longer completely accurate, it does not otherwise alter the fundamental analysis in that case (or in Providence Care, Mental Health Services and other decisions following or flowing from Hamilton Health Sciences #1). It remains the case that an employer is entitled to request and receive an employee’s confidential medical or other information to the extent necessary to answer legitimate employment related concerns, or to fulfill its obligations under the collective agreement or legislation, including the human rights or health and safety legislation (for example). I agree with the Employer that nothing in Jones v. Tsige alters its right to manage its workplace(s), or to obtain confidential medical or other information as required or permitted by legislation or the collective agreement, or which it reasonably requires for a legitimate purpose. Of course, it remains the case that the employer is only entitled to the confidential information necessary for the legitimate purpose. Even then the employee can refuse to disclose her confidential medical or other information, although if she does she must accept the consequences of exercising that right of refusal. Refusing to allow access to necessary confidential medical information may justify the employer’s refusal to allow the employee to continue or return to work, or stymie the accommodation process, result in the loss of disability benefits, or even lead to the loss of employment.

It’s nice to have a clear and strong statement like this “out of the gate.” The medical information management arbitral jurisprudence that deals with justification for collection is well-settled and well-calibrated. Jones v Tsige doesn’t and shouldn’t make a difference.

Complex Services Inc. and OPSEU, Local 278 (February 22, 2012, Surdykowki).

The IPC/Ontario issued a significant “e-FOI” decision on February 9th. Here is what it said about retrieving e-mails from backup tapes:

In general, an access request for emails does not require a routine search of backup tapes for deleted emails unless there is a reason to assume that such a search is required, based on evidence that responsive records may have been deleted or lost.

This sets up a kind of presumption that institutions will appreciate, but if a requester asks or if there is an indication that responsive records may have been deleted or lost, an institution must search and retrieve responsive e-mails from backup tapes subject to its right to recover a fee. In many cases requesters will opt not to pursue backup tape searches given the fees such searches are likely to generate. Institutions, however, should be careful to base their fee estimates on good evidence of what the restoration and search effort is likely to entail.

Carleton University (Re), 2012 CanLII 5892 (ON IPC).

Yesterday the Supreme Court of Canada issued a comprehensive decision on the third-party information exemption in the federal Access to Information Act. Although the third-party, research based pharmaceutical company Merck, lost its appeal, the decision establishes decent procedural and substantive protection for third-parties.

The matter – about a Health Canada access decision

The matter involves a request made to Health Canada for records related to a New Drug Submission and Supplementary New Drug Submission. Health Canada disclosed some records without providing notice to Merck and gave notice to Merck regarding parts of others with a note that it was “unable to determine” whether the mandatory exemption for third-party information in section 20(1) of the ATIA applied. This led to a Heath Canada decision to disclose numerous records that Merck challenged by way of judicial review. It took issue with the process by which Health Canada administered the request and its decision not to apply section 20(1).

The relevant provisions – the third party information exemption

Section 20(1) is the “third-party information exemption.” It protects the interests of third-parties whose information is under the control of federal government institutions. The three subsections at issue in yesterday’s decision read as follows:

20. (1) Subject to this section, the head of a government institution shall refuse to disclose any record requested under this Act that contains

(a) trade secrets of a third party;

(b) financial, commercial, scientific or technical information that is confidential information supplied to a government institution by a third party and is treated consistently in a confidential manner by the third party;

(c) information the disclosure of which could reasonably be expected to result in material financial loss or gain to, or could reasonably be expected to prejudice the competitive position of, a third party

A head has a duty to refuse to disclose a record containing information fitting within any one of section 20(1)’s three subsections, subject to a duty to sever and disclose non-exempt information that can “reasonably be severed.” A head also has a duty to give notice to an affected third-party (and hear submissions) when the head, “intends to disclose any record requested under this Act, or any part thereof, that contains or that the head of the institution has reason to believe might contain…” information that is exempt under section 20(1).

The majority decision – eleven principles

Justice Cromwell wrote for the six judge majority. He endorsed the following 11 principles (my list) about the scope of the third-party information exemption and the procedure for dealing with requests that engage the exemption:

1. Most generally, the duty to provide access to government information is equally important to the duty to protect third-party information: “when the information at stake is third party, confidential commercial and related information, the important goal of broad disclosure must be balanced with the legitimate private interests of third parties and the public interest in promoting innovation and development.”
2. The threshold for giving notice to a potentially affected third-party is low: disclosure without notice “is only justified in clear cases, that is where the head, reviewing all the relevant evidence before him or her, concludes that there is no reason to believe that the record might contain material referred to in s. 20(1).”
3. A head must give notice to a third-party even in the absence of a firm intention to disclose, including when “in doubt” about the application of section 20(1): “the institutional head ‘intends to disclose’ a record that might contain exempt information if the head concludes that he or she cannot direct either refusal or disclosure without notice.”
4. A head, however, must make a “serious attempt” to apply the exemption and not simply shift the onus of review to a third-party.
5. On judicial review of a decision to disclose, a third-party must establish application of section 20(1) on a balance of probabilities. It is an error of law to hold a third-party to a “heavy burden.”
6. Section 20(1)(a) applies to information that meets the traditional legal test for a “trade secret.” It is an error of law to associate the definition with any particularly restrictive meaning.
7. Section 20(1)(b) applies to information supplied to government that is “not available from sources otherwise available to the public or obtainable by observation or independent study by a member of the public acting on his or her own.” The information need not have inherent value (as a client list would, for example).
8. For the purposes of section 20(1)(b), information is not “supplied” if it is “collected by government officials’ observation.”  In general, judgements or conclusions expressed by government officials are not “supplied.”
9. The reasonable expectation of harm that triggers the application of section 20(1)(c) exists when there is “considerably more” than a “mere possibility of harm” and “somewhat less” than a likelihood of harm. It is an error of law to demand harm that is “immediate” and “clear.”
10. In general, it will be hard to demonstrate that harm will flow from the disclosure of publicly available information and, as a matter of principle, difficult to establish that harm will flow from the misunderstanding of disclosed information.
11. Declining to sever and produce information from an otherwise exempt record will be justified when the non-exempt information has little meaning on its own or when a cost-benefit analysis otherwise weighs against disclosure.

These principles are likely to have at least some significance to the handling of matters under statutes other than the ATIA. Principle 9, in particular, has the potential to calibrate the handling of harms-based exemptions and promote a uniform standard for proof of harm under all Canadian access statutes.

The dissent – differs on a non-substantive issue

Justice Deschamps wrote for the three judge minority, which would have deferred to the application judge’s findings. The minority did not differ with the majority on any of the 11 principles noted above, and expressly agreed with the majority’s views on the duty to provide notice and on the standard of proof.

Merck Frosst Canada Ltd. v. Canada (Health), 2012 SCC 3.

The Information and Privacy Commissioner/Ontario issued a notable “e-FOI” order on January 19th.

The IPC ordered the Ministry of Community Safety and Correctional Services to validate the authenticity of a 911 call recording that it provided to a requester. The Ministry filed an affidavit about how the recording was extracted from the system on which it was recorded and burned to CD. However, when the requester challenged the recording’s authenticity the Ministry provided the requester with a second CD that the requester successfully claimed did not match the first. The IPC ordered the Ministry to re-produce the CD and provide the requester with a sworn statement about the authenticity of the to-be-produced CD after listening to compare it with the original.

The Ministry adduced evidence of its extraction process that was very strong, but its affidavit seemingly did not capture the entire chain of custody – i.e., the first-produced CD was not marked and identified in the affidavit. This can be done relatively easily by using a hash number or even physically marking the disc that’s produced.

Ontario (Community Safety and Correctional Services) (Re), 2012 CanLII 2815 (ON IPC).

On October 15th of last year Arbitrator Joseph Carrier denied a production request that sought a variety of records relating to a resident of a facility for young offenders.

The request was made before a hearing of a discharge grievance. The employer terminated the grievor based on evidence provided by a resident. The union intended to dispute the resident’s evidence. His credibility would be an issue.

Arbitrator Carrier’s decision requires reasonable particulars to be provided in support of a request for production. It also stands for the proposition that production will not be ordered for the sole purpose of challenging the credibility of a witness.

OPSEU, Local 601 and Northern Youth Services (October 15, 2011, Carrier).