Case Report – Alta. Q.B. quashes pawn shop order

On January 8th, the Alberta Court of Queen’s Bench quashed an order of the Information and Privacy Commissioner of Alberta that dealt with a City of Edmonton directive to second hand goods dealers that required them to collect the personal information of individuals selling used goods.

The City required dealers to collect the name, date of birth, gender, eye colour, hair colour and identification details of all sellers and upload this and other information to a database hosted by a third-party under contract to the City. The police could access the database, but the information also remained available to dealers (presumably) for use in their business.

In February 2008 the IPC ordered the City to stop collecting information and destroy its database. It held that the scheme established a “collection” by the City, but that this collection violated the Alberta Freedom of Information and Protection of Privacy Act because it was not authorized by law, was not collected for the purpose of law enforcement and was not necessary for an operating program or activity of the City. The key finding was that the City’s longstanding by-law, which required used goods dealers to make information available to peace officers, did not allow the City to implement a scheme whereby information is uploaded to a database under the City’s control.

The Court of Queen’s Bench held that the IPC’s reading of the by-law was too strict and that that by-law provision that required dealers to “record” and “make available” information authorized it to direct the uploading of personal information to a secure database to be accessed on a standing basis. The outcome of the Queen’s Bench decision did not turn on this finding, because it held in any event that the City was not collecting information through dealers. Since dealers had their own purpose for collecting the information and also collected and uploaded additional information than that required by the City, the Court held they were not the City’s agents. According to the Court, the scheme entailed a collection by the police rather than the City, a collection that was lawful because it was made for the purpose of law enforcement. Finally, the Court held that the Commissioner erred in ordering the destruction of the database.

The Queen’s Bench decision is lengthy and includes more findings than described in this post. Though most of the Court’s conclusions are technical, it does seem to comment generally on the interpretation of municipal powers as they pertain to personal privacy and on the proper characterization of data flows. Moreover, the Court’s rather quick but clear conclusion that the collection was for “law enforcement” purposes is significant and appears to conflict with the Ontario Court of Appeal’s finding in the 2007 Cash Converters case. These points of significance aside, there is also an interesting subtext that is illustrated by the Court’s rather complete and forceful quashing of the OIPC order.

Business Watch International Inc. v. Alberta (Information and Privacy Commissioner), 2009 ABQB 10.

Case Report – Ont. C.A. considers deemed undertaking rule

On December 24th, the Ontario Court of Appeal issued a judgement on the deemed undertaking rule. It held:

  • That it only proscribes use and disclosure of information obtained in discovery by the recipient (and not by the provider, whose privacy interest the rule protects)
  • That it acts as a shield against production in a subsequent action subject to its exceptions, including the exception for court-ordered relief
  • The “interests of justice” versus “prejudice” balancing test for court-ordered relief does not protect the personal privacy interest of an individual in the records at issue

The last point arose because the records being considered by the Court included video surveillance footage and medical information of the plaintiff. She had obtained these records from her opponent in prior litigation, thereby engaging her opponent’s privacy interest. It appears that she attempted to argue that her personal privacy interest in the records was relevant to the exercise of discretion in ordering relief given the content of the records. The court disagreed, and said the only privacy interest engaged by the rule is that of a party compelled to produce records.

Kitchenham v. AXA Insurance Canada, 2008 ONCA 877 CanLII.

Case Report – Ont. C.A. deals with creating records in Ontario FOI law

The the Ontario Court of Appeal has affirmed the IPC/Ontario’s position that records produced by replacing unique identifiers in a database with randomly generated numbers are “records” under Ontario freedom of information legislation.

The requester, a reporter from the Toronto Star, asked for access to information stored in two police databases. Presumably so he could accomplish his research without using personal information and engaging the unjustified invasion of privacy exemption, he asked that identifying information in the two databases be replaced with randomly generated and unique numbers. The evidence showed that the police board could extract the data in the form requested by writing an algorithm and relying upon its existing technical know-how, hardware and software.

In June 2007, the Divisional Court quashed an IPC order made in favour of the requester. The Court held that the request was not for “records” as defined in section 2(1)(b) of the Municipal Freedom of Information and Protection of Privacy Act:

2. (1) In this Act,

“record” means any record of information however recorded, whether in printed form, on film, by electronic means or otherwise, and includes,

(b) subject to the regulations, any record that is capable of being produced from a machine readable record under the control of an institution by means of computer hardware and software or any other information storage equipment and technical expertise normally used by the institution; (“document”)

Earlier today, the Ontario Court of Appeal reversed the Divisional Court’s judgement and restored the IPC order. The Court of Appeal decision is technically based on the standard of review – i.e. it only held that the IPC’s interpretation of the record definition was not unreasonable. This, however, hardly limits the force of the judgement. The Court reasoned that IPC’s order was consistent with the the text of the MFIPPA General Regulation, which has provisions that allow institutions to recover programing and related costs.  It also applied a very strong purposive analysis in construing the definition. Consider the following dicta:

A contextual and purposive analysis of s. 2(1)(b) must also take into account the prevalence of computers in our society and their use by government institutions as the primary means by which records are kept and information is stored. This technological reality tells against an interpretation of s. 2(1)(b) that would minimize rather than maximize the public’s right of access to electronically recorded information.

In my view, a liberal and purposive interpretation of those regulations when read in conjunction with s. 2(1)(b), which opens with the phrase “subject to the regulations,” and in conjunction with s. 45(1), strongly supports the contention that the legislature contemplated precisely the situation that has arisen in this case. In some circumstances, new computer programs will have to be developed, using the institution’s available technical expertise and existing software, to produce a record from a machine readable record, with the requester being held accountable for the costs incurred in developing it.

This decision makes clear that Ontario institutions must ordinarily undertake programming tasks that enable them to provide access to information stored in databases, even to mask personal information by substituting de-personalized unique identifiers for identifying information. There are two clear limits to this rule: (1) a record only capable of being produced through a proces that “unreasonably interferes with the operations of an institution” is deemed not to be a record and (2) a record that can only be produced with technical expertise not “normally used by [an] institution” is deemed not to be a record.  The Court left open whether a record that can only be produced with “hardware and software or any other information storage equipment” not normally used by an institution is deemed not to be a record but said this interpretation was “open to argument.”

The “creating records issue” is a significant one in civil litigation and in other circumstances where one has a simple right to a “record in custody or control” (see herehere and here for more).  This case is based on very specific statutory language, but is nonetheless significant to Ontario FOI-regulated institutions.

Toronto Police Services Board v. (Ontario) Information and Privacy Commissioner, 2009 ONCA 20.

Information Roundup – 11 January 2009

This edition of the Information Roundup is brought you by Twitter.

No kidding! I’ve been on it for about a week and half now and it’s caused quite a switch in how I pick up information from the web.  Many thanks to the folks at Unfiltered Orange, who are the likely source of two out of the three topics that I think will interest you this week.  They relate to… personal e-mails on work computers, the management of social insurance numbers by employers and National Instrument 31-103 and security firm record-keeping.

Personal e-mails on work computers

Personal use of employer computer systems is a pet issue for me, and I was blown away to read about how “personal” e-mails on work computers are treated under European data collection laws in Data Collection: Nothing Personal. This article, by litigation support professional Bill Onwusah, describes how European companies have to mind their process of collecting e-mails for production in litigation so that employees’ personal e-mails are not collected for subsequent review. He says:

Particularly in mainland Europe, you cannot collect personal data and the mere act of doing so may contravene the local data protection legislation. The fact that it’s stored on a work PC is irrelevant. Users retain personal data as their own.

Wow!  Canadian law still allows employers full control over their e-mail systems provided they give employees notice that they should not expect any privacy in their personal use. Most of the jurisprudence is arbitral and therefore based on collectively bargained rights, but our employment privacy statutes do not necessarily change this basic rule. And recently, in Johnson v. Bell Canada, our Federal Court held that our federal-sector employment privacy statute, PIPEDA, does not even apply to “personal” employee e-mails.

My view is that managing personal information in the production process is a newly important issue for Canadian organizations to reckon with insofar they are willing custodians. Employee personal e-mails do not fit within this category and, given the costs and complexities of of managing production from “mixed” e-mail systems, an approach that relies on clear notification makes for fair and sensible  workplace policy.

Management of SINs by employers

This Proskauer Rose client alert talks about a recently in force New York regulation that deals with employers’ management of Social Security Numbers and other employee “personal identifying information” – including drivers license numbers.  

I don’t believe we have similar legislation regarding drivers licenses in any Canadian province, but our Social Insurance Numbers are regulated by section 237(2)(b) of the federal Income Tax Act.  This provision prohibits employers from using, communicating or “allowing to be communicated” a Social Insurance Number for purposes not related to tax administration without written consent.  Our clients often ask whether SINs (or a variant of them) can be used as identifiers and we generally advise them to stay away from such practices in light of the ITA.  

Proskauer also notes that New York’s General Business Law appears to allow employers to collect an SSN on an employment application form.  Since there is no purpose related to tax administration for doing so, this practice is rightly avoided in Canada. If a Canadian employer needs to ask for a SIN to conduct a background check, this should generally be done towards the end of the recruitment process subject to written consent.

National Instrument 31-103 and security firm record-keeping

I’m just starting my learning process on National Instrument 31-103, so will just link to this Wall Street Technology article on how this new piece of securities regulation will affect record-keeping and e-discovery at Canadian securities firms.

 

_dsc2809On a personal note, Seanna was off at Deerhurst this week for a five day sales conference. Being a single father was rewarding and not as hard as I thought it would be, but I’m still recovering from being a solo bedfellow to our hairless cat. “Buffalo” is a Cornish Rex and, if you know the breed, they are very lovable and very needy. He normally sleeps under the covers with his head on Seanna’s pillow. She’s fine with this and I’m happy to give them both a kiss when I leave early to work.  (He’ll actually protest if I ignore him!) Dear Buffalo, however, drives me nuts when Seanna goes away.  I finally got fed up on her last night of absence and locked myself in the walk-in closet with a sleeping bag.  Not to slight Seanna in any way, but I’m sure glad to have my side of the bed back!

See ya!

Dan

Come to “What every lawyer needs to know about privacy”

This is a pitch for the OBA Privacy Law section’s “What every lawyer needs to know about privacy” session.  It’s at the Metro Convention Centre on February 2nd from 1:15 pm to 4:30 pm.  Details here.

There’s a good line up, with a year-in-review talk along with sessions on the new telemarketing regulation and privacy and litigation (a favorite topic of mine).

I’ll be speaking with Professor Avner Levin on workplace privacy in a discussion moderated by Howard Simkevitz.  We’ve been planning the discussion for the last couple of days and have decided to spend a good deal of it on the workplace privacy issues related to Web 2.0.  Dr. Levin and other members of the Ryerson University Privacy and Cyber Crime Institute at the Ted Rogers School of Management have recently published a leading study on the perceptions of risk of young Canadians engaged in online socializing and how their behaviors meet with the use of online social networks by business for commercial and human resources purposes.  The study is entitled The Next Digital Divide:  Online Social Network Privacy and has attracted significant attention. We plan to hit on the major legal and policy issues relating to the workplace that flow from the study as well as touch on the key other “need to knows” about workplace privacy.

We’d love to see you there!

Dan

Case Report – IPC says university foundation is not part of university under FIPPA

Unlike many entities designated as “institutions” under FIPPA, universities have complex corporate structures and are often affiliated with related corporations. Though the definition of “institution” in FIPPA is fairly black and white – it rests primarily on express designation – the issue of FIPPA’s scope of application has been of some concern to Ontario universities since they came under the Act in 2006.

On December 1st of last year, the IPC issued an order on point and did see the analysis as being simple and based on corporate status. Adjudicator Smith concluded:

I find that the YUF is a separate corporation from the corporation that is the University. Therefore, I find that the YUF is not part of the University and that it is not subject to the provisions of the Act.

Though records held by a non-regulated corporation but “controlled” by a FIPPA-regulated institution are subject to the right of public access, this order does lend some clarity to an important issue for universities.

Order PO-2738, 2008 CanLII 68864 (ON I.P.C.).

Case Report – Arbitrator issues strong award in allowing employer to implement biometric timekeeping

On December 15th, Arbitrator Lorne Slotnick dismissed a grievance that challenged the implementation of a biometric timekeeping system.

The employer purchased a Kronos system and required employees to enrol. The system works by matching a person’s partial fingerprint against a 348 byte numeric representation or “template” of the fingerprint that is created in the enrolment process. The employer brought evidence that fingerprint templates were kept secure and could not readily be used to recreate a fingerprint image that could be used by law enforcement. The employer also admitted that it did not have a serious “buddy punching” problem but wanted the superior biometric system anyway.

Arbitrator Slotnick applied a balancing test and dismissed the grievance because the employer had proven a concrete benefit to the system and its invasiveness was minimal. He used the following strong langauge in doing so:

How great is the infringement on privacy of employees? In my view, the evidence reveals it to be extremely small, almost negligible. In fact, labelling this an “invasion” of privacy strikes me as linguistic excess. When employees enrol in the system, a scan of less than half of a fingertip is taken. Enrolment, the evidence indicates, takes less than a minute. There is no physical intrusion, no furnishing of any bodily substance, no exposure of any part of the body that is considered private. Employees do not provide a fingerprint, nor can the scan that is provided be reconstructed into a fingerprint.

Natrel asked me to contrast these facts with the kinds of personal information that is routinely gathered by this employer and others, such as employees’ home phone numbers, signatures, home addresses and social insurance numbers. The union argued this was an irrelevant consideration. I disagree. The type of information given as a matter of course by employees to their employers indicates clearly that a certain level of infringement of privacy is understood and accepted by all workplace parties – provided there is some legal or business justification and provided the information is protected and used only for the purpose for which it is given. No evidence is necessary for me to note that in addition to the information mentioned above, many employers request other sorts of information such as photographs of employees for use on identification cards or bank account numbers for direct deposit of pay. These are accepted intrusions, they are part of the modern workplace, and in my view are far more invasive and far more open to the possibility of misuse or abuse than a scan of part of a fingertip that is converted to a jumble of numbers and deleted right away.

Unionized employers have been cautious about implementing biometric timekeeping systems since Arbitrator Tims upheld two similar grievances in Dominion Colour and IKO Industries, the latter being upheld on judicial review. Though no one arbitrator is bound by another, the facts underlying most challenges to these systems are similar. This decision and two similarly permissive decisions of the Alberta OPIC from last year (see here) are therefore persuasive and tip the balance of authority in employers’ favour. In fact, Abitrator Slotnick noted that Dominion Colour and IKO Industries were not distinguishable on their facts, but that he preferred a different balancing of interests.

Agropur (Natrel) v. Milk and Bread Drivers, Dairy Employees, Caterers and Allied Employees (Teamsters Local Union No. 647), 2008 CanLII 66624 (ON L.A.).

Case Report – BCCA says non-occupant has standing to challenge search warrant

In a fact-driven award released on January 2nd, the British Columbia Court of Appeal held that an accused person who did not occupy premises discovered to be a grow operation had standing to challenge a search of the premises.

The accused lived elsewhere, but the Court inferred possession and control from evidence showing the accused was the owner, possessed keys and was seen there on a few occasions in the two weeks before the search. It held that the trial judge erred in denying standing merely because the accused was not an occupant and that based on possession and control and all the circumstances, the accused had a reasonable expectation of privacy that he was entitled to exercise.

R. v. Vi, 2008 BCCA 481 (CanLII).

Privacy Post 2008 Year in Review Published

I’m happy to announce that we’ve published the Information and Privacy Post “2008 Year in Review.” This years’ edition covers 100 cases from 2008 on the law of privacy and access to information, protection of confidential business information and the law of production. Co-editor Paul Broad and I also have done a forward to the annual that discusses the following five highlights:

  1. Ontario Court of Appeal says journalists can’t shield wrongdoers…appeal pending (on National Post)
  2. Three civil privacy claim cases out of Ontario… the dawning of a new era? (on Nitsopoulos, Warman and Colwell)
  3. SCC says privacy commissioner can’t adjudicate on privilege claims (on Blood Tribe, E.F.A. Merchant and Proplus)
  4. Alberta Court of Appeal decision lends some clarity to pleas for a spoliation remedy (on Black & Decker and Commonwealth Marketing Group)
  5. SCC says what’s disclosed in the discovery room stays in the discovery room (on Juman v. Doucette)

We hope you enjoy!

Dan

Information Roundup – 3 January 2009

I took a break from case law over the holiday, but did do some other reading and listening. Here are some bits you might find interesting on the recent FERPA “health and safety exemption” amendments, privacy as a concept and data and records administration.

FERPA amendments.  The Proskauer Rose Privacy Law Blog reports that the United States Department of Education has published finalized amendments to the Family Educational Rights and Privacy Act.  Notably, the Department received comments critical of its proposed “rational basis” standard for disclosure in health and safety emergencies.  (See Yasmin Nissim’s paper for a view that would suggest the amendment is a consequence of “moral panic.”) The DOE defends the new standard in the comments to the final regulations, but has reacted to the pro-privacy feedback by requiring institutions to record the “articulable and significant threat” to health and safety that forms the basis for a health and safety related disclosure.

Privacy as a concept.  If you’re inclined to academic writing, you may like an article by Karen Eltis of the University of Ottawa entitled, “Can the Reasonable Person Still Be ‘Highly Offended’? An Invitation to Consider the Civil Law Tradition’s Personality-Rights Based Approach to Tort Privacy.” As you might expect, it’s a critique of the reasonable expectation of privacy doctrine, which Professor Eltis describes as the prevailing tort standard in common law jurisdictions.  I’ve read similar critiques before, but wasn’t familiar with the strong dignity-based conception of privacy that prevails in civil law, a conception that Professor Eltis supports.  Check out Dan Solove’s Understanding Privacy if you’re interested in reading more about conceptualizing privacy.  

Data and records administration.  Lastly, this New York Times article on the archiving of Bush administration data is worth a check.  Would it surprise you that the administration is not immune from the problem of ballooning data stores?   The article does raise how open government legislation adds some significant complexity to the challenge of records management, an issue for the public sector as a whole and one touched on in the most recent This Week in Law. Also related: this video lecture of computer scientist Kai Li on “disk-based de-duplication storage.”  Super-technical and mostly over my head, but I did find the general description of how corporate data management works very enlightening. You may too.

img_0032We had a great holiday at home in TO. Unable to get away, we had a nice time kicking around with family. Hugo (20 months now) discovered snow.  I got all excited after a big storm and hauled him over to nearby Withrow Park with a new toboggan at 7:30 am. Not a sole around and it was about minus fifteen centigrade. I gave him serious snow job on our first run and he freaked. So we’re more into father-son shoveling now and, as the attached picture might suggest, he’ll live to toboggan another day. (Seanna and I got each other a new camera over the holiday. We’re having great fun with it and she’s encouraged me to post this picture. You may see more personal pictures over time, though I’m still feeling somewhat shy.)

I hope you’re as rested and charged up about this year as I am.  Best wishes.

Dan