Case Report – Federal Court says ministerial offices beyond the scope of ATIA requests

You may have heard about the Federal Court’s June 19th ruling that the Prime Minister’s Office (the “PMO”) and other ministerial offices are not “institutions” whose records are subject to the Access to Information Act. Here is a breakdown of the rather complex judgement.

The Court considered a series of ATIA requests filed in 1999 by a Reform Party staffer, including a requests for former Prime Minister’s agenda books from the Privy Council Office and the Royal Canadian Mounted Police and requests for records from the former transport and defence ministers.

The bulk of the records in dispute were only in the custody of the PMO, the Office of the Minister of Transport and the Office of the Minister of National Defence. The Court held that the act did not apply to these records by virtue of these three offices’ status as “institutions.” None are listed in the Act’s schedule of institutions, but their bureaucratic counterparts are – namely, the Privy Council Office (the “PCO”), the Department of Transport (the “DOT”) and the Departments of National Defence (the “DND”). In a very lengthy analysis of the text and structure of the Act and extrinsic factors showing Parliament’s intent, the Court concluded that, for the purposes of the ATIA, the PMO is not part of the PCO nor are other ministerial offices part of their departments.

Despite this finding, the Court nonetheless considered whether responsive records in the custody of the PMO and ministerial offices were in the control of the PMO and the two Departments. Before assessing the various classes of records at issue, the Court again engaged in a lengthy analysis of the meaning of “control.” It said control means that an institution has some power of direction or command over a document, even if it is only on a ‘partial’ basis, a ‘transient’ basis, or a ‘de facto’ basis.”

Based on this meaning, the Court held most of the records in the custody of the PCO and the two Departments were not under the control of a government institution and thereby beyond the right of public access. The exception: records listing the items to be addressed at meetings between the former Minister of Transport, his exempt staff as well as the Deputy Minister and Chief of the Defence Staff (the two of whom hold offices within the DND) and some miscellaneous records shared amongst the same group for similar purposes. The Court framed the meeting agendas as used by both by the Minister’s own office and the DND and said that a DND officer, “would most likely be given another copy of the agenda from the Minister’s office if he was missing his copy.”

As it does not appear that any exemptions were claimed on these DND records, this left the Court with a decision to make about the scope of access to copies of about 400 pages from the former Prime Minister’s agenda book which were in the custody and control of the PCO and the RCMP. The Court rejected a claim that the records were excluded from the ATIA as Cabinet confidences, held that the Canada Evidence Act certificate by which the Clerk of the PCO designated the records as Cabinet confidences was invalid and held that the exemption for “advice and recommendations” did not apply. These findings were driven by the fact that the entries in the agenda did not address the content of the Prime Minister’s meetings nor were they apparently sensitive in any other way. The Court did hold some personal information in the records to be exempt. Notably, this included the names of individuals who met with Mr. Chretien including (as the Court specified) business people, fund-raisers and lobbyists regardless of the capacity in which they were engaged.

Canada (Information Commissioner) v. Canada (Minister of National Defence), 2008 FC 766.

Information Roundup – 22 June 2008

Hope you all enjoyed the summer solstice and/or International Surfing Day. Here’s some things I’ve read lately that you might like.

  • Peter Lake, “Still Waiting:  The Slow Evolution of the Law in Light of the Ongoing Student Suicide Crisis.” Professor Lake’s latest comment on post-secondary education institutions’ duty of care.  Although he argues that administrators would benefit from development in the duty of care case law, he also suggests that Virginia Tech and its three major reports make the need for action-oriented policy clear.  The idea:  questioning the duty to help individual students at risk can be paralyzing (and the case law doesn’t help), but the link between suicide and the risk of violence perpetrated against others brings a far more clear duty to bear. 
  • Anita Kumar, “Judge Agrees to Va. Tech Payout.”  Some related news on last week’s Virginia Tech settlement approval for claims brought by families of 28 of the 32 people killed in April 2007.  The settlement has a public interest component that allows the families to meet with Governor and university and other state officials. (Washington Post)
  • Paul Ohm, “The Fourth Amendment Right to Delete.”  Professor Ohm argues that “collect/copy now, analyze later” law enforcement tactics involve the “seizure” of evidence.  Interesting comments on the nature of the proprietary interest in information:  “Cases like Hicks view dispossession as a simple matter of rivalry:  if you have my locked box, I can’t have it too.  But in the age of nonrivalrous, perfect digital copying, this view of dispossession seems tautological and unhelpful.” (Harvard Law Review Forum)
  • Clifford Davidson, “The Wrath of Quon?”  A Proskauer Rose comment on Quon v. Arch Wireless, in which a California court recently held that a communications company violated the Stored Communications Act for allowing an employer to do a non-consensual audit of employee text messages. There is a mention of “operational reality” overriding a clear language in a computer use policy, but Mr. Davidson says nothing in the case appears to restrict employers who give clear notice to employees in order to limit their expectation of privacy.  Includes a link to the decision.  (Proskauer Rose)

Enjoy!

Case Report – US Supreme Court revives FOI request precluded as res judicata

On June 12th, the Supreme Court of the United States unanimously held that an FOI claim filed by an acquaintance of a person who was unsuccessful in previously filing the same claim should not be barred.

The first requester asked the Federal Aviation Administration for technical documents related to a model of vintage airplane he owned and was seeking to restore. The FAA denied the request based on the FOIA’s third-party trade secrets exemption. The first requester eventually filed a lawsuit that was heard by the Tenth Circuit Court of Appeals. The Tenth Circuit upheld the lower court’s finding that the third-party restored its right to protect the records (despite an earlier waiver) by objecting after the FOI request had been filed. It did, however, significantly qualify its decision by noting that the first requester had not challenged whether it was possible to “restore” trade-secret status once waived and, if so, whether the timing of the third-party’s objection enabled such restoration.

The second requester then filed the same request and eventually filed suit, but was barred in the first instance and on appeal based on a finding that he was “virtually represented” by the first requester. The virtual representation doctrine expands the traditional exceptions (in American federal law) to the rule that one must be a party to be barred by a prior judgement. It had not previously been considered by the Supreme Court.

The Supreme Court rejected the virtual representation doctrine but remanded the matter for a determination as to whether the second requester filed suit as the first requester’s agent. This may have seemed a possibility to the Court because the first requester had a greater interest in the records (he owned the aircraft, the second requester did not) and had asked the second requester to help him restore the aircraft and because both requesters used the same legal counsel. There was no determination of the question of agency on the record, however, so the Court let the agency issue live with a note that “courts should be cautious about finding preclusion on this basis.”

The Supreme Court’s decision does not turn on the specific nature of a public right of access, though it did reject an argument that the second requester had a reduced interest in controlling the first reqeuster’s litigation because a duty to disclose is “owed the public generally.” It said, that notwithstanding the general public interest in access to government records, a grant of relief under the FOIA is personal.

Taylor v. Sturgell, 553 U.S. 2008.

Information Roundup – 16 June 2008

Crazy weather here.  Nearly got fried on Sunday.  Getting stuck out on a paddleboard as a lightening storm rolls in is pretty terrifying eh.  Nothing you can do but paddle like mad for shore and have faith.  It’s warm though, and I’m loving some long paddles.  If this is hard for you to understand check out this picture and you might get it.  Pure magic.

Here’s what I’ve read lately that may be of interest.

Enjoy!

Case Report – LSAC allowed to substitute submission of photos for fingerprints

You may have heard about the federal Privacy Commissioner’s May 29th report on the Law School Admission Council’s practice of collecting fingerprints from LSAT test takers.  Her office recommended that LSAC cease the practice but allowed it to substitute a practice of collecting test takers’ photographs.

There are some notable findings in the report.  Namely:

  • the OPC rejected LSAC’s argument that it was engaged in educational rather than commercial activity, finding that its core activities provided a service to its member law schools;
  • the OPC held that fingerprints are more sensitive than voice prints and less sensitive than one’s photographic image; and
  • the OPC made another comment de-emphasizing the significance of cross-border transfers of personal information.

The report also highlights the difficulty of sustaining a collection practice based on deterrence alone.  The case for deterrence is often logically compelling, but proving that collecting information effectively deters misconduct is hard.  (For more on this theme, see the IPC/Ontario’s recent surveillance report.)  LSAC had not once used a fingerprint to identify whether fraudulent test since it started collecting them in the mid-1970, so it was difficult for the LSAC to justify its practice on any ground other than deterrence.  It also claimed that it simply wanted to assure its members that it was doing all it could to ensure the security of the test.  The OPC seemed to accept this purpose as legitimate, but not compelling enough to justify collection of fingerprints. The LSAC proposed collecting photographs as a step-down solution mid-way through the investigation, and the OPC held that this alternative would achieve the appropriate balance because images are “marginally” less sensitive.

Report of Findings:  Law School Admission Council Investigation (29 May 2008, OPC).

Case Report – ABCA stresses need for courts to protect hard drive contents

On June 11th, the Alberta Court of Appeal held that a judge erred in ordering the production of hard drive images that contained patient files.

The case is about a public health authority’s right to audit files held by one of its former service providers, and in particular, its right of access to files of patients whose treatment the authority only partly funded. These patients also received privately-funded services, but only had one patient record with the service provider, which raised an issue about the authority’s right to look at the files in the course of an audit. This issue was initially litigated up to the Alberta Court of Appeal in 2006.  The Court of Appeal held that the authority had no right of access to the “hybrid files” under public law, but did not consider the authority’s contractual right of audit.

The access dispute was revived again when the service provider sued the authority for unlawfully seeking access to the hybrid files and forcing it to defend its clients’ privacy rights through litigation.  Several computer hard drives containing hybrid files that were imaged in the original dispute and stored at the court were central to the action.  The authority revived its attempt at accessing the hybrid files by filing a counterclaim in which it alleged breach of contract and breach of fiduciary duty. It made a vague allegation in its pleadings that the service provider was double-billing, but did not plead fraud.  (It had no evidence of fraud because any such evidence could only be revealed on an examination of the hybrid files themselves.)

A case management judge ordered the hard drives to be produced to the authority in specie (in their actual form) with a direction not to print or take notes of anything irrelevant and in reliance of the no collateral use rule embedded in the implied undertaking.  The Court of Appeal held this order was made in error and that the authority’s vague pleadings of fraud did not give it a right to the hybrid files.

The Court of Appeal’s judgement (written by Madam Justice Conrad) contains some very principled statements on e-discovery.  She held that a party to litigation will not ordinarily get access to a hard drive, which is simply a receptacle for information.  This is not new, but Madam Justice Conrad also suggested that a judge has a duty to protect irrelevant, confidential and private materials in the event of a production dispute.  She also stressed that orders to inspect a hard drive will only be made on “strong evidence” that a party is attempting to thwart the discovery process and, further, that a court that orders inspection of a hard drive should still ensure that irrelevant and confidential information is protected.  Referring to the order made in 2007 by the Alberta Court of Queen’s Bench in Spar Aerospace (subsequently upheld on appeal), she said:

While I agree with Madam Justice Veit’s decision, I would add a caveat. Even in circumstances where it is clear that a litigant is thwarting the litigation process, and the court deems it appropriate to order production of a hard drive, measures should be taken to protect disclosure of irrelevant and immaterial information which the producing party objects to produce. Although litigation confidentiality exists, many times that will not be sufficient to protect personal, confidential and private material. A judge should always hear representations as to how information that is neither material nor relevant can be protected from exposure, and frame any production order in the least intrusive manner.

Madam Justice Conrad then held that there was no basis justifying an inspection order in the circumstances, that the service provider’s pleading did not put the entire content of the hard drives at issue and that concerns about the cost of separating the records on the hard drive were not established or were at least premature.

The Court also held that the action did not give the authority a right of disclosure that extended to the hybrid files.  It held that the dispute was about the scope of a contractual right of audit and not an allegation of fraud despite the vague allegations pleaded in authority’s counter claim.  It seemed clear to the Court that the authority was attempting to seek what it ultimately wanted (a look at the hybrid files) by the way in which it pleaded its counterclaim.  Madam Justice Conrad said the authority was on a “fishing expedition.”

While an obviously significant e-discovery case, this also says something about records management, the need for third-party access and potential conflicts with personal privacy rights.  If the authority’s funding contract demanded that patient records for funded services be separately maintained, this dispute might have been avoided.

Innovative Health Group v. Calgary Health Region, 2008 ABCA 219 (CanLII).

Case Report – Divisional Court says reasons for ordering medical exam required

On June 3rd, the Divisional Court quashed a medical assessment order issued by the Ontario College of Nurses because the College did not provide the affected nurse with reasons for its order.

In accordance with the Health Professions Procedural Code, the College’s Executive Committee appointed a board of inquiry to assess the nurse’s capacity. The board of inquiry gave notice to the nurse of its intention to order her to submit to a medical examination (on the threat of suspension) because it had reasonable and probable grounds to believe she was incapacitated. The power to make this order is specified in the Code, as is the requirement to give notice.

The nurse made submissions through counsel, and included two medical opinions and statements from her colleagues that supported her capacity. Regardless, the board ordered an assessment and did not provide reasons for its order. The court award also says the College “refused” to provide the nurse with a record of its proceedings or file the record with the Court, though it did file an Affidavit in its response which attached all the material before it at the time it made its decision.

The Court quashed the order because the College breached the nurse’s right to procedural fairness. It considered that the privacy interest at stake weighed in favour of a high standard, and commented:

Individuals have a legal right to bodily integrity and medical privacy. The right is protected through privacy legislation and through an extensive body of case law dealing with circumstances under which an individual can be compelled to submit to medical examinations and other intrusions on bodily integrity.

The College submits Ms. Cotton had no reasonable legitimate expectation that the Board would give reasons for its decision. It states it has never been the practice at the College for a Board of Inquiry to provide reasons demonstrating reasonable and probable grounds to require a member to submit to a medical examination. We respectfully suggest that the College might wish to re-examine its practice where a medical examination is ordered.

The College further submits that a duty to give reasons is inconsistent with the role of the Board, which was performing a purely investigative function rather than an adjudicative one. We recognize that there may be functions of the Board that are investigative and which are not determinative of the rights of any party. However, an order requiring a person to undergo an invasive medical examination, subject to the penalty of suspension or revocation of licence for refusing to comply, is a determination of rights, even though it may be ordered for an investigative purpose. It is in this context that the duty to observe rules of procedural fairness, including the duty to provide reasons, arises.

Though the substantive basis for ordering a medical assessment is often litigated, judicial comment on the process of ordering an assessment is rare. The outcome in this decision is certainly driven by its specific factual context, but it nonetheless has some broader significance.

Cotton v. College of Nurses of Ontario, 2008 CanLII 26674 (ON S.C.J.).

More thoughts on employee online speech

June is conference season, and this year the hot topic has certainly been online speech. I spoke first in mid-May at our Toronto client conference and posted some ideas about the dangers of over-reaching. Then, last week, I spoke at the Canadian Association of Career Educators and Employers and posted some ideas about applicable privacy principles, human rights and records management concerns.

Today I spoke at our Burlington client conference together with Jonathan Maier. Here are two excerpts from our speech. Please keep in mind we act exclusively on behalf of management, and though we mean to encourage a fair and reasonable approach, our comments are addressed to management’s perspective.

First, some thoughts on necessity and reasonableness in collecting personal information for recruiting purposes:

Finally, the “necessity” and “legitimate purposes” principles are applicable. As against these principles, we are most likely to succeed in justifying screening a candidate’s online presence if we need to do so to see whether it gives rise to a conflict of interest or potential conflict of interest.

To give this some meaning, let me explain two more problematic uses.

One is randomly searching for any “dirt” on prospective employees regardless of the potential for conflict. Even if information is available, privacy principles demand that we have a reason to collect. So if we are only hiring a production employee, for example, can we really justify screening her online presence at all?

The second questionable use is using online information to profile candidates or, in other words, to assess their potential job performance. I can see this as being a legitimate purpose for hiring individuals into some jobs – internet writing or internet marketing jobs for example. Otherwise I have concerns about the validity of profiling. And if you can’t prove your profiling exercise is valid, under privacy principles you have no basis for collecting the information that that will form the basis of your profile.

And now a thought on managing speech by former employees (presented immediately before some ideas on working with ISPs).

There are two key differences in managing online speech by former employees. First, you can’t take away their jobs, so lack practical leverage because you need to sue them or threaten them with a valid lawsuit to get them to take information down. Second, former employees have no duty of loyalty and fidelity. This means that they can say things that are not in your interest, and so long as these things are not defamatory, made in breach of confidence or made in violation of some other law, you won’t have recourse. You need to be able to claim the speech is unlawful in and of itself, which will no doubt leave you having to tolerate some speech you just don’t like.

Now if the speech is unlawful you will have a basis for seeing that it is taken down. But as a word of warning we’d like you to take one thing away from this: have your lawyer do a good up-front assessment of the legality of the speech so you know that you’re taking a position that you can commit to. I’ll come back to the risks of over-reaching in a bit.

I’ve enjoyed addressing this his very relevant topic hope you find these ideas helpful.

HRTO publishes “go forward” rules – summary of disclosure and production framework

On June 30th of this month, the bulk of the Bill 107 amendments to the Ontario Human Rights Code will come into effect and the Ontario system for resolving human rights matters will start allowing for “direct access” to the Ontario Human Rights Tribunal. This week, the Tribunal issued Rules of Procedure for “new applications” – those applications filed after June 30th and applications involving complaints that are currently outstanding at the Commission and that are re-filed as applications after years’ end.

The plain language guide published with the Rules states, “The Tribunal’s goal is to have the hearing completed within one year of receiving a completed application form.” In light of this aggressive goal, I thought it worth a quick summary of the disclosure and production framework contemplated by the rules, which starts up-front during the pleadings stage.

Here’s an overview of what is contemplated:

  • The Application form and the Response form ask the parties to identify (with reasons) “important” documents they, other parties and any third parties posses. The use of the word “important” is significant, and signals an appreciation for proportionality.
  • The Application form and the Response form ask for witnesses names and a short description of why each listed witness is “important.” The identities of potential witnesses are collected by the Tribunal up-front, but are not disclosed between the parties until shortly before a hearing. This indicates that the parties’ witness lists will initially be used for case management purposes.
  • The Tribunal also has a unique power of inquiry. At the request of a party it may order an inquiry where an inquiry is “required” in order to obtain evidence, the evidence “may assist in achieving a fair, just and expeditious resolution of the merits of the application” and ordering an inquiry is “appropriate.” When the Tribunal orders an inquiry it will authorize a person to conduct the inquiry and prepare of written report in accordance with terms of reference. The person conducting the inquiry will have a broad power to gather evidence in making a report, including the power to enter premises without a warrant, to request the production of documents and things, to question witnesses, to demand production of electronically stored information and to take photographs and video recordings. The Tribunal will not ordinarily treat the report as evidence unless the parties consent or unless the author of the report testifies. The Rules establish a preference for inquires to take place early in the process: “[A request for an inquiry] must be made promptly after the party becomes aware of the need for an inquiry.”
  • After the Tribunal confirms the hearing, the parties will have 21 days to deliver and file a list of all “arguably relevant” documents in their possession, including documents over which privilege is claimed. Parties must produce copies of non-privileged documents together with their lists. The Rules do not make any mention of electronic production.
  • The next significant date is 45 days before the first scheduled date of hearing. At this point the parties must exchange and file the following: (1) a list of documents on which they indend to rely; (2) a witness list along with will-say statements; and (3) any expert witness reports or, alternatively, a “full” summary of an expert witness’s evidence. Parties will ordinarily be precluded from relying on documents and witnesses not disclosed in accordance with this requirement.

There is no process for oral discovery (which would be atypical in an administrative procedure) but the Tribunal is offering voluntary mediation, an additional means for the parties and the Tribunal to glean the other sides’ potential evidence and assess the case. In fact, the Tribunal’s plain language guide states that it will use mediation to assess and manage matters that do not settle.

Information Roundup – June 5, 2008

Seanna’s off in Halifax for a five day sales conference and I’m a single parent for the time being. Hugs walked for the first time today too (pretty much all at once). I’m going to have him doing headstands by the time Seanna gets home.

Here’s what I’ve been reading lately.

  • Privacy Commissioner of Canada, “Leading by Example: Key Developments in the First Five Years of the Personal Information Protection and Electronic Documents Act.” There are no new policy statements in here, but it is a great single-source resource for the key jurisprudence on PIPEDA.
  • Cathy Delzeil, “Clamping down on discovery: the new rules of civil procedure.” A really nice summary of the impending changes to the Nova Scotia civil rules. (The Lawyers Weekly)
  • Ralph Losey, “The lessons of Qualcomm: A wake up call for the legal profession.” Mr. Losey argues that Qualcomm is a reminder that litigators have a duty to the court to ensure their representations about document preservation and retrieval are accurate. He also argues, despite how hard it is to get a handle on our clients’ records as externals, that this duty can’t be avoided by retainer agreements that lay the burden at clients’ feet. (E-Discovery Team)
  • Canadian Broadcasting Corporation, “Search Engine” (5 June 2008). Jesse Brown talks to a representative of Proofpoint, a vendor of automated e-mail monitoring solutions, about a study it commissioned on corporate data loss. I haven’t bothered to download the report, but here’s what you pick up from the interview and Proofpoint’s press release: 41% of companies with over 20,000 employees that were surveyed hired people to manually monitor employee e-mail in the last year, 44% of all companies surveyed investigated an e-mail leak of confidential information in the last year and 26% of all companies surveyed fired an employee for breach of an e-mail policy in the last year. Proofpoint commissioned Forrester Consulting, who surveyed 301 American companies with more than 1000 employees. (CBC)

Enjoy!