Court orders safekeeping of medical records held by departed employee

On March 7th, the Ontario Superior Court of Justice issued an order to secure medical records held by a former employee of an addiction clinic.

The employee had copies of urinalysis reports stored on her personal e-mail account at the time of termination because she had used her personal e-mail account for work purposes. She allegedly used her continuing possession of the e-mails to extort the employer into offering reinstatement and later refused to return the e-mails, arguing they were evidence of the employer’s wrongdoing. (It is not clear from the decision what wrongdoing the employee alleges.)

The Court granted an ex parte order after applying the test for an Anton Piller. Notably, the order required the employee to turn control of her e-mail account to an independent supervising solicitor authorized to copy and retain the e-mails, delete the e-mails on the account and return control of the account to the employee. The Court authorized the employer to serve the order by e-mail.

Garber v Robinson, 2013 ONSC 1427 (CanLII).

The science of breach prevention and the art of breach response

Data loss prevention and response is a big topic now! The HRSDC lost hard drive is about a huge (but seemingly benign) incident that has attracted great attention. We also have the Obama administration’s attention to corporate network security – such attention given at a time in which sacrifices are being made to corporate network security based on trends such as BYOD.

Here is a practical guide that we’ve prepared to address the salient issues. We hope it’s useful to you.

View this document on Scribd

OBA’s “Hot Issues” seminar and employee computer monitoring

I delivered a presentation at the OBA’s “Hot Issues in Privacy Law” seminar this morning called “Employee Computer Monitoring: Wither the most certain management right of all?” Here are the slides:

I prepared a paper for the presentation that I’m trying to re-purpose, and am going to hold off on publishing it for now. I hope I can make it available in one form or another soon. [Addendum: Here’s a copy of my speaking notes, which contain some of the key ideas.]

I enjoyed attending the entire session. The issues kept coming back to data security, which makes sense given the costs and risks of data breaches. Coincidentally, I had a call right after I returned to the office on a breach. For what it’s worth, I don’t find a discussion of costs and risks very helpful in guiding clients through the decision making exercise. Instead, I guide them to make decisions with a view to writing the story that they can cling to however all the external (and uncontrollable) factors play out. But even if I play my role to its best, it still can leave clients with some agonizing decisions. So if there’s one thing I can echo from today’s seminar, investing in prevention is a great idea. Data breaches suck!

You can read what are essentially a copy of my notes for the morning here. Remember to read from the bottom up.

Enjoy!