Tag Archives: mfippa

IPC comments on use and disclosure of OSR in litigation

1 Aug

On June 15th, the Information and Privacy/Commissioner Ontario dismissed a privacy complaint that alleged a school board breached the Education Act and MFIPPA by producing a student’s OSR in response to his human rights application.

The Board produced the OSR and filed it in a brief of documents to be used at a pending Human Rights Tribunal of Ontario hearing, all pursuant to the Tribunal’s rules. The complainant objected, and in a preliminary hearing, the HRTO directed the complainant to consent or face dismissal of his application. The complainant did not consent, his application was dismissed and he subsequently filed a privacy complaint with the IPC.

The IPC held that MFIPPA prevails over the statutory privilege provision in the Education Act and that the IPC is therefore “not bound to consider section 266 of the Education Act in its deliberations.” It also held that the OSR was information “otherwise available” to the Board and therefore open to its use under the provision of MFIPPA that stipulates that MFIPPA “does not impose any limitation on the information otherwise available by law to a party to litigation.”

The IPC did recommend that, going forward, the Board refrain from unilaterally handling the OSR when its potential use and disclosure is in dispute: “… the Board should make efforts to seek direction from an administrative tribunal or court prior to disclosing the information contained within an Ontario School Record during the course of litigation.”

 York Region District School Board (Re), 2016 CanLII 37587 (ON IPC).

 

Reasonable necessity not enough to justify collection under Ontario’s public sector statutes

8 May

Section 38(2) is an important provision of Ontario’s provincial public sector privacy statue. It requires institutions to satisfy a necessity standard in collecting personal information. Ontario’s municipal public sector privacy statute contains the same provision.

On May 4th, the Divisional Court dismissed an Liquor Control Board of Ontario argument that the Information and Privacy Commissioner/Ontario had erred by applying a higher standard than “reasonable necessity” in resolving a section 38(2) issue. The Divisional Court held that the Court of Appeal for Ontario’s Cash Converters case establishes just such a standard:

The LCBO relies upon Cash Converters to support its submission that the IPC erred in not interpreting “necessary” as meaning “reasonably necessary.” However, Cash Converters does not interpret “necessary” in this way. In fact, it suggests the opposite. Arguably, something that is “helpful” to an activity could be “reasonably necessary” to that activity. Yet, the Court of Appeal makes it clear that “helpful” is not sufficient.

It’s hard to fathom a legislative intent to prohibit a practice that is, by definition “reasonable.” If the LCBO seeks and is granted leave to appeal this could lead to an important clarification from the Court of Appeal on a strict interpretation of section 38(2) that has stood for some time. The LCBO practice at issue – which involves collecting the non-sensitive information of wine club members to control against the illegal stockpiling and reselling of alcohol – is a good one for testing the line.

Liquor Control Board of Ontario v Vin De Garde Wine Club, 2025 ONSC 2537.

Arbitrator dismisses privacy breach grievance based on actions of a snooping employee

5 Apr

On March 15th, the Grievance Settlement Board (Ontario) dismissed a grievance against the government for one employee’s intentional “snooping” into another employee’s employment insurance file.

Intentional unauthorized access to personal information by a trusted agent is a somewhat common scenario that has not yet been addressed by labour arbitrators. While arbitrators have taken jurisdiction over privacy grievances on a number of bases, privacy grievances have typically addressed intentional employer action – e.g. the administration of a drug test or the installation of a surveillance camera. This case raises an issue about an employer’s obligation to secure employee personal information and its liability for intentional access by another person. Can a reasonable safeguards duty arise inferentially out of the terms of a collective agreement? Is there some other source of jurisdiction for such claims? It is not clear.

The GSB ultimately finds jurisdiction in the Municipal Freedom of Information and Protection of Privacy Act, which it finds is an “employment-related statute” that can be the basis of arbitral jurisdiction. This is unfortunate because MFIPPA, in general, excludes employment-related records (and hence employees). There are now a handful of arbitral decisions that neglect to consider and apply the (very important) exclusion.

Having found jurisdiction rooted in MFIPPA, oddly, the GSB does not consider whether the government (or the Ministry’s head) failed to meet the MFIPPA “reasonable measures to prevent unauthorized access” security standard. Instead, it applied a vicarious liability analysis and dismissed the grievance. I’ll quote the GSB analysis in full:

41      Being guided by the principles set out in Re Bazley, I am of the view that the Employer is not vicariously liable for actions of Ms. X. Simply put, the “wrongful act” was not sufficiently related to conduct authorized by the Employer. Indeed, the accessing of the grievor’s EI file had nothing to do with the work assigned to employees. Employees were able to and indeed did access EI files but only in those instances where it was necessary to assist their clients.
42      The evidence established that the Employer had clear and sufficient policies regarding the protection of private information. Privacy matters were discussed with employees at the point that they were hired and although those policies could have and perhaps should have been formally reviewed more frequently by management, employees were reminded of their obligations frequently by way of a “pop up” upon entering their computers.
43      Further, Ms. Smith, a co-worker of the grievor, who testified for the Union was very forthright in her cross-examination that she knew that she was not to access the private information of anyone for her own interest. Moreover, this intrusion was the first time that she knew of anyone in the workplace doing such a thing. It might well be argued that this reinforces the view that the policy was known and followed in the workplace. Certainly there was no evidence of any other breach.
44      This intrusion was not an abuse of power. It was not an instance where someone with power over the grievor utilized their authority to carry out the wrong. It was a coworker — indeed I am of the view that it was the action of a rogue employee who, for her own purposes accessed the grievor’s EI file. It was not an action that could be seen to “further the Employer’s aims.” Indeed this activity was done without the sanction or knowledge of the Employer. I accept the Employer’s evidence that it knew nothing of the intrusion until being told by a coworker of the grievor and upon learning took immediate action to investigate and manage the issue and the Ms. X who received a significant suspension.
45      Finally, it must be recalled that this Board dismissed the grievor’s allegations that the Employer and her coworkers were bullying and harassing her in a separate decision. Accordingly it seems to me that it cannot be said that the intrusion into her EI records by Ms. X was “related to friction, confrontation or intimacy inherent in the employer’s enterprise.”
Whether an organization is vicariously liable for an employee’s intentional unauthorized access to personal information is a very significant legal issue. This analysis will receive significant attention.

Ontario and OPSEU, Re, 2015 CarswellOnt 3885.

Review of IPC exclusion decisions now (officially) subject to reasonableness review

8 Aug

A friend just brought a notable FIPPA judicial review from February 24th to my attention. In it, the Divisional Court affirmed an IPC order to disclose the full names of FRO employees in response to a request for personal information.

The IPC held that the employment-related records exclusion in FIPPA did not apply to certain records containing employee names – records of services provided to the requester. The Court reviewed this on the reasonableness standard, finding that pre-Alberta Teachers case law supporting a review on the correctness standard no longer applies. On the application of the exclusion, the Court rejected an argument that the records of service provided were employment-related in the context:

To qualify for the exclusion, the record must be about labour relations or employment-related matters. The dictionary definition of the word “about” requires that the record do more than have some connection to or some relationship with a labour relations matter. “About” means “on the subject of” or “concerning”: see Concise Oxford English Dictionary, 11th ed., 2004, s.v. “about”. This means that to qualify for the exclusion the subject matter of the record must be a labour relations or employment-related matter.

Adopting the Ministry’s broad interpretation of “about” would mean that a routine operational record or portion of a record connected with the core mandate of a government institution could be excluded from the scope of the Act because such a record could potentially be connected to an employment-related concern, is touched upon in a collective agreement, or could become the subject of a grievance. This interpretation would subvert the principle of openness and public accountability that the Act is designed to foster.

This should be read to be consistent with the Divisional Court’s earlier decision that there need only be “some connection” with excluded subject matter for the exclusion to apply: see Ministry of Attorney General and Toronto Star, 2010 ONSC 991 (CanLII). Records that have some connection (i.e. a partial connection) to excluded subject matter are arguably still excluded, but the connection must be real, not speculative and not driven by the context in which a request is made.

The Court also affirmed the IPC’s finding that full name information is not exempt under the “unjustified invasion of personal privacy” exemption.

Question. Why not argue that the information at issue – full names or identifying information – is not “personal information” to which the right of access to personal information applies? The right of access to personal information applies to information and not whole records. In the absence of a special context, the identity of employee/service provider names should not constitute the requester/service recipient’s personal information.

Ministry of Community and Social Services v Doe et al (2014), 120 O.R. (3d) 451.

IPC says full balancing applies in mixed personal information cases

30 Nov

On September 27, 2013 the Information and Privacy Commissioner/Ontario issued a significant decision on the exemption from the right of access to personal information in section 38(b) of MFIPPA (and 49(b) of FIPPA by implication) by finding that a disclosure that is presumed to constitute an unjustified invasion of privacy for the purpose of answering a general records access request is not so presumed for the purpose of answering a request for access to one’s own personal information.

Individuals have a right of access to their own personal information that is in the custody or control of Ontario institutions subject to a number of discretionary exemptions, including an exemption that applies if “the disclosure would constitute an unjustified invasion of another individual’s personal privacy.” This exemption often arises in cases in which individuals seek access to personal information about themselves that is contained in complaints and incident reports (which record information from witnesses, complainants and others about more than one person).

The “unjustified invasion” question is informed by the mandatory exemption for unjustified invasion of personal privacy that applies to “general records” access requests. The mandatory exemption includes a provision that deems certain disclosures to be a presumed unjustified invasion. Here is the MFIPPA provision:

14(3) A disclosure of personal information is presumed to constitute an unjustified invasion of personal privacy if the personal information,

(a) relates to a medical, psychiatric or psychological history, diagnosis, condition, treatment or evaluation;

(b) was compiled and is identifiable as part of an investigation into a possible violation of law, except to the extent that disclosure is necessary to prosecute the violation or to continue the investigation;

(c) relates to eligibility for social service or welfare benefits or to the determination of benefit levels;

(d) relates to employment or educational history;

(e) was obtained on a tax return or gathered for the purpose of collecting a tax;

(f) describes an individual’s finances, income, assets, liabilities, net worth, bank balances, financial history or activities, or creditworthiness;

(g) consists of personal recommendations or evaluations, character references or personnel evaluations; or

(h) indicates the individual’s racial or ethnic origin, sexual orientation or religious or political beliefs or associations.

In Seguin Township, Adjudicator Cropley held that the application of this deeming provision does not end the analysis in a personal information request as it does in a general records request. A head should go on to consider the other relevant factors (including those listed in the Act) to determine if, on the balance, the invasion of privacy to the person other than the requester is “unjustified” in the circumstances. Adjudicator Cropley said that her interpretation consistent “legislature’s intent in creating a separate, discretionary exemption claim that makes a distinction between an individual seeking another individual’s personal information and an individual seeking his own personal information.” It invites both greater access to personal information and greater uncertainty in dealing with access to personal information requests.

Seguin (Township) (Re), 2013 CanLII 64274 (ON IPC).

The ins and outs of the e-FOI process

26 Sep

Here’s a presentation I delivered today in an Ontario Hospital Association webcast. I’ve been following “e-FOI” developments for a while and was happy to finally build and deliver a presentation to lend some structure to the topic. Stay tuned for more!

Case Report – Ont. C.A. deals with creating records in Ontario FOI law

14 Jan

The the Ontario Court of Appeal has affirmed the IPC/Ontario’s position that records produced by replacing unique identifiers in a database with randomly generated numbers are “records” under Ontario freedom of information legislation.

The requester, a reporter from the Toronto Star, asked for access to information stored in two police databases. Presumably so he could accomplish his research without using personal information and engaging the unjustified invasion of privacy exemption, he asked that identifying information in the two databases be replaced with randomly generated and unique numbers. The evidence showed that the police board could extract the data in the form requested by writing an algorithm and relying upon its existing technical know-how, hardware and software.

In June 2007, the Divisional Court quashed an IPC order made in favour of the requester. The Court held that the request was not for “records” as defined in section 2(1)(b) of the Municipal Freedom of Information and Protection of Privacy Act:

2. (1) In this Act,

“record” means any record of information however recorded, whether in printed form, on film, by electronic means or otherwise, and includes,

(b) subject to the regulations, any record that is capable of being produced from a machine readable record under the control of an institution by means of computer hardware and software or any other information storage equipment and technical expertise normally used by the institution; (“document”)

Earlier today, the Ontario Court of Appeal reversed the Divisional Court’s judgement and restored the IPC order. The Court of Appeal decision is technically based on the standard of review – i.e. it only held that the IPC’s interpretation of the record definition was not unreasonable. This, however, hardly limits the force of the judgement. The Court reasoned that IPC’s order was consistent with the the text of the MFIPPA General Regulation, which has provisions that allow institutions to recover programing and related costs.  It also applied a very strong purposive analysis in construing the definition. Consider the following dicta:

A contextual and purposive analysis of s. 2(1)(b) must also take into account the prevalence of computers in our society and their use by government institutions as the primary means by which records are kept and information is stored. This technological reality tells against an interpretation of s. 2(1)(b) that would minimize rather than maximize the public’s right of access to electronically recorded information.

In my view, a liberal and purposive interpretation of those regulations when read in conjunction with s. 2(1)(b), which opens with the phrase “subject to the regulations,” and in conjunction with s. 45(1), strongly supports the contention that the legislature contemplated precisely the situation that has arisen in this case. In some circumstances, new computer programs will have to be developed, using the institution’s available technical expertise and existing software, to produce a record from a machine readable record, with the requester being held accountable for the costs incurred in developing it.

This decision makes clear that Ontario institutions must ordinarily undertake programming tasks that enable them to provide access to information stored in databases, even to mask personal information by substituting de-personalized unique identifiers for identifying information. There are two clear limits to this rule: (1) a record only capable of being produced through a proces that “unreasonably interferes with the operations of an institution” is deemed not to be a record and (2) a record that can only be produced with technical expertise not “normally used by [an] institution” is deemed not to be a record.  The Court left open whether a record that can only be produced with “hardware and software or any other information storage equipment” not normally used by an institution is deemed not to be a record but said this interpretation was “open to argument.”

The “creating records issue” is a significant one in civil litigation and in other circumstances where one has a simple right to a “record in custody or control” (see herehere and here for more).  This case is based on very specific statutory language, but is nonetheless significant to Ontario FOI-regulated institutions.

Toronto Police Services Board v. (Ontario) Information and Privacy Commissioner, 2009 ONCA 20.