No Charter-protected expectation of privacy in vehicle operation data

On July 20th, the Court of Appeal for Saskatchewan held that an accused person who drove his pickup truck through a highway intersection and stuck a semi-truck did not have a reasonable expectation of privacy that precluded the police from seizing a control module and its data from his vehicle before it was towed away.

The accident was horrible. There were six people in the truck with the accused, three of whom died, two of whom were children. The police charged the accused with dangerous driving and criminal negligence, and the prosecution relied on evidence retrieved from the wrecked pickup truck at the scene of the accident. Specifically, the police seized the truck’s Airbag Control Module (ACM) from under the driver’s seat. The ACM contained an Event Data Recorder (EDR) with data about the vehicle’s operation during the five seconds before impact in tenth of a second intervals – specifically, speed, accelerator pedal (% full), manifold pressure and service brake (on/off), seatbelt pretensioner readings, airbag deployment readings.

There are competing lines of Canadian jurisprudence regarding the warrantless seizure of on board vehicle computers and their data. The leading Ontario case is Hamilton, a Ontario Superior Court of Justice case that recognizes a reasonable expectation of (informational) privacy. In Yogeswaran, though, the Ontario Superior Court of Justice held that the territorial privacy interest in one’s vehicle is enough to preclude police search and seizure without prior judicial authorization.

Conversely, in Fedan, the Court of Appeal for British Columbia held that one’s territorial privacy interest in their vehicle is extinguished when the vehicle is seized and that EDR data is not associated with a strong enough informational privacy interest to warrant Charter protection.

The Court of Appeal for Saskatchewan followed Fedan. It reasoned that the accused’s truck, being totally destroyed on the side of a public roadway, was in the total control of the police whether or not it was yet to be formally seized based on section 489(2) of the Criminal Code. It concluded:

…the claim to a territorial privacy interest by Mr. Major in that component of his vehicle is weak. While a warrant could have been obtained, that does not mean one was required. I find that the state of the vehicle, Mr. Major’s loss of control over it, the nature of the ACM as a mechanical safety component installed by the manufacturer, and the focused task by Cpl. Green in locating and removing only it, do not support the continued existence of an objectively reasonable territorial privacy interest at the point when the vehicle was entered

Regarding informational privacy, the Court made the point that not all digital evidence is equally sensitive or revealing of one’s “biographical core.” EDR data of the kind at issue is limited to data about the operation of a vehicle immediately before an accident, and provides no “longer-term information about the driving habits of the owner or operator of a vehicle.” The Court concluded:

After considering the two lines of cases regarding EDR data, I find myself in substantial agreement with the reasoning from Fedan for the characterization of the data stored in the EDR. As in Fedan, the data here “contained no intimate details of the driver’s biographical core, lifestyle or personal choices, or information that could be said to directly compromise his ‘dignity, integrity and autonomy’” (at para 82, quoting Plant at 293). It revealed no personal identifiers or details at all. It was not invasive of Mr. Major’s personal life. The anonymous driving data disclosed virtually nothing about the lifestyle or private decisions of the operator of the Dodge Ram pickup. It is hard to conceive that Mr. Major intended to keep his manner of driving private, given that the other occupants of the vehicle – which included an adult employee – and complete strangers, who were contemporaneously using the public roadways or adjacent to it, could readily observe him. His highly regulated driving behaviour was “exposed to the public” (Tessling at para 47), although not to the precise degree with which the limited EDR data, as interpreted by the Bosch CDR software, purports to do. While it is only a small point, I further observe that a police officer on traffic patrol would have been entitled to capture Mr. Major’s precise speed on their speed detection equipment without raising any privacy concerns.

R v Major, 2022 SKCA 80 (CanLII).

Recent cyber presentations

Teaching is the best way of learning for some, including me. Here are two recent cyber security presentations that may be of interest:

  • A presentation from last month on “the law of information” that I delivered to participants in the the Osgoode PDP program on cyber security
  • Last week’s presentation for school boards – Critical Issues in School Board Cyber Security

If you have questions please get in touch!

When it happens, will you be ready? How to excel in handling your next cyber incident

I like speaking about incident response because there are so many important practical points to convey. Every so often I re-consolidate my thinking on the topic and do up a new slide deck. Here is one such deck from this week’s presentation at Canadian Society of Association Executives Winter Summit. It includes an adjusted four step description of the response process that I’m content with.

We’ve been having some team discussions over here about how incident response plans can be horribly over-built and unusable. I made the point in presenting this that one could take the four step model asset out in this deck, add add a modest amount of “meat” to the process (starting with assigning responsibilities) and append some points on how specific scenarios might be handled based on simple discussion if not a bona fide tabletop exercise.

Preparing for a cyber incident isn’t and shouldn’t be hard, and simple guidance is often most useful for dealing with complex problems.

NSCA says no expectation of privacy in address information

On January 28th the Nova Scotia Court of Appeal dismissed a privacy breach allegation that was based on a municipality’s admitted disclosure of address information to a related service commission so the service commission could bill for certain statutorily mandated charges. The Court held there was no reasonable expectation of privacy in the information disclosed, reasoning as follows:

Mr. Banfield’s information was not confidential, secret or anonymous. Neither did it offer a glimpse into Mr. Banfield’s intimate, personal or sensitive activities. Nor did it involve the investigation of a potential offence. Rather, it enabled a regulated public utility to invoice Mr. Banfield with rates approved under statutory authority for a legally authorized service that, in fact, Mr. Banfield received.  

Banfield v. Nova Scotia (Utility and Review Board), 2020 NSCA 6 (CanLII).

What’s significant about the Loblaw report

I finally got around to reading the @PrivacyPrivee report of findings on Loblaw’s manner of authenticating those eligible for a gift card. The most significant (or at least enlightening) thing about the report is that the OPC held that residential address, date of birth, telephone number and e-mail address were, together, “sensitive.” It did so in assessing the adequacy of the contractual measures Loblaw used in retaining a service provider for processing purposes. It said:

  1. The contract also provided guarantees of confidentiality and security of personal information, and included a list of specific safeguard requirements, such as: (i) implementing measures to protect against compromise of its systems, networks and data files; (ii) encryption of personal information in transit and at rest; (iii) maintaining technical safeguards through patches, etc.; (iv) logging and alerts to monitor systems access; (v) limiting access to those who need it; (vi) training and supervision of employees to ensure compliance with security requirements; (vii) detailed incident response and notification requirements; (viii) Loblaw’s pre-approval of any third parties to whom JND wishes to share personal information, as well as a requirement for JND to ensure contractual protections that are at a minimum equivalent to those provided for by its contract with Loblaw; and (ix) to submit to oversight, monitoring, and audit by Loblaw of the security measures in place.
  2. As outlined above, the additional ID’s requested by the Program Administrator were collected through a secure channel (if online) or by mail, verified and then destroyed.
  3. In our view, given the limited, albeit sensitive, information that was shared with the Program Administrator, as well as the limited purposes and duration for which that information would be used, Loblaw’s detailed contractual requirements were sufficient to ensure a level of protection that was comparable to that which would be required under the Act. Therefore, in our view, Loblaw did not contravene Principle 4.1.3 of Schedule 1 of the Act.

Residential address, date of birth, telephone number and e-mail address is a set of basic personal information. In analyzing it, one must recall the “contact information” that the Ontario Superior Court of Justice said was not “private” enough to found a class action claim in Broutzas.

Don’t be misled, though. The OPC made its finding because Loblaw was engaged in authentication, and collected a data set precisely geared to that purpose. The potential harm – identity theft – was therefore real, supporting finding that the data set as a whole was sensitive. Context matters in privacy and data security. And organizations, guard carefully the data you use to identify your customers.

Federal Court says firearm serial numbers not personal information

On October 9th, Justice McHaffie of the Federal Court held that firearm serial numbers, on their own, are not personal information. His ratio is nicely stated in paragraphs 1 and 2, as follows:

Information that relates to an object rather than a person, such as the firearm serial numbers at issue in this case, is not by itself generally considered personal information”since it is not information about an identifiable individual. However, such information may still be personal information exempt from disclosure under the Access to Information Act, RSC 1985, c A-1 [ATIA] if there is a serious possibility that the information could be used to identify an individual, either on its own or when combined with other available information.

The assessment of whether information could be used to identify an individual is necessarily fact-driven and context-specific. The other available information relevant to the inquiry will depend on the nature of the information being considered for release. It will include information that is generally publicly available. Depending on the circumstances, it may also include information available to only a segment of the public. However, it will not typically include information that is only in the hands of government, given the purposes of both the ATIA and the personal information exemption.

This is not a bright line test, though Justice McHaffie did say that the threshold should be more privacy protective than if the “otherwise available information” requirement was limited to publicly available information or even information available to “an informed and knowledgeable member of the public.”

Canada (Information Commissioner) v Canada (Public Safety and Emergency Preparedness), 2019 FC 1279 (CanLII).

SCC issues civil production decision stressing discretion and proportionality

Today, a majority of the Supreme Court of Canada affirmed an order that directed the Competition Bureau and the federal Department of Public Prosecutions to produce, for civil discovery purposes, recordings of more than 220,000 private communications that they had obtained pursuant to Criminal Code wiretap authorizations.

Justices LeBel and Wagner wrote a majority judgement with which Chief Justice McLachlin (for the most part) concurred. The majority held that the production order was neither prohibited by the Criminal Code nor the Competition Act and was a proper exercise of discretion.

The discretion to order non-party production, according to the majority, is “great” (para 28), though should be exercised with a view to fulsome disclosure: “relevance is generally interpreted broadly at the exploratory stage of the proceedings” (para 30). Relevant records may be withheld to achieve proportionality and efficiency, but they may not be “unduly” withheld (para 60). In making a non-party production order a judge must consider the “financial and administrative burden” of the order and the impact on non-party privacy (paras 83 and 85).

The majority’s emphasis on balance and proportionality is heavy. It weaves proportionality into the concept of relevance as the concept applies in respect of civil production:

[30] To be relevant, the requested document must relate to the issues between the parties, be useful and be likely to contribute to resolving the issues (Glegg, at para. 23; Arkwright, at p. 2741; Chubb, at p. 762; Westfalia Surge Canada Co.; Autorité des marchés financiers; Fédération des infirmières et infirmiers du Québec).

[31] This relevance requirement ensures that the parties do not conduct “fishing expeditions”. It also ensures that the conduct of the proceedings is not delayed, complicated or even jeopardized by the introduction of evidence that does not assist in establishing the rights being claimed (see Royer and Lavallée, at p. 487; Marseille, at pp. 1 and 21). In this sense, the relevance rule is a procedural balancing rule that ensures the efficiency of the judicial process while facilitating the search for truth.

The majority refers to the 2005 decision in Glegg v Smith & Nephew Inc in which the Supreme Court of Canada espoused similar principles in respect of the production obligations of a party to an action. All the authorities the majority relies on are Quebec authorities, but the majority does not expressly rely on any provision of the Civil Code of Quebec and the principles it applies are broadly applicable.

Justice Abella, in dissent, argued that private communications intercepted by law enforcement are of utmost sensitivity and should be “protected by an almost impermeable legal coating like a privileged communication.” To achieve this purpose, she would have interpreted the Criminal Code to prohibit the production of intercepted private communications in a civil proceeding.

Imperial Oil v Jacques, 2014 SCC 66.

Employer’s Privacy and Confidentiality Policies Upheld by Court

A recent decision of the Supreme Court of British Columbia underscores that courts will view any breach of an employee’s right to privacy and confidentiality in the workplace as a serious infraction.

In Steel v. Coast Capital Savings Credit Union, the plaintiff was employed on the Helpdesk where she had access to confidential information, including personal folders of other employees. The employer had policies in place regarding access to private and confidential information, including a protocol to be followed by Helpdesk employees when they needed to access the personal folders in order to provide technical assistance. The plaintiff was aware of these policies.

When the employer learned the plaintiff, a 20 year service employee, had accessed confidential information contained in a personal folder without following the protocol in place, it terminated her employment on the basis that her actions constituted a severe breach of trust. The Court upheld that termination, finding that as a member of the Helpdesk, the plaintiff was in a position of “great trust” and she worked for an employer (a credit union) that operated in an industry where trust was of “central importance”. It stated:

[27]      It was not practicable for Coast to monitor which documents Ms. Steel accessed and for what purpose. The employer had to trust Ms. Steel to obey its policies and to follow the protocols. It had to trust Ms. Steel to only access such documents as part of the performance of her duties and to follow the protocols when she did so. Such trust was fundamental to the employment relationship in relation to Ms. Steel’s position. It was, to use the language of Iacobucci J. in McKinley, “the faith inherent to the work relationship” that was essential to this employment relationship.

The willingness of the Court to uphold the cause termination of a 20 year employee for a violation of the employer’s policies sends a strong signal that courts will not hesitate to enforce and apply clearly drafted employer privacy and confidentiality policies, in order to protect confidential information.

Steel v. Coast Capital Savings Credit Union, 2013 BCSC 527 (CanLII)

The Far Reach of the CRA

When employers provide employee benefits, they are required to include the value of the taxable benefits in the income of employees.  If an employer does not properly report the taxable benefit, the Canada Revenue Agency (“CRA”) has considerable power to require employers to disclose the names and related information of the taxpayers who enjoyed the taxable benefit.  As discussed in Minister of National Revenue v. Lordco Parts Ltd., this also applies if a business provides taxable benefits to its customers.

Following an audit of Lordco, the CRA noted that Lordco established an incentive program, which included a bi-annual cruise for its customers who had earned rebates based on the volume of their purchases of Lordco products.  The customers could purchase tickets for the cruise using the rebates.  Corporate customers nominated individuals to attend the cruise as representatives.  Only 30% of the cruise related to business activities.

According to the CRA, Lordco was required to report the benefits enjoyed by the individual attendees.  When Lordco failed to complete such reporting, the CRA issued a “named requirement” requiring Lordco to provide a list of the individuals who attend the cruise.  Lordco refused to provide any names, addresses or registration forms, on the basis that the information related to unnamed third party individuals.  The CRA applied, without notice , for an order of the Federal Court requiring Lordco to produce “information and documents relating to certain persons whose identities are unknown to the Minister”, being the individual representatives of customers of Lordco.

The Federal Court granted the order, recognizing that obtaining information relevant to the tax liability of some specific person(s) whose tax liability is under review is a purpose related to the administration or enforcement of the Income Tax Act (“ITA”) and does not violate any rights of taxpayers under section 8 of the Charter of Rights and Freedoms (the Supreme Court of Canada has previously stated that taxpayers do not have a high expectation of privacy in relation to documents concerning tax matters).

The CRA is permitted to request third party information related to unknown persons with the authorization of a judge.  Two conditions must be met for an order to be made: (i) the individual or group is ascertainable; and (ii) the production is necessary to verify compliance with the ITA.  Finding both conditions met in this case, the Federal Court ordered that the CRA was authorized to impose a requirement to produce the information regarding the customers who went on the cruise, failing which Lordco could be subject to fines under the ITA up to $25,000 or both fine and imprisonment up to 12 months.

This is a reminder of how far the CRA’s reach can be extended when it comes to obtaining information for the purpose of identifying tax payers and ensuring compliance with the ITA.  Employers and businesses are not able to refuse production on the sole basis that the information pertains to unidentified third parties (e.g., representatives of corporate customers) when the CRA is attempting to verify compliance with the ITA.

Two presentations on privacy, campus and workplace violence and student affairs

Our firm has the pleasure of doing extensive work in the Ontario post secondary education sector. As part of this business, we ran a conference entitled Students and the Law – Proactive Strategies for Changing Times for a group of university administrators in early November and a similar session again today for college administrators.

I spoke on students at risk and managing on-campus violence together with my colleague Catherine Peters. Catherine covered the impact of Ontario’s pending workplace health and safety legislation (Bill 168) on campus safety programs as well as the (tricky!) interplay between disciplinary and non-disciplinary management. I also dealt with Bill 168 in discussing mandatory and discretionary disclosures of personal information for the purpose of managing risk. The slides are below, and for a copy of my speaking notes click here.

I then did a short “hot issues” in student information and privacy presentation, with a brief note on the tort of invasion of privacy, a fun segment about students who take other students’ pictures and a note about processing the “I want all my e-mails” access to personal information request. The slides are below, and for my speaking notes click here.

Here are some recent and relevant resources that we noted in our discussion:

I’d like to thank Gene Deisinger, who has recently begun duties as Deputy Chief of Police & Director of Threat Management Services at Virginia Tech, for identifying some of these resources. Gene and colleague Marisa Randazzo do an excellent podcast on threat assessment that’s linked from the fourth bullet above.

I hope this material is of use!