All About Information

Case Report – Fed Court comments on jurisdiction to receive ATIA applications

November 7, 2009 · Leave a Comment

On October 13th, the Federal Court had an opportunity to comment on its jurisdiction to receive applications for review under section 41 of the Access to Information Act. It held that the Court’s jurisdiction is based on a “genuine and continuing claim of refusal of access.” This supported a finding that it had no jurisdiction to (a) hear an application about a series of requests that were deemed to be refused but, through a series of events, answered by the time the application was filed and (b) reprimand the responding institution for delay.

Statham v. Canadian Broadcasting Corp., 2009 FC 1028.

→ Leave a CommentCategories: FOI and open government

Case Report – Court denies ex parte motion to preserve Facebook

November 4, 2009 · Leave a Comment

On October 29th, Price J. of the Ontario Superior Court of justice denied a motion for an ex parte order for preservation of a plaintiff’s Facebook.

The motion was brought by a defendant to a personal injury claim. It brought its motion ex parte on the basis that the plaintiff would be likely to destroy evidence if notified. It therefore had to meet the three-part test from R.J.R.-MacDonald in order to receive interim relief pending a return to court to deal with the matter of production. The Defendant brought its motion on the strength of several photos it had obtained from non-password protected Facebook pages. These showed the plaintiff  after the date of the accident doing things that were arguably consistent with her claim for damages in respect of a significantly curtailed lifestyle – i.e. the pictures showed her sitting and reclining on a floor. Neither these photographs nor any other records from the plaintiff’s Facebook were disclosed in her Affidavit of Documents.

The Court held that the defendant had not adduced any evidence that allowed it to conclude that the plaintiff’s Facebook was likely to contain relevant information and that it would not infer from the nature of the Facebook service that the plaintiff’s Facebook was likely to contain such information. On the inference, Price J.’s decision ought to be viewed to be in conflict with the Court’s prior decisions in Leduc v. Roman and Wice v. Dominion General Insurance Company of Canada. Price J. says:

I do not regard the mere nature of Facebook as a social networking platform or the fact that the Plaintiff possesses a Facebook account as evidence that it contains information relevant to her claim or that she has omitted relevant documents from her Affidavit of Documents. The photographs that the Defendant has obtained from the Plaintff’s account in the present case do not appear, on their face, to be relevant.

Price J. did grant leave to cross-examine the plaintiff on her Affidavit of Documents. He forgave the defendant for not doing so at the plaintiff’s examination for discovery “because Facebook is a relatively recent phenomenon” but specified that the defendant would pay the costs of the examination should it prove fruitless.

Finally, in addressing the balance of convenience, Price J. made the following statement about the balance of convenience:

The Plaintiff has set her Facebook privacy settings to private and has restricted its content to 67 “friends.” She has not created her profile for the purpose of sharing it with the general public. Unless the Defendant establishes a legal entitlement to such information, the Plaintiff’s privacy interest in the information in her profile should be respected.

The concept (reflected in this paragraph) that an expectation of privacy can be maintained despite a limited disclosure of information is supported by privacy advocates, but is not often accepted by courts.

Schuster v. Royal & Sun Alliance Insurance Company of Canada, 2009 CanLII 58971 (S.C.J.).

→ Leave a CommentCategories: Law of production · Privacy and litigation
Tagged:

Information Roundup – 1 November 2009

November 2, 2009 · Leave a Comment

Here are some links you may find interesting!

You may have noticed that I’ve slowed down posting. This is not because I’ve tired of the blog, but because of my new commitment to Slaw.ca and my new expanded family. Both new commitments are very rewarding, especially new life with Hugs and Pens (below). Please keep coming back.

See ya!

Dan

IMG_0897

IMG_0882

→ Leave a CommentCategories: Information Roundup

Cloud Computing – 2009 Ontario Access and Privacy Worksop

October 26, 2009 · Leave a Comment

I presented to a great audience of access and privacy professionals today at the 2009 Ontario Access and Privacy Workshop. My slides are below.

To give this presentation I had to answer for myself whether outsourcing to the cloud is the same as any other data processing outsourcing. I settled on, “not quite” and argued outsourcing to the cloud is different because (1) it will usually be a cross-border outsourcing, which comes with a special set of considerations (especially for government) and (2) the cloud service provider’s business model may not be flexible enough to allow for it to meet an organization’s need to satisfy specific data security requirements.

I’m not a cloud basher. I’ve argued here that one of the legal concerns about outsourcing to the cloud is poorly founded and also have have concerns that the cross-border data transfer issue is a bugaboo. However, outsourcing to the cloud does seem to be a bit of a different game then entering a one-to-one business relationship with a “normal” data processor. Just some thoughts, which I’d invite comment on below.

Dan

→ Leave a CommentCategories: privacy and technology

Two significant Ontario FOI cases from 2009

October 26, 2009 · Leave a Comment

I’ve been preparing a case digest for an upcoming universities conference we’re hosting and summarized these two Ontario FOI cases, both of significance.

April 9th – IPC finds personal e-mails under City’s custody or control

In this order, the IPC held that the City of Ottawa was in custody or control of e-mails its solicitor sent and received in his personal capacity, as a board member of a local Children’s Aid Society. Though acknowledging that the e-mails had nothing to do with City business, it held:

  • The City was in physical possessions of the records, which were stored on its e-mail server.
  • The City had the authority to regulate the use of the e-mail system upon the records were kept even though personal e-mails were excluded from the definition of “business record” under the City’s retention by-law.
  • The City reserved a right to monitor its system for unauthorized use.

The factual basis for this decision is not unique, so it has broad significance for FIPPA and MFIPPA institutions.

The City has filed an application for judicial review.

Order MO-2408, 2009 CanLII 16569 (ON I.P.C.).

August 21st – IPC orders municipality to sue third-party record holder

The IPC issued a compliance order that required a municipality to take “all steps necessary,” including legal action, to obtain records that it decided earlier were under the municipality’s custody or control.

The request was for a model and input data that was in the custody of a third-party consultant who was retained by the municipality to evaluate a proposed landfill site. There was no formal retainer, and after an analyzing the IPC’s traditional “custody or control” factors, in May 2009 the IPC ordered the municipality to “issue a written direction to Jagger Hims to provide the County with the records responsive to the appellant’s request.” The municipality did exactly what the IPC ordered, but the third-party did not cooperate and deliver up the records at issue.

The IPC re-initiated its proceeding. Its compliance order was based in part on a finding that the municipality had a “potent legal basis” for causing the third-party to turn over the records.

Order MO-2449, 2009 CanLII 47235 (ON I.P.C.).

→ Leave a CommentCategories: FOI and open government
Tagged:

Cloud Computing Presentation at ONAP 2009

October 16, 2009 · Leave a Comment

I’m honoured to have been invited to present at this year’s Ontario Access and Privacy Workshop on October 26th and 27th in Toronto. The agenda looks great, and if you’re in the Ontario provincial or municipal public sector or in the Ontario broader public sector I’d encourage you to check out the conference site and consider attending. I’ll be speaking on privacy and cloud computing, here’s the abstract:

Cloud computing holds many opportunities as a model for business computing, yet it is also associated with a number of legal issues that have caught the public eye and invite close scrutiny. Join Dan Michaluk from Hicks Morley in taking a focussed look at these issues. Dan will lead a discussion with a view to helping government administrators develop a strong ability to manage legal issues in assessing, planning for and implementing cloud computing projects. Issues such as:

  • Good, bad and ugly cloud computing models
  • Applicable regulation and its impact on cross-border transfers
  • Laying the groundwork for outsourcing – the importance of due diligence
  • The negotiation and the contract
  • The Lakehead University and City of Los Angeles outsourcing projects as case studies

I’ve been out here on a Nova Scotian holiday for the last couple weeks reading up on the issue. I posted this piece over at Slaw as a kind of warm-up, but still have some thinking to do, so if you have thoughts or resources please do send them my way. See you there!

Dan

→ Leave a CommentCategories: privacy and technology
Tagged:

Case Report – Court finds warantless search for ISP subscriber info unreasonable, admits evidence

October 11, 2009 · Leave a Comment

On October 2nd, Pringle J. of the Ontario Court of Justice held that the police violated section 8 of the Charter by obtaining the identity of an individual suspected of possessing and sharing child pornography by making simple letter request to an ISP. She also admitted the evidence despite the Charter breach, and in doing so made some significant comments about the impact of terms of service on internet user privacy.

There have been a number of recent Canadian cases about whether the police can investigate internet crime by asking an ISP to reveal the identity of the individual linked to an IP address that is associated with unlawful and anonymous activity. The cases turn on whether this investigatory tactic violates a reasonable expectation of privacy. Two factors have featured strongly in the analysis (1) the nature of the information obtained by the police and (2) the contractual terms between the individual and ISP.

Unlike some other judges who have decided the issue, Justice Pringle held that the nature of the information obtained by a police request to an ISP does go to an individual’s biographical core. She explained that this tactic allows the police obtain the identity of an otherwise anonymous internet user and not simply an ISP subscriber’s name and address:

Once the police accessed Mr. Cuttell’s name and address, they were able to link his identity to a wealth of intensely personal information. Linking his name to the shared folder under his IP address, police learned a great deal about Douglas Cuttell and his lifestyle: namely in this case, his interest in adult pornography, obscenity and child pornography, which were all revealed by his choice of shared files.

Pringle J.’s treatment of the contract is even more significant. Like other judges before her, she held the that a contract between the ISP subscriber and ISP can negate an otherwise reasonable expectation of privacy. In the case before Pringle J., however, the Crown did not prove the specific contract entered into between the defendant and his ISP and therefore failed to negate what Pringle J. called a “premise of confidentiality” regarding one’s ability to engage in anonymous internet use. Her judgement suggests that reliance on ISPs alone does not negate an otherwise reasonable expectation of privacy in anonymous internet use, but the specific terms of service an individual agrees to may change this.

Ultimately, ISP terms of service did have a significant influence on the outcome in this case even though the Crown failed to prove the defendant’s specific contract. Pringle J. decided to admit the impugned evidence despite the proven Charter breach, in part, because ISPs often put customers on notice that they will make disclosures to law enforcement. She said:

I also take into account that while the privacy of subscriber information is important and can provide a critical link to personal information, a subscriber name and address does not have a great deal of intrinsic privacy on its own. As the Crown pointed out, Mr. Cuttell’s name was publicly available on Canada411, and his shared folder was also publicly available to anyone wanting to share child pornography. Many Internet Service Providers appear to contract out of their obligation of confidentiality with subscribers in similar circumstances, and accordingly it would be difficult to argue that there is a high expectation of privacy in this information: see Grant at para. 77.

In conclusion, Pringle J. said that the practice of contracting for disclosure is “unfortunate,” but also suggested that the courts will  often be powerless to grant a Charter remedy in the face of such private action.

Thanks to David Fraser for breaking the news this case. For his related opinion piece on Slaw, click here.

R. v. Cuttell, 2009 ONCJ 471 (CanLII).

→ Leave a CommentCategories: Search and seizure · Uncategorized

Case Report – Arbitrator says exhausting less intrusive means is not required to engage in workplace surveillance

October 3, 2009 · Leave a Comment

On August 31st, Arbitrator Watters held that video surveillance evidence taken from a hidden camera installed in a long-term care facility resident’s room was admissible in a termination arbitration.

Many labour arbitrators will balance employer and employee interests in determining whether to admit surveillance evidence. This case is notable because the parties engaged in a dispute about whether the reasonableness test used to effect this balance includes a “no less intrusive means” component. Arbitrator Watters held that it does not – the test is a reasonable grounds/reasonable means test, though consideration of other options may support the grounds for surveillance.

The National Automobile, Aerospace, Transportation and General Workers Union of Canada (CAW-Canada), Local 127 and The Municipality of Chatham-Kent (Riverview Gardens) (Re), [2009] O.L.A.A. No. 424 (Watters).

→ Leave a CommentCategories: Employee privacy
Tagged:

Case Report – Court upholds arbitrator order that stops call centre from recording calls… with reservations

September 30, 2009 · 1 Comment

Today, the Supreme Court of Nova Scotia upheld a labour arbitrator’s order that required the Halifax Regional Municipality to cease and desist from recording calls to its call centre for quality monitoring, coaching and dispute resolution purposes.

In resolving the employer’s application for judicial review, Wright J. displayed a remarkably honest application of the “reasonableness” standard of review by disagreeing with the arbitrator’s weighing of management versus employee interests but nonetheless upholding his decision as reasonable.

Though it did not affect the outcome of the application, Wright J.’s more legally significant finding was on whether the employee voice recordings at issue were protected as “personal information” under the applicable privacy legislation. He stressed that the recordings captured non-sensitive employee work product and, in the context, this feature of the recordings was more significant than anything personal that the characteristics of an employee’s voice might reveal (such as age or race).

It cannot be over emphasized that the recording of calls made to the call centre agents on the Primary Line is of a non-personal nature. The call centre agents answer inquires from the public about various municipal matters. There is no component of personal information in that. It is not recorded information about an identifiable individual within the meaning of s.461(f). Rather, the content of the calls, as earlier noted, is about such routine inquires as transit service times, tax bills, by-laws, parking information and municipal services. In my view, the question of whether voice recording in the fact situation at hand constitutes “personal information” cannot be decided irrespective of the content of those calls. Here, the content of those calls is undoubtedly of a non-personal nature made in the course of the performance of the job duties of these employees.

Halifax (Regional Municipality) v. Nova Scotia Union of Public and Private Employees, Local 13, 2009 NSSC 283.

→ 1 CommentCategories: Employee privacy
Tagged: , ,

Case Report – Plaintiffs draw sharp rebuke in Saskatchewan Anton Piller case

September 30, 2009 · Leave a Comment

On September 19th, Dufour J. of the Saskatchewan Court of Queen’s Bench set aside an Anton Piller order because the plaintiffs had failed to prove a real possibility that the defendants would destroy the information subject to the order.

In making his finding, Dufour J. described the standard of proof for the “real possibility” branch of the Anton Piller test as follows (citations omitted):

As it would be rare that there would be direct evidence that a defendant is preparing to destroy relevant evidence, the fourth Celanese condition is usually addressed by the plaintiff adducing evidence of the defendant’s dishonest nature. Evidence that the defendants have engaged in questionable business practices in the past or that they are generally dishonest is not sufficient. The plaintiffs must prove that the defendants are the types of persons who would destroy evidence.

Important to this case is that the plaintiffs must satisfy the Court by adducing admissible evidence. Opinion, supposition or the plaintiffs’ “fear” that documents will be destroyed will not suffice.

Dufour J. also held that he would have set aside the order given the plaintiffs’ non-compliance with their duty of full and frank disclosure. He identified the following defects, among others:

  • Filing evidence of mere belief that the key defendant was dishonest
  • Exhibiting an agreement without drawing a material notation on the agreement to the judge’s attention
  • Referring to two different business entities by a single acronym in a manner that favoured their position
  • Citing the paragraphs in Celanese that explain that Anton Piller orders are becoming more commonplace without citing a paragraph in Celanese that explains that an Anton Piller is still an exceptional remedy
  • Citing Celanese for the proposition that Anton Piller orders are becoming more commonplace without citing post-Celanese cases that demonstrate that an Anton Piller is still considered to be an exceptional remedy

There is no shortage of cases that highlight the very onerous burden on a party that moves for an Anton Piller, but Dufour J.’s warning is notable for its vigor.

Agracity Ltd. v. Skinner, 2009 SKQB 361 (CanLII).

→ Leave a CommentCategories: Anton Piller orders · Law of production