All About Information

What happens when someone puts his or her electronic documents on another’s computer system, gets locked out and then wants the documents back?

This is a common problem today, and often arises in the context of departing employee disputes. It also engages one of the more interesting developing legal issues within this blog’s domain: do the traditional property torts - trespass, detinue and conversion - protect rights associated with intangible property?

While this could be the subject of a good paper, I’d simply like to point out a couple of developments South and North of the border.

In the United States, the New York Court of Appeals recently issued an opinion in Thyroff v. Nationwide Mutual Assurance Company in which it held that the tort of conversion should apply to intangible property - an insurance agent’s customer list in the circumstances in dispute.

There’s no judgement of equivalent strength in Canada yet, but the Prince Edward Island Supreme Court - Trial Division issued a decision in July called HZPC Americas Corp. that is consistent with the direction endorsed in Thyroff. (HZPC has not yet been published on CanLII.) In rejecting the defendant’s motion to strike a conversion claim, the Court challenged the traditional idea that an owner’s ability to control intangible property (including confidential business information) is not sufficient to justify application of the tort. It said:

The Defendants refer to infringement of intellectual property while the Plaintiff refers to conversion of commercial property interests. The Plaintiff’s claim is not based on infringement of a statutory right in intellectual property; but rather is classified by it as a proprietary right in commercial property. It is not necessary for the Plaintiff to plead or rely upon legislative provisions to pursue its claim based on a common law tort. The federal legislation can be viewed as providing additional benefits, and not exhausting a person’s civil remedies.

The Court quoted Professor David Vaver, who says that the traditional view is “pettifoggery” - a sure signal that there will be more on this issue to come.

Although there have been previous cases that have recognized the common law tort of invasion of privacy in Ontario and a few recent cases in which Ontario courts have made strong statements in refusing to strike claims based on the tort, the confines of the tort have not yet been clearly articulated. On September 21st, Deputy Judge Criger issued a small claims court judgement in which she articulated a form of test that balances an individual’s expectation of privacy in personal information against any countervailing interests in the information’s collection use and disclosure. Here is her six-part test:

1. Is the information acquired, collected, disclosed or published of a kind that a reasonable person would consider private?
2. Has the Plaintiff consented to acquisition or collection of the information?
3. If not, has the information been acquired or collected for a legal process or public interest reason? If so, what is that reason?
4. Has the Plaintiff consented to disclosure or publication of the information?
5. If not, has the information been disclosed or published for a legal process or public interest reason? If so, what is that reason?
6. Is the legal process or public interest reason put forward for acquisition, collection, disclosure or publication one that a reasonable person would consider outweighs the interest of the individual in keeping the information private?

The case is about a plaintiff who told his aunt that he was HIV positive in confidence and the aunt’s subsequent disclosure of this information to his mother. Deputy Judge Criger held that the plaintiff had established a breach but did not prove his damages.

Caltagirone v. Scozzari-Cloutier, [2007] O.J. No. 4003 (Ont. S.C.J.) (QL).

The Vancouver Province reports that the University of British Columbia has asked the British Columbia Supreme Court to review the Information and Privacy Commissioner for British Columbia’s September 24th order that was made in response to its reasonable grounds investigation into employee time theft (my report here).

The Province says material filed in court by the University says the order “denies the university the ability to investigate misconduct.” Indeed, one of the issues raised by the order is the level of scrutiny that is appropriate to apply to how an investigation is conducted when there are clear grounds for conducting it. Those with an interest in security will claim that once there are grounds for an investigation, an investigator needs sufficient flexibility to conduct a thorough investigation even if it involves “fishing.” Although it may be explained by the context - perhaps the IPC is only saying something about the stakes at play in a time theft investigation - the IPC’s order conflicts with this view. Thanks to Michael Geist for posting on this.

It’s at the obscure end of what I’ll cover on this blog, but the Alberta Court of Appeal’s October 18th decision in R. v. Patrick contains an intriguing debate about an individual’s expectation of informational privacy in garbage.

Conrad J., in dissent, held that the Calgary Police violated an accused individual’s section 8 Charter rights by seizing information…

• in garbage…
• in opaque garbage bags…
• inside garbage cans…
• that were placed in a receptacle…
• on the accused individual’s property.

Good use of bullet points? They’re a cute prelude to the point Conrad J. makes about the accused individual’s expectation of privacy:

In this case, the appellant put his garbage out for municipal collection. Municipalities have an interest in the orderly collection and disposal of garbage. Citizens are forbidden from burning garbage in their homes and citizens pay taxes for this municipal collection service. A homeowner, such as the appellant, places his garbage out for collection on the understanding that his garbage will be treated in the same manner as his neighbour’s garbage – it will be picked up by the garbage collectors and placed inside a garbage truck where it will be mixed with other garbage. At this point, the homeowner’s privacy in respect of much of the information regarding his lifestyle and personal choices will be completely preserved because it will have become anonymous. Any privacy in garbage that identifies the homeowner directly, such as a discarded bank statement, will also be preserved, although not so completely, by the fact it is now contained within a vast pile of collected detritus that makes it almost impossible to find.

The last sentence in the above quote is significant because it endorses the concept of inaccessibility or practical obscurity of information: information can still be private (or one’s interest in keeping something private can subsist) even if it is exposed to unauthorized or limited authorized access. This concept may become more relevant given the prevalence of electronically stored information. For starters, think of the lost backup tape that can’t easily be restored and how a valid claim that the information on the tape is inaccessible might weigh against either a civil or statutory duty to warn. Accessibility may also be relevant in some disputes about waiver of a confidentiality interest or legal privilege.

Ritter J.A.’s majority judgement leaves Conrad J.’s practical obscurity point intact. Instead, and apparently taking judicial notice that garbage often goes to sorting facilities, he states, “With respect, I disagree with this assessment as it does not equate with the myriad of ways in which garbage is handled in Canada.”

I’ve added a “related links” section to my sidebar. So far there’s just one link, but its a notable one. The LexUM Laboratory is the University of Montreal’s justice system technology project that runs the CanLII national database of freely-available case law. The e-Discovery Canada website is another LexUM project that is maintained in collaboration with some members of the Canadian legal community who have taken a lead on e-discovery issues. This includes Peg Duncan of the Department of Justice, who keeps a digest of Canadian case law and rules that she last updated on October 12th. It’s a great list and has cases and rule citations that I haven’t reported on. News and links to key guidelines like the Sedona Canada Principles (now in draft/public comment form) are all posted there. Please check it out, and thanks Peg!

On October 5th, the Ontario Superior Court of Justice held that a police service unlawfully disclosed information about and individual’s withdrawn criminal charges in the course of conducting background checks.

The applicant, a social services worker, was charged with four counts of sexual assault and four counts of sexual exploitation. At trial, the charges were withdrawn and the applicant entered a peace bond. The applicant was later denied a license for a group home, denied employment and terminated from employment, assumingly based on information provided in criminal background checks. In response, he brought an application seeking an order to have information about the withdrawn charges expunged from police records.

The Court held that the police were authorized to collect and retain information about withdrawn charges and rejected the applicant’s (potentially disruptive) argument that retention of the records violated various Charter provisions. It did, however, hold that the applicant had not given his informed consent to disclosure. There was a dispute about whether the applicant actually signed any consents, but the Court held that the police service’s standard consent form was nonetheless insufficient to support disclosure of information about the withdrawn charges:

In this application, none of the relevant pieces of legislation were attacked and people unfamiliar with the legislation might be forgiven for being surprised at the breadth of information police services are authorized to maintain. I conclude, however, that the maintaining of information that charges have been laid, albeit subsequently withdrawn, is not in any way prohibited by legislation. On the other hand, I see nothing in any legislation which authorizes the release of information reporting that the subject of the inquiry was charged with sexual offences, which were subsequently withdrawn. The release form, which may or may not have been signed by Mr. Tadros, is not sufficiently specific in its terms to encompass this particular eventuality, and Mr. Tadros could be excused for assuming that at the time the application was made for the information, he had no record of any sort and need not be concerned about any adverse effect which might result on his employment prospects. There is a basic unfairness in the dissemination of this type of information as evidenced by the apparent effect it did have on his employment chances.

The breadth of information provided in Ontario criminal background checks has been the subject of significant criticism. For information on the policy-related significance of this judgement see “Criminal Background Checks - Balancing Public Safety, Security and Privacy” by John Swaigen.

Tadros v. Peel Regional Police Service, 2007 CanLII 41902 (ON S.C.).

On September 24th the Office of the Information and Privacy Commissioner for British Columbia held that the University of British Columbia violated the British Columbia Freedom of Information and Protection of Privacy Act by conducting a “reasonable grounds investigation” of an employee’s personal computer use.

The employee, an engineering technician, had a history of productivity problems. Although the University adduced evidence that it was managing the
employee’s performance, the complainant countered with evidence that he used his computer for non-work-related purposes openly and that and that the University tolerated this. The University’s acceptable use policy also allowed for “incidental personal use” within some restrictions.

The University decided to investigate the employee’s computer use after receiving a complaint about the his untimely service. It started by collecting the log file that listed websites visited. This showed a significant number of non-work-related websites, so the University then used software (spyware) to collect data that allowed it to identify the period of time the grievor spent on non-work-related sites. The spyware also captured screen shots in two minute intervals and, as a result, captured the employee’s personal correspondence, his bank account number and other information about his personal finances.

The adjudicator held that the University was not authorized to collect the log file, the more detailed information collected by the spyware and the screenshots. Her decision is significant for three reasons.

First, the adjudicator applied the contextual necessity test recently articulated by Commissioner Loukedelis in Order F07-10 (my report here). In this test, necessity is assessed in the entire context and in light of the privacy-protective purpose of the Act. In discussing this test, the adjudicator held that an employer must not necessarily exhaust all less intrusive means of meeting a legitimate objective to meet the necessity test, but that this is one factor to consider in the analysis.

Second, the adjudicator’s reason for finding that the collection of screen shots was violative rules out the collection of screen shots as an investigatory tool unless the content of the websites is the basis for the investigation - e.g. for pornography investigations. She said:

Information which reveals the complainant’s specific activities on non-work related websites is not, in this case, directly related to UBC’s human resources activities. As UBC notes, this is not a case involving an allegation that an employee accessed inappropriate material on the internet. The specifics of the complainant’s banking transactions, or his personal correspondence, are not relevant to any program or activity of UBC’s. The GESS Report, therefore, has some information that is relevant to managing the complainant’s employment, and some information which is not.

Third, in finding it was not necessary for the University to collect the log data and information about the amount of time the employee spent on non-work-related sites, the adjudicator relied heavily on the University’s permissive approach to personal use. In light of this approach, she held that the next necessary and reasonable step would have been to put the employee on notice of his misconduct rather than conduct surreptitious surveillance.

It is difficult to understand how the surreptitious collection of information about an employee’s internet use can be necessary in the absence of any attempt to question the employee about his activity, especially when the supervisor was aware of that activity and the complainant knew the supervisor was aware of it.

While it would be easy to frame this case as a message to employers about the harms of condoning personal use, there may be more to it than first meets the eye. This is because the foundations of workplace computer use are arguably changing. Not only are the internet applications used in day-to-day living more pervasive, the rise of “Web 2.0″ is starting to blur the line between personal use and business use. One may also argue that employees in some sectors (especially professionals) are spending more and more of their waking day working. So can the reasonable employer afford to do anything but condone personal use? And what does this do to the idea, accepted widely in the existing case law, that an employee should have no expectation of privacy on a work computer system? This case may signal a next wave in workplace monitoring litigation in which some of these questions will be raised and answered.

University of British Columbia (Re), 2007 CanLII 42407 (BC I.P.C.).

The Alberta Court of Appeal heard the Kellogg Brown & Root drug testing appeal on October 11th and has reserved judgement. The case will give Alberta’s highest court an important opportunity to consider the circumstances in which casual drug users are protected under human rights legislation based on the perceived disability doctrine. This has been an issue that has caused some uncertainty since the Ontario Court of Appeal’s landmark Entrop v. Imperial Oil judgement in 2000.

Kellogg Brown & Root is about an employee who was terminated 10 days into employment after a pre-employment drug test came back positive for cannabis. He was never impaired at work and testified that that he was only a casual marijuana user. In 2005, an Alberta Human Rights Panel dismissed the employee’s complaint because it was not based on any real or perceived disability and, alternatively, because the testing policy was not reasonably necessary.

In June 2006 the Alberta Court of Queen’s Bench reviewed all of the case law on perceived disability and acknowledged that there is a “difference of opinion” over the right of casual drug users to protection from discrimination. In the end, it chose to adopt the approach taken in Entrop, which allows for a finding of prima facie discrimination based on the circumstances in which the relevant distinction is made. As in Entrop, the Court held that the complainant was treated as if he was drug dependent and likely to report to work impaired. Recall that the policy in Entrop explicitly stated, “In the cycle of substance abuse, users frequently experimenting with drugs progress to the dependent user state later on.” The Court held that this approach to casual users could be implied in any zero tolerance policy and (criticizing a significant Canadian Human Rights Tribunal decision called Milazzo) held that an employer cannot defend against a discrimination claim by proving a subjective belief that the complainant was a casual user.

The Court then held that pre-employment testing was not reasonably necessary to satisfying the objective of “prohibiting workplace impairment.” Its reasoning is summarized in the following sentence: “While there is a rational connection between impairment and job performance, the link between a positive pre-employment urine test and workplace impairment is tenuous and uses predictions based on statistical risk to bar particular people.” More significantly, the Court suggested a number of ways by which the employer could have built a standard which was more accommodative and better connected to the goal of prohibiting (by predicting) workplace impairment.

Incidentally, and implicitly recognizing that the prima facie discrimination analysis in drug testing cases is tortuous, the Court commented that its okay that human rights legislation may be doing “the work of privacy rights.” Since Alberta employers are subject to employment privacy legislation (the Alberta Personal Information Protection Act) and since Oil Sands employers are clearly applying strict drug testing policies, we might expect a statement on drug testing from the Alberta Information and Privacy Commissioner in the near future. In fact, a PIPA complaint was filed against Kellogg Brown & Root that was recently dismissed on jurisdictional grounds. Until the Privacy Commissioner gets his chance to speak, the Kellogg Brown & Root Alberta Court of Appeal case is the one to watch.

In this October 5th Ontario Superior Court of Justice decision, Patillo J. held that a party’s duty to mitigate loss weighed against its duty to preserve relevant evidence.

The case is about damage to high-priced Persian carpets caused while they were under the defendant’s carriage. The defendant made two claims of spoliation, both of which were rejected.

First, the defendant asked that an adverse inference be drawn because the plaintiff could not produce records of similar carpet purchases. Patillo J. disagreed with the defendant’s assertion that the missing records would have been evidence of the value of the carpets that were damaged and rejected its request.

The defendant also claimed that evidence of damage to the carpets was unavailable because the plaintiff sold the carpets shortly after it delivered them into the plaintiff’s possession. Patillo J. held that the dispute was live when the carpets were still in the defendant’s possession. Moreover, he held that the plaintiff was blameless for selling the carpets because it had a duty to mitigate and put the defendant on notice of its mitigation plans:

In my view the presumption does not arise in this case in respect of the carpets. KLM submits that the issue of discoloration and whether the damage to the carpets was irreparable only arose in December 2000. In my view it was clear that the issue of damage to the carpets was one that had been in existence from the time that the carpets were returned by the US Customs Authority in April 2000. Following their return, KLM had the carpets in its possession for many months before World of Art reclaimed them. It retained Mr. Mekhael, its carpet expert, in April 2000 for the express purpose of determining the extent of the damage to the carpets. He looked at the carpets on at least two occasions before December 2000. He had ample time to inspect the carpets and document their condition.

Mr. Ziai testified that he thought Mr. Mekhael wanted to put chemicals on the carpet to test it and that is why he refused permission for testing on December 1, 2000. On December 2 and 3, 2000, after Mr. Mekhael had been refused permission to test a carpet, the carpets were put on public auction by World of Art. KLM’s lawyers were present at the auction. There was nothing to prevent KLM from buying a carpet if it felt it was necessary. The offer to purchase it made on December 8, 2000, was not firm in that it contained no specific price. In any event, if testing of the carpets was so important to KLM, it still had time to move in the Action for an order to preserve property and/or to test. World of Art and Mr. Ziai were proceeding to mitigate World of Art’s damages by selling the carpets. KLM knew that but took no steps to secure a carpet for testing beyond its general offer to purchase. In the circumstances, I am hard pressed to understand how the presumption in respect of spoliation arises.

Ziai v. Maatschappij (KLM Royal Dutch Airlines), 2007 CanLII 41896 (ON S.C.).

I reported on the substance Supreme Court of Canada’s Vancouver Sun decision from last Thursday here, but also have to say how much I liked Bastarache J.’s opening line:

Information is at the heart of any legal system. Police investigate crimes and act on the information they acquire; lawyers and witnesses present information to courts; juries and judges make decisions based on that information; and those decisions, reported by the popular and legal press, make up the basis of the law in future cases.

Right on! Now all this blog needs is a theme song.