All About Information

On June 30th of this month, the bulk of the Bill 107 amendments to the Ontario Human Rights Code will come into effect and the Ontario system for resolving human rights matters will start allowing for “direct access” to the Ontario Human Rights Tribunal. This week, the Tribunal issued Rules of Procedure for “new applications” - those applications filed after June 30th and applications involving complaints that are currently outstanding at the Commission and that are re-filed as applications after years’ end.

The plain language guide published with the Rules states, “The Tribunal’s goal is to have the hearing completed within one year of receiving a completed application form.” In light of this aggressive goal, I thought it worth a quick summary of the disclosure and production framework contemplated by the rules, which starts up-front during the pleadings stage.

Here’s an overview of what is contemplated:

• The Application form and the Response form ask the parties to identify (with reasons) “important” documents they, other parties and any third parties posses. The use of the word “important” is significant, and signals an appreciation for proportionality.
• The Application form and the Response form ask for witnesses names and a short description of why each listed witness is “important.” The identities of potential witnesses are collected by the Tribunal up-front, but are not disclosed between the parties until shortly before a hearing. This indicates that the parties’ witness lists will initially be used for case management purposes.
• The Tribunal also has a unique power of inquiry. At the request of a party it may order an inquiry where an inquiry is “required” in order to obtain evidence, the evidence “may assist in achieving a fair, just and expeditious resolution of the merits of the application” and ordering an inquiry is “appropriate.” When the Tribunal orders an inquiry it will authorize a person to conduct the inquiry and prepare of written report in accordance with terms of reference. The person conducting the inquiry will have a broad power to gather evidence in making a report, including the power to enter premises without a warrant, to request the production of documents and things, to question witnesses, to demand production of electronically stored information and to take photographs and video recordings. The Tribunal will not ordinarily treat the report as evidence unless the parties consent or unless the author of the report testifies. The Rules establish a preference for inquires to take place early in the process: “[A request for an inquiry] must be made promptly after the party becomes aware of the need for an inquiry.”
• After the Tribunal confirms the hearing, the parties will have 21 days to deliver and file a list of all “arguably relevant” documents in their possession, including documents over which privilege is claimed. Parties must produce copies of non-privileged documents together with their lists. The Rules do not make any mention of electronic production.
• The next significant date is 45 days before the first scheduled date of hearing. At this point the parties must exchange and file the following: (1) a list of documents on which they indend to rely; (2) a witness list along with will-say statements; and (3) any expert witness reports or, alternatively, a “full” summary of an expert witness’s evidence. Parties will ordinarily be precluded from relying on documents and witnesses not disclosed in accordance with this requirement.

There is no process for oral discovery (which would be atypical in an administrative procedure) but the Tribunal is offering voluntary mediation, an additional means for the parties and the Tribunal to glean the other sides’ potential evidence and assess the case. In fact, the Tribunal’s plain language guide states that it will use mediation to assess and manage matters that do not settle.

Last Thursday and Friday I attended and spoke at the Canadian Association of University Business Officers workshop on Emergency Preparedness. Perhaps it was the inspirational kickoff by M. Richard Fillion of Dawson College, but it felt like a very special event and it was a pleasure to collaborate with a group of experienced administrators who are obviously committed to tackling a tough challenge.

I spoke on the legal perspective on managing on-campus violence, with a focus on the need for information sharing. Dr. Philip Klassen of the Centre for Addiction and Mental Health’s Law and Mental Health Program and Dr. Phil Wood, Dean of Students McMaster University, gave great presentations on the same subject from their own perspectives. Dr. Wood has also blogged about the event here.

Here is the full text of my speech, entitled “A Legal Perspective On Managing the Threat of On-Campus Violence.” I’ve linked to the various references that came up in the speech and the following Q&A below. I hope these are of use to the attendees and others.

• The Virginia Tech Review Panel Report. I particularly recommend Chapter 4.
• United States Secret Service and United States Department of Education, Implications for the Prevention of School Attacks in the United States. This stresses the efficacy and importance of threat assessment systems.
• Robert Bickel and Peter Lake, The Rights and Responsibilities of the Modern University. An important book on universities’ duty of care.
• IPC/Ontario, Privacy and Video Surveillance in Mass Transit Systems: A Special Investigation Report. This has a significant statement on special constables and the meaning of “law enforcement” in FIPPA.
• United States Department of Education, Family Educational Rights and Privacy Act (Proposed Amendments).
• Re Hamilton Health Sciences and Ontario Nurses Association, 91 C.L.A.S. 228 (Surdykowski). This recent case is about the collection of medical information through standardized forms for the purposes of short-term disability benefit administration. The collection of medical information for individual risk assessment and accommodation purposes is a different matter, but there are ideas in here that are significant and restrictive. I raised it in questioning whether employers should consider bargaining for some clarity on their right to collect. My earlier blog post on this case is here and I have blogged on medical information management here.
• Young v. Bella, 2006 SCC 3. This case illustrates the potential liability that can be mitigated by formal threat assessment systems.

There was a really good comment after the speech from Mike from Queen’s University, who thought the my use of the term “care team” was inappropriate given the role the university is really playing and the sensitivity about taking on an overt caregiver role. I completely agree, and from now on will work the term “assessment team” or “CUBIT” - for Comprehensive Behavioral and Threat Assessment Team - into my language. Thanks!

Yesterday the Alberta Court of Appeal issued its much-anticipated Chiasson v. Kellogg Brown & Root award, and in doing so, found that a casual drug user who was terminated after failing a pre-employment drug test was not subjected to discriminatory treatment under Alberta human rights legislation.

The key issue addressed by the Court of Appeal is whether zero tolerance drug testing policies are de facto discriminatory because they rest on a presumed assumption that casual drug users are at greater risk being impaired at work, in turn, because they are likely to fall into a “cycle of abuse.” This issue - let’s call it the perceived disability theory of casual drug user protection issue - was raised but not clearly determined in the Ontario Court of Appeal’s leading Entrop decision. It is critical in Canadian drug testing law because it determines the scope of legal protection against “unnecessary” drug tests. Ironically, Alberta is one of three provinces that have passed broadly-applicable regimes for protecting employee privacy rights. In fact, a drug testing complaint in which Kellogg Brown & Root is a respondent is now proceeding before of Alberta’s Information and Privacy Commissioner. In other jurisdictions, including Ontario, casual users who are given offers of hire conditional on testing clean have no clear avenue of redress should they feel their privacy rights have been violated.

The Court of Appeal held that the Alberta Court of Queen’s Bench had erred in finding that the complainant was treated as if he was drug dependent and likely to report to work impaired. It rejected the idea that a zero tolerance policy necessarily targets those who are at risk of becoming addicted and held that all the Kellogg Brown & Root policy does is protect against the lingering deleterious effects of cannabis use (a point apparently proven in evidence). The Court of Appeal said:

Chiasson testified that what he did on his own time was his business. He did not at any time suggest that he would cease his recreational use of drugs while employed by KBR. As we have already stated the evidence established that effects of cannabis use lingers for days particularly given that the concentration of active ingredients is now many times higher than it was in the past. Given these concerns the policy’s effects are not misdirected in their application to Chiasson.

We see this case as no different than that of a trucking or taxi company which has a policy requiring its employees to refrain from the use of alcohol for some time before the employee drives one of the employer’s vehicles. Such a policy does not mean that the company perceives all its drivers to be alcoholics. Rather, assuming it is aimed at safety, the policy perceives that any level of alcohol in a driver’s blood reduces his or her ability to operate the employer’s vehicles safely. This is a legitimate presumption. Its goal is laudable since carnage on the highways is a leading, but often ignored, cause of death nearing epidemic proportions. Extending human rights protections to situations resulting in placing the lives of others at risk flies in the face of logic.

On this view, whether a drug and alcohol policy discriminates against casual users is a question of fact. This is consistent with the employer-favoured reading of Entrop, in which an Imperial Oil policy was that was found to discriminate against all drug users included langauge stating a belief in the “cycle of abuse” to which all drug users subject themselves. The Alberta Court of Appeal suggested that the perceived disability finding in Entrop was simply based on this language.

Chiasson v. Kellogg Brown & Root, 2007 ABCA 426.

On October 2nd, the U.S. District Court for the District of Columbia ordered a plaintiff in a harassment suit to preserve six pornographic images portraying homosexual acts and allow one of the defendant’s lawyers to inspect the images.

Magistrate Judge Facciola accepted that the images were relevant to the defendant’s claim that the alleged harassment was “unwelcome.” (The test for harassment under Canadian law also includes a subjective component.) In the his view, however, relevance alone did not justify production because of the plaintiff’s competing privacy interest and because the images would not clearly be admissible at trial. In response to the defendant’s argument that a party to litigation is entitled to the production of evidence that is “reasonably calculated to lead to the discovery of admissible evidence,” Magistrate Judge Facciola held that the defendant’s purpose for seeking the images (which was to admit them as evidence of the plaintiff’s own standard of behaviour) meant that the issue of discoverability and the issue of admissibility were inseparable.

Smith v. Cafe Asia (2 October 2007, Dist. Ct. D.C.).

I’ve taken a deeper look at Chapter 4 of the report of the Virginia Tech Review Panel and created this graphic, which compartmentalizes the various pieces of information about Cho Seung Hui that were known by groups inside and outside the university. As outlined in text in the state report, the graphic illustrates that the Virginia Tech Police Department, Virginia Tech Residence Life and the various teachers who worked most closely with Cho had potentially relevant information about Cho that was not shared with Virginia Tech’s multidisciplinary Care Team (which had formal responsibility for threat assessment). It also illustrates that Cho’s high school had information that might have been of assistance to Virginia Tech, but was not shared when he registered or in the course of his studies.

Barring any significant developments, this is probably the last I’ll blog about Virginia Tech. Before moving on, however, I do feel compelled to share a personal thought. This is a blog, after all. You see, I’ve been a very responsible lawyer in blogging about this issue and have kept things nice and objective. I’ve purposely chosen not to use the word “tragedy” because I thought it unhelpful and obfuscatory.

Chapter 4, however, got to me. Perhaps it’s because I’m a new father and the Chapter starts with a story about Cho having a heart problem as an infant and his corrective medical procedure leading, at age three, to the start of severe emotional problems. It also touched me that, through the great efforts of his parents and his public school educators, Cho seemed to be managing his difficulties pretty well up until university. Then it all rapidly spiraled downwards to the terrible ending. Though he’s ultimately responsible for an atrocious act, I’m sad for Cho as I’m sad for his parents and his victims.

All of which underlies the essence of this issue. When privacy is balanced against security it rarely seems a fair fight. Privacy is well understood as a fundamental human right, yet security tends to be cast as just another intangible concept, and worse, one associated with institutional or governmental rather than human interests. I don’t believe that it’s always fair to characterize security interests this way. Security can be as much about helping troubled individuals as about preventing harm to others. I’m engaged by the Virginia Tech case because it demonstrates this well. Perhaps tragedy is a helpful word after all.

As I’ve posted about here and written about here, the Virginia Tech shooting has served as a good discussion point for how a post secondary institution’s duty to maintain a safe campus environment should be balanced against its duty to respect student privacy. Yesterday the University released reports from three internal committees struck shortly after the incident to examine the strengths and weaknesses of its systems. One of the reports, that of the school’s “Interface Group,” examines the security/privacy balance and echoes some of thoughts about the need for information sharing that were first expressed in the special report made to President Bush on June 13, 2007. For a flavour, here’s of one of the internal group’s seven recommendations:

Effective communication among units regarding at-risk students is essential. There are a number of recommendations intended to enhance communication in the system including conducting on-going training for personnel on the application of the Family Educational Privacy Act (FERPA) in the discussion of cases, clarifying public statements in university policy on how FERPA is applied, establishing a central university contact who has a comprehensive picture of distressed students who have been assessed by the system, clarifying policies for communicating with external agencies regarding acutely distressed students, and implementing a new policy for emergency notification for students.

According to the New York Times, a report from a panel struck by Virginia Governor Tim Kaine will be released late next week.

Just when is an organization’s e-mail system a record of its conscience?  And if it is, does this justify routine e-mail surveillance?

People haven’t been talking about e-mail surveillance in the workplace for some time now.  Even video surveillance is a little passe, with far sexier monitoring technologies like GPS, biometrics, keystroke monitoring and RFID implants taking centre-stage.

The reality is that there’s never been a business case for routine monitoring of employee e-mails.  Who’s got the time to read through employee e-mails?  With broad “no expectation of privacy” statements in almost every employer’s computer use policy backed by a practical restraint on doing anything more than reasonable grounds searches, the law on e-mail monitoring has seemed in balance for the last half-decade.

Is this about to change?  Here is some evidence that the answer is “yes.”  First, we heard about the aggressiveness of the United States domestic security program since 9/11.   Professor Daniel Solove’s recent article does a fine job of describing its “Total Information Awareness” project, a data-mining initiative.  Then back in April, Fortune 500 retailer came under some heat when a fired security worker exposed the extent of the company’s surveillance activity, which apparently includes (or included) software-supported monitoring of its computer systems.  My last piece of evidence in anecdotal.  A forensic accountant friend of mine suggested to me a few week’s back that data-mining software is in use in at least some organizations as part of their corporate governance initiatives.

Assuming that routine e-mail monitoring is coming into its time, when is it likely to be justified?

To start, Canadian labour arbitrators (the only Canadian decision-makers who have regularly had the opportunity to address the validity of e-mail surveillance) have taken a different approach to computer systems surveillance than other forms of surveillance.  Rather, than balance business interests against employee privacy rights, they’ve arguably applied a more employer-friendly approach that has centred on the property rights of a system owner:  ”It’s your property so you can assert absolute control over users’ expectation of privacy.”  This approach may seem offensive to privacy advocates, but it’s consistent with the balancing approach when one considers competing legal duties and whether the employer will be deemed (in an assessment of whether it has discharged such duties) to have constructive knowledge of the transitory and non-business communications made through its system.

Take the duty to provide a harassment-free workplace for example.  Starting with the Supreme Court of Canada’s Robichaud case, courts and tribunals have placed a very high standard of due dilligence on employers to root out and stop workplace harassment.  The premise is that employees are vulnerable and only the employer (who controls the workplace) has the ability to protect.  Although the standard is not one of strict liability, any employer that receives a harassment complaint, searches for responsive e-mails and only then discovers a harmful and longstanding dialogue should be very concerned.  Is it any coincidence that some of the hardest-fought e-discovery cases in the United States - including the Zubulake case - are harassment cases?

As offensive as routine e-mail monitoring seems, I wouldn’t rule it out.  Your average corporate counsel today will squirm if you ask her what she thinks is being sent over her company’s computer system.  At least under Canadian harassment law, the corporate computer system is treated as a record of the corporate conscience.  Constructive knowledge is presumed and, in my view, very difficult to rebut.  The ideal e-mail system would file all business e-mails into a logical structure and immediately obliterate everything else, but the greatest document management system in the world won’t achieve this ideal.  Does this make routine monitoring a justifiable alternative?

I plan on following this post with another on college and university computer systems, constructive knowledge and the duty of care to prevent incidents of catastrophic violence like what happened at Virginia Tech.  I feel very cool about the use of routine surveillance in this context.  Please come back to hear why.