PIPEDA Case Law Update: Federal Court Issues a Landmark Decision on Damages; Ontario Court of Appeal Deals with the Issue of Disclosure of Mortgage Information to a Third Party Creditor
Bridget McIlveen and Rachel St. John
Nammo v. TransUnion signals the court’s willingness to award damages for privacy violations in certain egregious circumstances; Citi Cards case confirms that disclosure of mortgage information to a third party is likely to be contrary to PIPEDA.
Eye on Privacy is published by the Privacy Law Section of the Ontario Bar Association. Members are encouraged to submit articles. The articles that appear in this publication represent the opinions of the authors. They do not represent or embody any official position of, or statement by, the OBA except where this may be specifically indicated; nor do they attempt to set forth definitive practice standards or to provide legal advice. Precedents and other material contained herein are intended to be used thoughtfully, as nothing in the work relieves readers of their responsibility to consider it in the light of their own professional skill and judgment.
Judicial Policy, Anachronisms and Contextual Analysis in Liquor Control Board of Ontario v. Magnotta Winery Corporation
19. A head may refuse to disclose a record that is subject to solicitor-client privilege or that was prepared by or for Crown counsel for use in giving legal advice or in contemplation of or for use in litigation.
Section 19 of FIPPA had two branches (there is now a third branch4 but it is not material to the LCBO v. Magnotta decision or this case comment). The first branch protects documents that are subject to the common law of solicitor-client privilege. This branch of section 19 is relatively uncontroversial.
The second branch is more controversial. In LCBO v. Magnotta, the Ontario Information Privacy Commissioner (“IPC”) took the position that the second branch was essentially a statutory codification of litigation privilege. The IPC held that settlement materials exchanged between the LCBO and Magnotta Winery Corporation and related entities (the “Magnotta Parties”) were required to be disclosed if they were responsive to a FIPPA request.
In upholding the Divisional Court, the Court of Appeal determined that the second branch of section 19 is not restricted to documents that would be protected by common law litigation privilege. The Court of Appeal held that section 19 is broad enough to encompass settlement materials prepared by or for Crown counsel. The Court of Appeal also concluded that the second branch protects settlement materials of private sector individuals and entities who prepare settlement materials sent to Crown counsel for use in settlement negotiations.
There is no question that the result in LCBO v. Magnotta will be welcomed by institutions that are subject to FIPPA and by the private sector individuals and entities who enter into settlements with them. However, the decision raises two broader issues of statutory interpretation. First, what weight should the judicial policy of settlement be given when interpreting the policy objectives of a statute such as FIPPA? The Court of Appeal’s decision was expressly influenced by the goal of promoting settlement. However, it is arguable that the Court’s ordering of the value of settlement above the value of access to government information does not have clear textual or contextual support, and may be contrary to the Legislature’s intention.
Second, should a statute be interpreted with greater attention to the legal lexicon as of the day after it is enacted? A significant part of the reasoning in the decision appears to be founded on the Legislature’s failure to use the term “litigation privilege.” But in 1987, when FIPPA was enacted, the use of that term would have been an anachronism—in the sense that it would have involved the use of a term that was not firmly established.
What was LCBO v. Magnotta about?
For devotees of Magnotta wines, the background facts, which were largely left unexplored in the decision, are legendary. Proprietors Gabe and Rossana Magnotta alleged that in 1990, just weeks before they expected to release their first bottles of wine to consumers, the LCBO announced that it was not going to carry Magnotta's wines in its retail stores due to lack of shelf space. The Magnottas were not deterred. They distributed their product on their own, thereby beginning a long-running battle with the LCBO. The battle had many fronts resulting in two judicial review applications and five defamation actions.
Over the years, the Magnotta Parties and the LCBO made several unsuccessful efforts at settlement. Ultimately in 2000, the LCBO and Magnotta arranged to mediate all of their outstanding disputes. The parties exchanged documents, which the Court of Appeal described as containing “confidential, highly sensitive and privileged information.”5 The mediation was successful but it took the parties more than another year to finalize and implement the settlement, which included what the Court of Appeal each described as “extensive confidentiality provisions.”6 However, as a term of the mediation, the parties agreed to the following confidentiality provision:7
Statements made and documents produced in the mediation session and not otherwise discoverable shall not be subject to disclosure through discovery or any other process; shall be confidential; and shall not be admissible into evidence for any purpose, including impeaching credibility; […]
Subsequent to the settlement, the LCBO received a request under FIPPA for access to mediation material and the settlement documents. The LCBO gave partial access but denied access to the mediation material, including material prepared by the Magnotta Parties for the mediation that had been provided to the LCBO. The Magnotta Parties also opposed the release of this material.
The LCBO’s decision was appealed to the IPC. The IPC allowed the appeal and ordered the LCBO to disclose more of the records.8 After a failed request for reconsideration9 in which the IPC held that mediation was not litigation for the purpose of interpreting the second branch of section 19 of FIPPA, the LCBO sought judicial review by the Divisional Court. The Divisional Court overturned the IPC.10 The IPC appealed to the Court of Appeal.
In upholding the Divisional Court, the Court of Appeal concluded that the phrase “prepared by or for Crown counsel for use in giving legal advice or in contemplation of or for use in litigation” in the second branch of section 19 of FIPPA included settlement material created for mediation. The Court of Appeal agreed with the Divisional Court that alternative dispute resolution methods had been incorporated into the litigation process through the Rules of Civil Procedure and were now “an integral part of the civil litigation process in Ontario.”11 The Court of Appeal also held there was no reason to treat mandatory mediation and consensual mediations differently.12 The Court of Appeal concluded that “interpreting the word ‘litigation’ in the second branch to encompass mediation and settlement discussions is consonant with public interest considerations because the public interest in transparency is trumped by the more compelling public interest in encouraging the settlement of litigation.”13
The Court of Appeal also held that the “plain reading” of the second branch of section 19 of FIPPA did not support an interpretation that limited that provision to the scope of “litigation privilege.” The Court of Appeal held that “[w]hen the legislature wished to exempt records based on privilege, it did so using clear language” and noted that the first branch of section 19 referred to “solicitor-client” privilege.14 In contrast, the second branch did not use the term “litigation privilege”. The Court of Appeal concluded that “[t]herefore, the second branch should not be taken to be limited to documents that fall within the common law litigation privilege.”15
Finally, after distinguishing a number of prior cases, the Court of Appeal concluded that materials prepared by the Magnotta Parties were “‘prepared for Crown counsel’ because they were provided to Crown counsel for use in the mediation and settlement discussions.”16 The Court of Appeal held (without any analysis of the other potentially available exemptions under FIPPA) that to hold otherwise “would lead to situations in which the government entity’s records would be exempt from production while the private party’s mediation material would be producible.”17
Why presume that the Legislature shares the judicial policy of settlement?
The IPC faced an uphill battle but not because of the text of the section 19 of FIPPA. The battleground was uphill because the judiciary leans strongly towards promoting settlement as a pragmatic policy objective. Not only is settlement considered a desirable end to be pursued, it is perceived by judges as critical to the functioning of the Canadian judicial system. The Alberta Court of Appeal has held that “[i]n these days of spiralling litigation costs, increasingly complex cases and scarce judicial resources, settlement is critical to the administration of justice.”18 The Ontario Court of Appeal appears to concur19 as does the British Columbia Court of Appeal.20
Against that backdrop, the IPC’s position was heretical. However, focusing on the Court of Appeal’s rationale that “the public interest in transparency is trumped by the more compelling public interest in encouraging the settlement of litigation,” one might legitimately ask whether there is any textual evidence that this was a policy goal shared by the Legislature when it enacted FIPPA. There is nothing in the text of FIPPA to support the contention that the Legislature intended to give primacy to the policy of settlement. Indeed, the purpose statement of FIPPA suggests otherwise. The purpose statement puts public access to information under the control of the government first. Exemptions from disclosure are to be necessary, limited and specific.21
Is the Court of Appeal’s interpretation of section 19 of FIPPA faithful to the criteria for exemptions? Consider the following two hypothetical scenarios. Gabe is defamed by the LCBO. In scenario 1, Gabe writes a demand letter and follows this up with a settlement offer addressed to the CEO. It would be an extraordinary stretch to say that this settlement offer was prepared “for Crown counsel” and, therefore, protected under section 19 of FIPPA.
In scenario 2, assume that after a series of exchanges with the CEO, the LCBO’s counsel responds to Gabe. Gabe takes this opportunity to reiterate his offer (the very same offer) to the LCBO’s counsel. Under the Court of Appeal’s interpretation, this settlement offer would be protected from disclosure under FIPPA because it was prepared for use by Crown counsel. It is highly dubious that the Legislature should have intended such an arbitrary result.
It is equally dubious that documents created by private parties are prepared “for Crown counsel”. By this logic, it might be argued that all pleadings, affidavits of documents, facta, etc. exchanged in the litigation should be exempt from disclosure even though they may be in the public court file.
One might also legitimately ask why the Legislature would have been so cryptic in drafting an exclusion for settlement privilege. At the time that FIPPA was enacted in 1987, the “without prejudice” privilege was well-known and well-defined. If FIPPA is construed as it would have been the day after it was passed,22 the Legislature must be taken to have understood the concept of settlement privilege and its role in formal and informal attempts at dispute resolution. As the Divisional Court noted, the 1968 case of I. Waxman & Sons Ltd. v. Texaco Canada Ltd. had already established that “a party to a correspondence within the "without prejudice" privilege is, generally speaking, protected from being required to disclose it on discovery or at trial in proceedings by or against a third party.”23 The elements of the privilege were well-established as requiring that the communication be made with the expectation of confidentiality and in furtherance of settlement of a litigious or potentially litigious matter. It would also have been understood when FIPPA was enacted that settlement privilege did not require that the communication be made to a lawyer. Even if the term “settlement privilege” was not well-established, it would have been possible to set out the criteria necessary for its protection.
The Court of Appeal’s analysis of the importance of settlement privilege to the settlement process rests on the assumption that it is necessary to protect settlement discussions with the Crown (and entities governed by FIPPA) or else settlements will not occur. Is there any empirical evidence to support such a proposition or is it based on common sense? An obvious concern would be the prejudice to a non-settling party in subsequent litigation. However, the mere fact that a settlement communication was required to be disclosed under FIPPA does not make it relevant, much less admissible, in subsequent litigation. The Court has ample authority to prevent any such prejudice.
If we are dealing with a more generalized fear of public scrutiny interfering with the parties’ negotiation, why does this concern apply solely to settlement negotiations and not other types of negotiations with the Crown and entities governed by FIPPA. The exemptions to protect third-party material from disclosure are narrowly construed in FIPPA in favour of disclosure. For example, the IPC continues to take a narrow interpretation of the terms “commercial” and “financial” in section 17(1) of FIPPA, which provides as follows:
17. (1) A head shall refuse to disclose a record that reveals a trade secret or scientific, technical, commercial, financial or labour relations information, supplied in confidence implicitly or explicitly, where the disclosure could reasonably be expected to,
(b) result in similar information no longer being supplied to the institution where it is in the public interest that similar information continue to be so supplied;
The IPC continuously defines “commercial” as relating solely to buying, selling or exchange of merchandise or services. “Financial” is restricted to specific data on the use and distribution of money, such as information on pricing practices, profit and loss data, overhead and operating expenses. Notwithstanding these narrow interpretations, individuals and entities continue to negotiate and enter into agreements with the Crown and entities governed by FIPPA. Is it not more likely, therefore, that, if a policy choice was made, the Legislature chose a political policy of transparency over the judicial policy of settlement?
Why is the absence of the term “litigation privilege” irrelevant?
To buttress its decision that the second branch of section 19 of FIPPA was not restricted to litigation privilege, the Court of Appeal concluded that the failure of the Legislature to refer to “litigation privilege” was deliberate and, therefore, the second branch was intended to provide broader protection:24
When the legislature wished to exempt records based on privilege, it did so using clear language. Witness the first branch of s. 19 which permits a head to refuse to disclose a record that is "subject to solicitor-client privilege". The words of the second branch follow immediately afterwards in the same provision and they do not use the words "litigation privilege". Rather, the second branch governs records "prepared by or for Crown counsel ... for use in litigation". Therefore, the second branch should not be taken to be limited to documents that fall within the common law litigation privilege.
The author has not conducted an exhaustive search; however, the available electronic digests suggest that the first use in Canada of “litigation privilege” may have been in an article entitled Discovery of Civil Litigation Trial Preparation in Canada published in the Canadian Bar Review in 1980 by Neil J. Williams.25 Professor Williams’ article on privilege in the discovery process used the term in a section titled “Privilege for Documents Relating Exclusively to the Case of the Party Giving Discovery.”26 In the following year, Sharpe J. (then, Professor Sharpe) wrote a case comment in which he referred to what was “often called legal professional privilege, and perhaps more aptly described as the litigation privilege” and cited Professor Williams as the source of the term.27 Two years later, Professor Sharpe’s lecture in the Special Lectures of the Law Society of that year referred extensively to litigation privilege.28
Attributing to the Legislature a deliberate choice in not using the term “litigation privilege” is unsafe. The term “litigation privilege” was in currency by 1987 but it was hardly so entrenched as to be used as legislative short-hand. Indeed, it has only made its way into three Ontario statutes—all enacted in this decade.29 Accordingly, the absence of the term “litigation privilege” should be irrelevant to the interpretation of FIPPA.
Moreover, the Legislature’s exemption from disclosure for documents “prepared by or for Crown counsel” makes more sense in the case of litigation privilege than for settlement privilege. Apart from the dubious proposition that documents prepared by a party and sent to the Crown in a mediation are prepared “for” Crown counsel, it was also not as certain in 1987 as it is today that litigation privilege would be afforded to unrepresented parties. Indeed, the leading case was still the decision of the Exchequer Court in Susan Hosiery Limited v. The Minister of National Revenue in which Jackett P. described the privilege as a privilege for “the lawyer’s ‘brief’ for litigation.”30 In that light, the second branch of section 19 is readily understandable as a description of the lawyer’s brief.
The result for the LCBO and Magnotta Wineries was unquestionably welcome. However, the case raises interesting questions s regarding statutory interpretation. The Court of Appeal held that “the public interest in transparency is trumped by the more compelling public interest in encouraging the settlement of litigation.” But how far should the Court go in promoting settlement when it is far from obvious that the Legislature intended to give such primacy to promoting settlement? Given the weaknesses in attempting to cram settlement privilege into section 19 of FIPPA, is it possible that what has happened here is the judicial policy of settlement overtook the analysis? In interpreting a statute such as FIPPA (particularly where policy goals must be weighed), just how faithful should the court be to the legal lexicon in currency when the statute was enacted?
* Timothy M. Banks is a partner in the Toronto office of the law firm, Fraser Milner Casgrain LLP. The views expressed in this article are the author’s alone.
1 2010 ONCA 681 [“CA Decision”].
2 R.S.O. 1990, c. F.31.
3 Subsequently, section 19 was amended to provide as follows:
A head may refuse to disclose a record, (a) that is subject to solicitor-client privilege; (b) that was prepared by or for Crown counsel for use in giving legal advice or in contemplation of or for use in litigation; or (c) that was prepared by or for counsel employed or retained by an educational institution for use in giving legal advice or in contemplation of or for use in litigation.
4 See footnote 3 above.
5 CA Decision, at para. 5.
6 CA Decision, at para. 8.
7 (2009), 97 O.R. (3d) 665 (Div. Ct.) [“Div Decision”] at para. 11. As an aside, neither the Divisional Court nor the Court of Appeal mentioned whether the confidentiality provisions were expressly subject to FIPPA, which is ordinarily the practice of institutions governed by FIPPA who are asked to give those undertakings.
10 Supra, note 7.
11 CA Decision, at para. 37
16 CA Decision, at para. 44.
18 Amoco Canada Petroleum Co. v. Propak Systems Ltd., 2001 CarswellAlta 575 (C.A) at para. 27.
19 M. (J.) v. Bradley, 2004 CarswellOnt 2243 (C.A.) at para. 65.
20 British Columbia Children's Hospital v. Air Products Canada Ltd./Prodair Canada Lte., 2003 CarswellBC 614 (B.C.C.A.) at para. 11.
21 FIPPA, s. 1 states: The purposes of this Act are,
(a) to provide a right of access to information under the control of institutions in accordance with the principles that, (i) information should be available to the public, (ii) necessary exemptions from the right of access should be limited and specific, and (iii) decisions on the disclosure of government information should be reviewed independently of government; and
(b) to protect the privacy of individuals with respect to personal information about themselves held by institutions and to provide individuals with a right of access to that information. 22 Perka v. R.,  S.C.J. No. 40; see also Ruth Sullivan, Sullivan on the Construction of Statutes, 5th Edition (Markham: LexisNexis Canada Inc., 2008) at p. 146ff.
23  2 O.R. 452, 1968 CarswellOnt 156 (C.A.) at para. 2.
24 CA Decision, at para. 37.
25 (1980) 58 Can. Bar Rev. 1
26 Ibid. at 15.
27 “Discovery – Privilege and Preliminary Investigative Reports” (1982) 59 Can. Bar. Rev. 830 at 833.
28 "Claiming Privilege in the Discovery Process" in Law in Transition: Evidence, L.S.U.C. Special Lectures (Toronto: De Boo, 1984) at 163.
29 Audit Statute Law Amendment Act, 2004, S.O. 2004, c. 17 amending the Auditor General Act, R.S.O. 1990, c. A.35; City of Toronto Act, 2006, S.O. 2006, c. 11, Sch. A and as amending the Municipal Act, 2001, S.O. 2001, c. 25
30  2 Ex. C.R. 27.
In the Air Canada decision, released in April, 2010, the Federal Court held that the Privacy Commissioner was not entitled to determine a claim of privilege, and accordingly could not determine the requirements that must be satisfied to justify the claim of privilege. Shortly after the release of the Air Canada decision, the Federal Court released its decision in State Farm, in which the Court held that PIPEDA does not apply to disclosure of documents collected by an insurer to defend an insured in a third party tort action in which privilege is claimed.
Air Canada case
In the Air Canada case, a passenger had brought, and drunk, his own beer, on board an Air Canada flight, contrary to the Canadian Aviation Regulations. A heated discussion ensued when the flight attendant told him to stop. When the flight landed, the passenger was questioned, but not detained, by an Air Canada representative and RCMP officers. The passenger filed a complaint with Air Canada that he pursued over the next 22 months, including filing a complaint with the Canadian Transportation Agency and threatening a lawsuit. During the course of the complaint, the passenger requested a copy of Air Canada’s file on the matter, which Air Canada refused to provide on the basis of privilege.
The passenger complained to the Privacy Commissioner, who required Air Canada to file an affidavit supporting its claim of privilege. Air Canada refused and the Privacy Commissioner brought an application to Federal Court for an order that provided, among other things, that she was entitled to require the affidavit, that Air Canada provide the documents to the passenger and that the passenger be awarded damages.
The Court held that the Federal Court, and not the Privacy Commissioner, was the appropriate decision maker with respect to a claim of privilege. Since the Privacy Commissioner could not determine the claim of privilege, she also could not “stipulate the steps Air Canada had to take to satisfy her that the documents were truly privileged”.
The Federal Court then considered the five documents over which Air Canada claimed privilege. Of those documents, it found that four were privileged:
The Incident Report of the Air Canada flight attendant on the plane was privileged because it was prepared for the Air Canada legal department both to determine whether to pursue an action against the passenger and to defend against any action by the passenger, and accordingly was subject to both litigation and solicitor-client privilege.
A further report by the flight attendant and a report of the pilot were prepared in response to the passenger’s claim, so were also covered by both litigation and solicitor-client privilege.
The report of the passenger who witnessed the incident was also covered by litigation privilege, on the basis that it was possible that the passenger involved in the incident might bring an action against the witness for defamation. The Federal Court made this finding despite the Privacy Commissioner’s claim that the two year limitation period for such an action had expired, and with it the right to claim litigation privilege, on the basis that it was too “simplistic” to state that there was a two year limitation period.
The only document that Air Canada was required to disclose was the report by the Air Canada representative who met the flight when it landed, as it was a routine end of shift report prepared after it was clear that no charges were going to be laid against the passenger. Even then, the Court noted that if such a report had been created at the request of the Air Canada legal department, rather than routinely, it would have been privileged.
The Privacy Commissioner had asked that the Federal Court award the aggrieved passenger damages of $5,000 to $10,000. The Court declined to award damages. Instead, it awarded costs to Air Canada.
State Farm case
The State Farm case arose out of a motor vehicle accident in New Brunswick. In defending its insured, State Farm hired private investigators who conducted video surveillance on the plaintiff in the action. The plaintiff requested disclosure pursuant to PIPEDA of all information collected, including the video surveillance. State Farm refused the request on the basis that PIPEDA did not apply. The plaintiff complained to the Privacy Commissioner that State Farm had denied him access to his personal information. State Farm took the position that the Privacy Commissioner had no jurisdiction to proceed under PIPEDA.
The facts of the case would seem to fall squarely within the scope of the decision of the Ontario Superior Court in Ferenczy v. MCI Medical Clinics (“Ferenczy”), in which the Court ruled that private investigators are not engaged in commercial activity as defined in PIPEDA when they conduct surveillance on behalf of an individual insured but are instead acting as agents of that individual. Astonishingly, the Privacy Commissioner took the position that the decision in Ferenczy was strictly obiter and did not constitute a binding precedent. Instead, the Privacy Commissioner required State Farm to disclose all video surveillance and other information it had on the plaintiff.
State Farm then initiated proceedings in New Brunswick seeking a declaration that the Privacy Commissioner lacked jurisdiction with respect to the complaint. The matter was ultimately heard by the Federal Court.
In a strongly-worded decision, the Federal Court found for State Farm on each of the following issues:
Prematurity. The Privacy Commissioner had claimed that the application was premature because her letter requiring State Farm to provide all information it held on the plaintiff was interlocutory only and not subject to review. The Court provided a number of reasons for rejecting the Privacy Commissioner’s claim of prematurity, including the fact that the Privacy Commissioner had “many years” to issue a report on the complaint and had not done so, and could not then “use her inaction in order to hinder State Farm’s right of access to the courts”.
Standard of review. The Privacy Commissioner claimed that her interpretation of PIPEDA should be given deference and should be reviewed according to a standard of reasonableness, rather than correctness. The Court found that the role of the Privacy Commissioner under PIPEDA is incompatible with a standard of deference because she may become adverse in interest to the party whose documents she seeks to access and is clearly not acting in an adjudicative capacity. Notably, the Court found that “the Privacy Commissioner has no special expertise in the interpretation of the provisions of PIPEDA” since the Federal Court is given the authority to interpret its provisions.
Whether the collection of evidence is “commercial activity”. The Court rejected the Privacy Commissioner’s claim that, since the defendant paid an insurer to defend an insurance claim, the collection of evidence by the insurer constitutes a “commercial activity” and accordingly falls within the scope of PIPEDA. The Court found that the collection of information by a defendant to defend a tort action has “little or nothing” to do with the purposes of PIPEDA. Since it was not commercial activity, the collection of evidence remains exempt from PIPEDA even if third parties are retained to do so. Accordingly, the Privacy Commissioner had no authority to order the disclosure of such documents.
However, the Court found that the Privacy Commissioner is still required to conduct an investigation with respect to the complaint as it was made under PIPEDA, although because of the claims of privilege, her investigative authority is limited. The Court found that in view of State Farm’s claim of privilege, the Privacy Commissioner had no authority to issue the letter under which she claimed jurisdiction, not did she have the authority to request justification from State Farm of its privilege claims.
In Blood Tribe, the Supreme Court very clearly stated the role of the Privacy Commissioner with respect to claims of solicitor-client privilege:
The Commissioner is an officer of Parliament, vested with administrative functions of great importance, but she does not, for the purpose of reviewing solicitor-client confidences, occupy the same position of independence and authority as a court….An adjudication of claim of privilege by the Commissioner, who is an administrative investigator not an adjudicator, would be an infringement of the privilege.
The decisions in State Farm and Air Canada have been equally clear as to the Commissioner’s role, and have confirmed her lack of authority to determine claims of litigation privilege. In view of these findings, it will be very interesting to see if the Privacy Commissioner continues to assert that she has the authority to determine claims of privilege in privacy-related complaints.
* Kelly J. Morris is a lawyer with the Toronto law firm, Blaney McMurtry LLP.
Almost Right: The Application of the Freedom of Information and Protection of Privacy Act to Hospitals
Ayanna Ferdinand *
In October 2010, Minister of Health and Long-Term Care Deb Matthews introduced Bill 122, Broader Public Sector Accountability Act, 2010 in the Ontario Legislature (“Bill 122”).1 Bill 122 passed through readings quickly and became law in January 2011. A key part to Bill 122 consists of amendments to the Freedom of Information and Protection of Privacy Act (“FIPPA”) that render FIPPA applicable to all public and private hospitals in Ontario.2 Ontario is one of last provinces in Canada to establish a right of access to certain information under the control of hospitals. The effect of the amendments under Bill 122 is to open corporate and other hospital information to the public. This paper provides an overview of the application of FIPPA to public hospitals in Ontario and focuses on two significant problems posed by FIPPA to hospitals.
Purpose and Scope of FIPPA
The purpose of FIPPA is to provide a right of access to information under the control of institutions in accordance with the principles that information should be available to the public, necessary exemptions to the right of access should be limited and specific and any decisions made regarding government information should be reviewed independently from government.3 FIPPA, therefore, establishes a statutory entitlement to access information under the control of the government and other public institutions, such as universities, administrative boards, tribunals and agencies that are largely funded by the government.
FIPPA also provides very specific and limited exemptions to the right of access and certain procedural rights accompany these exemptions for both the applicant and the institution. There are about 13 broad headings that consist of statutory exemptions to the right of access with varying application to different types of institutions. Briefly, the exemptions to an access request are (1) cabinet records; (2) advice to government, (3) law enforcement; (4) relations with other governments; (5) defence; (6) third party information, (7) economic and other interests of Ontario; (8) information with respect to closed meetings; (9) solicitor-client privilege; (10) danger to health and safety; (11) personal privacy; (12) species at risk; and (13) information soon to be published.4 Although each of these headings consists of an exemption, FIPPA establishes exceptions to some of the exemptions, thereby prescribing information that must be disclosed notwithstanding the potentially applicable exemptions. For example, an institution may refuse to disclose a record that reveals a public servant’s advice.5 Notwithstanding that the report may reveal such advice, an institution shall not refuse to disclose a record that contains a report on the performance of an institution, whether the report is general in nature or in respect of a specific program.6
Furthermore, some of these exemptions are mandatory. For instance, under the heading of third party information, an institution shall refuse to disclose a trade secret "where the disclosure could reasonably be expected to result in undue loss or gain to any person, group, committee or financial institution or agency".7 Other exemptions are permissive to the institution, such as disclosing a record if the disclosure "could reasonably be expected to seriously threaten the safety or health of an individual".8
FIPPA’s Application to Hospitals and Two Significant Challenges
FIPPA will apply to hospitals in 2012, with retroactive effect to 2007. Due to certain unique features of a hospital’s operations, FIPPA expressly excludes certain information from its scope. FIPPA does not apply to information pertaining to the operations of a hospital’s foundation, administrative records related to a regulated health care professional's practice, research, including clinical trials, and abortion services.9 Certain records arising from meetings, consultations, discussions and communications used for hospital credentialing and privileging physicians, midwives, certain dentists and registered nurses of the extended class are excluded from the ambit of FIPPA.10 The Legislature’s intent to protect certain highly sensitive information related to patients, staff, intellectual property and donations is made clear by these exclusions from the scope of FIPPA.
(a) Quality of care
Bill 122 also amends the Quality of Care and Information Protection Act, 2004 (“QCIPA”).11 The purpose of QCIPA is to protect quality of care information from disclosure in proceedings. It establishes an evidentiary exemption to the rules of disclosure in proceedings for quality care information.12 Ontario hospitals have developed specific processes to improve the delivery of quality of care and patient safety. Integral to these quality care processes is the free and unfettered exchange among health care professionals to assess systemic quality and patient safety processes. Accordingly, QCIPA defines quality care information as information that:
(a) is collected by or prepared for a quality of care committee for the sole or primary purpose of assisting the committee in carrying out its functions, or
(b) relates solely or primarily to any activity that a quality of care committee carries on as part of its functions,
but does not include,
(c) information contained in a record that is maintained for the purpose of providing health care to an individual,
(d) information contained in a record that is required by law to be created or to be maintained,
(e) facts contained in a record of an incident involving the provision of health care to an individual, except if the facts involving the incident are also fully recorded in a record mentioned in clause (c) relating to the individual, or
(f) information that a regulation specifies is not quality of care information and that a quality of care committee receives after the day on which that regulation is made.13
Pursuant to QCIPA, a quality committee must be established by a hospital for:
studying, assessing or evaluating the provision of health care with a view to improving or maintaining the quality of the health care or the level of skill, knowledge and competence of the persons who provide the health care.14
By virtue of an amendment to QCIPA by Bill 122, FIPPA does not apply to quality of care information.15 At first glance, this exclusion appears to appropriately protect quality of care processes at hospitals in Ontario from an access request under FIPPA. The Ontario Hospital Association’s (“OHA”) Submission to the Standing Committee on Social Policy respecting Bill 122 demonstrates how the QCIPA exclusion is inadequate:
Improving patient safety and quality of care is highly dependent on a “safety culture” within organizations. A patient safety culture is one where staff has a constant and active awareness of the potential for things to go wrong; that is open and fair; that encourages people to speak up about mistakes; and where people are able to learn from events in order to make improvement and prevent recurrence.
Open reporting and a thorough analysis of what went wrong can have a positive and quantifiable impact on the performance of a hospital. We believe that the cultures of openness that hospitals have worked hard to create will be significantly undermined if staff believe that the information they share can be provided to any individual making a freedom information request.16
The exclusion provided by Bill 122 to quality of care information can only be narrowly applied to quality and patient safety processes of hospitals. Many of these initiatives occur outside of the scope of the quality care committee and, therefore, outside the scope of the QCIPA protection. Since the purpose of such initiatives is to pervade the hospital culture, quality care and patient safety are embedded in other hospital processes, such as prospective and retroactive reviews, mortality and morbidity rounds, debriefings among staff upon the occurrence of a critical incident, and, for some hospitals, board quality committee discussions. From the strategic, governance level to the operational, front line level, the limited exception to FIPPA’s application will indeed have a detrimental impact on the “safety culture” referred to by the OHA. With the application of FIPPA to hospitals quickly approaching, hospitals and their staff are challenged to continue these quality and patient safety processes and to refine them to ensure that their value is not compromised.
One of the 13 exemptions to the right of access established by FIPPA, as mentioned above, arises from the purpose of a closed board meeting or a board meeting held in camera. FIPPA provides that an institution may refuse to disclose a record that:
reveals the substance of deliberations of a meeting of the governing body or a committee of the governing body of an educational institution or a hospital if a statute authorizes holding the meeting in the absence of the public and the subject matter of the meeting, (a) is a draft of a by-law, resolution or legislation; or (b) is litigation or possible litigation.17
FIPPA then states that, notwithstanding this exemption, an institution must provide access to the information if it is not held confidentially, the subject-matter was considered in an open meeting or the record is more than 20 years old.18
This exemption is problematic for hospital governance for two reasons. First, at the time of writing this paper, no statute exists that authorizes a board to hold a meeting in the absence of the public. The Public Hospitals Act governs hospital governance and specifically establishes the power of the board, certain procedures, and membership.19 It does not, however, authorize a hospital board to hold open or closed meetings. The exemption also applies to educational institutions and they can rely on it. For instance, certain universities, such as Algoma University, have legislation that speaks to open and closed board meetings. The Algoma University Act, 2008 provides that the board’s meetings shall be open to the public and states that the board “may meet in the absence of the public to discuss a matter of a personal nature concerning an individual or to discuss a confidential nature as determined in accordance with the by-laws”.20
Good governance practices for public organizations dictate that an organization’s board must have the ability to meet in camera to make decisions on very specific and sensitive issues while balancing the need for public accountability. Clearly, FIPPA attempts to strike this balance by recognizing the importance of in camera board sessions for hospitals and universities; yet, the Legislature has not provided the same protection for in camera board sessions to hospitals as it has for universities. Hospital boards must have the ability to discuss and decide on potential and actual litigation, draft bylaws and other governance matters absent the possibility of an access to information request under FIPPA.
Second, hospital governance involves discussions and decisions on health care delivery, namely patient related quality of care, staff and patient safety and risk management. Hospital boards are asked to make decisions based on, arguably, the most sensitive staff personal information and patient personal health information. The lack of protection by both FIPPA and the Public Hospitals Act exposes these discussions to a request for information under FIPPA. Ontario universities have statutory protection to hold in camera sessions for highly sensitive matters. The University of Toronto Act, 1971 states that the board or governing council of University of Toronto may hold in camera meetings “where intimate financial or personal matters of any person may be disclosed at a meeting”.21 Other provincial jurisdictions provide hospitals or health authorities with the ability to hold in camera sessions, while balancing public accountability. British Columbia’s Health Authorities Act provides that:
[m]eetings of a board are open to the public, but the board may exclude the public from a meeting if the board considers that, in order to protect the interests of a person or the public interest, the desirability of avoiding disclosure of information to be presented outweighs the desirability of public disclosure of the information.22
It is critical for the proper exercise of good governance that hospitals in Ontario have the ability to hold in camera sessions where the subject matter deals with the highly sensitive matters that are put before these board members for decisions. Membership to hospital boards in Ontario is voluntary. Absent this ability, with the inherent protection from a FIPPA access request, such volunteer board members are not reassured by the Legislature that highly sensitive discussions and decisions are viewed as deserving statutory protection to the same extent as university governance discussions and decisions.
Hospitals in Ontario have welcomed Bill 122 and its amendments to FIPPA as an important part of their commitment to public accountability and transparency with respect to health care delivery. The Ministry of Health and Long Term Care and the Legislature are very close to achieving the right balance of public access and protection of information for hospitals. They have recognized that certain information must be protected from disclosure. FIPPA, however, fails to recognize hospital’s distinctive relationship with other types of information in its custody and under its control. Information arising from patient quality and safety processes must be exempt from the scope of FIPPA to ensure and support staff involvement in these initiatives resulting in continuing improvement of health care delivery. Equally concerning to hospitals is the lack of protection for sensitive staff and patient personal information integral to good governance practices at hospital boards. FIPPA’s application to hospitals commences in 2012. This timeline is intended to provide hospitals with preparation time. Those of us in the hospital industry certainly expect that this timeline also applies to the Ministry of Health and Long Term Care to provide these important protections to hospitals.
*Ayanna Ferdinand is the Director, Enterprise Risk Management and General Counsel, Trillium Health Centre, Mississauga.
1 Bill 122, An Act to increase the financial accountability or organizations in the broader public sector, 2nd Sess., 39th Leg., Ontario, 2010 (as assented to 8 December 2010), S.O. 2010, c. 25.
2 R.S.O. 1990, c. F. 31 [hereinafter “FIPPA”].
3 Ibid at s. 1(a).
4 Ibid at ss. 12 to 22.
5 Ibid. at s. 13(1).
6 Ibid. at s. 13(2)(f).
7 Ibid. at s. 17(1)(c).
8 Ibid. at s. 20.
9 Ibid. at ss. 65(1)(5.4), (5.5.), (5.6), (5.7) and (8.1)(d).
10 Ibid. at s. 65(6)(5).
11 S.O. 2004, C. 3, Schedule B [hereinafter “QCIPA”).
12 Ibid. at s. 5.
13 Ibid. at s. 1.
14 Ibid. 15 Ibid. at s. 1.1.
16 OHA, “Submission to the Standing Committee on Social Policy Respecting Bill 122: Broader Public Sector Accountability Act, 2010” November 2010 at p. 4.
17 Supra note 2 at s. 18.1(1).
18 Ibid. at s. 18.1(2).
19 R.S.O.1990, c. P.40.
20 S.O. 2008, c. 13, ss. 27(1) and (2).
21 c. 88, s. 2(18).
22 R.S.B.C. 1996 c. 180, s.8(1)(3).
PIPEDA Case Law Update: Federal Court Issues a Landmark Decision on Damages; Ontario Court of Appeal Deals with the Issue of Disclosure of Mortgage Information to a Third Party Creditor
Bridget McIlveen and Rachel St. John*
In recent months, there have been a few noteworthy developments in Canadian privacy law jurisprudence. The Federal Court addressed the issue of damages in Nammo v. TransUnion of Canada Inc. finding that, in an appropriate case under the Personal Information Protection and Electronic Documents Act (PIPEDA), damages may be awarded even in circumstances when no financial loss has been established.1 Further, a determination of whether damages should be awarded turns on a values-based consideration of PIPEDA.2 In another case of note, the Ontario Court of Appeal in Citi Cards Canada Inc. v. Pleasance held that PIPEDA restricts a financial institution’s ability to disclose mortgage-related information to a third party creditor.3 We address the significance of these recent decisions below.
Nammo v. TransUnion
On December 20, 2010, the Federal Court issued a landmark decision in Nammo v. TransUnion, finding that an individual whose loan application was negatively impacted as a result of false credit information was entitled to damages of $5000. The case is significant, as it is a departure from a line of PIPEDA decisions where courts have declined to award damages.
The facts of the case focus on TransUnion’s provision of erroneous credit information to the Royal Bank of Canada (“RBC”) that negatively reported on Mr. Nammo’s credit history. Mr. Nammo contacted TransUnion seeking to have the false information on his credit record corrected. By way of response, TransUnion investigated the credit history and concluded that credit information relating to another individual had been mistakenly incorporated into Mr. Nammo’s file. TransUnion then sent a written letter to Mr. Nammo confirming that (i) the erroneous credit information had been placed in his file, (ii) the file had been amended for accuracy, and (iii) RBC had been notified of the amendment.
Mr. Nammo filed a complaint with the Office of the Privacy Commissioner of Canada (“OPC”) citing TransUnion’s disclosure of inaccurate personal information to RBC. The OPC concluded that TransUnion had failed in its obligation under PIPEDA to maintain accurate information. This had serious adverse effects on Mr. Nammo. Accordingly, the OPC found that the complaint was well-founded, however, TransUnion had resolved the issue by amending the credit file and reporting the amendment to RBC.
Subsequent to the OPC’s issuance of findings, Mr. Nammo filed an application in Federal Court pursuant to PIPEDA for a hearing with respect to his complaint to the OPC. In a departure from existing PIPEDA jurisprudence, the Court awarded $5000 in damages. Importantly, the Court noted that PIPEDA affords broad remedial powers that permit, under appropriate circumstances, an award of damages where no actual financial loss has been sustained. Citing the decision in Randall v. Nubodys Fitness Centres, the Court noted that an award of damages under PIPEDA is reserved “for the most egregious situations.”4 The Court also pointed to the reasoning in Vancouver (City) v. Ward.5 In that case, the Supreme Court of Canada held that “to be appropriate and just,” an award of damages must “represent a meaningful response to the seriousness of the breach and the objectives of compensation, upholding Charter values, and deterring future breaches.”
In Nammo v. TransUnion, the same reasoning was found to apply to PIPEDA. Specifically, an appropriate and just award of damages must take into account the furtherance of PIPEDA’s objectives and values. After a consideration of the facts in question, the Court awarded damages on the basis of TransUnion’s failure to:
(i) collect accurate information, (ii) address the complaint in a timely and effective manner, (iii) correct the inaccurate information it had disclosed in a timely and effective manner, and (iv) take responsibility for its actions in this regard.
The Nammo v. TransUnion decision is a notable development in the privacy landscape. It signals the court’s willingness to award damages for privacy violations in certain egregious circumstances. Further, the case sets a framework for assessing claims for damages based on the values underlying PIPEDA.
Citi Cards Canada Inc. v. Pleasance
In Citi Cards Canada Inc. v. Pleasance, the Ontario Court of Appeal addressed the “knotty and interesting question” of whether financial institutions are permitted to disclose mortgage information to a third-party creditor who requires the information to pursue a legal remedy to enforce a judgment. The Court upheld the decision of the application judge who found that PIPEDA prohibits such a disclosure.
In this case, Citi Cards sought to enforce a judgment against Mr. Pleasance for outstanding credit card debt through a sheriff’s sale of the Pleasance home. In order to do so, the sheriff required mortgage discharge statements from the mortgagees of the property, The Canada Trust Company and Toronto-Dominion Bank. The mortgagees, however, refused to provide the statements to Citi Cards on the basis that the disclosure was not permitted under PIPEDA.
In a further attempt to obtain the information, Citi Cards sought an order compelling the mortgagees to provide the documents. Their argument relied, in part, on two of the exceptions to the consent requirement provided under PIPEDA.
First, Citi Cards argued that the required information could be disclosed to comply with a court order as permitted under section 7(3)(c). However, the only court order requiring the mortgagees to disclose the mortgage statements was the order sought on the current application that had not yet been made.
Second, the Court reviewed whether the “required by law” exception in section 7(3)(i) could apply. Citi Cards argued that the exception should be interpreted broadly to apply in cases where the “organization” or the “individual” is required by law to disclose information. This interpretation would, in effect, permit the mortgagees to disclose the information since Mr. Pleasance would be required by law to disclose the information if examined in aid of execution. The Court dismissed this argument on the basis that, among other things, it conflicted with both the wording and intent of PIPEDA. The Court stated that if the appellant’s argument in this case had been correct, “any organization could disclose financial information about the individual to interested parties, without the individual’s consent, any time there is an outstanding judgment against the individual. Such a result would effectively negative the protection afforded to the privacy right of individuals pursuant to PIPEDA.”
Ultimately, the Court refused to order the mortgagees to produce the mortgage statements as an alternative remedy was still available; specifically, the creditor could bring a motion to examine the debtor’s wife, a joint owner of the home.
Citi Cards Canada Inc. v. Pleasance is an important decision for financial institutions. The Court indicated in its judgment that the furnishing of mortgage discharge statements in similar situations has been treated differently by Ontario financial institutions. This case confirms that the disclosure of such information will be found contrary to PIPEDA absent the individual’s consent, a court order or other legal requirement.
* Bridget McIlveen and Rachel St. John are lawyers with Heenan Blaikie LLP’s National Privacy and Information Management Group.
Jennifer Stoddart Honoured as Recipient of the Karen Spector Memorial Award for Excellence in Privacy Law
In October, the Privacy Law Section hosted a dinner to celebrate the 2010 recipient of the Karen Spector Memorial Award for Excellence in Privacy Law: Jennifer Stoddart, Privacy Commissioner of Canada. Commissioner Stoddart joins a growing list of distinguished recipients. Past recipients Priscilla Platt (2006), Jeffrey Kaufman (2007) and Mary O’Donoghue (2008) were all present to mark the occasion.
Nominees are evaluated against five criteria: legal contributions to the practice of privacy law, contributions through writing or public speaking, organizational contributions, outstanding mentorship, and other exemplary achievements in the area of privacy law. Those present at the award ceremony heard about Commissioner Stoddart’s remarkable achievements in all five areas.
2010 was a year marked by honours for Ms. Stoddart – in Canada and internationally. In 2010, Ms. Stoddart also received the International Association of Privacy Professional’s Vanguard Award for her role in establishing the Office of the Privacy Commissioner as leading regulator on privacy issues. In December, she was appointed to a second term as Privacy Commissioner of Canada.
The Karen Spector Memorial Award for Excellence in Privacy Law was established in memory of Karen Spector. The late Ms. Spector was active in the Privacy Law Section and sat on the Section Executive. She established one of the first legal practices dedicated to privacy law in the province, wrote and spoke widely about privacy law issues, and was an exceptional educator and mentor.
Do you know a worthy candidate for the Karen Spector Memorial Award for Excellence in Privacy Law? The call for nominations is open. Just follow the instructions on the nomination form, and submit by April 29, 2011.
*Laura Davison is the chair of the Privacy Law Section and deputy chief privacy officer, Deloitte.
Designing Privacy Protection: News from the 32nd International Conference of Data Protection and Privacy Commissioners
Allison Knight and Bonnie Freedman*
On October 27-29, 2010, over 600 representatives of governments, companies and non-governmental organizations from across the world participated in the 32nd International Conference of Data Protection and Privacy Commissioners (“the Conference”), hosted by the Israeli Law, Information and Technology Authority in Jerusalem. Entitled “Privacy Generations,” the Conference called for an evolution in governance to respond to “shifts in the perception of privacy among a new generation of users, who post personal information and communicate with friends and colleagues on social networks.”
The Conference suggested that we need new ways of thinking about privacy rights. For example, a number of sessions dealt with what has been dubbed the “right to oblivion” or the right of an individual to “disappear” his or her personal information. The logistical challenge – being able to require everyone who has downloaded information about an individual to erase it – was raised as well as the lack of consensus about what should be erased, which highlighted the lack of consensus over what privacy means in different cultures and user groups.
The notion that the “young” do not value privacy because they are prepared to disseminate their personal information broadly through social media was dispelled in sessions that brought home the essential role of social media in socialization: recent work suggests that in certain worlds, to forgo the use of social media is to be effectively ostracized from one’s peers.
Some participants considered whether consumers’ current habits of data sharing can be considered a “vote of confidence” for the current approach to privacy regulation, i.e., does the fact that consumers continue to share data indicate that they are content with the current level of protection offered by the status quo? This idea was clearly not shared by all of the participants, as there was much discussion over whether consumers are even aware of the risks and consequences involved in the sharing of personal information. Speakers also explored the theme of good privacy practices as good business practices and the concept of privacy and security as enhancers of consumer trust.
Questions were also raised about whether employers should be entitled to make decisions about their employees and prospective employees based on personal information posted on social media sites and whether legislative restrictions on such use, such as those proposed in Germany, are desirable. The use of personal information for law enforcement and in medical research was also discussed, including the tension between genetic privacy and the rights of family members to access information revealing vulnerability to a disease. The use of social media in healthcare and the trend toward building electronic communities around a disease were also mentioned.
In terms of compliance, participants commented on the difficulties posed by a lack of uniformity in data protection laws across the European Union. The standardization of privacy laws and rules has been an area of focus for the Commissioners for a number of years, and will be further explored pursuant to the Jerusalem Declaration (see below) in 2011 and 2012. The subject of privacy law enforcement also received some attention, particularly the possible development of private action enforcement, at least in the US and Europe.
The impact of information and communication technology (ICT) on our image of ourselves as well as our relationships to others was clear in the wrap up plenary session chaired by the Privacy Commissioner of Canada, in which concepts such as “networked privacy”, “algorithmic persona” and “data portraits” were discussed. Other sessions demonstrated the dynamism of ICT, the lack of understanding of the business model on which electronic information services are provided and the “politics of software” and suggested that it is time to re-examine that business model. The degree to which we are struggling with how to control the unwanted (and sometimes unanticipated) consequences of the dissemination and use of our personal information was made very clear.
The Conference identified the work being done to understand the impact on privacy of a wide array of activities (and the individuals and organizations involved), to analyze whether it is acceptable (from various perspectives) and to identify the measures available to curtail or prevent unacceptable incursions into what is deemed private.
To mark the 30th anniversary of its Privacy Guidelines, the Organization for Economic Cooperation and Development held a two-day event immediately preceding the Commissioners’ conference, entitled The Evolving Role of the Individual in Privacy Protection: 30 Years after the OECD Privacy Guidelines. The roundtable discussions considered the impact of the Guidelines, as well as the economics of personal data and privacy. The OECD intends to conduct a review of the Guidelines in 2011, to determine whether they need to be updated or revised to address the current environment for privacy and transborder data flows.
Israel’s hosting of the two conferences coincided with the announcement that its data protection laws have been deemed “adequate” by the European Union. As a result, EU companies will now be able to legally transfer personal data to Israel. Israel is the seventh country outside of the European Economic Area to have its data protection laws deemed adequate by the EU. The adequacy should be formally approved by the end of the year.
The Commissioners’ conference accepted two new organizations, from the US and Mexico, into its membership this year. Although the US does not have a privacy commissioner per se, the conference determined that the US Federal Trade Commission has the requisite authority and independence to qualify for membership. The acceptance of the US’s membership bid is a vote of confidence in the Federal Trade Commission’s authority and independence in enforcing privacy regulations in the United States. The US has attempted to gain membership into the conference for a number of years, but its previous bids were rejected. However, the FTC has become more active in the privacy arena as of late, with a number of high profile investigations, a series of public roundtable discussions, and the release of a proposed framework on consumer privacy.
The Mexican Data Protection Authority, Instituto Federal de Acceso a la Información y Protección de Datos, the body responsible for enforcing Mexico’s newly-enacted national privacy law, also gained membership into the conference. The law, which came into effect in July 2010, governs the collection, processing and disclosure of personal data by the private sector. The Conference also approved Mexico’s bid to host the 33rd International Conference in 2011.
Two major resolutions were adopted at this year’s conference. The closed session adopted a resolution proposed by the French Commission nationale de l’informatique et des libertés (CNIL), that calls for an intergovernmental conference in 2011 or 2012 to develop a binding international instrument on privacy and the protection of personal data. This resolution, entitled the “Jerusalem Declaration,” follows a series of resolutions in previous conferences - most recently last year’s conference in Madrid - to reinforce the universal nature of the rights to data protection and privacy and call for the standardization of the individuals’ protection at a national and international level through the development of a universal convention on the protection of individuals with regard to the processing of personal data.
Privacy by Design Resolution
The closing session unanimously adopted a resolution proposed by the Information and Privacy Commissioner of Ontario, Dr. Ann Cavoukian, to recognize “Privacy by Design” as an essential component of fundamental privacy protection. The concept of Privacy by Design was developed here in Ontario by Cavoukian, to address the ever-growing and systemic effects of information and communication technologies, and of large-scale networked infrastructure, in a comprehensive manner. Privacy by Design refers to the philosophy and approach of embedding privacy into the design, operation and management of information technologies and systems, across the entire information life cycle.
The concept of Privacy by Design has gained acceptance and recognition around the world. The UK Information Commissioner’s Office, the European Union’s Article 29 Working Party, European Data Protection Supervisor, and the U.S. Federal Trade Commission have all recently advocated for the inclusion of Privacy by Design in the review and development of privacy regulatory frameworks. The theme of Privacy by Design was discussed at every session of the conference.
The Privacy by Design Resolution:
Encourages the adoption of the foundational principles of Privacy by Design as guidance to establishing privacy as an organization’s default mode of operation;
Encourages research into Privacy by Design.
The resolution was co-sponsored by Canadian Privacy Commissioner Jennifer Stoddart and Commissioners from Berlin, New Zealand, the Czech Republic, and Estonia.
* Allison Knight is legal counsel at the Office of the Information and Privacy Commissioner of Ontario. She can be reached at (416) 326-0006 or email@example.com.
* Bonnie Freedman is legal counsel at Borden Ladner Gervais LLP. She can be reached at (416) 367-6239 or firstname.lastname@example.org.
Privacy Regulators Weigh in on Behavioural Advertising
Jennifer McKenzie and Catherine Lovrics*
Online advertising is a major industry. The Interactive Advertising Bureau of Canada reports that in 2009 Canadian online advertising revenues were $1.82 billion, and forecasts that in 2010 revenues will rise to $2.1 billion.
In recent years the tension between online advertising and consumer privacy has given rise to several controversies. Lawsuits have been filed against Facebook over its Beacon program, NebuAd and Internet service providers for teaming up to create user profiles, and some of the Internet’s most popular websites over Quantcast’s 'zombie' cookies.
Online behavioural advertising employs technologies to track users’ activities over time to build profiles used to deliver targeted advertisements. The goal is to deliver relevant and effective advertising to users. Behavioural advertising can involve one website tracking users’ behaviour on its own website or an advertising network tracking users’ behaviour across multiple websites participating in its network. By observing users’ behaviour, their interests, demographics and other characteristics are inferred to create profiles. The information collected can include websites visited, length of time spent on pages, advertisements clicked, information entered, searches performed and Internet protocol addresses. Advertisers can identify categories of interest that may be broad (eg, sports enthusiast) or specific (eg, sports enthusiast from Canada who takes a ski trip at least once a year).
The main tracking technology is cookie technology. Cookies are alphanumeric text files stored on (and later retrieved from) a computer’s hard drive by a single website. A cookie can identify a repeat visitor to a website and collect information. 'Third-party cookies' enable advertising networks to recognise a visitor who visits any website that is part of its network. They are broadly dispatched from multiple websites within the advertising network and users may be tracked across these websites over time. Other technologies that can be used for behavioural advertising include web beacons, web 'fingerprinting', deep packet inspection and data mining.
The use of these tracking technologies and techniques has raised 'Big Brother' concerns about advertising networks. In the past two years, regulators and industry participants in jurisdictions around the world have taken a closer look at behavioural advertising and its impact on individuals' privacy rights.
On the self-regulatory front, in July 2009 a consortium of organisations, including the Interactive Advertising Bureau, the Direct Marketing Association and the Better Business Bureau, introduced Self-Regulatory Principles for Online Behavioural Advertising.
Among the regulators, in Canada, the Office of the Privacy Commissioner launched a consultation in early 2010 on the online tracking, profiling and targeting of advertisements. In October 2010 a report of findings was issued, which concluded with a call for further submissions by early December 2010. In the United States, in July 2009 the Federal Trade Commission issued Self-Regulatory Principles for Online Behavioural Advertising. And in Europe, on June 22 2010 the Data Protection Working Party (set up under Article 29 of the EU Data Protection Directive (95/46/EC)) issued an opinion on behavioural advertising and the obligations of the various parties under existing privacy directives.
There is general recognition that behavioural advertising is necessary, and even beneficial, in that it enables website operators to continue to provide free content. However, there are concerns that current implementation does not respect the privacy rights of consumers at whom behavioural advertising is targeted.
There is consensus that the information stored by cookies is personal information that attracts the protection of the 10 privacy principles found in the Organisation for Economic Cooperation and Development Guidelines on the Protection of Privacy and Transborder Flows of Personal Information, regardless of whether it immediately identifies an individual.
A principal concern is the lack of transparency. There is concern that the average Internet user may be unaware that his or her behaviour is being tracked to serve targeted advertisements and may not understand the technology being used. There is consensus that transparency is vital: clear, concise, consumer-friendly and easily accessible information about behavioural advertising is necessary.
what technologies are being used to create profiles;
the type of information that is being collected and used;
whether tracking occurs across multiple websites; and,
that profiles will be used to deliver targeted advertising.
While there is general consensus that users should have control and choice over whether their information is used for behavioural advertising, the timing and nature of consent and the appropriate form of control are the subjects of ongoing debate.
At present, browser settings and opt-out mechanisms are among the primary ways of obtaining consent to, and giving consumers control over, the use of their information for behavioural advertising. However, these are no longer considered sufficient.
Even when dealing with consumers who are fully cognizant of browser settings, browsers are capable of deleting only traditional cookies and deleted cookies may be recreated or 're-spawned' (a ‘zombie’ or ‘flash’ cookie). For example, more recently, some advertising networks have been using flash cookies to supplement or replace traditional cookies. Flash cookies cannot be deleted through typical browser settings and there have been reports of flash cookies being used to restore traditional cookies that were refused or erased. To clear all the different types of cookies, consumers must install special applications, which the Canadian paper says is an unreasonable expectation to place on consumers.
There is encouragement to move away from opt-out mechanisms, which generally require consumers to go to the website of the advertising network and indicate that they wish to opt out from being tracked for the purposes of being served targeted advertisements. Both the EU opinion and the Canadian paper suggest that such mechanisms are inadequate to obtain the average consumer’s meaningful, informed consent. The EU opinion states that most consumers lack a basic understanding of how the information is collected, how the technology works and where and how to opt out. It asks advertising networks to give consumers the opportunity to opt in before information is used for behavioural advertising. The Canadian paper repeats a long-held view of the Office of the Privacy Commissioner of Canada that opt-in consent is the preferred method. It notes that the sensitivity of information is relevant to the appropriateness of opt-in versus opt-out consent. Some information (eg, financial and medical) is almost always considered to be sensitive (although any information can be sensitive, depending on the context). However, the Canadian paper acknowledges that it is easy to become lost in the issue of 'opt in and opt out', when a principal issue that needs serious consideration is that of meaningfulness. Are purposes and practices clear so that the consumer is givingmeaningful consent?
Both the EU and Canadian papers support 'privacy by design'. The Canadian paper notes that the ability of individuals to exert control lies in the 'architecture' of a site: “when privacy controls are difficult to find or understand on a website, the ability to exert any control drops.” The Canadian paper says that one-click access to information about behavioural advertising, with the opportunity to opt out of behavioural advertising (using a permanent cookie), could address some of the concerns, but only if it works and is broadly implemented. In the United States and Canada, there is discussion as to the feasibility of a Do Not Track Registry, which would allow consumers to opt out of being tracked online.
Generally, regulators have received one recent initiative favourably. In October 2010 a group of the largest media and marketing trade associations in the United States launched the Advertising Option Icon (i icon) program. The program uses a logo accompanied by notices displayed within or near online advertisements or on webpages where data is collected and used for behavioural advertising. However, the program may not put the issue to rest. The Canadian paper says that: “while we are encouraged by innovative ways to better inform individuals, and we think the i icon is a step in the right direction, opt-out consent may not sit well with many users”.
The i icon program is a concerted attempt at self-regulation. However, many still question whether the era of self-regulation is nearing an end or whether it still has relevance among regulators. The path is still unpaved but presently it still appears to have a place. For example, in July 2010 US Representative Bobby Rush introduced a bill, the Best Practices Act, which proposes safe harbour for entities that participate in self-regulatory programs approved by the Federal Trade Commission.
* Jennifer McKenzie (BA, LLB) is a partner, barrister, solicitor and registered trademark agent with Bereskin & Parr LLP. She is head of the firm’s regulatory, advertising and marketing group. She specialises in marketing, advertising, consumer protection law, privacy law and trademark prosecution and enforcement.
* Catherine Lovrics (BA, LLB) is an associate, barrister, solicitor and registered trademark agent with Bereskin & Parr LLP. She is a member of the firm’s trademark, copyright/new media and regulatory, advertising and marketing practice groups. She is the author of numerous articles and the recipient of the 2010 Lexology Legal Writing Award in the category for Author of the Year for E-commerce Canada.
Privacy Considerations in Online Social Networking for Young Lawyers
Wednesday, March 9, 2011
7:45 AM to 9:00 AM
7:45 AM Registration and Light Breakfast
8:00 AM to 9:00 AM Program
Perley-Robertson, Hill & McDougall LLP
340 Albert Street, Suite #1400
Jennifer Seligy, Office of the Privacy Commissioner of Canada
Louisa Garib, Office of the Privacy Commissioner of Canada
Public Interest Advocacy Centre
Hamilton | Appotive LLP
As a young lawyer, are you using social networks like Facebook to build your practice? For personal purposes? Both? Are your clients using Facebook? If you’ve answered yes to any of these questions, then this program is for you.
Join us for valuable insight and interesting anecdotes from Jennifer Seligy and Louisa Garib, lawyers both practicing with the Office of the Privacy Commissioner of Canada (OPC), with respect to the OPC’s investigation into Facebook and their extensive work on online privacy. We will explore privacy concerns that young lawyers should consider when using social media personally and professionally with a view to providing tips to protect your privacy and online reputation. Don't miss this complimentary breakfast sizzler and the opportunity to discuss online privacy with lawyers from the Office of the Privacy Commissioner!
R. v. Gomboc: Informational and Territorial Privacy Interests Not Equal to Reasonable Expectation of Privacy
Jurisprudence in criminal law is still shaping privacy principles in relation to the collection and use of evidence for prosecution. Canada’s apex court over the years, through a line of cases, has developed the analytical framework to determine what constitutes a reasonable expectation of privacy that merits constitutional recognition.
The latest in the line of these cases is the decision of the Supreme Court of Canada (SCC) in R. v. Gomboc that was released on November 24, 2010. Gomboc validates and builds on the approach that the SCC took in R. v. Plant and R. v. Tessling. At issue in the Gomboc case was whether Mr. Gomboc had a reasonable expectation of privacy, pursuant to section 8 of the Canadian Charter of Rights and Freedoms, in information about the pattern of use of electricity obtained from a digital recording ammeter (DRA) that was installed in his home by a utility company, Enmax, at the request of the Calgary Police, prior to a warrant to search his home.
The Police on suspicion that Mr. Gomboc could be involved in marijuana grow operation asked the utility company to install the DRA to measure the electrical power flowing into his home. On the basis of the DRA evidence and other information obtained in the course of its investigation, the Police obtained a search warrant. As a result of the search, the Police seized marijuana and items related to marijuana grow operation from the home.
At trial, the court admitted the DRA evidence and Mr. Gomboc was convicted of drug-related offences. The Alberta Court of Appeal overturned the decision of the trial court and ordered a new trial, concluding that Mr. Gomboc had a reasonable expectation of privacy in the DRA information.
The majority of the SCC sided with the trial court and restored the conviction of Mr. Gomboc. In setting aside the judgment of the Alberta Court of Appeal, the majority of the SCC noted that the facts in Gomboc engaged a consideration of two categories of privacy interests – informational and territorial privacy. It sought guidance in the principles espoused by the SCC in earlier cases, notably Plant and Tessling, in which informational and territorial privacy interests overlapped. Plant stands for a proposition that a homeowner has no expectation of privacy in electricity use records maintained by a utility. In Tessling, the issue was a claim of privacy interest in heat patterns emanating from a private home and photographed by police using an aircraft.
Although it acknowledged the relevance of Plant and Tessling to the consideration of issues in Gomboc, the majority also took into account the peculiar facts of the Gomboc case, including Enmax’s role as a third party cooperating with a police request and the Code of Conduct Regulation, Alberta Regulation 160/2003, which governed the confidentiality of the utility company’s customer information.
The majority adopted the reasoning in R. v. Patrick in finding that Mr. Gomboc had a subjective expectation of privacy in the pattern of electricity use contained in the DRA evidence. However, it noted that Mr. Gomboc’s expectation of privacy was predicated on the provisions of the Code of Conduct Regulation that permit disclosure of customer information to a law enforcement authority.
Unlike the three other judges who concurred in the outcome of the majority by concluding that the legislative scheme was sufficient to erode the expectation of privacy, the majority preferred to view it as one of the relevant factors that must be weighed in the disposition of the case.
The majority said that in determining the expectation of privacy, the key question is whether disclosure involved biographical core data, revealing intimate and private information for which individuals rightly expect constitutional privacy protection. In other words, are the DRA data the sort of information that society accepts should remain out of the state’s hands because of what it reveals about the person involved, the reasons why it was collected, and the circumstances in which it was intended to be used.
Noting that the DRA technology, in its current form, is not capable of giving access to an occupant’s personal information, the majority found that the DRA data provided an additional piece of information to evaluate police suspicion about Mr. Gomboc’s home. It concluded that the DRA is not meaningfully more invasive of privacy than the electricity records in Plant or the heat signatures in Tessling.
The majority hinged its decision that a claim of reasonable expectation of privacy has not been made out on the following factors:
The nature and quality of the information (DRA data),
Its remoteness from the biographical core of personal information which individuals in a free and democratic society would wish to maintain and control from dissemination to the state, and
The legislative scheme (Code of Conduct Regulation) permits disclosure of customer information to a law enforcement authority.
In relation to section 8 right to privacy under the Charter, the SCC continued with its two-step analysis of reasonable expectation of privacy – whether Mr. Gomboc had a subjective expectation of privacy and whether that expectation of privacy was objectively reasonable. In carrying out this analysis, the majority relied on the totality of circumstances in Gomboc to find that a reasonable expectation of privacy did not exist.
The Gomboc decision illustrates again that due to the varied and wide-ranging concept of privacy, the Court is reluctant to find a privacy interest protected by section 8 of the Charter, where personal privacy is not at issue, unless ‘the totality of circumstances’ bears out that such interest is deserving of constitutional recognition.
Claims for damages
Award of damages in the context of PIPEDA is also the subject of the article co-authored by Bridget McIlveen and Rachel St. John on the landmark decision of the Federal Court in Nammo v. TransUnion of Canada Inc. Their article also comments on the judgment of the Ontario Court of Appeal in Citi Cards Canada Inc. v. Pleasance that examined the issue of disclosure of mortgage information to a third party creditor under PIPEDA.
We note that the decision in Nammo followed another earlier ruling in Steven v. SNF Maritime Metal Inc. by the Federal Court that found that despite the Privacy Commissioner of Canada’s finding of a breach of privacy, the claim of the applicant did not merit a remedy for damages under section 16 of PIPEDA. While the Federal Court agreed that there was a breach of PIPEDA in the respondent disclosing the applicant’s account information to his former employer, it found that the disclosure was at the low end of sensitivity of personal information.
Saying that the applicant has not come to the court with clean hands, having admitted that some of the money that the respondent paid into his account belonged to his former employer, the Federal Court was of the view that the applicant’s claim for damages was truly grounded in wrongful dismissal and not privacy breach. According to the Federal Court, “PIPEDA’s section 14 right and section 16 remedy is not a substitute for matters which are truly claims for wrongful dismissal”.
In finding that the applicant’s information that was disclosed was not deeply personal or intimate, but rather commercial and the type of information frequently spoken about in a social context, the Federal Court declined to award any damages. It added: “The PIPEDA right of action is not an end run on existing rights to damages. It is a right to a different type of damages claim – breach of the right to privacy”.
Writing from the perspective of a stakeholder, Ayanna Ferdinand reviews the pertinent provisions of Bill 122, the Broader Public Sector Accountability Act, 2010 that make FIPPA apply to hospitals in 2012 and comments on what is at stake for hospitals. She has identified two significant problems posed by FIPPA to hospitals and what needs to be done.
The author’s message: hospitals as part of their commitment to public accountability and transparency welcome Bill 122 that extends FIPPA’s application to hospital records, but there is a need for some legislative fixes.
With hospitals coming on board in 2012, the broad public sector will now be fully under FIPPA ‘umbrella’.
For those interested in privacy issues related to online behavioural advertising, Jennifer McKenzie and Catherine Lovrics in their article comment on the efforts of regulators to safeguard privacy of consumers.
On the international scene, there is a report from Allison Knight and Bonnie Freedman on what transpired at the 32nd International Conference of Data Protection and Privacy Commissioners held in Jerusalem, Israel.
Rounding off this issue’s presentation is Laura Davison article on Jennifer Stoddart, the 2010 Recipient of the Karen Spector Memorial Award for Excellence in Privacy Law. The Editorial Board congratulates Ms. Stoddart on her Award. The call for nominations for 2011 Award is open.
*Abi Lewis is a Counsel at the Ontario Ministry of the Attorney General, Social Justice Programs and Policy Division.