Date: 20051129
Docket: T-1865-04
Citation: 2005 FC 1601
BETWEEN:
RANDY TURNER AND
THE TELECOMMUNICATIONS WORKERS UNION
Applicants
AND
TELUS COMMUNICATIONS INC.
Respondent
AND
THE PRIVACY COMMISSIONER OF CANADA
Added Respondent
T-1864-04
BETWEEN:
PAUL BERNAT AND
THE TELECOMMUNICATIONS WORKERS UNION
Applicants
AND
TELUS COMMUNICATIONS INC.
Respondent
AND
THE PRIVACY COMMISSIONER OF CANADA
Added Respondent
T-1863-04
BETWEEN
HENRY FENSKE AND
THE TELECOMMUNICATIONS WORKERS UNION
Applicants
AND
TELUS COMMUNICATIONS INC.
Respondent
AND
THE PRIVACY COMMISSIONER OF CANADA
Added Respondent
T-1862-04
BETWEEN:
PAUL WANSINK AND
THE TELECOMMUNICATIONS WORKERS UNION
Applicants
AND
TELUS COMMUNICATIONS INC.
Respondent
AND
THE PRIVACY COMMISSIONER OF CANADA
Added Respondent
INTRODUCTION
[1] By applications filed the 15th of October 2004, Paul Wansink, Henry Fenske, Paul Bernat and Randy Turner, each together with The Telecommunications Workers Union, sought a hearing or hearings in respect of the subject matter of complaints made by them to the Privacy Commissioner (the "Commissioner") that were responded to by the Commissioner by letters dated the 3rd of September, 2004. The applications were filed pursuant to subsection 14(1) of the Personal Information Protection and Electronic Documents Act ("PIPEDA")[1]. Subsection 14(1) of PIPEDA reads as follows:
| 14. (1) A complainant may, after receiving the Commissioner's report, apply to the Court for a hearing in respect of any matter in respect of which the complaint was made, or that is referred to in the Commissioner's report, and that is referred to in clause 4.1.3, 4.2, 4.3.3, 4.4, 4.6, 4.7 or 4.8 of Schedule 1, in clause 4.3, 4.5 or 4.9 of that Schedule as modified or clarified by Division 1, in subsection 5(3) or 8(6) or (7) or in section 10. |
|
14. (1) Après avoir reçu le rapport du commissaire, le plaignant peut demander que la Cour entende toute question qui a fait l'objet de la plainte - ou qui est mentionnée dans le rapport - et qui est visée aux articles 4.1.3, 4.2, 4.3.3, 4.4, 4.6, 4.7 ou 4.8 de l'annexe 1, aux articles 4.3, 4.5 ou 4.9 de cette annexe tels que modifiés ou clarifiés par la section 1, aux paragraphes 5(3) ou 8(6) ou (7) ou à l'article 10. |
|
|
|
|
While there are some variations in the reliefs sought and the grounds for the reliefs sought on the four applications, the factual background to the four (4) applications is essentially identical.
[2] By order dated the 31st of December, 2004, Prothonotary Hargrave consolidated the four (4) applications and provided that the application on file T-1865-04, that of Randy Turner and The Telecommunications Workers Union, would be the "lead file for the purposes of ongoing proceedings." The four applications were heard, as one, at Vancouver, British Columbia on the 20th, 21st and 22nd of September, 2005. This single set of reasons will apply in respect of all four (4) applications. Separate orders providing identical reliefs will be issued.
[3] By further order dated the 22nd of February, 2005, Prothonotary Tabib granted leave to the Privacy Commissioner of Canada to appear as an added Respondent on the consolidated application.
BACKGROUND
a) The Parties
[4] Randy Turner, Paul Bernat, Paul Wansink and Henry Fenske (the "Individual Applicants") were, at all relevant times, employees of Telus Communications Inc. and members of a bargaining unit of employees of that employer represented exclusively by the trade union applicant, The Telecommunications Workers Union.
[5] Telus Communications Inc. ("Telus") is a federal work and undertaking and provides wire-line telephone, internet and other services in numerous provinces in Canada, including Alberta and British Columbia.
[6] The Telecommunications Workers Union ("TWU") is a trade union as defined by the Canada Labour Code. It represents the Individual Applicants in matters of employment pursuant to the terms of a collective agreement between TWU and Telus. It purports to have complained to the Commissioner and to come before this Court in a representational capacity as certified bargaining agent on behalf of the Individual Applicants.
[7] The Commissioner is the Privacy Commissioner appointed under section 53 of the Privacy Act[2]. The Commissioner is assigned responsibilities under PIPEDA.
b) "e.Speak" and "Nuance Verifier"
[8] In late 2002, Telus introduced a new technology called "e.Speak" to its operational practices. e.Speak uses voice recognition technology to allow employees of Telus to access and use Telus' internal computer network by speaking commands through a telephone, as opposed to using a designated computer terminal or having another employee, typically a clerk, access the network on their behalf. Using e.Speak, Telus employees working in the field can execute various network operations by using any available telephone, including a cellular telephone. Telus alleges, and provides substantial evidence in support of its allegation, that the use of e.Speak has resulted in business advantages for Telus by increasing employee efficiency and reducing costs.
[9] Because e.Speak is a direct connection to the Telus internal computer network, when an employee attempts to access e.Speak by telephone, their identity must be verified so that confidential information held within the data stores of the network is protected. Unauthorized access to the data stores and to confidential information held therein would, it is alleged, be significantly damaging to Telus.
[10] The identity verification system that is used by Telus to grant or withhold access to e.Speak is a computer program known as Nuance Verifier which uses speaker verification technology to verify the identity of persons seeking to access e.Speak.
[11] Nuance Verifier was apparently developed and is marketed by a company called Nuance Communications ("Nuance").
[12] Nuance describes its Nuance Verifier speaker verification technology in written materials distributed by it that are annexed as exhibits to the affidavit of Randy Turner filed with the Court. The following are extracts from that material:
...
Voice authentication, also known as "speaker verification", is defined as the automated verification of a person's claimed identity, based on unique characteristics of their voice.
There are three main ways to verify a person's identity: it can be done based on something that the person has (ID card, badge), something that the person knows (password, PIN, personal information), or something that the person "is": that is the biometric. One of the better-known biometrics is a fingerprint. In fact, a voice print is as unique as fingerprint. A voice print measures behavioral characteristics of the way the person speaks, as well as physical characteristics of the person's vocal track. During voice authentication, the voice of the user is compared to the stored voice print to verify the claimed identity.
Voice authentication offers many advantages over other verification methods, including other biometrics (fingerprint, iris and face-scans.)
· Voice authentication is much more secure than passwords and PINs, which can be stolen, guessed and forgotten.
· It is ubiquitous and unobtrusive - voice authentication can be seamlessly integrated into the callers' experience.
· It does not require special hardware, or scanning devices - just the user's voice and a telephone or microphone.
...
Nuance Verifier uses voice biometrics to securely authenticate the identity of a caller.[3] ...
...
This biometric technology captures specific physical characteristics of the human voice, using those characteristics to identify callers.
...
Like a fingerprint, Nuance Verifier voice authentication software creates individual voice prints to authenticate callers and customers with just their voices, enabling secure access to information.[4]
...
In a controlled environment, voice print and fingerprint will provide similar accuracy. However, there are significant deployment and usability disadvantages associated with fingerprint and other biometric technologies, such as iris and facial scans.
...
... Voice is also much less intrusive for the end-user than iris, finger, or face scanners. People feel uncomfortable having their eye or face scanned. Fingerprints are somewhat less intrusive, but require physical contact with a device, which has its own set of usability issues.[5]
[13] In order for an employee to use the Nuance Verifier speaker verification technology, the employee must initially participate in an "enrollment process" that results in the generation of a "voice template", sometimes referred to by Telus and Nuance as a "voice print".
[14] Nuance describes the "enrollment process" in the following terms:
...
A caller goes through a one-time voice enrollment process where a sample of the voice is taken and a voiceprint is created and stored. Voiceprints are not audio samples, but a matrix of numbers that represent the characteristics of the user's voice and vocal tract.[6]
...
... Callers participate in a brief one-time enrollment process during which they answer several questions, allowing Nuance Verifier to capture and store their voice- print.[7] ...
[15] Enrollment voice templates or voice prints which, as noted in the second-above brief quotation are a "matrix of numbers" rather than an audio sample, are stored, according to Telus' evidence, under substantial security, presumably for as long as the provider remains an employee of Telus or continues to work with Telus in a capacity that requires him to access e.Speak by telephone. Access to e.Speak then requires production of a second voice template or voice print which in turn is digitalized and matched against the caller's enrollment voice template or voice print. Assuming a match, access is provided. If a match is not obtained, access is denied. The second voice template or voice print, that is to say the "access voice template or voice print", is destroyed in a relatively short period of time, that is to say, one or two months.
c) The "Consultation" Process
[16] Telus has identified certain of its employees, including the four (4) Individual Applicants, as employees who are expected to undergo the enrollment process. Telus takes the position that the efficiency and effectiveness of the e.Speak system is dependent on the enrollment of all such identified employees. In the absence of enrollment, a parallel secure access system to data stores is required resulting in less efficiency and effectiveness. While Telus urges that it has consulted broadly and effectively with its employees, not their collective bargaining agent, on implementation of e.Speak, it has made it known that, for those who fail to enroll, "progressive discipline" will be invoked.
[17] The Individual Applicant Henry Fenske did enroll. That being said, he alleges that his enrollment was coerced and that he underwent enrollment against his will. He has apparently withdrawn his consent to enrollment. The remaining Individual Applicants have refused to enroll. To the date of the hearing before me, Telus had not yet implemented discipline against any of the Individual Applicants, apparently pending the outcome of this proceeding.
[18] The Individual Applicants take the position that neither at the time of their employment with Telus nor at any time during the course of their employment with Telus have they consented to the collection and use of any of their biometric personal information. Further, they allege that the collective agreement which governs the terms and conditions of their employment does not contain any provision whereby TWU, their representative, has provided consent on their behalf. The Individual Applicants deny that there was "meaningful" consultation in the implementation of e.Speak and further deny the allegation by Telus that it has "...carefully considered the balance between the needs of the business, and the privacy rights of our employees, and has taken steps to ensure employee privacy is maintained."[8]
THE COMPLAINTS TO THE PRIVACY COMMISSIONER
[19] Randy Turner filed with the Commissioner an extensive complaint, extending to thirty-six (36) pages and supported by some forty-one (41) pages of exhibits[9]. His complaint was noted as received in the office of the Commissioner on the 13th of February, 2004. In his complaint, Mr. Turner alleged that the implementation of e.Speak by Telus violated subsections 5(1) and (3) and section 7 of PIPEDA and Principles 4.1.4, in particular paragraphs (c) and (d) of that Principle, 4.3.1, 4.3.4, 4.3.5, 4.3.6 and 4.3.8 and 4.4 in Schedule 1 to PIPEDA. Further, Mr. Turner urged that such violations were contrary to the Canadian Charter of Rights and Freedoms[10], were contrary to principles of fairness and reasonableness and were irrational and an abuse of power and process.
[20] The other Individual Applicants filed much less formal and extensive complaints with the Commissioner.
PROVISIONS OF PIPEDA RELEVANT TO RANDY TURNER'S COMPLAINT TO THE COMMISSIONER AND TO THESE APPLICATIONS
[21] Subsection 14(1) of PIPEDA is quoted earlier in these reasons. Other provisions of PIPEDA that are relevant to Randy Turner's complaint to the Commissioner and to these applications are set out in full in a Schedule to these reasons.
THE REPORT BY THE PRIVACY COMMISSIONER
[22] For the purposes of these reasons, I will focus on the report of the Commissioner to the Individual Applicant Randy Turner, as did counsel before the Court. That report is dated the 3rd of September, 2004[11]. After a brief introduction and a summary of the investigation conducted, the Commissioner's representative recorded her findings in the following terms:
This Office, in the past, has had the opportunity to consider the issue of employee consent with respect to certain job requirements that impinge upon privacy. In considering the appropriateness of making a privacy-invasive measure a job requirement, the purposes for introducing the measure must be looked at in the context of the reasonable person test, outlined in subsection 5(3) [of PIPEDA].
Simply put, would a reasonable person consider it appropriate for TELUS to collect your voice print to access e.Speak applications, in the circumstances? The company has provided three reasons for introducing e.Speak with its voice password technology: security, efficiency, and cost-effectiveness. Such a system is clearly more efficient and cost effective than paper processes and password management, and it is logical that a company would want to introduce economies and efficiencies to remain competitive in the telecommunications industry. The more persuasive argument, however is that the voice password is needed to ensure security. TELUS evaluated the risk associated with managing large amounts of customer data and concluded that e.Speak offers the highest level of protection from unauthorized access. This proactive approach is aimed at safeguarding the personal information of customers and meeting the expectation of customers that their data will be protected.
The purpose of the Act is to balance the individual's right of privacy with respect to their personal information and the need of organizations to collect, use, or disclose personal information for appropriate purposes in the circumstances. Is the loss of your privacy proportionate to the benefits the company is likely to gain? The first step in answering that question is to determine just how privacy invasive a voice print really is.
There is no question that a voice print is an encroachment upon your person. TELUS is collecting the behavioural and physical characteristics that make your voice unique. But how much does it tell about you? Can a voice print - in and of itself - reveal, for example, your work history, the state of your health or any possible criminal record? In my view, the voice print does not tell much about the individual so the issue to consider is could it be used to find out more about the individual or misused in some other way? Indeed, you expressed concern about the various uses to which your voice print could be subjected, such as spying on employees or identifying an employee who calls into a radio talk show to criticize the employer. But those who know you also know your voice. If an employee was publicly critical of his or her employer on a talk show, and the individual's supervisor happened to hear it, the fact that the employer has a voice print on file has no effect on the likelihood of the employee being recognized. Moreover, TELUS has demonstrated to our satisfaction that, technically speaking, it can only use the voice print for authentication purposes in its current setup, and cannot use it for spying or other nefarious purposes. In the circumstances of this complaint, therefore, a voice print that is used solely for one-to-one authentication purposes seems to be fairly benign.
On the other side, TELUS' need to remain competitive is one that has very real consequences for employees. If a third party were to gain access to customer data, consumer confidence in the company's ability to protect its information would be seriously eroded. In today's highly competitive business environment, customers would likely turn to another company for service and the potential losses to TELUS could be enormous. The cost savings of streamlining business processes are also of importance in today's market place. If the company cannot make money and remain competitive, it cannot stay in business, and employees are soon out of work. Given that the voice print does not appear to be unduly invasive, it would seem that an appropriate balance has been struck. That is not [to] say that any privacy-impinging measure a company introduces would be considered appropriate. The loss of privacy must always be weighed against the benefits, and the purposes for the measure must be grounded in a defensible need.
In our view, a reasonable person would likely consider TELUS' purposes in the circumstances to be appropriate. The company informed employees of its purposes, and clearly has appropriate safeguards in place to protect the voice print information. Given the above, I find TELUS in compliance with subsection 5(3), and Principles 4.2 and 4.7.
To return then to consent, employees are obliged to record certain work-related information as part of their job requirements. Must TELUS provide you with an alternative? Since the purposes, which were explained to employees, for collecting and using the voice print are reasonable, and providing an alternative concurrent with e.Speak would not ensure the desired level of security and thus would not meet these purposes, my response is no. I am of the view that the collection and use of this particular biometric, in this particular set of circumstances, is reasonable. I therefore find that the consent requirements set out in Principle 4.3 have been met.
Accordingly, I conclude that the portion of your complaint concerning the collection of the voice print is not well-founded.
You also raised concerns regarding the absence-reporting application. We agree that e.Speak should not be prompting employees to input the medical reason underlying their sickness. The provision of such information to a manager for the purpose of calling in sick is excessive and contrary to Principle 4.4 which limits the collection of personal information to that which is necessary for the purposes identified. TELUS has agreed to amend its absence reporting e.Speak application so that employees are not prompted to specify why they are calling in sick. I am requesting that the company report back to me within 120 days of the date of this finding to confirm that these changes have been implemented.
Accordingly, I conclude that the part of your complaint regarding the collection of personal information by the absence-reporting application is resolved.
[emphasis added]
[23] The Commissioner's delegate then continues in her reporting letter to outline the recourse available to the Applicant, Randy Turner, under section 14 of PIPEDA, which recourse has been adopted by the Individual Applicants through this proceeding. Recourse in respect of the Commissioner's conclusion regarding reporting of medical reasons underlying sick leave applications was not pursued at hearing since each of the Individual Applicants was essentially successful before the Commissioner in this regard.
THE RELIEFS SOUGHT
[24] The reliefs sought on these applications were not entirely uniform in the Notices of Application filed. That being said, a uniform set of reliefs was provided in the consolidated Applicants' Memorandum of Fact and Law in the following terms:
The Applicants seek:
A Declaration that Telus has contravened Sections 5(1) and 5(3) of PIPEDA by requiring employees, including the Applicants, to provide biometric personal information for Telus' use in authenticating identity.
A Declaration that Telus has contravened Sections 5(1) and 5(3) of PIPEDA by requiring employees to provide the medical reason underlying a claim of illness-related absence.
An Order, pursuant to Section 16(a) of PIPEDA, that Telus correct its practices by:
1. Ceasing and desisting from requiring employees to provide biometric personal information; and
2. Ceasing and desisting from requiring employees to provide the medical reason underlying a claim of illness-related absence.
An Order pursuant to Section 16(b) of PIPEDA, that Telus publish a notice of any action taken and/or proposed to be taken to correct its practices.
An Order pursuant to Section 16(c) of PIPEDA, that Telus pay damages in an amount to be determined by the Court to the Applicant, Henry Fenske, for the humiliation that he suffered as a result of Telus' contravention of PIPEDA.
Costs of this Application.
Such further and other relief as counsel may request at the hearing of this Application and which this Honourable Court deems appropriate.
[25] At the close of the hearing, the foregoing list of reliefs was revisited. Counsel for Telus urged that, if the Applicants were successful, counsel should be provided an opportunity to review and make submissions as to the form and content of the proposed relief. Counsel for the Commissioner took no position as to appropriate relief except to urge that no costs should be ordered payable by or to the Commissioner. Also on the issue of costs, counsel for the Applicants urged that, if Telus was successful, no costs should be ordered against the Applicants since significant issues of broad importance were raised on this application and, in the submission of counsel, and this is a submission for which I have some sympathy, Telus had been somewhat high-handed in its dealings with employees regarding the implementation of e.Speak and the Nuance Verifier technology.
[26] The second relief sought regarding the provision of medical reasons underlying a claim for illness-related absence, was, as earlier indicated, dropped since the Applicants were essentially successful in this regard before the Commissioner.
[27] Some modification of the first branch of the third relief was suggested so that any injunction against a requirement that employees provide biometric personal information would not apply if the appropriate collective agreement was modified to permit such a requirement. The second branch of the third relief, that is to say the request for an order that TELUS cease and desist from requiring employees to provide medical reasons underlying a claim of illness-related absence was, like the second relief, withdrawn.
[28] Finally, I advised counsel that I was disinclined to order any payment of damages.
[29] No "further and other relief" was requested by counsel at hearing.
THE ISSUES
[30] A proceeding under section 14 of PIPEDA is not a judicial review of the Commissioner's report or her conclusions or recommendations. Rather, it is a fresh application to this Court in the nature of a de novo proceeding. In Englander v. Telus Communications Inc.[12], Justice Décary, for the Court, wrote at paragraphs 47 and 48:
...I find no difference on a procedural point of view between an application "for a remedy" ("former un recours") under subsection 77(1) of the Official Languages Act and an application "for a hearing" ("que la Cour entende") under subsection 14(1) of [PIPEDA]. The investigations carried out pursuant to a complaint by the Official Languages Commissioner and the Privacy Commissioner basically follow the same pattern. The application to the Federal Court in both cases may be made by a complainant and is to be heard in a summary way. What is at issue in both proceedings is not the Commissioner's report, but the conduct of the party against whom the complaint is filed. And the remedial power of the Court in the PIPED Act, even though not drafted in Charter language, is remarkably broad.
As found in Forum des maires, therefore, the hearing under subsection 14(1) of the Act is a proceeding de novo akin to an action and the report of the Commissioner, if put in evidence, may be challenged or contradicted like any other document adduced in evidence.
[31] Against the foregoing, counsel for the Applicant urged that the points in issue in this proceeding are the following:
1. Has Telus met its obligations under PIPEDA to obtain consent prior to collecting and using employee biometric personal information?
2. Do the reasons provided by Telus for its collection and use of biometric personal information constitute purposes that a reasonable person would consider appropriate in the circumstances?[13]
[32] While counsel for Telus phrases the foregoing issues differently, I am satisfied that there is no disagreement in substance. That being said, counsel for Telus raises a third issue, that being whether TWU has standing in this proceeding.
[33] Counsel for the Commissioner asserts the same issue raised on behalf of Telus regarding standing of TWU. Further, counsel for the Commissioner raises issues regarding: the weight to be given to the factors taken into consideration by the Commissioner in balancing the interests of the parties under subsection 5(3) of PIPEDA; whether this Court should apply the legal-analytical framework and factors considered by the Commissioner in balancing those interests; the role of a union such as TWU where an employer such as Telus seeks consent for the collection and use of personal information from its employees; and the appropriate principles to govern an assessment of whether the Applicants consented to the collection and use of their personal information in accordance with Principle 4.3 in Schedule 1 to PIPEDA.
ANALYSIS
a) Standing for The Telecommunications Workers Union
[34] Subsection 11(1) of PIPEDA (see the Schedule to these reasons) provides that an individual may file with the Commissioner a written complaint against an organization, such as Telus, for contravening a provision of Division 1 of PIPEDA or for not following a "recommendation" set out in Schedule 1 to PIPEDA. Sections 5 to 10 of PIPEDA constitute Division 1 and are under the heading "Protection of Personal Information". The "Principles" quoted in the Schedule to these reasons are all contained in Schedule 1 to PIPEDA and are presumably among the "recommendations" referred to in subsection 11(1). The Individual Applicants filed such complaints, which were investigated and responded to on behalf of the Commissioner, in a manner that eventually led to this proceeding. The Telecommunications Workers Union filed no such complaint and, urged counsel for Telus and the Commissioner, was not entitled to, since it is not an "individual".
[35] Pursuant to subsection 14(1) of PIPEDA[14], a complainant may, after receiving a report from the Commissioner in respect of his or her complaint, apply to this Court for a hearing. The Telecommunications Workers Union purports to apply to this Court in accordance with subsection 14(1) of PIPEDA.
[36] I am satisfied that The Telecommunications Workers Union was not entitled to apply to this Court and is not a proper party to this proceeding. As noted, it did not make a complaint in accordance with subsection 11(1) of PIPEDA and thus, it is not a "complainant" within the meaning of subsection 14(1). Further, even if it were an appropriate "complainant", there is no evidence before the Court that it received any of the Commissioner's reports here before the Court, nor is there any evidence that it was entitled to receive those reports.
[37] Finally for the purposes of this issue, I am satisfied that The Telecommunications Workers Union is not an "individual" within the meaning of that term in subsection 11(1) of PIPEDA. Whether The Telecommunications Workers Union or an equivalent could be such an "individual" in circumstances where a collective agreement between an employer such as Telus and itself authorized or required it to represent its members, for purposes of consent, in respect of a matter within the scope of PIPEDA, is a matter for another day.
[38] In the result, during the course of the hearing of this matter, I indicated that orders would go striking The Telecommunications Workers Union as an Applicant in these proceedings. That conclusion on behalf of the Court had essentially no impact on the course of the hearing since the same counsel represented the Individual Applicants and The Telecommunications Workers Union before the Court.
b) The Collection of Personal Information that is at issue - Was it only for purposes that a reasonable person would consider are appropriate in the circumstances?
[39] The issue question as here phrased reflects the terminology of subsection 5(3) of PIPEDA which is set out in the Schedule to these reasons. It reflects an acknowledgement that characteristics of a person's voice are personal information, an acknowledgement not disputed before the Court and that I accept without reservation. Subsection 5(3) requires a balancing of interests viewed through the eyes of a reasonable person; in this case, the business interests that Telus alleges and the privacy interests of its employees, as put forward by the Individual Applicants. Neither interest is absolute.
[40] In R. v. Tessling[15], Justice Binnie, for the Court, wrote at paragraph 25 of his reasons:
Privacy is a protean concept, and the difficult issue is where the "reasonableness" line should be drawn. Sopinka J. offered a response to this question in the context of informational privacy in Plant, supra, at p. 293, as follows:
In fostering the underlying values of dignity, integrity and autonomy, it is fitting that s. 8 of the Charter should seek to protect a biographical core of personal information which individuals in a free and democratic society would wish to maintain and control from dissemination to the state. This would include information that tends to reveal intimate details of the lifestyle and personal choices of the individual. [emphasis added by Justice Binnie]
[41] While the Supreme Court, in the Tessling matter, was considering the concept of privacy in a very different context, that being a criminal law context and a Charter challenge, I am satisfied that the foregoing is applicable here. Privacy is a variable or changing concept, which is to say, a "protean" concept. Privacy rights are neither absolute at one extreme nor insignificant at the other. Their location on the spectrum between those two extremes is variable, depending upon the totality of the factual situation in which they are being examined. I adopt, as my own and on the evidence before me, the Commissioner's conclusion that, while voice characteristics are undoubtedly personal information, on the spectrum just described, they are towards the lower end, notwithstanding the contrary view urged on behalf of the Individual Applicants.
[42] Once again in a criminal law context, Justice Cory, in R. v. Edwards[16] enumerated a series of factors to be addressed, on the facts there before the Court, in determining whether an expectation of privacy was reasonable. One of those factors was whether or not the information was already in the hands of third parties. A person's voice is a unique feature of his or her person that he or she exposes to a greater or lesser number of persons every day. Indeed, I am satisfied that it is safe to say that the Individual Applicants, in the course of their employment, exposed the unique nature of their voices to some of their colleagues and likely others every day. It is this same unique feature of their persons that Telus sought to have recorded, not merely exposed, but not recorded in its natural form, but rather in a digitalized form.
[43] Telus provided substantial information to its employees, albeit arguably self-serving information, regarding the nature of the Nuance Verifier technology, the uses to which the digitalized recording of voice characteristics would be put and the security measures which would be undertaken to protect the digitalized recordings.
[44] By contrast, counsel for the Individual Applicants raised the spectre of potential future uses, against a rather Orwellian background and highly hypothetical risks that the security measures adopted by Telus would be breached.
[45] I am satisfied that the test of what a reasonable person would consider to be appropriate in the circumstances must be applied against the circumstances as they exist. I accept that circumstances can change, that new uses and applications can be contemplated and adopted, and that new technologies to breach security can be developed. I am satisfied that those new uses and applications, and changes in technology that might render Telus' security precautions inadequate, are to be tested only when they are real and meaningful, not when they are hypothetical.
[46] I am further satisfied that the foregoing is supported by the words of Justice Binnie in Tessling, above, where, at paragraph 55, he wrote by reference to the reasoning in the Court below:
I agree with Abella J.A. that the spectre of the state placing our homes under technological surveillance raises extremely serious concerns. Where we differ, perhaps, is that in my view such technology must be evaluated according to its present capability. Whatever evolution occurs in future will have to be dealt with by the courts step by step. Concerns should be addressed as they truly arise. ...
[emphasis in the original]
I am satisfied that the foregoing applies directly here with Justice Binnie's text modified to read as follows:
I agree...that the spectre of Telus utilizing voice prints collected on consent for specific purposes, for purposes that constitute an unreasonable extension of the original purposes, or others breaching the security surrounding the storage of the voice prints, raises extremely serious concerns. Where we differ, perhaps, is that in my view, collection and use must be evaluated according to present circumstances. Whatever evolution occurs in future will have to be dealt with by the courts step by step. Concerns should be addressed as they truly arise. ...
[47] Once again in Englander v. TELUS Communications Inc., above, at paragraphs 38 and 39, Justice Décary wrote:
The purpose of the PIPED Act is altogether different [from the purpose of the Privacy Act]. It is undoubtedly directed at the protection of an individual's privacy; but it is also directed at the collection, use and disclosure of personal information by commercial organizations. It seeks to ensure that such collection, use and disclosure are made in a manner that reconciles, to the best possible extent, an individual's privacy with the needs of the organization. There are, therefore, two competing interests within the purpose of the PIPED Act: an individual's right to privacy on the one hand, and the commercial need for access to personal information on the other. However, there is also an express recognition, by the use of the words "reasonable purpose", "appropriate" and "in the circumstances" (repeated in subsection 5(3)), that the right of privacy is not absolute.
The PIPED Act is a compromise both as to substance and as to form.
[48] Taking into account the foregoing, and against the above brief analysis of: the degree of sensitivity associated with voice prints as personal information; the security measures implemented by Telus; the bona fide business interests of Telus as established on the evidence before the Court and to which the collection of voice prints is directed; the effectiveness of the use of voice prints to meet those objectives; the reasonableness of the collection of voice prints against alternative methods of achieving the same levels of security at comparable cost and with comparable operational benefits; and the proportionality of the loss of privacy as against the costs and operational benefits in the light of the security that Telus provides; I conclude that the collection of the voice print information here at issue would be seen by a reasonable person to be appropriate in the circumstances, as they existed at all times relevant to this matter, and against the security measures adopted by Telus.
c) Has Telus met its consent obligations under PIPEDA?
[49] It was not in dispute before the Court that consent to the collection, use or disclosure of personal information from an employee is required "except where inappropriate" and subject to certain exceptions. The general principle is expressed in Principle 4.3, the relevant provisions of which are set out in the Schedule to these reasons. I am satisfied that the "except where inappropriate" qualification does not here apply.
[50] Subsection 7(1) of the Act, also set out in the Schedule, enumerates further exceptions to the general principle. Only two of those exceptions might apply here: first, that set out in paragraph 7(1)(a), to the effect that the collection is clearly in the interests of the individual and consent cannot be obtained in a timely way; and secondly, that set out in paragraph 7(1)(d), the information is publicly available and is specified by regulations made under PIPEDA.
[51] I am loathe to conclude that, on facts such as those before the Court where consent is sought from a large number of individuals by the employer of those individuals and the vast majority provide consent, while a very small minority, as here, refuse consent, Parliament intended that that small minority should be able to paralyse action by the employer that it considers to be in its business interests and that view is not opposed by the vast majority of the affected employees. Such a situation is, I am satisfied, within the scope of paragraph 7(1)(a). Thus, in circumstances such as those here before the Court, an organization, in this case Telus, may collect personal information without the consent of individuals such as the Individual Applicants where the collection is clearly in the interests of those individuals and their consent cannot be obtained in a timely way.
[52] On the facts of this matter, Telus sought to obtain voice prints from a substantial number of its employees and the vast majority of that number consented. Those who did not consent knew that Telus wished to obtain their consent. They continued to refuse to consent so that their consent could not be obtained in "...a timely way". They exercised their right to complain to the Commissioner. They received a report from the Commissioner which concluded that Telus' wish to obtain their consent was reasonable. The non-consenting employees exercised their right to come to this Court for a de novo review of the situation. Assuming that they will be unsuccessful in this Court, and they will be, it would not be in the interests of justice that a stalemate result.
[53] I am satisfied that this is one of the circumstances to which paragraph 7(1)(a) of PIPEDA is directed. While that paragraph will not enable Telus to proceed with full and complete implementation of e.Speak and to force employee enrollment, it will, I am satisfied, enable Telus to continue with the implementation of e.Speak at its current level and, if persons such as the Individual Applicants continue to withhold their consent, it will entitle Telus to proceed with "progressive discipline" in relation to all or any of them that is reasonable in all the circumstances.
[54] By contrast, I am satisfied that paragraph 7(1)(d) of PIPEDA is of no assistance to Telus in the current circumstances. While it is arguable that voice characteristics are "publicly available", that form of personal information is not specified by any regulations made under the authority of PIPEDA.
[55] If I am determined to be wrong in my analysis regarding the scope of paragraph 7(1)(a) of PIPEDA, there remains, I am satisfied, an alternative solution to the impasse that I perceive might flow from an absolute requirement to obtain consent from each and every individual affected. My analysis in that regard follows.
[56] It was not in dispute before the Court that three (3) of the Individual Applicants have never consented to take part in the Nuance Verifier enrollment process. While the fourth Individual Applicant did consent and did take part, he withdrew his consent as he was entitled to do under Principle 4.3.8.
[57] Counsel for the Individual Applicants urges that consent to disclosure of biometric personal information is a term or condition of employment and that, as such, given the collective agreement in force between Telus and TWU representing certain of its employees, including the Individual Applicants, even if the Individual Applicants had consented, that consent is of no force or effect since "...terms and conditions of employment must be negotiated with The Telecommunications Workers Union and that had not taken place in respect of the disclosures for which consent is sought in the context of this proceeding."
[58] Counsel for Telus urges that consent to the disclosure of the personal information here at issue is simply not a term or condition of employment and that therefore Telus' efforts to obtain consent directly from the Individual Applicants was entirely appropriate and TWU had no role to play regarding the consents.
[59] I accept the position urged on behalf of Telus in this regard. That being said, in circumstances where it is a matter of public knowledge that was clear to the Court, that the relationship between Telus and TWU on behalf of a significant number of Telus' employees was, at all relevant times, less than cordial, it was at least surprising and, perhaps more appropriately, astonishing, that Telus had apparently not engaged TWU in the process of attempting to achieve consents to the implementation of e.Speak.
[60] It was not in dispute before the Court that, while the three Individual Applicants had not consented to provide voice samples, and the fourth withdrew his consent, by far the vast majority of their colleagues at Telus in respect of whom Telus sought to implement e.Speak had consented and had provided voice samples for the purposes of Nuance Verifier. It was also not in dispute that one individual who had volunteered to provide a voice sample was incapable, for medical reasons, of fulfilling the appropriate requirements. In her case, special arrangements had been made to accommodate her situation. Finally, it was also not in dispute that, although Telus had "threatened", "progressive discipline" for those from whom it sought enrollment and who refused to consent to enrollment, no such discipline had been imposed and there was no evidence before the Court that such discipline would reach the level of dismissal, thus making the discipline imposed effectively reach to the level of a term or condition of employment.
[61] I am satisfied on the evidence before the Court that Telus was somewhat high handed in its efforts to achieve consent to enrollment and had been, since the commencement of the enrollment process, something less than forthcoming as to what it meant by "progressive discipline". That being said, I am satisfied that Telus was reasonably forthcoming in other respects in its consultations with its employees that it sought to enroll, that it was reasonably patient in that process and that, generally speaking, it neither bullied nor harassed its employees towards enrollment.
[62] The issue then reduces itself to the question: "What are the implications where Telus fails to achieve consent from a small minority of affected employees, such as the Individual Applicants, to enrollment in the e.Speak programme, where implementation of "progressive discipline" for failure to consent is not only implied but expressed, and where there is absolutely no evidence before the Court that Telus will escalate such "progressive discipline" to the point of termination, thus effectively making consent a term or condition of employment?
[63] I am satisfied that the foregoing question remains an issue for another day. Telus has, to a very large extent, implemented e.Speak. A very small minority, perhaps only the Individual Applicants, but perhaps also others, remain principled hold-outs. There is no basis on which to conclude that "progressive discipline" that might be implemented against hold-outs will reach the level of termination. To this point, I adopt the urgings of counsel for Telus that Telus has simply engaged, in what it considers to be the best interests of its business and, thus, arguably of its employees, including the Individual Applicants, in the exercise of its residual management rights. I cannot conclude that the obligation on the part of Telus to obtain consent to the implementation of the e.Speak system, in respect of the Individual Applicants, precludes Telus from implementing that system in respect of the vast majority of its employees to which it wishes to make the e.Speak system applicable.
[64] Counsel for the Individual Applicants cites Principle 4.3.3 against the conclusion I have reached in this regard. That principle, reproduced in the Schedule to these reasons, is reproduced here for ease of reference:
An organization shall not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfil the explicitly specified, and legitimate purposes.
With great respect, I am not satisfied that Telus' efforts to achieve the consent of the Individual Applicants to participate in the e.Speak system is being sought as "...a condition of the supply of a product or service,...". In the result, while my conclusion in this regard does not affect the result herein, I am not satisfied that the Individual Applicants are entitled to rely on Principle 4.3.3 in respect of this matter.
[65] The foregoing being said, quite apart from my analysis regarding the interpretation of paragraph 7(1)(a), of PIPEDA, I nonetheless conclude that Telus has fulfilled its consent obligations under PIPEDA in respect of the implementation of e.Speak. In introducing e.Speak applicable only to those who consented to enrollment, Telus acted within its residual management rights. The impact of "progressive discipline" against the small minority who have withheld their consent, as they are entitled to do, is for another day and for another forum.
d) Additional issues raised on behalf of the Commissioner
[66] As earlier indicated in these reasons, counsel for the Commissioner raised issues including the appropriate weight to be given to the factors taken into consideration by the Commissioner in her Report leading to this proceeding, whether this Court should apply the legal analytical framework and factors considered by the Commissioner in balancing the interests of the parties as required by subsection 5(3) of PIPEDA, the role of TWU in the process of seeking consent from the Individual Applicants and the appropriate principles in assessing whether the Individual Applicants consented to the collection and use of their personal information.
[67] To some extent, these issues have been addressed, directly or indirectly, in the foregoing analysis. To the extent that they have not been so addressed, I am reluctant to respond to them because they indirectly invite the Court to answer questions that would only be appropriate if this matter were in the nature of judicial review. Where the foregoing issues have not been addressed, the Court's response is that it must be guided by jurisprudence from the Federal Court of Appeal and where no such guidance exists, by guidance provided by other decisions of this Court in an appropriate context and, further, where that guidance is also lacking, the Court must act in accordance with what it, itself, considers to be required by PIPEDA. Put another way, and more briefly, it is not for the Commissioner, however knowledgeable and informed she or he might be with respect to the issues here coming before the Court, to set the agenda of this Court where hearings such as this are in the nature of de novo proceedings.
[68] In the result, I decline to address the issues raised on behalf of the Commissioner, to the extent that they have not already been addressed in these reasons.
CONCLUSION
[69] These applications will be dismissed. As earlier indicated, orders will go striking out The Telecommunications Workers Union as a party Applicant in each proceeding.
COSTS
[70] Once again as earlier indicated in these reasons, counsel for the Individual Applicants urged that the issues raised on these applications were of significant importance and of general application. I am in agreement with this submission. Further, counsel for the Individual Applicants urged that Telus had been less than fully sensitive and forthcoming in its efforts to obtain consent to implementation of the e.Speak system, not only with the Individual Applicants, but with many of their fellow employees. In particular, counsel urged, the cloud of "progressive discipline" without any definition as to what that might mean, provided unfair pressure and significant uncertainty as to continuity of employment. I am also sympathetic to this submission.
[71] In the result, in the exercise of the Court's discretion under Rule 400(1) of the Federal Courts Rules, 1998[17] there will be no order as to costs as between Telus and the Individual Applicants. Further, there will be no order as to costs as between Telus and The Telecommunications Workers Union.
[72] Finally, there will be no order as to costs for or against the Privacy Commissioner of Canada. Submissions of counsel for the Commissioner were very helpful to the Court.
"Frederick E. Gibson"
J.F.C.
Ottawa, Ontario
November 29, 2005.
SCHEDULE
(S.C. 2000, c. 5)
| 3. The purpose of this Part is to establish, in an era in which technology increasingly facilitates the circulation and exchange of information, rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances.
...
5. (1) Subject to sections 6 to 9, every organization shall comply with the obligations set out in Schedule 1. (2) The word "should", when used in Schedule 1, indicates a recommendation and does not impose an obligation. (3) An organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances.
...
7. (1) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may collect personal information without the knowledge or consent of the individual only if (a) the collection is clearly in the interests of the individual and consent cannot be obtained in a timely way; (b) it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province; (c) the collection is solely for journalistic, artistic or literary purposes; (d) the information is publicly available and is specified by the regulations; or (e) the collection is made for the purpose of making a disclosure (I) under subparagraph (3)(c.1)(I) or (d)(ii), or (ii) that is required by law.
... 11. (1) An individual may file with the Commissioner a written complaint against an organization for contravening a provision of Division 1 or for not following a recommendation set out in Schedule 1.
(2) If the Commissioner is satisfied that there are reasonable grounds to investigate a matter under this Part, the Commissioner may initiate a complaint in respect of the matter.
...
14. (1) A complainant may, after receiving the Commissioner's report, apply to the Court for a hearing in respect of any matter in respect of which the complaint was made, or that is referred to in the Commissioner's report, and that is referred to in clause 4.1.3, 4.2, 4.3.3, 4.4, 4.6, 4.7 or 4.8 of Schedule 1, in clause 4.3, 4.5 or 4.9 of that Schedule as modified or clarified by Division 1, in subsection 5(3) or 8(6) or (7) or in section 10.
(2) The application must be made within forty-five days after the report is sent or within any further time that the Court may, either before or after the expiry of those forty-five days, allow.
(3) For greater certainty, subsections (1) and (2) apply in the same manner to complaints referred to in subsection 11(2) as to complaints referred to in subsection 11(1). ... 16. The Court may, in addition to any other remedies it may give,
(a) order an organization to correct its practices in order to comply with sections 5 to 10;
(b) order an organization to publish a notice of any action taken or proposed to be taken to correct its practices, whether or not ordered to correct them under paragraph (a); and
(c) award damages to the complainant, including damages for any humiliation that the complainant has suffered.
SCHEDULE 1 (Section 5) PRINCIPLES SET OUT IN THE NATIONAL STANDARD OF CANADA ENTITLED MODEL CODE FOR THE PROTECTION OF PERSONAL INFORMATION, CAN/CSA-Q830-96
... 4.1.4
Organizations shall implement policies and practices to give effect to the principles, including
(a) implementing procedures to protect personal information;
(b) establishing procedures to receive and respond to complaints and inquiries;
c) training staff and communicating to staff information about the organization's policies and practices; and
(d) developing information to explain the organization's policies and procedures.
...
4.2 Principle 2 -- Identifying Purposes
The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
4.2.1
The organization shall document the purposes for which personal information is collected in order to comply with the Openness principle (Clause 4.8) and the Individual Access principle (Clause 4.9).
4.2.2
Identifying the purposes for which personal information is collected at or before the time of collection allows organizations to determine the information they need to collect to fulfil these purposes. The Limiting Collection principle (Clause 4.4) requires an organization to collect only that information necessary for the purposes that have been identified.
4.2.3
The identified purposes should be specified at or before the time of collection to the individual from whom the personal information is collected. Depending upon the way in which the information is collected, this can be done orally or in writing. An application form, for example, may give notice of the purposes.
4.2.4
When personal information that has been collected is to be used for a purpose not previously identified, the new purpose shall be identified prior to use. Unless the new purpose is required by law, the consent of the individual is required before information can be used for that purpose. For an elaboration on consent, please refer to the Consent principle (Clause 4.3).
4.2.5
Persons collecting personal information should be able to explain to individuals the purposes for which the information is being collected.
4.2.6
This principle is linked closely to the Limiting Collection principle (Clause 4.4) and the Limiting Use, Disclosure, and Retention principle (Clause 4.5).
4.3 Principle 3 - Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. Note: In certain circumstances personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information. Seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill, or mentally incapacitated. In addition, organizations that do not have a direct relationship with the individual may not always be able to seek consent. For example, seeking consent may be impractical for a charity or a direct-marketing firm that wishes to acquire a mailing list from another organization. In such cases, the organization providing the list would be expected to obtain consent before disclosing personal information.
...
4.3.1
Consent is required for the collection of personal information and the subsequent use or disclosure of this information. Typically, an organization will seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected but before use (for example, when an organization wants to use information for a purpose not previously identified).
4.3.2
The principle requires "knowledge and consent". Organizations shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed.
...
4.3.4
The form of the consent sought by the organization may vary, depending upon the circumstances and the type of information. In determining the form of consent to use, organizations shall take into account the sensitivity of the information. Although some information (for example, medical records and income records) is almost always considered to be sensitive, any information can be sensitive, depending on the context. For example, the names and addresses of subscribers to a newsmagazine would generally not be considered sensitive information. However, the names and addresses of subscribers to some special-interest magazines might be considered sensitive.
4.3.5
In obtaining consent, the reasonable expectations of the individual are also relevant. For example, an individual buying a subscription to a magazine should reasonably expect that the organization, in addition to using the individual's name and address for mailing and billing purposes, would also contact the person to solicit the renewal of the subscription. In this case, the organization can assume that the individual's request constitutes consent for specific purposes. On the other hand, an individual would not reasonably expect that personal information given to a health-care professional would be given to a company selling health-care products, unless consent were obtained. Consent shall not be obtained through deception.
4.3.6
The way in which an organization seeks consent may vary, depending on the circumstances and the type of information collected. An organization should generally seek express consent when the information is likely to be considered sensitive. Implied consent would generally be appropriate when the information is less sensitive. Consent can also be given by an authorized representative (such as a legal guardian or a person having power of attorney).
4.3.7
Individuals can give consent in many ways. For example:
(a) an application form may be used to seek consent, collect information, and inform the individual of the use that will be made of the information. By completing and signing the form, the individual is giving consent to the collection and the specified uses;
(b) a checkoff box may be used to allow individuals to request that their names and addresses not be given to other organizations. Individuals who do not check the box are assumed to consent to the transfer of this information to third parties;
c) consent may be given orally when information is collected over the telephone; or
(d) consent may be given at the time that individuals use a product or service.
4.3.8
An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The organization shall inform the individual of the implications of such withdrawal.
4.4 Principle 4 - Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
4.4.1
Organizations shall not collect personal information indiscriminately. Both the amount and the type of information collected shall be limited to that which is necessary to fulfil the purposes identified. Organizations shall specify the type of information collected as part of their information-handling policies and practices, in accordance with the Openness principle (Clause 4.8).
....
4.7 Principle 7 -- Safeguards
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
4.7.1
The security safeguards shall protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Organizations shall protect personal information regardless of the format in which it is held.
4.7.2
The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. More sensitive information should be safeguarded by a higher level of protection. The concept of sensitivity is discussed in Clause 4.3.4.
4.7.3
The methods of protection should include
(a) physical measures, for example, locked filing cabinets and restricted access to offices;
(b) organizational measures, for example, security clearances and limiting access on a "need-to-know" basis; and
(c) technological measures, for example, the use of passwords and encryption.
4.7.4
Organizations shall make their employees aware of the importance of maintaining the confidentiality of personal information.
4.7.5
Care shall be used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information (see Clause 4.5.3).
|
|
3. La présente partie a pour objet de fixer, dans une ère où la technologie facilite de plus en plus la circulation et l'échange de renseignements, des règles régissant la collecte, l'utilisation et la communication de renseignements personnels d'une manière qui tient compte du droit des individus à la vie privée à l'égard des renseignements personnels qui les concernent et du besoin des organisations de recueillir, d'utiliser ou de communiquer des renseignements personnels à des fins qu'une personne raisonnable estimerait acceptables dans les circonstances.
...
5. (1) Sous réserve des articles 6 à 9, toute organisation doit se conformer aux obligations énoncées dans l'annexe 1. (2) L'emploi du conditionnel dans l'annexe 1 indique qu'il s'agit d'une recommandation et non d'une obligation. (3) L'organisation ne peut recueillir, utiliser ou communiquer des renseignements personnels qu'à des fins qu'une personne raisonnable estimerait acceptables dans les circonstances.
...
7. (1) Pour l'application de l'article 4.3 de l'annexe 1 et malgré la note afférente, l'organisation ne peut recueillir de renseignement personnel à l'insu de l'intéressé et sans son consentement que dans les cas suivants_: a) la collecte du renseignement est manifestement dans l'intérêt de l'intéressé et le consentement ne peut être obtenu auprès de celui-ci en temps opportun; b) il est raisonnable de s'attendre à ce que la collecte effectuée au su ou avec le consentement de l'intéressé puisse compromettre l'exactitude du renseignement ou l'accès à celui-ci, et la collecte est raisonnable à des fins liées à une enquête sur la violation d'un accord ou la contravention du droit fédéral ou provincial; c) la collecte est faite uniquement à des fins journalistiques, artistiques ou littéraires; d) il s'agit d'un renseignement réglementaire auquel le public a accès; e) la collecte est faite en vue_: (I) soit de la communication prévue aux sous-alinéas (3)c.1)(I) ou d)(ii), (ii) soit d'une communication exigée par la loi.
...
11. (1) Tout intéressé peut déposer auprès du commissaire une plainte contre une organisation qui contrevient à l'une des dispositions de la section 1 ou qui omet de mettre en oeuvre une recommandation énoncée dans l'annexe 1.
(2) Le commissaire peut lui-même prendre l'initiative d'une plainte s'il a des motifs raisonnables de croire qu'une enquête devrait être menée sur une question relative à l'application de la présente partie.
.. 14. (1) Après avoir reçu le rapport du commissaire, le plaignant peut demander que la Cour entende toute question qui a fait l'objet de la plainte -- ou qui est mentionnée dans le rapport -- et qui est visée aux articles 4.1.3, 4.2, 4.3.3, 4.4, 4.6, 4.7 ou 4.8 de l'annexe 1, aux articles 4.3, 4.5 ou 4.9 de cette annexe tels que modifiés ou clarifiés par la section 1, aux paragraphes 5(3) ou 8(6) ou (7) ou à l'article 10.
(2) La demande est faite dans les quarante-cinq jours suivant la transmission du rapport ou dans le délai supérieur que la Cour autorise avant ou après l'expiration des quarante-cinq jours.
(3) Il est entendu que les paragraphes (1) et (2) s'appliquent de la même façon aux plaintes visées au paragraphe 11(2) qu'à celles visées au paragraphe 11(1).
... 16. La Cour peut, en sus de toute autre réparation qu'elle accorde :
a) ordonner à l'organisation de revoir ses pratiques de façon à se conformer aux articles 5 à 10;
b) lui ordonner de publier un avis énonçant les mesures prises ou envisagées pour corriger ses pratiques, que ces dernières aient ou non fait l'objet d'une ordonnance visée à l'alinéa a);
c) accorder au plaignant des dommages-intérêts, notamment en réparation de l'humiliation subie. ANNEXE 1 (article 5) PRINCIPES ÉNONCÉS DANS LA NORME NATIONALE DU CANADA INTITULÉE CODE TYPE SUR LA PROTECTION DES RENSEIGNEMENTS PERSONNELS, CAN/CSA-Q830-96
... 4.1.4
Les organisations doivent assurer la mise en oeuvre des politiques et des pratiques destinées à donner suite aux principes, y compris :
a) la mise en oeuvre des procédures pour protéger les renseignements personnels;
b) la mise en place des procédures pour recevoir les plaintes et les demandes de renseignements et y donner suite;
c) la formation du personnel et la transmission au personnel de l'information relative aux politiques et pratiques de l'organisation; et
d) la rédaction des documents explicatifs concernant leurs politiques et procédures.
...
4.2 Deuxième principe -- Détermination des fins de la collecte des renseignements
Les fins auxquelles des renseignements personnels sont recueillis doivent être déterminées par l'organisation avant la collecte ou au moment de celle-ci.
4.2.1
L'organisation doit documenter les fins auxquelles les renseignements personnels sont recueillis afin de se conformer au principe de la transparence (article 4.8) et au principe de l'accès aux renseignements personnels (article 4.9).
4.2.2
Le fait de préciser les fins de la collecte de renseignements personnels avant celle-ci ou au moment de celle-ci permet à l'organisation de déterminer les renseignements don't elle a besoin pour réaliser les fins mentionnées. Suivant le principe de la limitation en matière de collecte (article 4.4), l'organisation ne doit recueillir que les renseignements nécessaires aux fins mentionnées.
4.2.3 Il faudrait préciser à la personne auprès de laquelle on recueille des renseignements, avant la collecte ou au moment de celle-ci, les fins auxquelles ils sont destinés. Selon la façon don't se fait la collecte, cette précision peut être communiquée de vive voix ou par écrit. Par exemple, on peut indiquer ces fins sur un formulaire de demande de renseignements.
4.2.4
Avant de se servir de renseignements personnels à des fins non précisées antérieurement, les nouvelles fins doivent être précisées avant l'utilisation. À moins que les nouvelles fins auxquelles les renseignements sont destinés ne soient prévues par une loi, il faut obtenir le consentement de la personne concernée avant d'utiliser les renseignements à cette nouvelle fin. Pour obtenir plus de précisions sur le consentement, se reporter au principe du consentement (article 4.3).
4.2.5
Les personnes qui recueillent des renseignements personnels devraient être en mesure d'expliquer à la personne concernée à quelles fins sont destinés ces renseignements.
4.2.6
Ce principe est étroitement lié au principe de la limitation de la collecte (article 4.4) et à celui de la limitation de l'utilisation, de la communication et de la conservation (article 4.5).
4.3 Troisième principe - Consentement
Toute personne doit être informée de toute collecte, utilisation ou communication de renseignements personnels qui la concernent et y consentir, à moins qu'il ne soit pas approprié de le faire. Note_: Dans certaines circonstances, il est possible de recueillir, d'utiliser et de communiquer des renseignements à l'insu de la personne concernée et sans son consentement. Par exemple, pour des raisons d'ordre juridique ou médical ou pour des raisons de sécurité, il peut être impossible ou peu réaliste d'obtenir le consentement de la personne concernée. Lorsqu'on recueille des renseignements aux fins du contrôle d'application de la loi, de la détection d'une fraude ou de sa prévention, on peut aller à l'encontre du but visé si l'on cherche à obtenir le consentement de la personne concernée. Il peut être impossible ou inopportun de chercher à obtenir le consentement d'un mineur, d'une personne gravement malade ou souffrant d'incapacité mentale. De plus, les organisations qui ne sont pas en relation directe avec la personne concernée ne sont pas toujours en mesure d'obtenir le consentement prévu. Par exemple, il peut être peu réaliste pour une oeuvre de bienfaisance ou une entreprise de marketing direct souhaitant acquérir une liste d'envoi d'une autre organisation de chercher à obtenir le consentement des personnes concernées. On s'attendrait, dans de tels cas, à ce que l'organisation qui fournit la liste obtienne le consentement des personnes concernées avant de communiquer des renseignements personnels.
...
4.3.1
Il faut obtenir le consentement de la personne concernée avant de recueillir des renseignements personnels à son sujet et d'utiliser ou de communiquer les renseignements recueillis. Généralement, une organisation obtient le consentement des personnes concernées relativement à l'utilisation et à la communication des renseignements personnels au moment de la collecte. Dans certains cas, une organisation peut obtenir le consentement concernant l'utilisation ou la communication des renseignements après avoir recueilli ces renseignements, mais avant de s'en servir, par exemple, quand elle veut les utiliser à des fins non précisées antérieurement.
4.3.2
Suivant ce principe, il faut informer la personne au sujet de laquelle on recueille des renseignements et obtenir son consentement. Les organisations doivent faire un effort raisonnable pour s'assurer que la personne est informée des fins auxquelles les renseignements seront utilisés. Pour que le consentement soit valable, les fins doivent être énoncées de façon que la personne puisse raisonnablement comprendre de quelle manière les renseignements seront utilisés ou communiqués.
...
4.3.4
La forme du consentement que l'organisation cherche à obtenir peut varier selon les circonstances et la nature des renseignements. Pour déterminer la forme que prendra le consentement, les organisations doivent tenir compte de la sensibilité des renseignements. Si certains renseignements sont presque toujours considérés comme sensibles, par exemple les dossiers médicaux et le revenu, tous les renseignements peuvent devenir sensibles suivant le contexte. Par exemple, les nom et adresse des abonnés d'une revue d'information ne seront généralement pas considérés comme des renseignements sensibles. Toutefois, les nom et adresse des abonnés de certains périodiques spécialisés pourront l'être.
4.3.5
Dans l'obtention du consentement, les attentes raisonnables de la personne sont aussi pertinentes. Par exemple, une personne qui s'abonne à un périodique devrait raisonnablement s'attendre à ce que l'entreprise, en plus de se servir de son nom et de son adresse à des fins de postage et de facturation, communique avec elle pour lui demander si elle désire que son abonnement soit renouvelé. Dans ce cas, l'organisation peut présumer que la demande de la personne constitue un consentement à ces fins précises. D'un autre côté, il n'est pas raisonnable qu'une personne s'attende à ce que les renseignements personnels qu'elle fournit à un professionnel de la santé soient donnés sans son consentement à une entreprise qui vend des produits de soins de santé. Le consentement ne doit pas être obtenu par un subterfuge.
4.3.6
La façon don't une organisation obtient le consentement peut varier selon les circonstances et la nature des renseignements recueillis. En général, l'organisation devrait chercher à obtenir un consentement explicite si les renseignements sont susceptibles d'être considérés comme sensibles. Lorsque les renseignements sont moins sensibles, un consentement implicite serait normalement jugé suffisant. Le consentement peut également être donné par un représentant autorisé (détenteur d'une procuration, tuteur).
4.3.7
Le consentement peut revêtir différentes formes, par exemple :
a) on peut se servir d'un formulaire de demande de renseignements pour obtenir le consentement, recueillir des renseignements et informer la personne de l'utilisation qui sera faite des renseignements. En remplissant le formulaire et en le signant, la personne donne son consentement à la collecte de renseignements et aux usages précisés;
b) on peut prévoir une case où la personne pourra indiquer en cochant qu'elle refuse que ses nom et adresse soient communiqués à d'autres organisations. Si la personne ne coche pas la case, il sera présumé qu'elle consent à ce que les renseignements soient communiqués à des tiers;
c) le consentement peut être donné de vive voix lorsque les renseignements sont recueillis par téléphone; ou
d) le consentement peut être donné au moment où le produit ou le service est utilisé.
4.3.8
Une personne peut retirer son consentement en tout temps, sous réserve de restrictions prévues par une loi ou un contrat et d'un préavis raisonnable. L'organisation doit informer la personne des conséquences d'un tel retrait.
4.4 Quatrième principe - Limitation de la collecte
L'organisation ne peut recueillir que les renseignements personnels nécessaires aux fins déterminées et doit procéder de façon honnête et licite.
4.4.1
Les organisations ne doivent pas recueillir des renseignements de façon arbitraire. On doit restreindre tant la quantité que la nature des renseignements recueillis à ce qui est nécessaire pour réaliser les fins déterminées. Conformément au principe de la transparence (article 4.8), les organisations doivent préciser la nature des renseignements recueillis comme partie intégrante de leurs politiques et pratiques concernant le traitement des renseignements.
...
4.7 Septième principe -- Mesures de sécurité
Les renseignements personnels doivent être protégés au moyen de mesures de sécurité correspondant à leur degré de sensibilité.
4.7.1
Les mesures de sécurité doivent protéger les renseignements personnels contre la perte ou le vol ainsi que contre la consultation, la communication, la copie, l'utilisation ou la modification non autorisées. Les organisations doivent protéger les renseignements personnels quelle que soit la forme sous laquelle ils sont conservés.
4.7.2
La nature des mesures de sécurité variera en fonction du degré de sensibilité des renseignements personnels recueillis, de la quantité, de la répartition et du format des renseignements personnels ainsi que des méthodes de conservation. Les renseignements plus sensibles devraient être mieux protégés. La notion de sensibilité est présentée à l'article 4.3.4.
4.7.3
Les méthodes de protection devraient comprendre :
a) des moyens matériels, par exemple le verrouillage des classeurs et la restriction de l'accès aux bureaux;
b) des mesures administratives, par exemple des autorisations sécuritaires et un accès sélectif; et
c) des mesures techniques, par exemple l'usage de mots de passe et du chiffrement.
4.7.4
Les organisations doivent sensibiliser leur personnel à l'importance de protéger le caractère confidentiel des renseignements personnels.
4.7.5
Au moment du retrait ou de la destruction des renseignements personnels, on doit veiller à empêcher les personnes non autorisées d'y avoir accès (article 4.5.3).
|
|
|
|
|
FEDERAL COURT
NAMES OF COUNSEL AND SOLICITORS OF RECORD
DOCKET: T-1865-04
STYLE OF CAUSE: RANDY TURNER AND THE TELECOMMUNICATIONS WORKERS UNION
Applicants
and
TELUS COMMUNICATIONS INC.
Respondent
and
THE PRIVACY COMMISSIONER OF CANADA
Added Respondent
PLACE OF HEARING: Vancouver, BC
DATE OF HEARING: September 20, 21 and 22, 2005
REASONS FOR ORDER : GIBSON J.
DATED: November 29, 2005.
APPEARANCES:
David Aaron FOR THE APPLICANTS
Lisa Warren FOR THE RESPONDENT
Steven Welchner, Jennifer Barrigar FOR THE ADDED RESPONDENT
SOLICITORS OF RECORD:
Shortt, Moore & Arsenault FOR THE APPLICANTS
Barristers and Solicitors,
Vancouver, BC
Farris, Vaughan, Wills & Murphy FOR THE RESPONDENT
Barristers and Solicitors,
Vancouver, BC
Welchner Law Office, FOR THE ADDED RESPONDENT
Barristers and Solicitors,
Ottawa, ON
[1]S.C. 2000, c. 5.
[2]R.S.C. 1985, c. P-21.
[3]Applicants' Record, vol. 2, tab F, page 187. As a footnote to the quoted text, "Biometric" is said to be "automated verification or identification of a person based on physiological or behavioral characteristics."
[4]Applicants' Record, vol. 2, tab G, page 197.
[5]Applicants' Record, vol. 2, tab F, page 189.
[6]Applicants' Record, vol. 2, tab F, page 187.
[7]Applicants' Record, vol. 2, tab G, page 197.
[8]Applicants' Record, vol. 2, tab B, paragraph 5, page 170.
[9]Applicants' Record, vol. 2, Tab N, pages 232 to 270.
[10]Part I of the Constitution Act, 1982 (R.S.C. 1985, Appendix II, No. 44), being Schedule B to the Canada Act 1982 (U.K.). 1982, c. 11.
[11]Applicants' Record, vol. 2, tab O, pages 271 to 277.
[12][2004] F.C.J. No. 1935 (Q.L.), (F.C.A.).
[13]Applicants' Memorandum of Fact and Law, a separate volume, page 12.
[14]Subsection 14(1) is quoted in paragraph [1] of these reasons.
[15][2004] 3 S.C.R. 432.
[16][1996] 1 S.C.R. 128.
[17]SOR/98-106.