Mathew Englander sent me the following, which he has allowed me to post ...

Canada (Minister of National Revenue) v. Toronto Dominion Bank

The case arose from the investigation of a tax debtor, "J.M.". MNR [the Minister of National Revenue] found out about a cheque for $10,000 which someone had written to J.M., and which J.M. had endorsed and deposited to a certain numbered account at Toronto Dominion Bank. MNR wanted to know whether J.M. had tried to reduce his property at the expense of his creditors. Therefore MNR sent the Bank a requirement to provide information about the account, under subsection 231.2(1) of the Income Tax Act. The branch responded that the account-holder was not J.M., and refused to name the account-holder. MNR sent two more notices under subsection 231.2(1) but the Bank still refused to comply. Thus MNR brought an application in Federal Court under subsection 231.7(1) of the Income Tax Act, seeking an order compelling the Bank to provide the name and contact information of the account-holder.

Justice Tremblay-Lamer dismissed the application. MNR's appeal was dismissed with Justice Décary writing for the panel of the FCA.

Under the holding, MNR needs prior judicial authorization to seek information relating to an *unnamed* individual. Subsection 231.2(1) allows MNR to issue a requirement-to-provide-any-information-or-document and does not require prior judicial authorization if the information or document relates to a *named* individual. However, as the FCA held, where MNR does not know the name of the individual about whom it seeks information, it must obtain judicial authorization under subsection 231.2(3). That subsection requires that the judge be satisfied that the requirement is made to verify compliance by the individual with a duty or obligation under the Income Tax Act (http://canlii.com/ca/sta/i-3.3/sec231.2.html). Here, MNR would not have been able to satisfy that criterion because it had no reason to believe that the account-holder had contravened the Income Tax Act.

From a privacy-law viewpoint, it is good to know that MNR is held to stringent compliance with the statute when it seeks information or documents about someone from a bank. On the other hand, one might ask why the statute permits MNR to require a bank to provide information about a named individual, without prior judicial authorization and without notice to the individual.

MNR had argued that unless its appeal was allowed, its power of issuing a requirement-to-provide-any-information-or-document would be "seriously compromised". Reading between the lines, I infer that in the past, financial institutions have provided MNR with information relating to unnamed individuals, without the requisite prior judicial authorization. Kudos to Toronto Dominion Bank for successfully fighting MNR in court on this issue, and for protecting its customer's privacy in this case by refusing to disclose the information to MNR without clear statutory authority for the demand. (In theory, the Bank could have been prosecuted under subsection 238(1) of the Income Tax Act for failing to comply with MNR's demand for information.)

The FCA's decision is dated October 25, 2004, but the English-language translation just recently became available. MNR did not seek leave to appeal to the Supreme Court of Canada.

Mathew Englander

Labels: information breaches