The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Friday, February 25, 2005
Mathew Englander sent me the following, which he has allowed me to post ...
Canada (Minister of National Revenue) v. Toronto Dominion Bank
The case arose from the investigation of a tax debtor, "J.M.". MNR [the Minister of National Revenue] found out about a cheque for $10,000 which someone had written to J.M., and which J.M. had endorsed and deposited to a certain numbered account at Toronto Dominion Bank. MNR wanted to know whether J.M. had tried to reduce his property at the expense of his creditors. Therefore MNR sent the Bank a requirement to provide information about the account, under subsection 231.2(1) of the Income Tax Act. The branch responded that the account-holder was not J.M., and refused to name the account-holder. MNR sent two more notices under subsection 231.2(1) but the Bank still refused to comply. Thus MNR brought an application in Federal Court under subsection 231.7(1) of the Income Tax Act, seeking an order compelling the Bank to provide the name and contact information of the account-holder.
Justice Tremblay-Lamer dismissed the application. MNR's appeal was dismissed with Justice Décary writing for the panel of the FCA.
Under the holding, MNR needs prior judicial authorization to seek information relating to an *unnamed* individual. Subsection 231.2(1) allows MNR to issue a requirement-to-provide-any-information-or-document and does not require prior judicial authorization if the information or document relates to a *named* individual. However, as the FCA held, where MNR does not know the name of the individual about whom it seeks information, it must obtain judicial authorization under subsection 231.2(3). That subsection requires that the judge be satisfied that the requirement is made to verify compliance by the individual with a duty or obligation under the Income Tax Act (http://canlii.com/ca/sta/i-3.3/sec231.2.html). Here, MNR would not have been able to satisfy that criterion because it had no reason to believe that the account-holder had contravened the Income Tax Act.
From a privacy-law viewpoint, it is good to know that MNR is held to stringent compliance with the statute when it seeks information or documents about someone from a bank. On the other hand, one might ask why the statute permits MNR to require a bank to provide information about a named individual, without prior judicial authorization and without notice to the individual.
MNR had argued that unless its appeal was allowed, its power of issuing a requirement-to-provide-any-information-or-document would be "seriously compromised". Reading between the lines, I infer that in the past, financial institutions have provided MNR with information relating to unnamed individuals, without the requisite prior judicial authorization. Kudos to Toronto Dominion Bank for successfully fighting MNR in court on this issue, and for protecting its customer's privacy in this case by refusing to disclose the information to MNR without clear statutory authority for the demand. (In theory, the Bank could have been prosecuted under subsection 238(1) of the Income Tax Act for failing to comply with MNR's demand for information.)
The FCA's decision is dated October 25, 2004, but the English-language translation just recently became available. MNR did not seek leave to appeal to the Supreme Court of Canada.
Labels: information breaches
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.