Advertisement

Canadian political parties are above the law … privacy law, that is

Outgoing privacy commissioner Jennifer Stoddart, right, and Assistant Commissioner Chantal Bernier are pictured in Ottawa, Ont., on Tuesday November 17, 2009. .
Outgoing privacy commissioner Jennifer Stoddart, right, and Assistant Commissioner Chantal Bernier are pictured in Ottawa, Ont., on Tuesday November 17, 2009. . November 17, 2009.

MONTREAL — The personal information of almost 2,000 Liberal Party members in Quebec was inadvertently leaked by Alladin Abou Sharbin, a candidate for the party’s nomination in Vaudreuil-Soulanges.

In a bilingual email sent on February 15, Sharbin encouraged his supporters to come out on voting day. The email contained a series of attachments, including his company’s franchise agreement and Vaudreuil membership lists disclosing resident addresses, phone numbers and membership IDs.

After the candidates’ supporters expressed their discontent via Facebook, Sharbin followed up with a message in which he accepted responsibility for the mistake and explained that one of his team members unintentionally attached the confidential files.

On February 20, he stepped down as a nomination candidate.

Liberal Party response?

The Liberal Party of Canada told Global News that it has apologized to everyone whose names were inadvertently released. The party said it took the situation very seriously from the moment it was made aware of the incident, noting that candidates were responsible for maintaining the confidentiality of membership lists.

Story continues below advertisement

Who has access to lists?

It is standard practice to provide a candidate with party membership lists for the riding in which he or she seeks nomination. Access to these lists allows the candidate to communicate with constituents and vie for their support. The candidate signs an agreement in which he or she agrees to keep the list confidential.

Déja vu?

In 2012, Jason Kenney, Canada’s Minister of National Defence and Minister for Multiculturalism, sent a mass email to members of the LGBT community outlining how the Conservative government supports the rights of homosexual refugees. All email recipients had at some point contacted the office about gay refugee issues.

READ MORE: Kenney sparks privacy debate with unsolicited email on gay refugees

No personal information was leaked to the public, but Canadians were surprised to learn that that a political party had access to their email addresses and information about their sexual orientation.  The incident raised questions about whether a single communication with a political party should lead to a longterm relationship.

In 2007, Prime Minister Stephen Harper sent Rosh Hashanah greeting cards to supporters with Jewish sounding names. Like the gay and lesbian recipients of Kenney’s email, many Canadian Jews could not understand how the party obtained their contact information.

A problem with the Privacy Act?

Is there any legal recourse available to an individual whose personal information is inadvertently leaked by a political party?

Story continues below advertisement

David Fraser, internet and privacy lawyer at McInnes Cooper, told Global News that “politicians who draft laws have not surprisingly written themselves out of most privacy legislation.”

Individuals whose confidential information is disclosed by a political party cannot avail themselves of the only two pieces of federal legislation protecting privacy rights.

Neither the Privacy Act, which applies to the federal public sector, nor the Personal Information Protection and Electronic Documents Act, which applies to commercial activities, covers political parties.

READ MORE: Official Report – Canadian Federal Political Parties and Personal Privacy Protection 

As such, the Privacy Commissioner of Canada has no jurisdiction over a breach of privacy committed by a political party.

What’s a victim to do?

Given that the Privacy Commissioner can’t get involved, victims are only left with the option to sue under either Canadian common law or Quebec civil law. This has never been done in Canada, but it’s not impossible.

In either jurisdiction, someone who has been the victim of a privacy breach must first establish that the information shared was in fact private.

Under Canadian common law, individuals can then successfully sue if the personal information disclosed is “highly offensive to the reasonable person.” This is a very stringent standard to meet.

Story continues below advertisement

For example, if a medical clinic inadvertently discloses one’s personal information to a third party, then that disclosure may constitute a violation of privacy upon which that individual could successfully sue.

Disclosure of someone’s political membership does not meet the level of offensiveness required by law.

Invasion of privacy as a basis for suing is a relatively new cause of action. Accordingly, an individual’s likelihood of success will vary depending on the circumstances of the case.

Do privacy rights differ in Quebec?

Quebec civil law tends to afford greater protection to privacy.

Potential victims must demonstrate they suffered damages as a result of the information disclosure.

In exceptional cases, when an individual’s reputation is clearly at stake, a judge may be willing to award damages.

For example, if people are able to demonstrate they were regularly stalked at home because their personal information had been leaked, then compensation might be awarded.

But, in most cases, it is quite difficult for people to establish they suffered damages in the context of a privacy violation.

What’s next?

All political parties collect membership information.

Story continues below advertisement

Human and computer errors are inevitable and, on occasion, there may be inadvertent leaks.

How can the law make sure people are protected when these leaks occur? This is a question Canadian lawmakers will have to answer.