Privacy + Data Management
Privacy + Data Management
Overview
Experience
People
News + Views + Events
Helpful Links
Client Stories

Cloud computing, identity theft, database security, surveillance, privacy policies, and access to information: individuals and organizations, both large and small, are increasingly faced with challenging issues in the area of privacy and information handling. The Field Law Privacy + Data Management Group is a recognized leader in the area of privacy law, offering a full range of services to guide our clients through the complex landscape of privacy law.

Field Law helps public bodies and organizations protect their businesses and strengthen their relationships with their customers and the public. We work with our clients to conduct privacy audits, prepare privacy impact assessments, and draft and review internal and external privacy policies and procedures. We facilitate corporate transactions by reviewing contracts and other legal documents involving non-disclosure agreements, waivers, confidentiality agreements and releases. We provide our clients with sound and practical advice on records management issues, confidentiality matters, employee and customer information management, reporting privacy breaches and compliance with mandatory reporting legislation. We provide responsive research and legal opinion services, and offer training and seminars on a full spectrum of privacy related topics.

Field Law offers a full range of services in judicial and administrative proceedings involving privacy matters. We advise and act for public bodies, health service providers, individuals and other organizations in Information and Privacy Commissioner reviews, inquiries and investigations. Specific services we provide to our clients include:

  • Providing advice on information handling practices and the collection, use and disclosure of information under the applicable legislation, including the Personal Information Protection Act (Alberta), the Freedom of Information and Protection of Privacy Act (Alberta) and the Health Information Act (Alberta).
  • Assisting clients in understanding what information needs to be provided to an individual who requests access to information and assisting in responding to access requests.
  • Providing advice to clients with respect to the circumstances in which personal information can be disclosed without breaching applicable privacy statutes.
  • Assisting clients with the management of employee information.
  • Working with clients who have inadvertently disclosed personal information to manage the privacy breach, including whether the breach must be reported to the Office of the Information and Privacy Commissioner.
  • Representing clients before privacy commissioners, whether provincial or federal, in the context of complaints, inquiries and investigations.
  • Representing clients before courts in applications for judicial review from decisions of privacy commissioners.
  • Representing clients before courts in applications to produce records under rule 5.13 of the Alberta Rules of Court.
  • Defending clients who have been sued for breach of privacy.
  • Drafting privacy policies, procedures, and operational manuals to assist clients in ensuring that policies and procedures are compliant with applicable privacy legislation.
  • Providing customized training to clients and their employees on applicable legislation and the implementation and enforcement of their policies, procedures and operational manuals.

Federal Privacy Matters and Canada’s Anti-Spam Legislation

On July 1, 2014, Canada’s Anti-Spam Legislation (CASL) came into force. CASL regulates the form and content of electronic communications and imposes consent requirements. Failure to comply with CASL could lead to the imposition of large fines and ultimately will give affected individuals a private right of action. In light of CASL’s broad application, stringent standards for consent, and penalties for non-compliance, organizations that send electronic messages should develop a compliance plan.

CASL is complex legislation, with detailed regulations, and with various federal bodies involved in its interpretation and enforcement. Field Law’s Privacy and Data Management Group can help your organization understand requirements under CASL. We can assist with a review of your organization’s marketing and communication practices and have experience in the following areas:

  • Providing practical advice to clients concerning compliance with the Personal Information Protection and Electronic Documents Act (Canada) and CASL.
  • Representing clients before the Canadian Radio-television and Telecommunications Commissioner in the context of proceedings under CASL.
  • Reviewing and auditing client organization’s current marketing and communications practices for CASL compliance.
  • Developing and implementing CASL compliance action plans.
  • Preparing CASL-compliant consent forms and processes, unsubscribe mechanisms, and identification notices.
  • Reviewing client agreements with third party providers to ensure compliance with CASL.

 

Edmonton Police Service v Alberta (Information and Privacy Commissioner), 2020 ABQB 10
September 16, 2020
Privacy for Condo Corporations: Understanding + Complying with PIPA
Webinar
Condominiums in Alberta are defined as organizations which are subject to the requirements of the Personal Information Protection Act (PIPA). This means that condo corporations must develop and adhere to policies and practices that comply with PIPA whe...
August 2020
The Best Lawyers™ in Canada 2021
38 Fielders Recognized
Field Law is pleased to announce that 38 of our lawyers are recognized in their respective practice areas in the 15th edition of The Best Lawyers™ in Canada. Recognition in Best Lawyers™ is based on peer reviews of ...
July 7, 2020
Privacy for Health Care Organizations: What Has Changed and What Hasn’t?
Webinar
Health care organizations have had to adapt quickly during the COVID-19 pandemic. In addition to managing an unknown disease and focusing on patient care, day to day operational life has changed- videoconferencing, fit for work screening, and liab...
May 2020 - 4 min read
The ABTraceTogether App - Key Privacy Considerations
In a bid to help combat the spread of the novel coronavirus (COVID-19), Alberta has become the first Canadian province to launch a contact tracing app to track community transmission of COVID-19.Alberta released the app, ABTraceTogether, on May 1, 2020...
May 2020 - 5 min read
Returning to Campus During a Pandemic: Privacy Issues
This week, as this article went to press, several major Canadian and American universities announced plans to maintain classes online when the fall semester starts in September. Other universities and colleges are making plans to bring students ba...
May 2020
Cybersecurity in the Age of COVID-19 (And Beyond)
April 1, 2020
Privacy + Data Management Considerations for Employers in a Pandemic
Webinar
During a pandemic it can be difficult to balance employee privacy rights with the need to collect the information required to make critical decisions. Presented by Katrina Haymond and Kelly Nicholson, this webinar will provide employers with informatio...
February 2020
Can Border Officers Search Your Phone?
Field Law Blog
February 2020
“False Light” Publicity: A New Risk in Data Management
Canadian courts have traditionally been more reluctant than their American counterparts to recognize torts relating to privacy interests. The American Law Society adopted the following four torts protective of individual privacy some time ago in its we...
February 2020
Access to Information and Privilege: The Saga Continues
Field Law Blog
January 28, 2020
How to Protect Your Business Against Cyber Threats
In 2010 the Government of Canada “launched a national effort to defend against [cyber security] threats with Canada’s first Cyber Security Strategy”: National Cyber Security Strategy (the National Strategy). This outlines three t...
Winter 2020
2019 - A Year in Review Seminar Series
Seminars
Join the Field Law Labour + Employment Group for our annual seminars featuring legal updates and practical challenges for management and employee groups.Part 1 has been approved for 1.75 CPD hours and Part 2 has been approved for 2.25 CPD hou...
December 2019
Case Summary: Bourbonnière v Yahoo! Inc.
Defence + Indemnity
Certification for a class action relating to a data breach was refused because, among other things, the Plaintiff was held not to have suffered a compensable loss. The Plaintiff failed to demonstrate a compensable loss such as actual fraud or identity ...
September 26, 2019
Must Have Policies for Employers: Why, What + How
Seminars
Join Field Law in Edmonton and Calgary and learn tips and tricks to assist with the implementation and enforcement of three workplace policies Employers should have in place in today’s market.We will explore how changes in legislation and culture...
August 2019
Alberta Court of Appeal Confirms the Limitation Period for Statutory Damages Claims under PIPA
Alert
The Alberta Court of Appeal has recently confirmed that the limitation period under the Alberta Limitations Act applicable to a statutory claim for damages under the Personal Information Protection Act (PIPA) does not begin to run until a Commissioner&...
February 2019
A New Approach to the Reasonable Expectation of Privacy: R v Jarvis, 2019 SCC 10
Labour + Employment
Though it emerges in a criminal law context, the new decision of the Supreme Court of Canada in R v Jarvis, 2019 SCC 10 is likely to have an impact on future cases that consider the scope of an individual’s privacy interest, whether in the crimin...
February 6, 2019
2018 Year in Review for Northern Employers
Seminars
Join Field Law for a review of the most important legal cases from 2018. Topics covered will include: Labour Employment Human Rights Occupational Health + Safety Privacy Immigration Cannabis This seminar will be broadcast live via ...
Winter 2019
2018 A Year in Review Seminar Series
Seminars
The Field Law Labour and Employment Group presents the annual Year in Review seminars in Calgary and Edmonton. Join us for legal updates and practical challenges for management and employee groups in the areas of:  Part 1: Human Rights ...
December 2018
Case Summary: Wm Morrison Supermarkets PLC v Various Claimants
Defence + Indemnity
Employers can be vicariously liable at common law for the actions of a rogue employee who brings about an unauthorized cyber data breach, even where the employee’s motive was to harm the employer and not to injure the third parties ...
December 2017
R v Jarvis: Is There a Reasonable Expectation of Privacy in Schools?
Workwise Newsletter
In R v Jarvis, the Ontario Court of Appeal recently discussed the existence of a reasonable expectation of privacy in a school environment. Background The Respondent, a high school teacher, was surreptitiously recording female students and te...
June 2017
Government of Canada Suspends CASL's Private Right of Action Provisions
By Order in Council dated June 7, 2017, the federal government suspended the coming into force of the private right of action provisions under Canada’s Anti-Spam legislation (CASL), “in response to broad-based concerns raised by businesses,...
May 2017
Legislation Protecting Victims of Non-Consensual Distribution of Intimate Images
On May 1, 2017, the Alberta legislature passed Bill 202, which created the Protecting Victims of Non-Consensual Distribution of Intimate Images Act (the “Act”). The Act seeks to protect individuals from having intimate images of them distri...
July 2015
Porter Airlines Pays $150,000 for Alleged Violations of Canada's AntiSpam Legislation (CASL)
On June 29, 2015, Porter Airlines became the third Canadian company to pay a significant financial penalty under CASL, since the legislation came into force in July 2014. Earlier speculation over whether CASL would have any teeth sh...
January 2015
Court of Appeal of Alberta Upholds Employers Anton Piller Order
Among the Court of Appeal of Alberta’s first decisions of the New Year, was its decision in Peters & Co Limited v Ward, 2015 ABCA 6 (CanLII), regarding the matter of an Anton Piller Order obtained by an employer, an invest...
December 2014
PIPA Update
As previously reported in Workwise, on November 15, 2013, the Alberta Personal Information Protection Act (the “Act”), was declared invalid on constitutional grounds by the Supreme Court of Canada (the “SCC”) ...
December 2013
Supreme Court of Canada Upholds Union’s Right to Freedom of Expression
As noted in our latest Privacy Press update, recently the Supreme Court of Canada in Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401, 2013 SCC 62, determined that Alberta’s Personal Information...
November 2013
Supreme Court of Canada Declares Alberta’s Personal Information Protection Act Unconstitutional
The Supreme Court of Canada (SCC) has declared the Alberta Personal Information Protection and Privacy Act (PIPA) unconstitutional in its entirety in the UFCW case 2013 SCC 62. This will have far-­reaching effects for organizations subject to ...
June 2013
Access to Information Laws: Three Reasons Why All Canadian Organizations Should Pay Attention
If your business or other organization is not subject to federal or provincial access to information legislation, you may not have thought much about how this legislation relates to your operations.However, there are three very good reasons why yo...
January 2012
A Potpourri of Access Orders: Practical Guidance in Responding to Access Requests
The Alberta Office of the Information and Privacy Commissioner has recently released several Orders relating to access to personal information pursuant to the Personal Information and Privacy Act (“PIPA”).Access to information is not o...
December 2012
Anti-Spam Legislation: A Work in Progress
At the end of 2010, Canada enacted strict anti­-spam legislation (the “Act”) relating to the sending of electronic messages, as well as to other aspects of online commercial activity. Implementation of the Act has been delayed by p...
June 2010
Employee Criminal Record Checks
Employers perform criminal record checks on current and prospective employees because of the nature of the employment, the vulnerability of customers or clients, or because of contractual or other industry requirements. Unlike many ...
Special Privacy Edition, Summer 2009
Biometric Technology in the Workplace:
Preventing "Buddy Punching"
Employers face many challenges in managing the attendance of their employees. Employers who use time card or swipe card systems to track the arrival and departure of their employees may also have to deal with the issue of “buddy punchin...

Access to Information Requests

We were approached by an insurance company whose insured had made an access to information request for records relating to an insurance claim. The insurance company wanted to preserve its relationship with the insured while protecting internal records.

Working with the client and insurance adjuster, we reviewed the records being sought by the insured and devised a fair approach to the access request. We gave the insured access to a substantial amount of records to alleviate concerns over the claim's handling while maintaining a firm approach in withholding records that were sensitive to the client. The insured sought a review of our response to the Office of the Information and Privacy Commissioner. We maintained our position, taking into account the need to set a precedent for future access requests that may be made to the client by other individuals.

We successfully defended our position before the Privacy Commissioner and also managed to avoid further Inquiry. Processes before the Privacy Commissioner can take time to resolve, and we were able to provide regular updates on the status and minimize expenses incurred.

Identifying Anonymous Wrongdoers

A client was being anonymously defamed on an online review platform and needed assistance identifying the name of the defamer to determine the appropriate party to commence legal action against.

Using an extraordinary pre-litigation Court remedy available, called a “Norwich Order,” we were able to compel the IP address of the anonymous wrongdoer from the review platform. This information allowed us to identify the Internet Service Provider (ISP) associated with the IP address and obtain a subsequent Norwich Order to compel the ISP to provide the subscriber information. With the subscriber information, we could expose the otherwise anonymous wrongdoer and give our client access to justice.

Access to Information Under PIPA

A client, who is an organization governed by the Personal Information Protection Act (PIPA), received an access request where the applicant was seeking all personal information in the organization’s custody or control. 

Working with the organization’s Privacy Officer, we helped her to understand the applicable requirements under PIPA, identify which records needed to be reviewed in response to the request, and understand the timelines that they needed to follow to comply with the request. After reviewing the records, we advised the client which records constituted the applicant’s personal information.

Given that the client was concerned about disclosing the records, we also provided advice on the records that they could potentially withhold according to the exceptions in PIPA.  We then assisted the client in providing a written response to the applicant, explaining what records would be disclosed, which records were being withheld, and the reasons for withholding the records. 

The client also wanted to understand her obligations under PIPA better so that they had the tools needed to respond to similar access requests in the future.  We were able to assist by educating them regarding the requirements in PIPA, and by providing a framework that could be used to deal with future access requests.

Providing practical advice on the FOIPP Act

A public institution needed advice about its obligations under the Freedom of Information and Protection of Privacy Act (FOIPP Act). While the FOIPP Act can be complicated, Leanne helped break that complexity down by offering an opinion clearly setting out the public institution’s obligations and providing specific and practical recommendations to the public institution on how to meet those obligations.

Access to Information Under the FOIP Act

A public body client with a highly controversial and newsworthy matter was looking for advice on how to respond to a request for information under the Freedom of Information and Protection of Privacy Act (Alberta) (FOIP Act). 

By working with the client, we crafted a message to the public without violating the privacy interests and competitive business and financial information that the client was obligated to protect from disclosure. This approach was compliant with the statutory legal obligations of the public body while also protecting the client’s interests and avoiding unwanted media attention. 

Policy Drafting

A client approached us for help in drafting a privacy policy. The policy needed to be robust because failing to protect personal information could be detrimental to the services delivered by the client, the client’s public image and could result in regulatory penalties.  

Collaborating with the client, we prepared a policy which addressed the wide array of circumstances and persons providing personal information to the client. The policy helped the client meet its statutory obligations under the Personal Information Protection Act (Alberta) and regulatory obligations unique to the client as a utility provider.  

Custom Tools to Empower Clients

The client, a public body, required tools and rules on confidentiality and privacy laws applicable to its role as an administrative tribunal.

We drafted the documents and rules to be used by the public body to help guide their compliance with their statutory obligations when making decisions about confidentiality requests. 

This work empowered the client with models and tools to use when addressing confidentiality issues and insulated the client from judicial review, and complaints to the Privacy Commissioner.