The Respondent, Office of the Information and Privacy Commissioner (“OIPC “), succeeded in resisting an application for judicial review of one of its decisions. The OIPC decision related to a driver’s licence scanning system implemented by the Applicant nightclub owners for security reasons. The OIPC decided that the information was not gathered for a reasonable purpose. The Court refused to interfere with that decision.
Administrative law – Decisions of administrative tribunals – Privacy commissioner – Freedom of information and protection of privacy – Collection of records – Reasonable purpose – Judicial review – Compliance with legislation – Jurisdiction of tribunal – Standard of review – Reasonableness simpliciter
Penny Lane Entertainment Group v. Alberta (Information and Privacy Commissioner), [2009] A.J. No. 300, Alberta Court of Queen’s Bench, March 6, 2009, C.S. Phillips J.
Mr. Engfeld, the Complainant (the “Complainant”), attended the nightclub owned by the Applicants (the “Owners”). When entering the nightclub, he was asked to hand over his driver’s licence for it to be scanned. The information from the scan was stored in a SecureClub ID System. The Complainant later found out that his information could be shared with other nightclubs that used the same software program. The Complainant was concerned that this information could be used for marketing and he was not informed, orally or in writing, about the purpose of the collection of his information before it was gathered.
The Owners implemented the system in order to maintain the security of their establishments by monitoring patrons and, if necessary, refusing entry to dangerous patrons.
The Complainant complained to the Office of the Information and Privacy Commissioner (OIPC). The OIPC reviewed the matter and concluded that the Owners contravened the Personal Information Protection Act (PIPA) because the collection of information was not reasonably related to the purpose for its collection. This determination involved interpreting section 11 of the PIPA.
Sections 11(1) and 11(2) of the PIPA allow an organization to collect personal information for purposes that are reasonable and only to the extent that is reasonable to meet the purpose(s). The OIPC found that the Owners did not submit evidence to support that the collection of the information furthered the goal of increasing security by deterring violent behavior or increasing the security of staff. The OIPC therefore concluded that the Owners did not have a reasonable purpose for the collection of the information. The OIPC ordered that the Owners destroy the information they had collected.
The Owners brought this Petition for judicial review of the OIPC’s decision on the basis that the security purpose was a reasonable purpose for the collection of the information. In this regard, the owners submitted that the OPIC misconstrued sections 11(1) and 11(2) of the PIPA. The Owners also alleged that the OIPC’s Order exceeded its jurisdiction.
The appropriate standard of review was reasonableness because there is a partial privative clause, the question at issue is one of mixed law and fact, the OIPC has expertise in relation to the PIPA, and there are various purposes that the OIPC must have regard to.
The OIPC’s decision was in the range of reasonable outcomes in the circumstances. The Owners did not adequately support their assertions about the security purpose of the collection of the information.
The remedies ordered by the OIPC did fall within the authority granted to the OIPC in section 52 of the Act.
This case was digested by Scott J. Marcinkow of Harper Grey LLP. If you would like to discuss this case further, please feel free to contact him directly at smarcinkow@harpergrey.com or review his biography at http://www.harpergrey.com.
To stay current with the new case law and emerging legal issues in this area, subscribe here.