On December 12, 2016 the Alberta Office of the Information and Privacy Commissioner (OIPC) issued a decision ordering defendant Gowlings to respond to the plaintiff Carbone's access request for records containing, and relating to, her credit and financial personal information.
Click here to read the Decision #003172 on the OIPC website
The decision follows Gowlings' unreasonable refusal to provide the personal information records in response to the plaintiff's access request she made pursuant to the Personal Information Protection Act (PIPA). The plaintiff made the access request after she learned in the fall of 2015 that Gowlings lawyers Taryn Burnett and Megan McMahon unlawfully obtained her credit report in 2013 and violated her privacy.
In Gowlings' attempt to prevent the plaintiff from accessing her personal information, Gowlings made a baseless application to the OIPC seeking authorization to disregard the plaintiff's access request. In usual fashion, Gowlings' application contained a variety of falsehoods about events and their status, fabrications about the plaintiff, and failed to provide any evidence.
In largely denying Gowlings' application and ordering it to respond to the access request for records containing, and relating to, the plaintiff's credit and financial information, Privacy Commissioner Jill Clayton's decision included these findings:
[8] The Respondent says that her May 11, 2016 request to the Organization [Gowlings] followed from a conversation with Service Alberta about the Organization’s having obtained the Respondent’s credit report. The Respondent says that she became aware that the Organization obtained her credit report when she saw that a “hard” credit check by the Organization appeared in a credit report she obtained in the fall of 2015. She says that a “hard” credit inquiry negatively impacts a credit score. The Respondent further says that Service Alberta informed her that the Organization did not have the authority to obtain the credit report in the circumstances, and informed her of the PIPA process for requesting her personal information.
[9] The Respondent then says that, on June 6, 2016, she sent correspondence to the Organization with a request for a narrowed subset of records relating to her personal credit and financial information. The Respondent explains that she requested this narrowed subset of records sooner than the original request for all personal information, with a view to first obtaining the records related to the alleged improper credit check and then to assess whether further personal information records would be required. The Respondent maintains that the credit report is not part of her lawsuit against the Organization at this point. The evidence provided by the Respondent is that the Organization pulled the credit report for a security for costs application.
[10] In her submission, the Respondent also cites two reports from the Privacy Commissioner of Canada in which two law firms were found to have contravened PIPEDA when they obtained credit reports of the complainants, without their knowledge and consent. The Respondent further cites a Federal Court case that makes a similar finding.
[15] ...The Respondent has made an access request under PIPA only once. There is no evidence before me that the Respondent has made this same access request more than once. Therefore, I find that the access request is not repetitious. The access request is also not systematic in nature.
[16] I find that the Organization has not met its burden of proving that the Respondent’s access request is repetitious or systematic in nature. Therefore, that part of section 37(a) is not met.
[18] As I have found that the request is not repetitious or systematic in nature, it is not necessary to decide whether the request would unreasonably interfere with the Organization’s operations. However, if I were to decide this, I would find that it did not apply because the Organization did not argue it or provide any evidence.
[19] I find that the Organization has not met its burden of proving that the Respondent’s access request would unreasonably interfere with the operations of the Organization. Therefore, that part of section 37(a) is not met.
[24] There is nothing on the record in the Organization’s application to establish that the Respondent had an ulterior improper motive for making the access request. The Respondent does not have to prove that the request was for a legitimate purpose. However, if the Respondent did have that burden, I would find that the Respondent has adequately explained why she is seeking the information: she intends to bring a PIPA complaint.
[25] I find that the Organization has not met its burden of proving that the Respondent’s access request amounts to an abuse. Therefore, that part of section 37(a) is not met.
[31] There is nothing on the record in the Organization’s application to establish that the Respondent’s access request is vexatious. Based on the Court’s decision in Bonsma, there is no evidence of an ulterior improper motive for making the access request.
[32] I find that the Organization has not met its burden of proving that the Respondent’s access request is vexatious. Therefore, that part of section 37(b) is not met.
[39] …[T]he Respondent’s narrowed access request for her credit and financial information is another matter. That request clearly meets the definition of personal information because it is for information “about” the Respondent. Therefore, the Respondent’s narrowed access cannot be said to lack merit and is not frivolous. In coming to this conclusion, l am also mindful that the purpose of PIPA is to protect personal information.
[40] I find that the Organization has not met its burden of proving that the Respondent’s narrowed access request for her credit and financial information is frivolous. Section 37(b) is not met for that access request.
[42] …[T]he Organization’s application to disregard the Respondent’s narrowed access request for her credit and financial information is denied. The Organization must now respond to that narrowed access request according to PIPA.
The plaintiff's next step is to review the records Gowlings needs to produce to determine the full extent of Gowlings' misuse of her personal information. The plaintiff will then submit to the OIPC a formal PIPA complaint about Gowlings' unlawful credit pull in violation of PIPA, along with her findings of any further breach upon review of the records.
Details of the unlawful credit check and the plaintiff's PIPA request were reported in these earlier blog posts: February 2016, June 2016, November 2016.
As reported throughout this blog, the plaintiff is also prosecuting defendants Megan McMahon and Taryn Burnett in a lawyer abuse lawsuit with amendments to come arising from their harassment, defamation, fraud, misrepresentations to the courts, and other matters of serious misconduct they inflicted on the plaintiff while they were opposing defence lawyers for Dr. Peter Whidden in the underlying medical malpractice lawsuit. The next court proceeding in the lawyer abuse lawsuit is scheduled to be heard in February 2017.
Update January 12, 2017: Consistent with Gowlings' ongoing delays with proceedings, Gowlings has informed the plaintiff it will delay its ordered access response to the plaintiff beyond the January 12 deadline by up to another 30 days.
Details of the unlawful credit check and the plaintiff's PIPA request were reported in these earlier blog posts: February 2016, June 2016, November 2016.
As reported throughout this blog, the plaintiff is also prosecuting defendants Megan McMahon and Taryn Burnett in a lawyer abuse lawsuit with amendments to come arising from their harassment, defamation, fraud, misrepresentations to the courts, and other matters of serious misconduct they inflicted on the plaintiff while they were opposing defence lawyers for Dr. Peter Whidden in the underlying medical malpractice lawsuit. The next court proceeding in the lawyer abuse lawsuit is scheduled to be heard in February 2017.
Update January 12, 2017: Consistent with Gowlings' ongoing delays with proceedings, Gowlings has informed the plaintiff it will delay its ordered access response to the plaintiff beyond the January 12 deadline by up to another 30 days.
