skip to main content
Back to all blog posts

Posted in: Data Security/Privacy

Nov 17, 2016

Supreme Court of Canada Rules with a Bout of Common Sense in Interpreting Privacy Laws

By Paige Backman

The Supreme Court of Canada ("SCC") issued a judgment today interpreting Canada's private sector privacy laws in a manner that was rife with common sense. Privacy laws in Canada have been held by some to impose unnecessary obstacles to traditional, and what some argue are appropriate, business practices. Occasionally, this position is espoused by businesses who wish to use personal information for their commercial gain and they feel it should be their unfettered right to do so. However, in many instances, business are legitimately stymied by privacy laws and the unnecessary obstacles and costs they impose. One case of the latter is Royal Bank of Canada v. Trang ("RBC v. Trang"). This case was granted leave to appeal by the Supreme Court of Canada from Ontario's Court of Appeal (where all five justices were sitting).

The facts in RBC v. Trang are not sexy, but the results of the decision are important. The facts of RBC v. Trang are as follows:

The Royal Bank of Canada ("RBC") is a judgment creditor of Phat and Phuong Trang ("debtors") and seeks a sheriff's sale of the debtors' property, for which the sheriff requires a mortgage discharge statement. RBC had been unable to obtain the mortgage discharge statement from the debtors. RBC sought to obtain the mortgage discharge statement from the Bank of Nova Scotia ("Scotiabank"), the debtors' mortgagee. Scotiabank refused on the grounds that privacy laws prevented the disclosure without the consent of the debtors. RBC thus brought a motion to compel Scotiabank to produce the mortgage discharge statement. RBC's motion was dismissed and the majority of the Court of Appeal upheld the motion judge's decision.

Today, the Supreme Court of Canada issued its decision concluding that the appeal should be allowed. Scotiabank was ordered to produce the mortgage discharge statement to RBC.

In reaching this conclusion, the Supreme Court of Canada took a common sense approach in interpreting the Personal Information Protection and Electronic Documents Act ("PIPEDA"), Canada's federal private sector privacy law.

For the part of the decision that has narrow application, the SCC concluded that an order requiring disclosure can be made by a court if either the debtor fails to respond to a written request that he or she sign a form consenting to the provision of the mortgage discharge statement to the creditor, or fails to attend a single judgment debtor examination. A creditor who has already obtained a judgment, filed a writ of seizure and sale, and completed one of the two above-mentioned steps has proven its claim and given notice. Provided the judgment creditor serves the debtor with the motion to obtain disclosure, the creditor should be entitled to an order for disclosure. A judgment creditor in such a situation should not be required to undergo a cumbersome and costly procedure to realize its debt.

The reasoning of the SCC that has broader application is the Supreme Court of Canada's interpretation of persons who can imply consent under PIPEDA. Schedule 1, cl. 4.3.6 of PIPEDA acknowledges that consent to disclosure for the purposes of the statute can be implied in certain circumstances, including where the information was "less sensitive." In determining the circumstances in which consent can be implied, the Supreme Court of Canada concluded that the surrounding context to matter at hand was important and offered up factors to consider. The Supreme Court of Canada found that the sensitivity of information must be assessed in the context of the related information already in the public domain, the purpose served by making the related information public, and the nature of the relationship between the parties at issue and directly-affected third parties. In this instance, the legitimate business interests of other creditors are a relevant part of the context which informs the reasonable expectations of the mortgagor. Also relevant is the identity of the party seeking disclosure and its purpose for doing so.

The SCC determined that a mortgage discharge statement is not something that is merely a private matter between the mortgagee and mortgagor, but rather is something on which the rights of others depends, and accordingly is something they have a right to know. The SCC found that a reasonable mortgagor would be aware that the financial details of their mortgage were publicly registered on title and that default on a debt could result in a judgment empowering the sheriff to seize and sell the mortgaged property. Furthermore, the SCC found that a reasonable mortgagor would know that a judgment creditor in such circumstances has a legal right to obtain disclosure of the mortgage discharge statement through examination or by bringing a motion. A reasonable person borrowing money knows that if he/she defaults on a loan, his/her creditor will be entitled to recover the debt against his/her assets. It follows that a reasonable person expects that a creditor will be able to obtain the information necessary to realize on his or her legal rights.

Ultimately, the Supreme Court of Canada found that consent for the purpose of assisting a sheriff in executing a writ of seizure and sale was implicitly given at the time the mortgage was given. As a result, Scotiabank is not precluded by PIPEDA from disclosing the mortgage discharge statement to RBC.

Privacy rights are important rights to protect, and finding the right balance with other interests are often challenging. In this instance, the Supreme Court of Canada found a good balance. It's disappointing that we needed to go to the Supreme Court of Canada to get this.

Related Categories

Related Blogs

Posted in: Data Security/Privacy

Insights TheSpotlight
Phishing Risk Deemed Sufficient in Alberta to Trigger “Real Risk Of Significant Harm” Threshold By Steve J. Tenai Mar 13, 2018 Since 2010, Alberta’s Personal Information Protection Act (“PIPA”) requires private sector organizations to notify the Office of the Information and Privacy Commissioner (“OIPC”) of a breach of personal information where a “reasonable person would con...

Posted in: Data Security/Privacy

Insights TheSpotlight
Cybersecurity Disclosure Guidance for Public Companies By Steve J. Tenai Mar 01, 2018 On February 21, 2018, the United States Securities and Exchange Commission issued interpretive guidance on cybersecurity disclosure obligations for public companies subject to U.S. securities laws. The Guidance underscores that public companies should inform investors about material cybersecurity...

Posted in: Data Security/Privacy

Insights TheSpotlight
Embracing Artificial Intelligence at Your Law Firm 3 Keys to Successfully Introducing AI By Aaron Baer Jan 05, 2018 Advances in technology are transforming entire industries: Airbnb and Uber have wreaked havoc on the hotel and taxi industries; Netflix and online-streaming have turned the media industry on its head; self-driving cars are set to revolutionize the automotive industry.