Docket:
T-358-13
Citation: 2013 FC 1103
Ottawa, Ontario, October 29, 2013
PRESENT: The Honourable Mr. Justice Phelan
|
BETWEEN:
|
|
RABI CHITRAKAR
|
|
Applicant
|
|
and
|
|
BELL TV
|
|
Respondent
|
REASONS FOR JUDGMENT AND JUDGMENT
I. INTRODUCTION
[1]
This is an application and claim for damages
made pursuant to subsection 14(1) of the Personal Information Protection and
Electronic Documents Act, SC 2000, c 5 [PIPEDA]. The Applicant, Mr.
Chitrakar, claimed $20,000 for breach of privacy and Charter rights; aggravated
damages for emotional pain, anguish, anxiety and humiliation; and punitive
damages in the amount of $15,000 for Bell TV’s malicious and high-handed
conduct and negligence.
In
this proceeding, Mr. Chitrakar acted on his own behalf. Bell TV never responded
to this proceeding.
II. BACKGROUND
[2]
The scheme of PIPEDA establishes a form of
statutory test for breach of privacy. The Court can order certain remedial
action as well as award damages.
|
14. (1) A complainant may, after
receiving the Commissioner’s report or being notified under subsection
12.2(3) that the investigation of the complaint has been discontinued, apply
to the Court for a hearing in respect of any matter in respect of which
the complaint was made, or that is referred to in the Commissioner’s report,
and that is referred to in clause 4.1.3, 4.2, 4.3.3, 4.4, 4.6, 4.7 or 4.8 of Schedule
1, in clause 4.3, 4.5 or 4.9 of that Schedule as modified or
clarified by Division 1, in subsection 5(3) or 8(6) or (7) or in section 10.
|
14. (1) Après avoir reçu le rapport du
commissaire ou l’avis l’informant de la fin de l’examen de la plainte au
titre du paragraphe 12.2(3), le plaignant peut demander que la Cour
entende toute question qui a fait l’objet de la plainte — ou qui est
mentionnée dans le rapport — et qui est visée aux articles 4.1.3, 4.2, 4.3.3,
4.4, 4.6, 4.7 ou 4.8 de l’annexe 1, aux articles 4.3, 4.5 ou
4.9 de cette annexe tels qu’ils sont modifiés ou clarifiés par la section 1,
aux paragraphes 5(3) ou 8(6) ou (7) ou à l’article 10.
|
|
16. The Court may, in addition to
any other remedies it may give,
(a) order
an organization to correct its practices in order to comply with sections 5
to 10;
(b) order
an organization to publish a notice of any action taken or proposed to be
taken to correct its practices, whether or not ordered to correct them under
paragraph (a); and
(c) award
damages to the complainant, including damages for any humiliation that the
complainant has suffered.
|
16. La Cour peut, en sus de toute
autre réparation qu’elle accorde :
a)
ordonner à l’organisation de revoir ses pratiques de façon à se conformer aux
articles 5 à 10;
b) lui
ordonner de publier un avis énonçant les mesures prises ou envisagées pour
corriger ses pratiques, que ces dernières aient ou non fait l’objet d’une
ordonnance visée à l’alinéa a);
c) accorder
au plaignant des dommages-intérêts, notamment en réparation de l’humiliation
subie.
(Court’s
underlining)
|
[3]
Schedule 1 to PIPEDA sets forth a number of
principles. Pursuant to s 5, compliance with the Schedule is mandatory. The
pertinent provisions are as follows:
|
4.3
Principle 3 – Consent
The knowledge and consent of the
individual are required for the collection, use, or disclosure of personal
information, except where inappropriate.
|
4.3
Troisième principe — Consentement
Toute personne doit être informée de
toute collecte, utilisation ou communication de renseignements personnels qui
la concernent et y consentir, à moins qu’il ne soit pas approprié de le
faire.
|
|
4.3.1
Consent is required for the collection of
personal information and the subsequent use or disclosure of this
information. Typically, an organization will seek consent for the use or
disclosure of the information at the time of collection. In certain
circumstances, consent with respect to use or disclosure may be sought after
the information has been collected but before use (for example, when an
organization wants to use information for a purpose not previously
identified).
|
4.3.1
Il faut obtenir le consentement de la
personne concernée avant de recueillir des renseignements personnels à son
sujet et d’utiliser ou de communiquer les renseignements recueillis.
Généralement, une organisation obtient le consentement des personnes
concernées relativement à l’utilisation et à la communication des renseignements
personnels au moment de la collecte. Dans certains cas, une organisation peut
obtenir le consentement concernant l’utilisation ou la communication des
renseignements après avoir recueilli ces renseignements, mais avant de s’en
servir, par exemple, quand elle veut les utiliser à des fins non précisées
antérieurement.
|
[4]
On December 1, 2010, Chitrakar ordered satellite television service from
Bell. He was a first-time Bell customer and had no credit history with Bell.
[5]
The service was installed on December 31, 2010. At that time Chitrakar
was required to provide his signature on what is known as a POD Machine (Proof
of Delivery Device). A photo of a similar type machine was entered as an
exhibit. It is a 3” x 3” digital box which allows only for a signature.
Chitrakar believed that he was simply confirming delivery of the satellite
system.
[6]
What Bell did with the signature was to embed it on its Bell TV Rental
Agreement – a multi-page document in small print - and to then use the Rental
Agreement. Chitrakar was not given a copy of the Rental Agreement at that time.
[7]
This dubious contracting process was compounded by the provision in the
Rental Agreement (Clause 5) which authorizes Bell to perform credit checks on a
customer.
[8]
After service was installed, Chitrakar ordered his credit report at
which time he learned that Bell had accessed his credit history on December 1,
2010. It was not until December 31, 2010 that the service was installed at
Chitrakar’s home and he signed the POD Machine. Leaving aside concerns with the
validity of Bell transferring Chitrakar’s signature from the POD Machine to the
Rental Agreement, the credit check was conducted one month before Mr. Chitrakar
signed anything.
[9]
As the Privacy Commissioner learned while investigating Chitrakar’s
complaint, the type of credit check in this case was a “hard pull” where credit
information is revealed. A concentration of a number of “hard pulls” within a
certain time frame negatively affects the individual’s credit score.
[10]
Chitrakar called Bell in March 2011 to obtain clarification of the
credit check and filed a complaint with Bell’s privacy officer. A Bell customer service representative [CSR] in a voicemail message apologized on behalf of Bell for failing to inform Chitrakar at the time he ordered the satellite service that a
credit check would be performed.
[11]
Not satisfied with a voicemail apology, Chitrakar began a process of
phone calls between March and May which engaged several Bell employees
including managers. Chitrakar informed the Court that at some point the Bell representative advised that he/she would not speak further with him. The description
of the interplay is best described as the “royal runaround”.
[12]
In May, Bell agreed to release Chitrakar from his contract but there was
no resolution of his privacy concerns. He filed a complaint with the Privacy
Commissioner.
[13]
The Privacy Commissioner learned that what happened to Chitrakar was
contrary to policy but that Bell could not locate any relevant records
concerning this case. Bell could not confirm the identity of the CSR who took
Chitrakar’s order, nor whether the CSR had taken the training that dealt with Bell’s policies and procedures or whether any remedial steps were taken. However, Bell was able to assert that the CSR was no longer in its employ.
[14]
The Privacy Commissioner noted politely that these circumstances were
“troubling”. Bell’s response was disingenuous in denying the identity of the
CSR and yet asserting that the CSR was no longer employed with Bell.
[15]
The Privacy Commissioner found that Chitrakar’s complaint was well founded.
There were a few recommendations to Bell but because Bell did not appear (despite
having been served with these proceedings), its response to these
recommendations is unknown.
III. ANALYSIS
[16]
While it is not a precondition to the right for damage that the Privacy
Commissioner conclude the complaint is “well founded”, the Commissioner did so.
[17]
I accept the Commissioner’s Report as an accurate reflection of events.
[18]
Bell’s conduct in this matter is reprehensible in respect to Chitrakar’s
privacy rights. Not only did Bell violate those rights, it has shown no
interest in compensation or apparently any interest in addressing the CSR’s
actions nor in following the Privacy Commissioner’s remedial recommendations.
Its failure to appear in this Court is consistent with its disregard of Chitrakar’s
privacy rights.
[19]
I conclude that Bell has violated Chitrakar’s privacy rights under
PIPEDA, particularly Article 4.3, by conducting a credit check without his prior
consent.
[20]
In terms of the effect of this violation, a “hard check” has adverse
consequences as it begins a route to lowering a person’s credit score.
[21]
Chitrakar also pointed out that subsequent to these events, he was
denied a student loan – the first time a loan request was denied in 10 years.
However, there is no direct evidence that Bell’s actions had any influence on
this loan refusal.
[22]
As noted earlier, Bell has taken no steps to compensate for breach of
Chitrakar’s privacy rights. The termination of the Rental Agreement simply
addresses the legal infirmities of the manner in the Rental Agreement’s
execution.
[23]
Chitrakar asks for damages in respect of breach of privacy and Charter
rights. Damages for Charter rights’ violations are not covered under PIPEDA.
[24]
The fixing of damages for privacy rights’ violations is a difficult
matter absent evidence of direct loss. However, there is no reason to require
that the violation be egregious before damages will be awarded. To do so would
undermine the legislative intent of paragraph 16(c) which provides that
damages be awarded for privacy violations including but not limited to damages
for humiliation.
[25]
Privacy rights are being more broadly recognized as important rights in
an era where information on an individual is so readily available even without
consent. It is important that violations of those rights be recognized as
properly compensable.
[26]
The Court must bear in mind such factors as meaningful compensation,
deterrence and vindication (see Vancouver (City) v Ward, 2010 SCC
27, [2010] 2 S.C.R. 28).
[27]
In this case, Chitrakar had his rights violated in a real sense with
potentially adverse consequences. Bell is a large company for whom a small
damages award would have little material impact. Chitrakar spent a considerable
period dealing with the Bell bureaucracy and in pursuing his claim. These
factors suggest that a damages award should not be minimalistic.
IV. CONCLUSION
[28]
Therefore, I would award Chitrakar damages of $10,000. I would also
award exemplary damages of $10,000 for Bell’s conduct at the time of the breach
of the privacy rights and thereafter. I take account of Bell’s dealings with
Chitrakar as well as its reactions to the Privacy Commissioner and her
recommendations and its failure to take these proceedings seriously.
[29]
I would also award $1,000 for disbursements and other costs.
Email this Content