Dockets: T-1423-14
T-1424-14
Citation:
2016 FC 332
Ottawa, Ontario, March 18, 2016
PRESENT: The
Honourable Mr. Justice Martineau
|
Docket: T-1423-14
|
|
BETWEEN:
|
|
FRANK BERTUCCI
|
|
Applicant
|
|
and
|
|
ROYAL BANK OF CANADA
|
|
Respondent
|
|
Docket: T-1424-14
|
|
AND BETWEEN:
|
|
GIUSEPPE
BERTUCCI
|
|
Applicant
|
|
and
|
|
ROYAL BANK OF CANADA
|
|
Respondent
|
JUDGMENT AND REASONS
[1]
These are two applications pursuant to section
14 of the Personal Information Protection and Electronic Documents Act,
SC 2000, c 5 [Act], with respect to Reports of Findings prepared on May 1, 2014
by the Office of the Privacy Commissioner of Canada [OPCC] which held that two
complaints filed against the Royal Bank of Canada [RBC] were not well-founded.
RBC is a Canadian chartered bank that offers financial services to private
individuals.
[2]
In these reasons for judgment, reference to the
parties’ records will be by page number in the applicant’s record [AR 1423
and 1424] or the respondent’s record [RR 1423 and 1424],
while reference to any alleged confidential document will be by tab number or
page number in the “Counsel’s eyes only information” [CEO information] submitted
by the respondent under seal to the Court [CEO 1423 and 1424].
[3]
The two applicants, Mr. Frank Bertucci (file
T-1423-14) and Mr. Giuseppe Bertucci (file T-1424-14) [collectively, the
applicants], seek disclosure of all personal information RBC holds on them,
including information related to the decision to close their bank accounts. Mr. Frank
Bertucci further seeks damages of $20,000 and punitive damages of $5,000,
whereas Mr. Giuseppe Bertucci seeks damages of $10,000 and punitive
damages of $5,000.
[4]
The relevant facts are not at issue.
[5]
Mr. Frank (Francescantonio) Bertucci is a
semi-retired businessman from Montreal. He is known for his work at the human
resources firm Thomson Tremblay. He held a bank account at RBC for over 35
years. Mr. Giuseppe Bertucci is the son of Frank Bertucci. He is currently
President of Thomson Tremblay. He was a client of RBC for over 20 years. In
September 2011, both applicants were also clients of other Canadian banking
institutions and holders of credit cards from other financial institutions. Two
real estate holding companies (3458920 Canada Inc. and 3008576 Canada Inc.) related
to the applicants were also clients of RBC.
[6]
On September 28, 2011, the applicants were
notified that RBC had decided to terminate its relationship with them. They
were given a written notice on the same day (RR 1423 at Tab 2), though this
notice did not provide an explanation for the closing of their bank accounts.
Nevertheless, RBC states that it gave oral reasons for the termination at that
time, indicating that it was not comfortable continuing its relationship with
the applicants. RBC also warned it would be closing the bank accounts of both
companies related to the applicants. The bank accounts were closed on or about
November 15, 2011. The applicants took their business elsewhere.
[7]
On August 2, 2012, the applicants requested that
RBC disclose any personal information it held about them (AR 1423 at Tab 5 and
AR 1424 at Tab 5). On October 2, 2012, RBC replied that it had provided oral
reasons for the closing of the bank accounts on September 28, 2011, that it had
the right to unilaterally close the accounts without notice, that it had not
received any information from a third party, and that all the personal
information sought by the applicants was commercially confidential (AR 1423 at
Tab 6 and AR 1424 at Tab 6).
[8]
On October 2, 2012, RBC confirmed by email that
it was relying on the confidential commercial information exemption in
paragraph 9(3)(b) of the Act. That paragraph provides as follows:
|
When access
prohibited
|
Cas où la
communication est interdite
|
|
9. […]
|
9. […]
|
|
When access
may be refused
|
Cas où la
communication peut être refusée
|
|
(3) Despite the
note that accompanies clause 4.9 of Schedule 1, an organization is not
required to give access to personal information only if
|
(3) Malgré la
note afférente à l’article 4.9 de l’annexe 1, l’organisation n’est pas tenue
de communiquer à l’intéressé des renseignements personnels dans les cas
suivants seulement :
|
|
[…]
|
[…]
|
|
(b) to do so
would reveal confidential commercial information;
|
b) la
communication révélerait des renseignements commerciaux confidentiels;
|
|
[…]
|
[…]
|
|
However, in the
circumstances described in paragraph (b) or (c), if giving access to the
information would reveal confidential commercial information or could
reasonably be expected to threaten the life or security of another
individual, as the case may be, and that information is severable from the
record containing any other information for which access is requested, the
organization shall give the individual access after severing.
|
Toutefois, dans
les cas visés aux alinéas b) ou c), si les renseignements commerciaux confidentiels
ou les renseignements dont la communication risquerait vraisemblablement de
nuire à la vie ou la sécurité d’un autre individu peuvent être retranchés du
document en cause, l’organisation est tenue de faire la communication en
retranchant ces renseignements.
|
[9]
On February 21, 2013, the applicants formally
complained to the OPCC, challenging RBC’s decision not to disclose any personal
information to them. On May 1, 2014, the OPCC issued its Reports of Findings [OPCC
Reports] on the applicants’ complaints, concluding that the matter was not
well-founded and that RBC had justifiably withheld the personal information (AR 1423
and AR 1424 at Tab 10). The OPCC noted that in his correspondence, the
representative of the complainant raised a number of challenges, espousing the
position that, while the internal memoranda regarding RBC’s decision to
terminate its client relationship may be “commercially sensitive”, a
distinction must be made between internal discussions and the records that the
bank relied upon in its decision to terminate (i.e. the “raw data”).
[10]
The OPCC reviewed Office of the Privacy
Commissioner findings for general guidance as to the interpretation of the
exception provided under paragraph 9(3)(b) of the Act, noting that a bank’s
internal credit scoring model had been found to be confidential commercial
information (the Act Case Summaries #2002-39 and #2002-63). The OPCC also noted
that in the Act Report of Findings #2011-010, information generated by a bank’s
internal investigation of alleged credit card fraud could be considered
confidential commercial information and could therefore be exempt from access
under paragraph 9(3)(b). The OPCC stated that in that case, the commercial
interest at stake was “preserving contractual
obligations of confidentiality”, and noted that if such information were
released, “the commercial interests of the respondent
could suffer irreparable harm”, putting merchants with whom the
respondent had contractual obligations of confidentiality at risk. Finally, the
OPCC reviewed the information that RBC withheld from the complainant and
concluded that RBC was entitled to withhold such information, as disclosure
would reveal information that was “treated as confidential by RBC, including
information about the bank’s internal methods for assessing business-related
risks.”
[11]
The applicants filed their applications to the
Court on June 13, 2014. Pursuant to subsection 17(1) of the Act, an application
made under section 14 or 15 shall be heard and determined without delay and in
a summary way unless the Court considers it inappropriate to do so. An
application under section 14 of the Act is a de novo hearing and not a
judicial review (Englander v Telus Communications Inc, 2004 FCA 387 at
paras 47-48 [Englander]). The OPCC Reports are not to be treated as the
impugned decisions but rather as evidence that may be challenged or
contradicted and to which no deference is owed (Englander at para 48). Accordingly,
what is at issue is RBC’s conduct and compliance with the Act (Vanderbeke v
Royal Bank of Canada, 2006 FC 651 at para 12).
[12]
Besides the OPCC Reports, all relevant public
evidence is included in the parties’ records. Four individuals have been
cross-examined in these proceedings:
a) Mr. Frank Bertucci;
b) Mr. Giuseppe Bertucci;
c) Mr. James Dickson, in charge of the Anti-Money Laundering Financial
Intelligence Unit [FIU] at RBC; and
d) Ms. Balraj Lochab, Senior Manager, Regulatory and Complaint Liaison,
Canadian Banking Compliance at RBC.
[13]
The disputed personal information in this case
is subject to the Confidentiality Orders in these matters, dated November 10,
2015. The CEO information, filed under seal pursuant to the Confidentiality
Orders, comprises the same documents in both Court Files. The RBC does not
challenge the fact that the CEO information does indeed contain “personal
information” within the meaning of the definition in subsection 2(1) of the Act
– that is, information about the two applicants.
[14]
While the CEO information has been disclosed to
the applicants’ counsel, but not to the applicants, nothing in the
Confidentiality Orders shall “[l]imit any of the
parties from asserting that any information designated CEO information pursuant
to this confidentiality order is in fact not confidential” (paragraph 14(b)
of the Confidentiality Orders). Moreover, “[t]he terms
and conditions of use of designated CEO information and the maintenance of the
confidentiality thereof during any hearing of this proceeding shall be matters
in the discretion of the judge seized of this matter” (paragraph 16 of
the Confidentiality Orders).
[15]
On January 12, 2016, the Court heard in an in
camera hearing, without the presence of the applicants, the oral
submissions made by the parties’ counsel with respect to the applicants’
allegations and the respondent’s conduct in this matter, particularly their
submissions concerning the withheld CEO information. The Court took the matter
under advisement, including any objections made by the applicants’ counsel that
some documents included in the CEO information booklets are not in fact
confidential.
[16]
The present applications raise the same issue: Can
RBC refuse to provide access to the undisclosed personal information it has
collected about the applicants on the grounds that its disclosure in this case
would reveal confidential commercial information?
[17]
Relying on paragraph 9(3)(b) of the Act, which
states that an organization is not required to give access to personal
information if it would reveal confidential commercial information, the
respondent has argued that the present applications constitute an attempt at
circumventing the legal rule that a bank need not justify its decision to end a
banking relationship. However, the applicants take issue with the qualification
under the Act of the undisclosed personal information that RBC says falls under
the confidential commercial exemption in paragraph 9(3)(b).
Submissions of the applicants
[18]
Personal information is defined under subsection
2(1) of the Act as “information about an identifiable
individual”. Principle 9 found in Schedule I to the Act holds that
exceptions to the access requirement should be limited and specific. The applicants
argue that RBC did not comply with the Act. Pursuant to Principle 4.9, upon
request, an individual should be informed of the existence, use, and disclosure
of his or her personal information and should be given access to that
information. An individual should also be able to challenge the accuracy and
completeness of the information and have it amended as appropriate. The applicants
submit that the purpose of the Act is to allow individuals to understand the
nature of the information that is held concerning them, and to allow them to
have the opportunity to correct this information should there be a need to do
so.
[19]
In the case at bar, the applicants argue that
RBC could have disclosed a redacted version of its risk assessment analysis.
First, the cross-examination of Mr. Dickson revealed that clients are in fact
informed when they are considered “too risky”, although this information was
never communicated to the applicants in the present case. Second, the redaction
of certain information would sufficiently protect any confidential commercial
information. Instead, the applicants submit that RBC applied a blanket
exemption under paragraph 9(3)(b) of the Act in order to withhold the entirety
of information in the applicants’ files. Third, the applicants submit that RBC
has provided insufficient evidence that it properly reviewed the personal
information before refusing disclosure. The only evidence was provided by Ms.
Lochab, who did not actually work on the original access to information
request.
[20]
The applicants argue that there is something
manifestly wrong with the way the respondent has approached their file. The Act
grants individuals a quasi-constitutional right to access their personal
information and to verify the accuracy of such information, subject to a
limited set of exceptions. Disclosure of personal information is the rule, and
withholding such information is the exception. The applicants wish to access
the personal information related to RBC’s decision to terminate their banking
relationship, not so that they may try to re-establish this relationship, but
rather so that they may have the opportunity to correct any information that
may be inaccurate and that may continue to have a negative impact on their
lives in the future. To this end, counsel for the applicants argue that with
the exception of the first document filed under seal [CEO 1423 and 1424 at Tab
1], the majority of the remainder of the CEO information [CEO 1423 and 1424 at
Tabs 2 to 6] should have been disclosed. Indeed, there is no convincing
evidence presented by the respondent in these proceedings that these latter
documents were even treated as confidential by RBC personnel.
[21]
The applicants also submit that the respondent’s
argument that the CEO information is confidential commercial information
because it relates to RBC’s risk tolerance level and its decision to terminate
the banking relationship is antithetical to the purpose of the Act, which is
legislation of a quasi-constitutional nature. They argue that this reading of
the legislation would create a two-tiered system in which the kind of personal
information disclosed by an institution would differ depending on whether it
was requested before or after a decision to terminate. The applicants submit
that this interpretation is unacceptable. The applicants also underline that
the exceptions to the disclosure of personal information under the Act are not
intended to provide a cover for those wishing to avoid controversy and
embarrassment, which the applicants suggest is the motivation behind RBC’s
refusal to disclose information in the present case.
[22]
The applicants submit that RBC should be ordered
to disclose all of the personal information it holds on them. This Court should
be flexible, pragmatic and use common sense in balancing RBC’s interests
against the applicants’ (Englander at para 46). In the present case, the
applicants were given no information about RBC’s reasons for terminating their
relationship, not even redacted documents or a summary of the information RBC
relied upon. The applicants thus seek the disclosure of information that
directly affects them, that has apparently had a prejudicial effect on the
RBC’s perception of them, and that may very well be erroneous. In the
alternative, they seek the requested information that is severable from the
“confidential commercial information” or a general summary thereof. However, if
giving access to the information would reveal confidential commercial
information that is severable from other information for which access is
requested, subsection 9(3) of the Act provides that the organization shall give
the individual access after severing.
[23]
Finally, the applicants seek damages and
punitive damages pursuant to subsection 16(c) of the Act. Damages should be
awarded in light of the general objects and values of the Act and to deter
similar action in the future (Nammo v TransUnion of Canada Inc, 2010 FC
1284 at paras 71 and 76 [Nammo]). The applicants argue that they
should receive damages because they were humiliated and suffered significant
prejudice from having to make alternative banking arrangements. They continue
to have difficulties opening bank accounts and obtaining credit. As for
punitive damages, they are reasonable according to the principles set out by
Justice Phelan in Chitrakar v Bell TV, 2013 FC 1103 at paras 24-28.
Submissions of the respondent
[24]
The respondent submits that banks are not
required to provide specific reasons for terminating a customer’s account, only
to provide reasonable notice (see e.g. Pourshafiey c Toronto Dominion Bank,
2012 QCCS 5635 at para 14). In the present case, the applicants were provided
with seven weeks to transfer their funds. The respondent argues that the
present applications constitute an attempt at circumventing the legal rule that
a bank need not justify its decision to end a banking relationship.
[25]
According to the respondent, the applicants
confirmed in October 2012 that they only sought the information specifically
identified in their August 2012 letters, that is: (1) all information that the
Bank relied upon in deciding to terminate the banking relationships; (2) all
correspondence mentioning the applicants related to the decision to terminate
the banking relationships; and (3) all information about the applicants that
RBC obtained from a third party between January 1, 2011 and August 2, 2012,
regardless of whether or not it was relied upon to terminate the banking
relationships. Thus RBC did not apply any “blanket exemption”. Rather, all the
“raw information” sought by the applicants is already in their possession as it
is either information they provided to RBC or information that had been
previously provided to them (such as bank statements).
[26]
The respondent argues that all the personal
information remaining in its possession is exempt because it would reveal
confidential commercial information. For the exemption to apply, RBC must
demonstrate that the information has commercial value and is expressly or
implicitly confidential. The respondent points out that in earlier cases, the
OPCC held that a bank’s credit scoring models and internal investigation into
alleged credit card fraud were confidential commercial information protected by
paragraph 9(3)(b) of the Act. The respondent states that the term “confidential
commercial information” is not defined in the Act, but notes that the OPCC
held, in Case Summary #39, that it is useful to consider such information as
being analogous to “trade secrets.”
[27]
To this end, the OPCC notes that it is helpful
in determining whether information is “confidential” to consider the factors
commonly used by the courts in determining what constitutes a trade secret,
namely:
•
the extent to which the information is generally
known;
•
whether it is known to others in the same
business or trade;
•
whether it is known within the organization;
•
whether someone outside the organization could
acquire the information independently;
•
the extent to which the organization takes special
measures to ensure the secrecy of the information; and
•
whether the information is in some way unique or
original.
[28]
The same Case Summary also indicates a range of
factors to be considered in determining whether information is “commercial” or
“business” information, including:
•
the economic value of the information;
•
the value of the information to the
organization;
•
the value of the information to competitors of
the organization;
•
whether the information provides the
organization with an advantage over competitors; and
•
the expenditure of resources, time and
independent effort in developing and protecting the information.
[29]
In the present case, the respondent argues that
disclosing which information RBC reviews to determine the business-related
risks of an existing client would reveal its internal risk assessment criteria,
methods and tolerance level. As Mr. Dickson’s affidavit demonstrates, the RBC
clearly regards the requested information as confidential commercial
information. The respondent also asserts that the very information that RBC
chooses to review to determine the business-related risk of an existing client
forms part of the multi-factor approach used by RBC to assess such risk. RBC’s
desire to keep this information confidential is also consistent with industry
standards and with its internal practices, and the information holds important
economic value.
[30]
Indeed, the essence of the respondent’s argument
is that any information – to the extent that it has been selected as
relevant by RBC for its risk assessment processes – reveals something about
these processes, and must therefore be considered confidential commercial
information. In this way, it is the decision by RBC to consider a document as
relevant that must be taken into account, rather than the content of the
document itself. As a result, even a “public” document such as a newspaper
article constitutes confidential commercial information if it has been retained
as part of the institution’s intelligence gathering activities. The CEO
information, if disclosed, would give competitors insight into the weight RBC
gives to various risk factors in a banking relationship, revealing RBC’s
thresholds and tipping points.
[31]
Based on the nature of the CEO information, it
can also be surmised that the respondent does not wish to be held publicly
accountable for its decisions relating to the accounts of clients who are the
subject of serious allegations or damaging hearsay-type information, as such
information could harm RBC’s reputation. This concern was not stated explicitly
by counsel for the respondent during the hearing, but nonetheless seems to
subtend the respondent’s arguments. As a result, the Court must consider how to
balance the reputational and commercial concerns of the respondent, as a
banking institution, against the reputational concerns of the applicants as
individuals.
[32]
The respondent maintains that it properly
reviewed the applicants’ files. The jurisprudence requires a “reasonable
search” (Johnson v Bell Canada, 2008 FC 1086 at paras 42‑43).
Ms. Lochab, who was given full access to RBC’s documents, gave evidence confirming
that this standard was met.
[33]
Finally, the respondent submits that there is no
basis for awarding damages. Damages should only be awarded when there has been
a serious or outrageous breach of the Act (Blum v Mortgage Architects Inc,
2015 FC 323 at para 19 [Blum]), yet RBC did not breach the Act.
Moreover, there is no evidence that the applicants suffered any prejudice from
RBC’s termination of their banking relationship, or that the problems they
might have had with other banks were caused by RBC. Moreover, punitive damages
are intended to sanction malicious and outrageous behaviour (Biron v RBC
Royal Bank, 2012 FC 1095 at para 39 [Biron]), which has not been
proven in this instance. The cases cited by the applicants can be distinguished
because they awarded damages for wrongful disclosure of information to third
parties or involved exceptional facts.
Determination
[34]
The Act is quasi-Constitutional legislation (Nammo
at para 74), and in interpreting this legislation, the Court must strike a
balance between protecting the right of privacy and facilitating the
collection, use and disclosure of personal information (Englander at
para 46). The Act also serves an important role in ensuring a degree of
accuracy with respect to this personal information. As the Supreme Court stated
in Canada v Blood Tribe Department of Health, 2008 SCC 44 at para 13:
Individuals are often unaware of the nature
and extent of information about themselves being collected and stored by
numerous private organizations […]. Some of this information may be quite
inaccurate. […] Accordingly, Parliament recognized that a corollary to the
protection of privacy is the right of individuals to access information about
themselves by others in order to verify its accuracy.
[35]
A balanced approach must be adopted in light of
the quasi-constitutional nature of the Act, and courts cannot simply defer to the
general qualification given by an organization to the information withheld under
paragraph 9(3)(b) of the Act. In the present case, I find that the confidential
commercial information exception does not apply to the personal information
contained in the CEO information, save and except the information at Tab 1 and
part of Tab 4. I find the reasons advanced by the respondent for not disclosing
such personal information unconvincing and not substantiated by affidavit
evidence. There must be articulate reasons for denying access to any particular
document. Based on the affidavit evidence submitted by the respondent, the Court
is not satisfied that the withheld information is “confidential commercial
information” in light of the relevant factors identified by the OPCC and the
Court, nor that it was impossible to provide a redacted version of a document
containing any confidential commercial information.
[36]
I dismiss the arguments made by the respondent
and I basically endorse the written arguments made by the applicants and the
oral arguments made by their counsel during the in camera hearing, which
have already been summarized above. Therefore, I will not repeat these
arguments, except to make the following additional observations concerning the
qualification of the disputed documents included in the CEO information.
[37]
For the purpose of providing articulate reasons
that enable the applicants to follow the Court’s reasoning, I am satisfied that
an edited version of the list of documents included in the CEO information is
not confidential information within the meaning of the Confidentiality Orders. In
essence, the disagreement in this matter centres on the definition and extent
of what may be considered “confidential commercial information” for the
purposes of the exception under paragraph 9(3)(b) of the Act.
[38]
Without revealing the particular content of the
CEO information that is subject to the Confidentiality Orders, the disputed
documents may nonetheless be generally identified as the following:
a) An “Enhanced Due Diligence Report” prepared by and for the RBC FIU
[CEO 1423 and 1424 at Tab 1];
b) Information relating to “Sales Platform” and “AMLS Incidents” [CEO
1423 and 1424 at Tab 2];
c) Excel spreadsheets relating to banking transactions [CEO 1423 and
1424 at Tab 3];
d) An internal email about account activity and attachments [CEO 1423
and 1424 at Tab 4];
e) A newspaper article [CEO 1423 and 1424 at Tab 5];
f) Syfact reports from RBC personnel [CEO 1423 and 1424 at Tab 6].
[39]
In the present case, it appears that much of the
applicants’ personal information that is being held by the respondent is in
fact simply “raw data” – information that, if disclosed, would not reveal confidential
practices, techniques or analysis of a commercial nature, falling within the
exemption at paragraph 9(3)(b). This information is not of the nature of a
credit-scoring model (as per the Act Case Summaries #2002-39 and #2002-63), nor
can it be reasonably described as being akin to a “trade secret.” Rather, for
the most part, this information seems not to have been analyzed or treated as
confidential at the time of its creation. Moreover, the standard for justifying
the withholding of information under paragraph 9(3)(b) of the Act is very high
(see Act Case Summary #2002-39). Therefore, the respondent’s argument that the
disclosure of the information it has collected might reveal RBC’s risk thresholds
or tolerance level is insufficient to justify the withholding of information
that is not otherwise confidential or which does not demonstrate – apart from
the very fact of its collection or retention – any further analysis by RBC.
[40]
With respect to Tab 1 of the CEO information,
counsel for the respondent conceded at the hearing that the majority of the
Enhanced Due Diligence Report contained at this Tab, and prepared by the RBC
FIU, could indeed be classified as confidential commercial information. However,
they submitted that portions of this document – namely, the title, date, name
of the Investigator who prepared the report, and one line of the report’s
conclusion – could be severed and disclosed. Nevertheless, I find that such
severance would be inappropriate under the circumstances, as the document as a
whole was clearly considered to be confidential at the time of its production, and
is marked as such.
[41]
Tab 2 of the CEO information, which contains information
relating to “Sales Platform” and “AMLS Incidents” [CEO 1423 and 1424 at Tab 2],
appears to be related to the records of the applicants, and there is no
indication that it is confidential commercial information or that it has been
analysed in any way.
[42]
At Tab 3 of the CEO information, the Excel
spreadsheets containing supposedly analyzed (according to the respondent)
banking transactions appear to be the records the bank relied upon in its
decision to terminate (i.e. the “raw data”), and I see no reason why any such
“raw data” can be considered confidential commercial information.
[43]
With respect to Tab 4 of the CEO information, the
internal email about account activity should be severed and some of the
attached account information should be disclosed. The email itself [CEO 1423
and 1424 pages 46-47] appears to demonstrate some internal analysis by RBC of
the applicants’ files and their associated risk. As a result, this information
would fall within the confidential commercial information exception. However,
the attached “DDA Information” [CEO 1423 and 1424 pages 48-62], the Excel
spreadsheets [CEO 1423 and 1424 pages 63-68], and the account information
contained at CEO 1423 and 1424 pages 69-81, all appear to be “raw data”, rather
than “confidential commercial information”, and should be disclosed. The attached
Enhanced Due Diligence Report [CEO 1423 and 1424 pages 81-91] is a copy of the
document found at Tab 1, and should not be disclosed for the reasons already
given. On the other hand, the newspaper article [CEO 1423 and 1424 page 92 –
also found at Tab 5 of the CEO information], is a public document reporting on
serious allegations in connection with one of the applicants; it has nothing to
do with confidential commercial information and should therefore be disclosed.
[44]
Syfact is a case management software. The Syfact
reports found at Tab 6 of the CEO information are internal documents from RBC
personnel reporting on a number of separate incidents (QC20031457,
E200507-0130, E200606-0365, E200905-0727, E200901-1422, E200906-0954,
E201007-1012 and E201103-0567). A number of the Syfact entries indicate that
the applicants had been advised of the information contained therein and that
the incident was resolved after investigation. Since this information was not
treated as confidential at the time of its creation, it cannot be withheld
under the confidential commercial information exception. In addition, since the
Syfact reports include comments that contain potentially prejudicial hearsay
information, the applicants have a strong quasi-constitutional interest in
ensuring that any such damaging information concerning their reputation be
corrected.
[45]
Having reviewed the CEO information and
considered the written and oral representations made by counsel in light of the
parties’ evidence and applicable legal principles, the Court has decided to
allow, in part, the two applications. Accordingly, the Court will order the
respondent to provide to the applicants, within 45 days of the present
judgment, a copy of all undisclosed personal information related to the applicants
it has in its possession, including the CEO information submitted by the
respondent under seal to the Court, save and except the following confidential
commercial information: a) the “Enhanced Due Diligence Report” (CEO 1423
and 1424 at Tab 1); and b) the internal email about account activity (CEO 1423
and 1424 pages 46-47) and the attached “Enhanced Due Diligence Report”
(CEO 1423 and 1424 pages 81-91 found in Tab 4 of the CEO information). In the
case that the personal information ordered to be disclosed by the Court
contains the names of any individual or personal information about any
individual, other than the applicants, it shall be redacted or blacked out by
the respondent.
[46]
I will now briefly address the issue of damages.
[47]
The evidence of damages, if any, submitted by
the applicants is unconvincing and does not support an award of damages
(general or punitive). I agree with the respondent that there are no general
damages suffered by the applicants. I also agree with the respondent that this
is not a case where punitive damages should be awarded. This Court has held
that damages should only be awarded in cases where they are substantially
justified and would further the objectives of PIPEDA (Blum at para 60). A
deterrent effect on future breaches and the seriousness of the breach should
also be considered (Nammo at para 76; Girao v Zerek Taylor Grossman
Hanrahan LLP, 2011 FC 1070 at paras 46‑48). In the present case,
there is little evidence on the record that the applicants suffered hardship or
difficulties in having to make alternative banking arrangements, other than a
feeling of humiliation. In 2011, they were both clients at other banks and were
able to transfer their funds elsewhere. In any event, there is insufficient
evidence that the difficulties the applicants may have experienced with other
financial institutions were caused by RBC’s actions. Punitive damages are also
inappropriate in this case, as the applicants have not proven that the
withholding of information constituted behaviour that is “so malicious and outrageous as to warrant an award of
punitive damages” (Biron at para 41). Moreover, based on the
correspondence found in the record, RBC appears to have fully cooperated with
the applicants and the OPCC, and did not materially benefit from the
non-disclosure.
[48]
Considering that the applications are allowed in
part and the circumstances of this case, the applicants will be entitled to
their costs against the respondent.
Email this Content