The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Friday, December 03, 2004

Privacy law and insolvent companies 

There has been no shortage of criticism of the Personal Information Protection and Electronic Documents Act (PIPEDA). Some say it is simply weird by incorporating an external standard (in this case the Canadian Standards Association Model Code for the Protection of Personal Information). Some say it is hard to follow because it is full of principles rather than rules. Others think it is unmanageable. Others say it is toothless.

One thing that most agree on is that there is an important aspect provision that was simply forgotten: there is nothing in the law that would allow the disclosure of a customer list either as a prelude to or in the course of a business acquisition. Theoretically, you can't disclose a customer list as part of due diligence, nor can you provide details of key employees (if the company in question is a federal work, undertaking or business) unless you have the consent of the individuals concerned.

One exception to the consent rule is that you can disclose personal information without consent if the disclosure is:

"7(3)(c) required to comply with a subpoena or warrant issued or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of court relating to the production of records;"

Some clever insolvency practitioners have taken advantage of paragraph 7(3)(c) in PIPEDA and the huge discretion given to judges under the Companies' Creditors Arrangement Act (CCCA) to deal with this problem when the anticipated acquisition is related to the court supervised sale of a business under the CCAA. A recent order of the Quebec Superior Court in Re Strategy First Inc. includes a reference to PIPEDA and gives the court's blessing to due diligence disclosure and post-closing disclosure of personal information:

"[44] ORDERS that, pursuant to subparagraph 7(3)(c) of the Personal Information Protection and Electronic Documents Act, S.C. 2000, c.5, the Petitioner is permitted in the course of these proceedings to disclose personal information of identifiable individuals in its possession or control to stakeholders or prospective investors, financiers, buyers or strategic partners and to their advisers (individually, a 'Third Party'), to the extent desirable or required to negotiate and complete the Restructuring or the preparation and implementation of the Plan or a transaction in furtherance thereof, provided that the Persons to whom such personal information is disclosed enter into confidentiality agreements with the Petitioner binding them to maintain and protect the privacy of such information and to limit the use of such information to the extent necessary to complete the transaction or Restructuring then under negotiation. Upon the completion of the use of personal information for the limited purpose set out herein, the personal information shall be returned to the Petitioner or destroyed. In the event that a Third Party acquires personal information as part of the Restructuring or the preparation and implementation of the Plan or a transaction in furtherance thereof, such Third Party shall be entitled to continue to use the personal information in a manner which is in all material respects identical to the prior use of such personal information by the Petitioner;"

One additional aspect of interest is that the Order requires acquirors to use the personal information in the manner in which it was used by the original custodian.

Ok, one more interesting thing: The order was made by the Quebec court. Presumably, it was dealing with a Quebec company that is not a federal work, undertaking or business. But ... PIPEDA doesn't apply in Quebec to such companies, but I guess it doesn't hurt to throw it in.

Labels: ,

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs