Railway employee denied access to letter in employment file
PIPEDA Case Summary #2002-103
[Principle 4.9, Schedule 1; section 9(1), section 9(3)(c)]
An individual complained that his employer, a railway company, refused him access to a part of his personal information that he had requested.
Specifically, he alleged that, in responding to his requests for a copy of a letter that the company sent to his personal physician, the company withheld the letter from him.
Summary of Investigation
The investigation revealed and the company did not dispute that it had in fact withheld the letter from the complainant as it was relying upon exempting provisions of the Act, sections 9(1) and 9(3).
Issued December 19, 2002
Jurisdiction: As of January 1, 2001, the Personal Information Protection and Electronic Documents Act applies to any federal work, undertaking, or business. The Commissioner has jurisdiction in this case because a railway company is a federal work, undertaking, or business as defined in the Act.
Application: Principle 4.9 states that upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. Section 9(1) states in part that an organization shall not give an individual access to personal information if doing so would likely reveal personal information about a third party. Section 9(3)(c) states that an organization is not required to give access to personal information if to do so could reasonably be expected to threaten the life or security of another individual.
The Commissioner was required to determine whether the company had properly invoked section 9(1). In other words, did the letter in question reveal personal information about a third party?
During the course of the investigation, the Commissioner found no evidence to support the company's contention that the letter contained such information. The only references to third parties were to the complainant's physician, to whom the letter was addressed, the employee who wrote the letter, an unnamed manager, and the company's doctor. The Commissioner noted that the information about the physician is the complainant's information since he is identified as the complainant's personal physician. The reference to the manager is also the complainant's personal information because the manager was making an allegation about the complainant. The author of the letter had already informed the complainant that she had written the letter at issue and so it was difficult to accept the argument that this information should be withheld. Finally, the Commissioner determined that the reference to the company's doctor only included his name and business address which is not considered to be personal information under section 2 of the Act.
The Commissioner also had to determine if the company properly invoked section 9(3)(c). That is, could the information contained in the letter be reasonably expected to threaten the life or security of another individual? Upon review, the Commissioner was satisfied that the letter did not include words, statements or phrases that if released to the complainant, could reasonably be expected to threaten the life or security of another individual. The Commissioner determined that the company had also not properly invoked section 9(3)(c).
The Commissioner found, therefore, that by withholding the individual's personal information, the company was in contravention of Principle 4.9.
The Commissioner concluded that the complaint was well-founded.
The Commissioner recommended that the company release the letter to the complainant. He also reminded the company that, in future, it should take appropriate steps to meet its obligations under Section 8(7) of the Act, which states that an organization refusing a request for access to personal information must inform the individual in writing of the refusal, setting out the reasons and any recourse the individual may have under the Act.
Report a problem or mistake on this page
- Date modified: