Tuesday, December 21, 2010

Federal Court awards PIPEDA damages due to inaccurate credit report

In what appears to be a break from the recent cases that have declined to award damages to applicants under PIPEDA, the Federal Court in Nammo v. Transunion of Canada Inc., 2010 FC 1284 has just recently awarded damages to an individual whose loan application was declined due to inaccurate information provided by a credit bureau.

The court awarded $5000 in damages after considering the principles to be applied by the court in awarding damages under the statute. It is really worth noting how cases such as Randall v Nubody's is distinguished.

[71] As indicated, PIPEDA provides the Court broad remedial powers and, in my view, s. 16 of PIPEDA permits the Court, in an appropriate case, to award damages even when no actual financial loss has been proven. In Randall v Nubodys Fitness Centres, 2010 FC 681, Justice Mosley found that an award of damages under s. 16 is not to be made lightly and that such an award should only be made “in the most egregious situations.” This is such a situation. In Randall, which involved the disclosure of how often the applicant used his gym membership to his former employer, Justice Mosley determined that the impugned disclosure of personal information was “minimal,” that there had been no injury to the applicant sufficient to justify an award of damages, that the respondent did not benefit commercially from the breach of PIPEDA, that the respondent did not act in bad faith, and, perhaps most importantly, that there was no link between the disclosure and the employer’s alleged retaliation against the applicant. The same cannot be said here. Not only was the disclosure of inaccurate information directly linked to the refusal of the loan and the associated injury to the applicant, but the respondent also profited from the disclosure and acted in bad faith in failing to take responsibility for its error and failing to rectify the problem in a timely manner. The violation of Mr. Nammo’s rights under PIPEDA was not “the result of an unfortunate misunderstanding,” as was the case in Randall. It was a serious breach involving financial information of high personal and professional importance. The fact that there is no precedent for an award of damages under PIPEDA should not impact the Court from making an award of damages where the circumstances and justice demands it. In my view, for the reasons that follow, this is such a case.

...

[74] The Supreme Court found that “to be ‘appropriate and just’, an award of damages must represent a meaningful response to the seriousness of the breach and the objectives of compensation, upholding Charter values, and deterring future breaches.” In my view, the same reasoning applies to a breach of PIPEDA, which is quasi-constitutional legislation.

[75] In Lavigne v Canada (Office of the Commissioner of Official Languages), 2002 SCC 53, the Supreme Court held that the Privacy Act, R.S.C.1985, c. P-21, was quasi-constitutional legislation that must be interpreted with its special purposes in mind. In Eastmond v Canadian Pacific Railway, 2004 FC 852, at para. 100, Justice Lemieux confirmed that PIPEDA also enjoys quasi-constitutional status:

I have no hesitation in classifying PIPEDA as a fundamental law of Canada just as the Supreme Court of Canada ruled the federal Privacy Act enjoyed quasi-constitutional status (see Justice Gonthier's reasons for judgment in Lavigne v. Canada (Office of the Commissioner of Official Languages, [2002] 2 S.C.R. 773 at paragraphs 24 and 25).

[76] Applying the Supreme Court’s reasoning in Ward to PIPEDA applications before this Court indicates that both the question of whether damages should be awarded and the question of the quantum of damages should be answered with regard to whether awarding damages would further the general objects of PIPEDA and uphold the values it embodies. Furthermore, deterring future breaches and the seriousness or egregiousness of the breach would be factors to consider.

[77] One of the central objects of PIPEDA is to encourage those who collect, use and disclose personal information to do so with a degree of accuracy appropriate to the use to which the information is to be put and to correct errors quickly and effectively. I have found that TransUnion failed to collect accurate information on the applicant. Further, when apprised of its error, it failed to address the complaint quickly and effectively. It further failed to quickly and effectively correct the inaccurate information it had disseminated. Lastly, it failed to take responsibility for its error, first blaming CBV, and then in this action attempting to attribute some blame to the applicant. In my judgment, these are circumstances that warrant an award of damages based on the considerations of vindication and deterrence.

Check out the following commentary:

No comments: