No common law tort of invasion of privacy in British Columbia, judge finds

This probably shouldn't be too surprising for lawyers practicing in this area, but a judge of the British Columbia Supreme Court has stated that there is no common law tort of invasion of privacy in the province. In Demcak v. Vo, 2013 BCSC 899, the plaintiffs were suing the City of Richmond (among others) related to an inspection of the property carried out under provincial law and municipal authority:

[10] The City has a statutory authorization to enter and inspect property including residences and uses of property within the City boundaries. That statutory authorization is provided for in s. 16 of the Community Charter, S.B.C. 2003, c. 26. The City may also attend pursuant to relevant enacted bylaws. The consent of the occupants is not required where valid written notice of the inspection is given. This occurred in the case at bar.

The inspectors entered the premises and took photos. The plaintiff claimed for trespass and some sort of "invasion of privacy". The plaintiff, notably, did not make any claims under the British Columbia Privacy Act, which creates a statutory right of action for invasion of privacy. The Court found that there was no common law tort of invasion of privacy and struck the claim from the plaintiff's pleadings.

[8] The issue which arises from these allegations is whether there is a tort for breach of privacy in British Columbia. No common law tort of invasion or breach of privacy exists in British Columbia: Hung v. Gardiner, 2002 BCSC 1234 (CanLII), 2002 BCSC 1234 at para. 110 aff’d 2003 BCCA 257 (CanLII), 2003 BCCA 257 and Bracken v. Vancouver Police Board, 2006 BCSC 189 (CanLII), 2006 BCSC 189 at para. 28. The plaintiffs are not represented by counsel, and notwithstanding they appear to have received legal advice, the claim as filed is ill founded.

[9] A breach of privacy is actionable under statue in British Columbia pursuant to the Privacy Act, R.S.B.C. 1996, c. 373 (“Privacy Act”). The plaintiffs made no pleadings regarding the Privacy Act. The pertinent sections to the case at bar are:

Violation of privacy actionable

1 (1) It is a tort, actionable without proof of damage, for a person, wilfully and without a claim of right, to violate the privacy of another.

(2) The nature and degree of privacy to which a person is entitled in a situation or in relation to a matter is that which is reasonable in the circumstances, giving due regard to the lawful interests of others.

(3) In determining whether the act or conduct of a person is a violation of another's privacy, regard must be given to the nature, incidence and occasion of the act or conduct and to any domestic or other relationship between the parties.

(4) Without limiting subsections (1) to (3), privacy may be violated by eavesdropping or surveillance, whether or not accomplished by trespass.

Exceptions

2 (1) In this section:

"court" includes a person authorized by law to administer an oath for taking evidence when acting for the purpose for which the person is authorized to take evidence;

"crime" includes an offence against a law of British Columbia.

(2) An act or conduct is not a violation of privacy if any of the following applies:

(a) it is consented to by some person entitled to consent;

(b) the act or conduct was incidental to the exercise of a lawful right of defence of person or property;

(c) the act or conduct was authorized or required under a law in force in British Columbia, by a court or by any process of a court;

(d) the act or conduct was that of

(i) a peace officer acting in the course of his or her duty to prevent, discover or investigate crime or to discover or apprehend the perpetrators of a crime, or

(ii) a public officer engaged in an investigation in the course of his or her duty under a law in force in British Columbia,

and was neither disproportionate to the gravity of the crime or matter subject to investigation nor committed in the course of a trespass.

...

[10] The City has a statutory authorization to enter and inspect property including residences and uses of property within the City boundaries. That statutory authorization is provided for in s. 16 of the Community Charter, S.B.C. 2003, c. 26. The City may also attend pursuant to relevant enacted bylaws. The consent of the occupants is not required where valid written notice of the inspection is given. This occurred in the case at bar.

[11] The owner of a rented residential property or landlord has the right to inspect that property as provided in s. 29(1) of the Residential Tenancy Act, S.B.C. 2002, c. 78. Again, clear written notice of the inspection was given to the plaintiffs more than 24 hours before the inspection according to the filed documents.

[12] On the facts of the case now before me, the inspections of the property, including the residences or vehicles thereon, were authorized by law. These inspections are outside the scope of the tort created by s. 1 of the Privacy Act. As there is no common law tort of privacy in BC, the claims contained in para. 13 of the present notice of civil claim are without legal foundation and cannot hope to succeed. The claims in that paragraph are dismissed.

It is worth noting that the Court didn't go into any detailed analysis of the issue, but it is clear to me that what was complained-of did not fit within the tort set out in the Privacy Act, nor would it be actionable as an intrusion upon seclusion under the Jones v Tsige tort.

Federal/provincial report on cyberbullying and non-consensual distribution of intimate images released

The Federal-Provincial-Territorial task force on Cyberbullying and the Non-Consensual Distribution of Intimate Images has today released its report.

There have been some fears that this would be an opportunity to revive "lawful access" and some of the issues are touched upon in recommendation 4:

Recommendation 4

The Working Group recommends that the investigative powers contained in the Criminal Code be modernized. Specifically, the Working Group recommends that an approach consistent with recent proposed amendments on this subject to better facilitate the investigation of criminal activity, including activity that is conducted via telecommunication be introduced and implemented as part of any legislative package responding to cyberbullying. These amendments should include, among others:

• Data preservation demands and orders;
• New production orders to trace a specified communication;
• New warrants and production orders for transmission data;
• Improving judicial oversight while enhancing efficiencies in relation to authorizations, warrants and orders;
• Other amendments to existing offences and investigative powers that will assist in the investigation of cyberbullying and other crimes that implicate electronic evidence.

The report also calls for the creation of a new criminal offence related to the non-consensual distribution of intimate images and the discussion on the topic is refreshingly nuanced.

The report itself is here and here's the release:

Canada News Centre - Minister MacKay Welcomes Joint Federal–Provincial–Territorial Report on Cyberbullying and the Non-Consensual Distribution of Intimate Images

OTTAWA, July 19, 2013 – The Honourable Peter MacKay, P.C., Q.C., M.P. for Central Nova, Minister of Justice and Attorney General of Canada, issued the following statement today:

“Following the tragic suicide of Rehtaeh Parsons in April, the federal, provincial and territorial governments agreed unanimously to expedite a review of our laws surrounding cyberbullying.

“Today I am pleased to announce that I have received the report by federal, provincial and territorial officials on cyberbullying and the non-consensual distribution of intimate images.

“The report recommends creating a new law against non-consensual distribution of intimate images and enhancing current criminal law responses to bullying, including cyberbullying.

“In addition, the report recommends modernizing – subject to appropriate judicial oversight – investigative powers in the Criminal Code to facilitate the investigation of criminal activity involving electronic communications.

“The report also recommends that all levels of government continue to build on initiatives to address the issue of cyberbullying in a comprehensive manner, including prevention, education, and awareness-raising activities.

“For my part, I will consider the report and its recommendations, which will help guide the way forward to ensuring our children are safe from online exploitation.

“The Government of Canada has taken significant steps toward cracking down on violent crimes, preventing victimization, and addressing the harmful behaviours associated with bullying and cyberbullying.

“For example, under the National Crime Prevention Strategy, in the fall of 2012, the Government of Canada committed up to $10 million toward new crime prevention projects, including the prevention of school-based bullying, focused on children and youth.

“GetCyberSafe, the Government of Canada’s public awareness campaign on online safety, has information about cyberbullying that includes how to talk to youth about it and how to respond to this type of incident.

“And NeedHelpNow.ca is a new resource designed to help youth who have made the mistake of sending sexual images of themselves to peers, which can lead to cyberbullying. The site offers youth tips on removing content, strategies for addressing peers and moving forward, as well as information on possible related Criminal Code violations.

“I sincerely thank federal, provincial and territorial officials for having collaborated on this vital report. I look forward to working together with the provinces and territories as we make improvements to our justice system to prevent such tragic circumstances from happening again.”

An online version of the report can be found at http://www.justice.gc.ca/eng/rp-pr/other-autre/cndii-cdncii/index.html

Settlement of Sony Playstation hack class action in Canada reinforces privacy damages will be limited where no actual harm shown

Dan Michaluk just posted about the newly-approved settlement of the Canadian class action stemming from the Sony playstation hack (Settlement approved in Canadian cyber attack suit | All About Information). The case itself is here: Maksimovic v. Sony of Canada Ltd., 2013 CanLII 41305.

The important principle to take away from this case is that class actions, damage awards and even legal fees do not amount to much in Canada if you can't prove actual harm:

[13] There were extensive negotiations in Canada, and the parties did negotiate a Settlement Agreement. The major terms of the settlement are as follows:

• Class Members who had a credit balance in their PSN or SOE account at the time of the Intrusions but have not used any of their accounts shall receive cash payments for credit balances.
• The Sony Entities will make available online game and service benefits to class members geared principally to the type of account (PSN, Qriocity, and/or SOE) held by the class member at the time of the Intrusions.
• The settlement benefits are available through a simple process. To become entitled to benefits, Class Members need only to complete a claim form.
• The Sony Entities will reimburse any Class Members who can demonstrate that they suffered Actual Identity Theft, as defined in the Settlement Agreement.
• Class Members that prove Identity Theft can submit claims for reimbursement of out-of-pocket payments (not otherwise reimbursed) for expenses that are incurred as a direct result of the Actual Identity Theft, up to a maximum of $2,500.00 per claim.
• The Sony Entities are to pay for the costs associated with providing notice of the Settlement Agreement and the settlement approval hearing, all administration costs, as well as an agreed amount for plaintiffs’ lawyers’ fees and expenses.

[14] Class Counsel requests approval of a fee of $265,000 inclusive of fees, disbursements, and applicable taxes. This claim is less than the value of the docketed time for the matter, which exceeds $300,000.

Canadian secret national security court calls on amicus curiae to address vexing issues

Most Canadians are surprised to discover that we have a secret court, just like the US Foreign Intelligence Surveillance Court, that meets in a bunker in Ottawa, issuing secret warrants to do a range of cloak and dagger activities including wiretapping and installing bugs. But we do. (They are judges designated under the Canadian Security Intelligence Service Act by the Chief Justice of the Federal Court of Canada.)

Most Canadians are also surprised to learn that we have the canuck equivalent of the National Security Agency (the CSEC) and our own Canada Patriot Act in the Anti-Terrorism Act.

But one thing that distinguishes Canada from the US in an important way is that designated judges under the CSIS Act have, from time to time, retained "friends of the court" to argue positions in opposition to government requests. It hasn't happened often, but is something that our friends to the south may want to consider as controversy about PRISM and a secret body of evolving caselaw is being established.

Unopposed applications resulting in secret decisions with significant civil rights and constitutional implications easily leads to the presumption that the system is rigged and intelligence agencies get a free ride. While transparency would call for published decisions and open court, independent lawyers arguing the other side is a step in the right direction.

I've managed to find three published decisions from Canada where amici where used, and perhaps there are more that are unpublished.

For example, in Re Canadian Security Intelligence Service Act, 2008 FC 300, an amicus assisted the court in considering whether a jurisdictional issue raised in a warrant application could be heard in public, in open court. (The answer was no, but the decision was published.) In connection with the same matter, in Re Canadian Security Intelligence Service Act, 2008 FC 301, an amicus curiae was appointed to consider whether the court can authorize CSIS to carry out clandestine activities outside of Canada. (The answer was no.)

More recently, in Reference re sections 16 and 21 of the Canadian Security Intelligence Service Act, 2012 FC 1437 (CA), the Court called upon a amicus curiae to help with the question of whether "section 16 of the Canadian Security Intelligence Services Act prohibits the naming of [a Canadian citizen, permanent resident or corporation] in a warrant as [a natural or corporate person] whose communications are proposed to be intercepted, when the warrant is issued in relation to a request for assistance in the collection of information or intelligence from the Minister of National Defence or the Minister of Foreign Affairs relating to the capabilities, intentions or activities of [a foreign state or group of foreign states, corporation or person]." Importantly, the Court agreed with the amicus and denied CSIS the warrant.

Supreme Court of Canada to consider cell phone privacy and police searches incident to arrest

The Supreme Court of Canada yesterday granted leave to appeal in the case of R. v. Fearon. The Court is limiting its review of the Ontario Court of Appeal decision to privacy issues related to police searches of phones incident to arrest. In this case, it was an LG feature phone, not a smartphone but I expect that the Court will establish general principles that will cover all mobile electronics.

I previously blogged about the case here: Password protect your phone if you care about your privacy: What R v Fearon means

Here is also a handy summary from the SCC:

35298 Kevin Fearon v. Her Majesty the Queen (Ont.) (Criminal) (By Leave)

Charter of Rights and Freedoms – Criminal law – Search and seizure – Right to counsel – Right to silence – Evidence – Whether search of cell phone during arrest requires search warrant or is within a police officer’s authority to search incident to arrest – Whether contents of applicant’s cell phone should have been excluded from evidence – Whether statement to police was voluntary – Whether applicant waived his right to counsel.

The applicant was arrested for armed robbery. During a search incident to the arrest, a police officer found the applicant’s cell phone. It was not locked nor password protected. The officer examined the contents of the phone and found photographs of a gun and cash, as well as an incriminating text message. The officer seized the cell phone. The cell phone was searched several more times at the police station that day and the next day but no more evidence was extracted. Months later, a search warrant was obtained to search the phone again. The applicant was advised of his rights upon arrest and, en route to the police station, he stated that he wanted to call a lawyer. At the police station, the arresting officers advised the booking officer that the applicant had asked to talk to a lawyer. The applicant was left in an interview room for five hours without opportunity to contact counsel. When he was interviewed, he was again advised of his right to counsel. He made incriminating statements.

Here's some CBC coverage of the case, as well: Top court to hear case involving cellphones, privacy rights - Politics - CBC News.

Canadian federal government needs to get its own privacy house in order

No big surprise, but the Federal Privacy Commissioner, Jennifer Stoddart, has found that the federal government is seriously lacking as far as dealing with data breaches are concerned. Incomplete data produced by the government shows more than 3,000 breaches over ten years, affecting three quarters of a million Canadians. (And I'm sure this is just the tip of the iceberg.)

From the Canadian Press:

Poor data-breach tracking, reporting concerns federal privacy commissioner - Yahoo! News Canada

OTTAWA - Canada's privacy czar has singled out several federal departments for their lacklustre approach to data breaches, citing a need for better reporting, security and tracking protocols.

Privacy commissioner Jennifer Stoddart's office has compiled a preliminary list of agencies with potentially worrisome patterns when it comes to the loss of Canadians' personal information.

The analysis is based on departmental figures tabled in Parliament in April in response to a question from New Democrat MP Charlie Angus. The response indicated there were more than 3,000 data breaches over a 10-year period affecting about 725,000 Canadians.

Upon crunching the numbers, the privacy commissioner identified nine departments and agencies that may lack adequate reporting mechanisms, have faulty security procedures or require improved tracking protocols.

Stoddart's staff cautions that the figures paint a statistical picture but do not shed full light on the kind of data involved in the breaches.

Still, the office says two departments — Fisheries and Oceans and Public Safety — "may lack adequate reporting mechanisms" for alerting the privacy commissioner of a data loss.

Fisheries reported three breaches affecting 73 people between 2002 and 2012. However, for the same period there were actually 12 lapses affecting 4,690 individuals.

None of the 28 breaches that occurred at Public Safety after 2009 was reported, says the privacy commissioner.

"A cursory comparison between institutions indicates that they do not seem to have a consistent method for reporting breaches," say notes prepared by Stoddart's office. "Some systematically report breaches, others almost never."

Institutions that "may have systematic issues in safeguard and security protocols" are Citizenship and Immigration, Passport Canada, the Correctional Service, the RCMP, the Parole Board and Veterans Affairs.

Citizenship and Immigration had 161 breaches in 2012 alone, while the passport office had 131 incidents in 2011-12, said the commissioner.

Finally, the Canada Revenue Agency was not able to present any data, suggesting a "deficiency in tracking and auditing."

The difficulty with federal data breaches is not new, Stoddart said in an interview. "We know it's a systemic problem. We've seen it for years," she said. "So I think a positive action on the part of the government to strengthen education about it, prevention, followup and so on, would be the way to go."

The commissioner's office points out that while the federal Treasury Board has published guidelines for privacy breaches, they simply recommend — not require — that institutions notify the commissioner of certain kinds of breaches.

They include ones that involve sensitive personal data such as financial or medical information, can result in identity theft, or might otherwise harm or embarrass a person, damaging their career, reputation or well-being.

"Conversely, this means that there are a number of breaches that are not deemed to be serious enough to warrant notification to our office," say the notes. "We can presume that this may partially explain the vast number of unreported breaches."

During a recent meeting, Stoddart urged Treasury Board President Tony Clement to amend the privacy law to make reporting of federal data losses mandatory.

"It was a very positive meeting," Stoddart said. "Minister Clement seemed very concerned about the question of data and very interested in ways of strengthening data breach awareness, I'd say, and proactive work to minimize data breaches."

However, she said Clement "made no commitments" about enshrining mandatory reporting. Andrea Mandel-Campbell, a spokeswoman for Clement, said Monday that the minister is taking Stoddart's comments "under consideration."

Angus says a "complete overhaul" of reporting procedures is needed. "Every breach must be reported to the privacy commissioner," he said Monday.

Government must also ensure Stoddart's office has the resources to investigate lapses and powers to effectively police both federal agencies and private companies that lose data, he said.

"She has to have the tools that she needs to protect privacy."

After Human Resources and Skills Development lost the personal information of more than half a million people who took out student loans, Angus's NDP colleague, digital issues critic Charmaine Borg, tabled a motion in February requesting a House of Commons committee study mandatory breach notification. It was defeated.

Canadian Treasury Board sets new privacy breach notification policy, but only for itself

This is interesting: The organization in the Canadian federal government -- the Treasury Board -- which sets the IT and privacy policies for the entire government is implementing a privacy breach notification policy only for itself. Treasury Board will soon have to report any privacy breaches to the Privacy Commissioner, but other departments will still be able to set their own policies, according to the Ottawa Citizen: Under new policy Treasury Board will be required to report every data breach to privacy commissioner.

It's a start, but still a bit of a head scratcher.

Don't forget that Canada is in the national security / surveillance business as well

For those Canadians whose eyes have been focused south of the border over the past few days, following the revelation of the Verizon court order and speculation about the PRISM program, it's worth remembering that Canada is in the national security / surveillance business as well.

Canada has a "Canada Patriot Act" in the form of the Anti-Terrorism Act, which amended the CSIS Act and the National Defence Act (read Part V.1). Canada has an equivalent of the American Foreign Intelligence Surveillance Court, established under the CSIS Act. In addition, Canada's Communications Security Establishment is part of the Five Eyes signals intelligence community.

This article from today's Globe & Mail is worth a read, as it lays out Canada's own "metadata collection": Data-collection program got green light from MacKay in 2011 - The Globe and Mail.

Michael Geist has a great overview of this topic in his recent post "Why Canadians should be demanding answers about secret surveillance programs".

BC Court finds that former employer is primarily responsible for patient records, not the departing therapist

In an interesting case from British Columbia (Synergy Counselling v. Dunvegan Enterprises, 2013 BCPC 101 (CanLII)) involving a dispute between a therapist and her employer, the Provincial Court had an opportunity to consider who has primary responsibility under the Personal Information Protection Act for patient files.

The therapist was an employee of the company and asserted she had primary responsibility for the patient files due to the patient-therapist relationship. The Court took a different view, which generally affirms the prevailing view that when a person is employed to provide healthcare services to others, the employer is the primary custodian of the resulting records:

[104] The Defendant expressed the view that the Claimant took the files for an improper purpose and that it was part of the Claimant’s attempt to “steal” a counselling practice from the Defendant.

[105] Both parties asserted a primary responsibility for the protection of personal information contained in the files under the provisions of the Personal Information Protection Act, [SBC 2003] Ch. 63. Both parties referred to provisions in the Act.

[106] The purpose of the Act is found in s. 2:

2 The purpose of this Act is to govern the collection, use and disclosure of personal information by organizations in a manner that recognizes both the right of individuals to protect their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances.

[107] Sections 4 and 34 provide as follows:

4 (1) In meeting its responsibilities under this Act, an organization must consider what a reasonable person would consider appropriate in the circumstances.

(2) An organization is responsible for personal information under its control, including personal information that is not in the custody of the organization. ….

34 An organization must protect personal information in its custody or under its control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.

[108] The Act requires that organizations exercise reasonable care in fulfilling their obligations with respect to the protection of personal information under their control. The Act, however, does not assist in determining who, in these circumstances, should exercise that control.

[109] In McInerney v. MacDonald 1992 CanLII 57 (SCC), [1992] 2 S.C.R. 138 the Supreme Court of Canada affirmed the common law position that although a medical file itself may be owned by a physician, the patient has a continuing equitable interest in the medical information contained within it. A patient, as a general rule, is entitled to access the medical information in her records and to inspect and copy that information. This broad principle will have application to other clinical records, such as the counselling records concerned here.

[110] It seems clear that clients who attended the KCT offices to obtain counselling services, signed KCT file opening documents, paid accounts rendered to them by KCT and received KCT receipts, no doubt understood themselves to be clients of KCT rather than of the particular counsellor they saw. These clients would reasonably have expected that their files would remain within the KCT offices or otherwise under KCT control unless other arrangements had been agreed.

[111] I’m satisfied that these client files properly belonged to KCT and not to the individual therapist, notwithstanding the therapist’s obligation to hold information in confidence. That personal undertaking did not by itself confer ownership or a right to permanent possession of the file by the therapist concerned.

[112] As for the requirements of the Personal Information Protection Act, there is no suggestion that the Defendant was not meeting its obligations under the Act. On the assumption that the Claimant and Ms. Schell also had obligations under the Act, those obligations would have been reasonably discharged by leaving the KCT files in the custody and control of their owner, the Defendant.

[113] In the absence of any agreement between the parties or their clients regarding file storage, there will be an order that all files removed from KCT offices by the Claimant shall be returned to KCT, provided that the Claimant may retain the files of those KCT clients who have since become clients of Synergy or who have otherwise requested in writing that Synergy maintain their records.

Privacy Commissioner of Canada tables annual report on private sector privacy law

The Privacy Commissioner of Canada has today tabled her annual report to Parliament on the private sector privacy law that she oversees. The report can be found here: Annual Report to Parliament 2012 - Report on the Personal Information Protection and Electronic Documents Act.

Here's her media release:

Privacy Commissioner stresses significance of online reputation and business accountability in digital age

Annual report tells tales of rental laptops that spied on users, the response to a teen smeared by a social network imposter and a dating site that left sensitive health data vulnerable.

OTTAWA, June 6, 2013 – Privacy Commissioner Jennifer Stoddart today released the Office of the Privacy Commissioner’s (OPC) annual report on the Personal Information Protection and Electronic Documents Act (PIPEDA) for 2012, which details investigations affecting individual online reputation and the growing importance of organizational accountability. This is the Commissioner’s last PIPEDA annual report before the end of her mandate and it underlines the need for changes to the law to bring it up to speed with today’s rapidly changing, digitally driven times.

“As in previous years, our annual report outlines some significant achievements as investigations led to improved privacy practices among businesses,” said Commissioner Stoddart.

“Such changes, however, often came only after long investigative and follow-up processes, and therefore at significant costs. Canadians would be better served by a law that motivates organizations to put privacy considerations up front, rather than the current situation where we’re left to trigger a mop-up after privacy is violated.”

Leering laptops

The report details the outcome of a Commissioner-initiated complaint against a Canadian franchisee of rent-to-own company Aaron’s Inc. “Detective Mode” software was installed onto its rented laptops, enabling the collection of data, including key strokes, screen shots and web cam photos without user knowledge.

While installing the software was intended to recover lost or stolen laptops, the OPC found that the extreme measure wasn’t justified, given the egregious and disproportionate loss of privacy for its clients. The franchisee agreed to delete what the software collected, and the company committed to never again using this type of tool.

Facebook fakery

This year’s report also includes the story of a teen whose reputation was imperiled by a fake Facebook account being set up in her name. She was not a Facebook member, but many of her real life friends were. They “friended” the impostor account and then received a barrage of inappropriate comments.

The teen’s mother complained to the OPC and demanded Facebook delete the account. Upon determining the account was indeed a fake, the company promptly deleted it. The teen’s reputation though remained at risk as those who had been “friended” by the account were not notified of it being a fake. As a result following negotiations with the OPC, Facebook agreed to implement a new process moving forward to help non-users notify individuals “friended” by imposter accounts.

Information on singles with STDs unprotected

The report also details our investigation into complaints by members of a dating web site for people with sexually transmitted diseases called PositiveSingles.com. They alleged that, unbeknownst to them, their profiles, including personal information detailing their individual health status, were stored in a database accessible by a wider network of affiliated sites. The investigation concluded that PositiveSingles and its parent company, SuccessfulMatch, failed to openly and clearly explain to prospective members how and to whom their personal information would be visible and disclosed. SuccessfulMatch then made changes to the web site to make its information handling practices more transparent, including informing prospective members of the broad visibility of profiles at the point of registration.

Overall, 2012 saw 220 complaints accepted by the OPC, down from 281 the previous year. The OPC also completed 145 formal investigations in 2012, marking a 21-percent increase from the year before, while also realising a 12-percent reduction in the time it took to resolve formal investigations.