Law Firms and PIPEDA

There’s an interesting post on IT.Can Blog / Blogue de IT.Can on the collection of information by law firms. In two cases, law firms collected credit information on people their clients were considering action against, and the people investigated complained to the Privacy Commissioner. According to PIPEDA Case Summary #340, the Assistant Commissioner decided that the complaints were well-founded and made the recommendations that “the firm[s] implement a policy that prohibits conducting credit checks without appropriate consent, unless for a permissible purpose. The firm[s] responded by refusing to accept the recommendation[s].” The report notes further that:

For both complaints the Assistant Commissioner also indicated that she would pursue the matter in accordance with the Act and referred the cases to her litigation counsel. Shortly after being contacted by the Commissioner’s counsel, both law firms agreed to implement the recommendations thus avoiding the need to follow through with an Application in the Federal Court.

No challenge to the jurisdiction of the Commissioner was successful at this level.

To a non-practising lawyer, this seems like a considerable hindrance.


  1. I’ve taken a look at the recent finding of the Assistant Commissioner and I am of the view that it is wrongly-decided because the Assistant Commissioner exceeded her jurisdiction, both under the Act and constitutionally. The law firm was merely an agent of the litigants and Parliament can’t rely on the General Trade and Commerce power to regulate private litigation in this context. I wrote a longer piece on my blog if you are interested (