I'm a lawyer, but only info acquired in the course of the professional relationship is confidential

Full text of the Law Society of the Northwest Territories Model Code of Professional Conduct is available here.


This is the interesting bit:

 

Confidential Information

3.3-1  A lawyer at all times must hold in strict confidence all information concerning the business and affairs of a client acquired in the course of the professional relationship [ . . . ]

For the time I lived and worked in the Northwest Territories I had only one client, the GNWT . . .

That Professional relationship ended March 12, 2014 . . .

So no info that I was given access to after that professional relationship ended is confidential

To clarify, the information I was given access to by the GNWT was confidential in the hands of the GNWT. That confidentiality is owed by the GNWT, but not by me.


The GNWT failed in its obligation to keep the data confidential.

these were not inadvertent communications

The ethics committee of the Law Society of British Columbia had the opportunity to address a situation where information had been obtained through the use of a shared username and password in a decision from December of 2006.


It may be of some interest here given that there may be some analogies drawn between the situation they faced then, and the situation the GNWT find themselves in now.


A summary of the decision appears in the annotations to rule 7.2-10 Inadvertent Communications in the Code of Professional Conduct for British Columbia (the BC Code) – annotated :

image2

So, yeah, this was BC, but remember, my "Oath" was Federal

I suggest that data obtained with an assigned password cannot be called an Inadvertent Communication

I don't know why, but inadvertent does not seem like the right word to use here.

I further suggest that emails addressed to my home email also cannot be said to be inadvertent

Again, inadvertent just doesn't seem to significantly capture the weight of the GNWT's failure to protect the privacy rights of it's employees.

image3

I'll put my money on negligent, 10 times out of 10

That's the word . . . "Negligent"

I told the GNWT to fix a problem.  Instead they diverted emails instead of actually fixing the problem.


It's my opinion that that's when the GNWT crossed over from inadvertence into negligence.

Despite notification, the GNWT did nothing: That looks like Negligence

Let's make a change, let's remove the "do nothing" option. Let's make Mandatory Breach Reporting a part of the Access to Information and Protection of Privacy Act!

Mandatory Breach Reporting has been a long time coming! Now is the time!!! contact your MLA!!!

Your MLA can introduce the necessary changes to the Access to Information and Protection of Privacy Act that will require that breaches are reported and  not covered up under threat of legal action.

Contact Your MLA