Full text of the Law Society of the Northwest Territories Model Code of Professional Conduct is available here.
This is the interesting bit:
3.3-1 A lawyer at all times must hold in strict confidence all information concerning the business and affairs of a client acquired in the course of the professional relationship [ . . . ]
To clarify, the information I was given access to by the GNWT was confidential in the hands of the GNWT. That confidentiality is owed by the GNWT, but not by me.
The GNWT failed in its obligation to keep the data confidential.
The ethics committee of the Law Society of British Columbia had the opportunity to address a situation where information had been obtained through the use of a shared username and password in a decision from December of 2006.
It may be of some interest here given that there may be some analogies drawn between the situation they faced then, and the situation the GNWT find themselves in now.
A summary of the decision appears in the annotations to rule 7.2-10 Inadvertent Communications in the Code of Professional Conduct for British Columbia (the BC Code) – annotated :
I don't know why, but inadvertent does not seem like the right word to use here.
Again, inadvertent just doesn't seem to significantly capture the weight of the GNWT's failure to protect the privacy rights of it's employees.
I told the GNWT to fix a problem. Instead they diverted emails instead of actually fixing the problem.
It's my opinion that that's when the GNWT crossed over from inadvertence into negligence.
Let's make a change, let's remove the "do nothing" option. Let's make Mandatory Breach Reporting a part of the Access to Information and Protection of Privacy Act!
Your MLA can introduce the necessary changes to the Access to Information and Protection of Privacy Act that will require that breaches are reported and not covered up under threat of legal action.
This website is for educational purposes only