Boisvert Marine inc. c. Dumas, 2024 QCCS 3240
Facts
The plaintiff, Boisvert Marine Inc. (BMI), operates a wholesale business in leisure and sporting goods, specializing in the sale and repair of boats. The defendant, Dumas, is the general manager of BMI, which enabled him to purchase replacement parts and pay suppliers directly on behalf of BMI, using its funds.
BMI became aware of suspicious transactions involving Dumas. BMI alleged that Dumas diverted more than $3 million for his personal benefit in part by modifying BMI's bank statements.
BMI sought Mareva and Norwich orders from the Court, as well as an order to have a USB key verified by a forensic investigator.
Decision
The Court granted the Mareva and Norwich orders, and the verification of the USB key by a computer expert.
The Norwich order compelled third-party financial institutions to disclose documents in their possession that would allow BMI to trace the funds that Dumas had diverted. The Court determined that BMI satisfied the criteria for a Norwich order: (1) a bona fide claim against the unknown alleged wrongdoer; (2) the person from whom discovery is sought must be involved in the matter under dispute, he must be more than an innocent bystander; (3) the person from whom discovery is sought must be the only source of information available to the applicants; (4) the person from whom discovery is sought must be reasonably compensated for expenses arising out of compliance with the order, plus legal costs; and (5) the public interest in favour of disclosure must outweigh legitimate privacy concerns.
Regarding the last criterion, the right to privacy is provided for in articles 3, 35, 36 and 37 of the CCQ, and section 5 of the Charter of human rights and freedoms. The Court determined that, while a person's legitimate expectation of privacy deserves special consideration, it will not act as a bar to a Norwich order.
Key Takeaway
The right to privacy does not constitute a bar to the issuance of a Norwich order.
De Trinidad c. Chambre de la sécurité financière, 2024 QCCAI 195
Facts
The petitioner, de Trinidad, a financial security advisor and registered member of Québec's Chamber of Financial Security (CSF), was the subject of a disciplinary investigation in 2016. On May 25, 2018, he was interviewed at the CSF's offices, and the interview was recorded. The recordings were stored in the CSF's IT system, and a DVD copy was provided to him.
In 2019, de Trinidad reviewed the DVD in preparation for his disciplinary hearing and claimed that certain parts of the recording — where the investigators allegedly threatened him — were missing. He requested access to the original recordings, but the CSF informed him that the storage unit containing the original files had been damaged during a power outage in 2018, resulting in the permanent loss of the original files. De Trinidad believed these original recordings were crucial to proving that the CSF had falsified evidence and therefore submitted an access request seeking documents related to the CSF's technological infrastructure and the power outage incident.
The CSF denied the request on the basis of sections 14 and 29 of the Act respecting Access to documents held by public bodies and the Protection of personal information (Access Act). The CSF argued that the requested documents contained sensitive information about its technological infrastructure, including system configurations and vulnerabilities, and disclosing them could compromise the security of its systems.
Decision
The Commission d'accès à l'information (Commission) ruled in favor of the CSF, upholding its decision to withhold the requested documents under sections 14 and 29 of the Access Act.
The Commission agreed that the requested documents contained information that could expose the CSF's systems to potential risks, such as cyber threats or unauthorized access, and thus that the security of CSF's systems could be compromised by disclosing the information.
The Commission highlighted that the risk posed by revealing such information outweighed any investigative purpose de Trinidad had for accessing it.
Key Takeaway
Organizations may lawfully refuse to disclose information related to their technological infrastructure if such disclosure poses a security risk, even when such information is requested for investigative or legal purposes.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
