T-1180-04
2005 FC 420
Brian Murdoch (Applicant)
v.
The Royal Canadian Mounted Police (Respondent)
and
The Privacy Commissioner of Canada (Intervener)
Indexed as: Murdoch v. Royal Canadian Mounted Police (F.C.)
Federal Court, Noël J.--Edmonton, March 15; Ottawa, March 29, 2005.
Privacy -- Judicial review of Privacy Commissioner's decision no penalty available to applicant under Privacy Act for respondent's unauthorized breach of privacy -- Respondent providing file relating to applicant's behaviour at scene of incident involving son to employer -- Applicant filing complaint with Privacy Commissioner -- Commissioner determining applicant's wrongful disclosure complaint well-founded, but holding no further remedy available as no penalty under Act for such violation -- Act, ss. 35(1), (2) requiring Commissioner provide report of findings, recommendations to head of appropriate government institution, complainant when complaint well-founded -- Commissioner's power limited to what legislator decided it be, i.e. power of recommendation (offering of non-binding advice) -- Federal Court's powers to grant remedies restricted to powers conferred on Commissioner -- Commissioner complying with Act, ss. 35(1), (2), not erring in refusing to provide penalty -- No further remedy available in F.C. -- Application dismissed.
Construction of Statutes -- Whether Privacy Commissioner having power to fashion remedies for unauthorized breaches of Privacy Act beyond those specified in Act -- Act making it clear Commissioner limited to power of recommendation -- Nothing in Act suggesting "recommendation" includes anything other than non-binding advice -- Courts not to add powers to statutory body's jurisdiction where provisions of Act clear, not subject to interpretation-- Privacy Act making it clear Commissioner ombudsperson capable of making recommendations, not adjudicative body capable of granting damages -- Reading in remedy of compensation contrary to legislator's intention.
This was an application for judicial review of a decision of the Office of the Privacy Commissioner of Canada advising the applicant that no penalty was available under the Privacy Act to further remedy the respondent's unauthorized breach of his privacy.
The applicant's son had been involved in an altercation with police. The applicant's behaviour at the scene of the incident was such that the respondent considered filing charges. Although no charges were laid, the respondent's file in relation to this incident was provided to the applicant's employer (the Edmonton Police Service). The applicant filed a complaint with the Privacy Commissioner, and the Commissioner determined that the applicant's complaint of wrongful disclosure was well-founded, and informed the respondent of this finding. However, as there was no penalty under the Privacy Act for such a violation, the Commissioner held that it was not able to remedy the situation further.
The issue was whether the Privacy Commissioner has the power to fashion remedies for unauthorized breaches of the Privacy Act beyond those specified in the Act, and if it does, whether the Commissioner erred in advising the applicant that no penalty could be imposed.
Held, the application should be dismissed.
Subsections 35(1) and (2) of the Privacy Act provide that when it finds that a complaint is well founded, the Privacy Commissioner is required to provide the head of the appropriate government institution as well as the complainant with a report containing its findings and recommendations (where any are made).
The jurisdiction of a statutory body (such as the Privacy Commissioner) is limited to what the legislator decided it should be. A proper reading of the Act makes it clear that the legislator wanted the Privacy Commissioner to be limited to a power of recommendation. As nothing in the Act suggests that the term "recommendation" includes anything other than what recommendations are usually considered to be, i.e. the offering of advice that is not binding, the Court should take this power (to make recommendations) no further. General principles of interpretation also suggest that a court should not add powers to the jurisdiction of a statutory body when the legislative provisions creating this body are clear and not subject to interpretation.
The Federal Court's powers to grant remedies on judicial review are largely restricted to the powers conferred on the initial deciding body (in this case, the Privacy Commissioner). Here, the Commissioner's remedial powers in relation to breaches of privacy are restricted to making findings and recommendations that are non-binding. The Privacy Act makes it clear that the legislator intended for the Privacy Commissioner to be an ombudsperson, not an adjudicative body. The process by which the Privacy Commissioner conducts its investigations is indicative of this conclusion. To read in the existence of a remedy of compensation would be going against the legislator's intention, for granting damages is more in the realm of an adjudicative body. A 1987 Report of the Standing Committee on Justice and Solicitor General, in which it is noted that no civil remedies are provided for in the Act, supports this interpretation. To date, no amendments have been made to the Act to include such remedies.
In the present case, subsections 35(1) and (2) of the Privacy Act were complied with. The Commissioner committed no error in not acting further on the applicant's complaint. Its obligations under the Privacy Act were fulfilled, and no further reward could be obtained in this Court.
statutes and regulations judicially
considered
British North America Act, 1867, 30 & 31 Vict., c. 3 (U.K.) [R.S.C. 1970, Appendix II, No. 5], s. 146.
| Federal Courts Act, R.S.C., 1985, c. F-7, ss. 1 (as am. by S.C. 2002, c. 8, s. 14), 18.1 (as enacted by S.C. 1990, c. 8, s. 5; 2002, c. 8, s. 27). |
| Federal Courts Rules, SOR/98-106, rr. 1 (as am. by SOR/2004-283, s. 2), 303(1). |
| Privacy Act, R.S.C., 1985, c. P-21, ss. 2, 7, 8 (as am. by R.S.C., 1985 (2nd Supp.), c. 20, s. 13; S.C. 1994, c. 35, s. 39; 2000, c. 7, s. 26; 2004, c. 11, s. 37), 12 (as am. by S.C. 2001, c. 27, s. 269), 29(1)(a), 33(1),(2), 34 (as am. by R.S.C., 1985 (1st Supp.), c. 27, s. 187, Sch. V, item 6), 35, 37, 41, 48, 49, 50, 74. |
cases judicially considered
applied:
R. (Canada) v. R. (P.E.I.), [1978] 1 F.C. 533; (1977), 83 D.L.R. (3d) 492; 33 A.P.R. 477; 20 N.R. 91 (C.A.).
referred to:
Boucher v. Canada (Attorney General) (2000), 252 N.R. 186 (F.C.A.); Thomson v. Canada (Deputy Minister of Agriculture), [1992] 1 S.C.R. 385; (1992), 89 D.L.R. (4th) 218; 3 Admin. L.R. (2d) 242; 133 N.R. 345.
authors cited
Canada. House of Commons. Standing Committee on Justice and Solicitor General on the Review of the Access to Information Act and the Privacy Act. Report: Open and Shut: Enhancing the Right to Know and the Right to Privacy. Ottawa: Queen's Printer, 1987.
Sullivan, Ruth. Sullivan and Driedger on the Construction of Statutes, 4th ed. Toronto: Butterworths, 2002.
APPLICATION for judicial review of a decision of the Office of the Privacy Commissioner of Canada dated May 25, 2004 that no penalty was available to the applicant under the Privacy Act to further remedy the respondent's unauthorized breach of his privacy. Application dismissed.
appearances:
G. Brent Gawne for applicant.
Barry M. Benkendorf for respondent.
Steven J. Welchner for intervener.
solicitors of record:
G. Brent Gawne, Edmonton, for applicant.
Deputy Attorney General of Canada for respondent.
Welchner Law Office, Ottawa, for intervener.
The following are the reasons for order and order rendered in English by
[1]Noël J.: This is an application for judicial review of a decision of the Office of the Privacy Commissioner of Canada (the Privacy Commissioner), dated May 25, 2004, advising Brian Murdoch (Mr. Murdoch, or the applicant) that no penalty was available under the Privacy Act, R.S.C., 1985, c. P-21 (the Privacy Act, or the Act), to further remedy a breach of privacy committed against him by the respondent, the Royal Canadian Mounted Police (the RCMP). The applicant seeks:
- An order quashing the decision of the Privacy Commissioner that no penalty existed to remedy the breach of the applicant's privacy;
- A declaration that the Privacy Commissioner has implied power to impose relief such as a penalty;
- An order remitting the matter back to the Privacy Commissioner for redetermination as to an appropriate remedy;
- His costs in the matter; and,
- Such further and other order or relief as this Court might direct.
ISSUE
[2]The issue before me is whether or not the Privacy Commissioner has the power, either explicit or implied, to fashion remedies for unauthorized breaches of the Privacy Act beyond those specified in the Act. The answer to this question will in turn help answer that of whether or not the Privacy Commissioner in this case erred in advising the applicant that no penalty could be imposed by it.
CONCLUSION
[3]For the reasons outlined below, the answer to this first question is that the Privacy Commissioner only has limited power to remedy breaches of the Privacy Act, as outlined in sections 35 and 37 of the Act. In the circumstances, therefore, the Privacy Commissioner did not err in denying the award of a penalty to the applicant.
BACKGROUND & DECISION UNDER REVIEW
[4]In September 2002, Mr. Murdoch's son was involved in an altercation with police following which Mr. Murdoch was called to give him assistance. Because of Mr. Murdoch's behaviour upon his arrival at the scene, the RCMP considered filing charges of obstruction. No charges were ever laid against any party in relation to this incident, but the RCMP detachment file concerning the incident was provided by the RCMP to Mr. Murdoch's employer (the Edmonton Police Service).
[5]In March 2003, Mr. Murdoch filed a complaint with the Privacy Commissioner that, in addition to other wrongful conduct, the RCMP breached the Privacy Act when it disclosed personal information to his employer, the Edmonton Police Service, without either his consent or a lawful reason for such disclosure.
[6]Upon concluding the investigation into the complaint, the Privacy Commissioner determined, in a decision dated May 25, 2004, that Mr. Murdoch's complaint of wrongful disclosure was well-founded. The report also indicated that the RCMP had been informed of this finding and that it was in agreement. The report then went on to state that since there was no penalty under the Privacy Act for such a violation, the Privacy Commissioner was not able to remedy the situation further:
Our review of the file the RCMP provided to your employer confirmed that it contains personal information about you as defined in section 3 of the Privacy Act. As that is the case, the information could properly be disclosed only with your consent or in accordance with one of the permissible disclosure provisions outlined in section 8(2) of the Act. In this case, it is clear that you did not provide your consent and I am satisfied that none of the provisions of section 8(2) of the Act is [sic] applicable. Under the circumstances, I am of the view that the confidentiality rights afforded you under the Privacy Act were violated by the RCMP.
I consider this disclosure of your information to constitute a serious violation of your privacy rights and my views in this regard have been made known to officials of the RCMP, who readily agree. While this finding does not mitigate the damage done, we nevertheless hope that this incident has served to remind the RCMP of its responsibilities under the Privacy Act. Unfortunately, there is no penalty under the Act for this breach of your privacy, and there is really nothing more that our Office can do to assist you further.
This completes our investigation of these matters on your behalf. Please note that the RCMP has been informed of the results. . . . [My emphasis.]
[7]Notice of this application for judicial review was filed with the Federal Court on June 18, 2004. On August 11, 2004, the Privacy Commissioner filed a motion to have the application struck out or dismissed, which was rejected by Prothonotary Tabib on September 3, 2004.
SUBMISSIONS
The Applicant
[8]The applicant submits that the Privacy Commissioner committed a reviewable error in determining it was unable to provide a remedy to the applicant for what it admitted was a breach of the applicant's rights under the Privacy Act. The applicant states that where there is a statutory right (in this case, to privacy) with no expressed sanction for a breach of such right, there is prima facie an implied right to be compensated for any breach of this right.
[9]The applicant further states that since the Privacy Commissioner is charged with investigating and making findings on complaints under the Privacy Act, the only way in which the Privacy Commissioner can fully comply with its statutory duties is by exercising its authority in a manner that gives effect to such an implied right. To do otherwise, in the view of the applicant, is to countenance a right without a remedy, which runs counter to legal precedent. Therefore, the applicant submits that a remedy such as the granting of a penalty against a party who discloses personal information without the consent of the individual concerned should be read in to section 35 of the Act.
The Respondents
[10]On March 9, 2005, a few days before the hearing, the Privacy Commissioner, who along with the RCMP had been named as a respondent to the applicant's application, filed a motion pursuant to subsection 303(1) of the Federal Courts Rules, SOR/98-106 [r. 1 (as am. by SOR/2004-283, s. 2)], with the applicant's consent, whereby it requested to be removed as respondent and added as intervener. It had already filed a memorandum of fact and law as respondent (which was limited to arguments on jurisdiction), upon which it wished to rely as intervener. This motion was granted at the beginning of the hearing, so I shall refer to the Privacy Commissioner in these reasons accordingly, and the following order also reflects this.
[11]The Privacy Commissioner submits that it is beyond doubt that, as a statutory ombudsperson, it does not have the legal authority to adjudicate complaints, or to otherwise enforce the Privacy Act by means of awarding remedial relief to complainants. In the Privacy Commissioner's opinion, allowing the applicant's application for judicial review would amount to transforming it into an adjudicative body with broad powers of enforcement, thus extending far beyond its legislatively-intended role. A clear and unambiguous reading of the Privacy Act shows that Parliament intended the Privacy Commissioner to be a body with the statutory authority to investigate complaints of alleged breaches of the Privacy Act and to report non-binding findings and recommendations (if any) to the parties involved. No further powers should be imputed.
[12]In making its finding that Mr. Murdoch's complaint was well founded, and in further communicating this finding to both Mr. Murdoch and the RCMP, the Privacy Commissioner carried out its statutory obligations under section 35 of the Privacy Act. The Privacy Commissioner claims that not only does it have no further obligations, it in fact has no further authority under the Privacy Act to make binding determinations or to award remedial relief such as that requested by the applicant.
[13]The RCMP did not file a separate memorandum of fact and law, but instead indicated its intention to rely on the submissions filed by the Privacy Commissioner.
ANALYSIS
Standard of Review
[14]The question before me is necessarily one dealing with the scope of the Privacy Commissioner's jurisdiction. Such questions of jurisdiction are normally dealt with according to the standard of review of correctness: Boucher v. Canada (Attorney General) (2000), 252 N.R. 186 (F.C.A.), at page 188. The parties were in agreement that the applicable standard of review is that of correctness.
Analysis of the Privacy Commissioner's Jurisdiction and its Final Decision
[15]I have carefully reviewed the arguments of the applicant. The following paragraphs respond to these as a whole, but it should be kept in mind that each has been carefully studied in order to come to my final analysis and conclusions.
[16]The jurisdiction of the Privacy Commissioner to hear Mr. Murdoch's complaint of improper disclosure is set out in paragraph 29(1)(a) of the Privacy Act, which states:
29. (1) Subject to this Act, the Privacy Commissioner shall receive and investigate complaints
(a) from individuals who allege that personal information about themselves held by a government institution has been used or disclosed otherwise than in accordance with section 7 or 8;
[17]Under subsections 35(1) and (2) of the Privacy Act, where the Privacy Commissioner finds, as the result of an investigation, that a complaint is well founded, it is obligated to provide the head of the appropriate government institution with a report containing its findings, as well as any appropriate recommendations. It is also required to report these findings and recommendations (where any are made) to the complainant:
35. (1) If, on investigating a complaint under this Act in respect of personal information, the Privacy Commissioner finds that the complaint is well-founded, the Commissioner shall provide the head of the government institution that has control of the personal information with a report containing
(a) the findings of the investigation and any recommendations that the Commissioner considers appropriate; and
(b) where appropriate, a request that, within a time specified therein, notice be given to the Commissioner of any action taken or proposed to be taken to implement the recommendations contained in the report or reasons why no such action has been or is proposed to be taken.
(2) The Privacy Commissioner shall, after investigating a complaint under this Act, report to the complainant the results of the investigation, but where a notice has been requested under paragraph (1)(b) no report shall be made under this subsection until the expiration of the time within which the notice is to be given to the Commissioner.
[18]Section 41 of the Privacy Act outlines the circumstances in which a decision may be referred for judicial review before the Federal Court. This is largely confined to reviews of decisions where access to personal information has been refused. Section 41 reads as follows:
41. Any individual who has been refused access to personal information requested under subsection 12(1) may, if a complaint has been made to the Privacy Commissioner in respect of the refusal, apply to the Court for a review of the matter within forty-five days after the time the results of an investigation of the complaint by the Privacy Commissioner are reported to the complainant under subsection 35(2) or within such further time as the Court may, either before or after the expiration of those forty-five days, fix or allow. [My emphasis.]
Under a strict reading of the Privacy Act, then, the Federal Court does not even seem to have the jurisdiction to review a decision such as the present one, where personal information has not been withheld, but instead disclosed without authorization. However, section 18.1 [as enacted by S.C. 1990, c. 8, s. 5; 2002, c. 8, s. 27] of the Federal Courts Act, R.S.C., 1985, c. F-7 [s. 1 (as am. idem, s. 14)], grants the Federal Court a broader jurisdiction to hear reviews of federal board, commission or many other administrative tribunal decisions. Its powers under such a judicial review, however, are not absolute:
18.1 . . .
(3) On an application for judicial review, the Federal Court may
(a) order a federal board, commission or other tribunal to do any act or thing it has unlawfully failed or refused to do or has unreasonably delayed in doing; or
(b) declare invalid or unlawful, or quash, set aside or set aside and refer back for determination in accordance with such directions as it considers to be appropriate, prohibit or restrain, a decision, order, act or proceeding of a federal board, commission or other tribunal.
(4) The Federal Court may grant relief under subsection (3) if it is satisfied that the federal board, commission or other tribunal
(a) acted without jurisdiction, acted beyond its jurisdiction or refused to exercise its jurisdiction;
(b) failed to observe a principle of natural justice, procedural fairness or other procedure that it was required by law to observe;
(c) erred in law in making a decision or an order, whether or not the error appears on the face of the record;
(d) based its decision or order on an erroneous finding of fact that it made in a perverse or capricious manner or without regard for the material before it;
(e) acted, or failed to act, by reason of fraud or perjured evidence; or
(f) acted in any other way that was contrary to law.
[19]The powers of the Federal Court to remedy a situation, then, are more or less limited to the powers conferred on the initial deciding body. As we have already seen, the Privacy Commissioner has very limited powers to remedy breaches of privacy under the Act. While it is able to investigate many different types of complaints regarding breaches of privacy and the collection, use and disclosure of personal information by government bodies under the Privacy Act, its "remedial powers", as such, are restricted to making findings and recommendations which are non-binding on the subject organization. As the respondent aptly states, the Privacy Commissioner has no authority, implicit or otherwise, to act as an adjudicator by making binding determinations on the parties to a complaint, nor does the Privacy Act allow the Privacy Commissioner to award any such remedial relief.
[20]The Privacy Commissioner has the right to ask for the disclosure of personal information under certain circumstances where a breach of access is claimed under section 12 [as am. by S.C. 2001, c. 27, s. 269] of the Privacy Act. However, as mentioned above, the only "remedy" it may accord in relation to these breaches is statutorily limited to the making of non-binding findings and recommendations. This power is found in section 35 of the Privacy Act. The only other section of the Act to grant any form of remedy for non-compliance with the Act is section 37, where the Privacy Commissioner determines a government institution is in violation of certain of its ongoing commitments regarding the collection, use and disclosure of personal information. Again, however, this is restricted to the issuance of non-binding findings and recommendations. No wider scope of remedies is available to the Privacy Commissioner.
[21]It is trite law that the jurisdiction of a statutory body (such as the Privacy Commissioner) is limited to what the legislator decided it should be. A proper reading of the Act and especially section 35 make it clear that the legislator wanted the Privacy Commissioner to be limited to a power of recommendation and no more. The term "recommendation" should be given its ordinary meaning. The Supreme Court of Canada has made it clear that where nothing in an Act suggests that the power of recommendation includes anything further than what we normally consider "recommendations" to be-- that is, the offering of advice that is not binding--then the Court should take this power no further: Thomson v. Canada (Deputy Minister of Agriculture), [1992] 1 S.C.R. 385, at pages 399-400. I believe this is the case here. Furthermore, general principles of statutory interpretation suggest that a court should not add powers to the jurisdiction of a statutory body when the legislative provisions creating this body are clear and not subject to interpretation: see R. Sullivan, Sullivan and Driedger on the Construction of Statutes (Toronto: Butterworths, 2002), at page 19 et seq. (Sullivan).
[22]Nor is the Federal Court able to award any further remedies in a case such as the one at bar. As noted above, the Federal Court's jurisdiction to review decisions of the Privacy Commissioner is found in section 41 of the Privacy Act (for those cases where access to personal information requested under section 12 has been refused) and subsection 18.1(3) of the Federal Courts Act. In addition to this, the power of the Federal Court to grant a remedy in such a situation is largely restricted to those which the Privacy Commissioner itself could order; i.e., the ordered disclosure of non-disclosed documents (see sections 48-50 of the Privacy Act and subsection 18.1(4) of the Federal Courts Act). Here, no such information has remained undisclosed, and so this remedy would not be appropriate.
[23]Relying on R. (Canada) v. R. (P.E.I.), [1978] 1 F.C. 533 (C.A.), at pages 556-557, the applicant argues that where there is a statutory right (such as privacy as per sections 7 and 8 [as am. by R.S.C., 1985 (2nd Supp.), c. 20, s. 13; S.C. 1994, c. 35, s. 39; 2000, c. 7, s. 26; 2004, c. 11, s. 37] of the Privacy Act), yet no sanction is provided for the breach of this right, there is, prima facie, an implied right to be compensated for any breach. In this case, it is true that Chief Justice Jackett, for the majority, in interpreting one of the statutory terms upon which Prince Edward Island was admitted into Confederation, section 146 of the British North America Act, 1867, 30 & 31 Vict., c. 3 (U.K.) [R.S.C. 1970, Appendix II, No. 5], came to the following conclusion [at pages 555-556]:
In my view, the result of conferring such statutory rights on the provinces in question, in the absence of any other sanction, was to confer a right on them to be compensated in respect of damages arising from breach thereof [the breach being an interruption of the ferry service between the Island and the Mainland, a service of the Government of Canada] . . .
In my view, when there is a statutory right to have something done with no express sanction for breach, there is, prima facie, an implied right to be compensated for a breach of such right; . . . .
In order to come to this conclusion, Chief Justice Jackett reviewed the statute in question and gave it the interpretation that he saw fit under the circumstances.
[24]The same approach has to be followed in the present case. A reading of the Privacy Act makes it clear that the legislator intended for the Privacy Commissioner to be an ombudsperson, not an adjudicative body. The process by which the Privacy Commissioner conducts its investigations is indicative of this conclusion: the investigation is to be conducted in private (subsection 33(1)); an opportunity to be heard is given to the parties, and no person has the right to be present, or to have access to or comment on the representations made by another person (see subsection 33(2)); the power to conduct investigations are such that they are not comparable to an adjudicative body (see section 34) [as am. by R.S.C., 1985 (1st Supp.), c. 27, s. 187, Sch. V, item 6]; and the Privacy Commissioner's tool of remedy is solely that of making findings on the complaint, as well as recommendations (see subsection 35(1)).
[25]The applicant argues that the purpose of the Privacy Act is helpful in reading the Act as including an implicit remedy of compensation. Section 2 reads as follows:
2. The purpose of this Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.
The applicant interprets "is to extend" or "a pour objet de compléter" (in the French version) as recognizing the implicit remedy of compensation given to the Privacy Commissioner when interpreting section 35 of the Act.
[26]I disagree. The purpose section of an Act is there to help in interpreting sections of an Act: see Sullivan, at page 210. It should not be used, as the applicant is attempting to do here, to justify the creation of a remedy. A reading of the Privacy Act, and specifically section 35, makes it clear that the legislator wanted the powers of remedy of the Privacy Commissioner to be limited to findings made with regard to a specific complaint and, if necessary, recommendations. To read in the existence of a remedy of compensation would be going against what has been clearly written, contrary to the end-solution prepared and specified by the legislator. Making recommendations and granting damages are two totally different functions. The act of making recommendations is one closely associated with ombudspersons, while granting damages is more in the realm of an adjudicative body's powers. The legislator clearly wanted the Privacy Commissioner to assume and perform duties belonging to an ombudsperson, not an adjudicative body. I have read the 1987 Report of the Standing Committee on Justice and Solicitor General, on the Review of the Access to Information Act and the Privacy Act, called Open and Shut: Enhancing the Right to Know and the Right to Privacy (the Report). At pages 50 and 51 of the Report, it is noted that no civil remedies are provided for in the Privacy Act and recommended that such remedies be inserted. As of today, no such amendments have been made. This is not to imply that civil remedies for breach of privacy can never exist, but that, under the Act as it is currently structured, no such remedies are available.
[27]The only possible "remedy" available from the Privacy Commissioner is that outlined in subsections 35(1) and (2); i.e., that both the head of the institution involved and the complainant be provided with a report outlining the findings of the Privacy Commissioner's investigation and any recommendations, if appropriate, as well as that (again, if appropriate) notice be given to the Privacy Commissioner of any action taken or proposed in order to implement any recommendations contained in this report or reasons why no such action has been or is proposed to be taken. In the present case, this was done: both the RCMP and Mr. Murdoch were advised that the RCMP's actions violated the Privacy Act. No recommendations were made; therefore, the RCMP did not have to respond in kind. The Privacy Commissioner committed no error in not acting further on Mr. Murdoch's complaint.
[28]Having said that, I note that the Privacy Commissioner does have the ability to comment on the situation in an annual or special report to Parliament. The Privacy Commissioner has sole discretion to decide whether such an action would be appropriate. I also note the availability of other remedies to the applicant. To this end, it is important to mention that section 74 of the Privacy Act only prohibits civil or criminal actions against a government institution for the wrongful disclosure of personal information where this disclosure is done in good faith. Therefore, if Mr. Murdoch can show bad faith on the part of the RCMP, it is possible he may have an action against them under the common law. In fact, the Court has been informed that the applicant has filed a statement of claim with the Queen's Bench of Alberta against certain members of the RCMP, including the officer who forwarded the RCMP file to his employer, the Edmonton Police Service.
CONCLUSION
[29]While it is understandable that Mr. Murdoch seeks a wider, larger remedy, ultimately in the form of a monetary penalty, there is no jurisdiction by which either the Privacy Commissioner or the Federal Court upon review may award such a remedy. Mr. Murdoch believes he has suffered "considerable embarrassment, humiliation and emotional distress" from the RCMP's unauthorized disclosure (see his notice of application). This indeed may be the case, and there may be other avenues open to Mr. Murdoch in which he may pursue further redress; in the circumstances, however, the Privacy Commissioner has fulfilled its obligations under the Privacy Act, and no further remedy may be obtained in this Court by the applicant for the breach of his privacy.
COSTS
[30]At the hearing, the subject of costs was raised, and it was both the intervener's and the respondent's position that costs were not being sought.
ORDER
This Court orders that:
- The respondent the Privacy Commissioner of Canada be removed as a party respondent;
- The Privacy Commissioner of Canada be granted leave to intervene in this application with all of the rights normally associated with party status; and,
- This application for judicial review be denied without costs.