What is sensitive information?
Paul Ohm, Associate Professor and Associate Dean for Academic Affairs at the University of Colorado Law School, recently published an interesting article on “Sensitive Information”. He explains how every data protection law provides special protection for certain categories of “sensitive information,” such as health, sex, or financial information and how the concept of sensitive information is undertheorized. His article offers an extended examination of which type of categories deserve special protection. He concludes that sensitive information is connected to privacy harms affecting individuals.
This topic (of which type of information should be considered as “personal information” and which type is or should be considered as “sensitive” information) is a fascinating topic as well as an important one. I recently wrote a PhD thesis on the notion of “personal information” (published as a book, “Understanding Personal Information: Managing Privacy Risks“) in 2013. I also recently published an article on this topic, available on SSRN entitled “If Personal Information is Privacy’s Gatekeeper, then Risk of Harm is the Key: A Proposed Method for Determining What Counts as Personal Information” in which I am proposing a risk-based model for personal information (PII in the U.S.). I am articulating the view in these publications that in order to determine if certain information is sensitive, we need to assess the information in light of three criteria: its “identifiability”, its “availability” and its “intimate nature”.
What is information of “intimate” nature?
Under PIPEDA, sensitivity is often contextual and PIPEDA is flexible on this issue of sensitivity, when it states: “Although some information (…) is almost always considered to be sensitive, any information can be sensitive, depending on the context.”
In Europe, Directive 95/46/EC acknowledges under article 8 that certain categories of personal information (more specifically the ones “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life”) are more privacy sensitive.
Sensitive categories of information usually include the type of information which is of “intimate” nature, and therefore, which may potentially invoke emotions such as embarrassment or humiliation upon being disclosed. In the recent case of Jones v. Tsige, the Court of Appeal for Ontario illustrates that in the case of an invasion of privacy, the fact that the information disclosed is of “intimate” nature is crucial:
These elements make it clear that recognizing this cause of action will not open the floodgates. A claim for intrusion upon seclusion will arise only for deliberate and significant invasions of personal privacy. Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientations, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.
In the recent decision Stevens v. SNF Maritime Metal Inc., the Federal Court of Canada took the position that the individual had not put into evidence the fact that his personal information disclosed in breach of PIPEDA triggered any embarrassment or other type of harm, since the information at stake was not “deeply personal” or “intimate”.
In Canada, PIPEDA which suggests that any information can be sensitive depending on the context, provides the following example (s. 4.3.4):
For example, the names and addresses of subscribers to a newsmagazine would generally not be considered sensitive information. However, the names and addresses of subscribers to some special-interest magazines might be considered sensitive.
It is interesting to note that when referring to the “special-interest” magazine, PIPEDA is in fact referring to information of an “intimate” nature or information which would reveal details of the lifestyle and personal choices of the individual.
In my book Understanding Personal Information: Managing Privacy Risks, I explain how the following types of information should be considered as categories of information which are usually inherently intimate by nature (1.), or which are sensitive in that it tends to reveal intimate details of the lifestyle and personal choices of the individual (2.).
1. Information Inherently Intimate
- Medical and Health
In Canada, private life usually includes things relating to medical and health conditions. PIPEDA states that some information “such as medical records” are almost always considered to be sensitive, and specific health data protection laws have also been adopted in certain Canadian jurisdictions.
The OPC has articulated the view in its Guidelines on Privacy and Online Behavioral Advertising, June 2012, that since medical or health information is sensitive, it should not be used in online behavioral advertising. The CAI (Quebec privacy commissioner) has also issued a decision Deschênes c. Groupe Jean Coutu, PV 98 08 42 (C.A.I.), stating that a pharmacist breached the privacy of individuals when the fact that his clients were “diabetics” was used for direct marketing purposes. In Quebec, case law further confirms that private life includes things relating to the anatomy of an individual. In Europe, the processing of data concerning health is prohibited in line with s. 8 of the Directive 95/46/EC on this matter.
- Family Life and One’s Home
Private life generally includes things relating to private, family life and one’s home which are considered as information of “intimate” nature. Examples of information concerning a person’s intimate private life include information about his or her behavior or conduct at home.
- Love, Sex and Sexual Orientation
Examples of information concerning a person’s intimate private life include information about his sexual life or sexual activities and private life includes things relating to love, sex, and intimate life. In Europe, the processing of data concerning sex life is prohibited, consistent with s. 8 of Directive 95/46/EC.
- Religious, Political and Philosophical Opinions
Private life usually includes matters relating to an individual’s religious beliefs, political and philosophical opinions. In Europe, the processing of special categories of data revealing political opinions, religious or philosophical beliefs are prohibited, in line with Directive 95/46/EC on this issue (s. 8).
- Race and Ethnicity
Information about an individual’s race or ethnicity may be considered as sensitive. In Europe, the processing of special categories of data revealing “racial or ethnic origin” is prohibited, in line with s. 8 of Directive 95/46/EC.
- Financial Information
Sensitive information usually includes financial records and other financial information associated with a financial account, including balances and other financial information. PIPEDA states (at s. 4.3.4) that some information, such as “income records”, is almost always considered being sensitive. In Quebec, a bank was held liable (damages were granted) for having disclosed a women’s bank account information to her soon-to-be-ex-husband in Demers v. Banque Nationale du Canada, B.E. 97BE-330 (C.Q.).
- Private Communications
People’s private communications are usually considered as private or of sensitive nature. For instance, the Criminal Code of Canada under articles 183 and 184 prohibits the interception of private communications, given the sensitivity and private nature of this type of information. In Quebec, the Civil Code, art 36 (2), states that intentionally intercepting or using “someone’s private communications” is considered as an invasion of privacy.
- Location Information
The physical or geographic location of an individual is usually considered as sensitive information. For instance, it may be exploited by stalkers. Furthermore, the location of an individual can disclose this individual’s personal interests or lifestyle choices. For example, if a gay pride parade is to take place at location X and time Y – if John Smith can be “placed” at location X during time Y, assumptions can be made about his sexual orientation (whether accurate or not). In Canada, location data is considered personal information by the OPC in part because of its potentially sensitive nature. In Europe, the issue of location data has been governed by a special directive since 2002.
2. Information which tends to reveal intimate details of the lifestyle and personal choices of the individual
While the usual metric in Canadian data protection laws (PIPEDA and similar provincial laws from B.C., Alberta and Quebec) to establish whether certain information is protected is the notion of an “identifiable individual”, courts (in Canada and even in the U.S.) have adopted a rather different threshold in the context of the “reasonable expectation of privacy”. In R. v. Plant, Sopinka J. of the Supreme Court of Canada establishes the framework for evaluating informational privacy claims. According to Sopinka, a reasonable expectation of privacy depends on whether the information in question reveals “a biographical core of personal information (…) [that] (…) would include information which tends to reveal intimate details of the lifestyle and personal choices of the individual” (p. 16).
Under section 8 of the Canadian Charter of Rights and Freedoms, information is therefore only worthy of constitutional protection if it forms part of a “biographical core” of intimate details or lifestyle choices.
This content has been updated on October 25, 2014 at 7 h 11 min.