Looking to balance anonymity with accountability, Ontario Superior Court orders disclosure of whistleblower’s identity
In Taylor v. Metrolinx, the Ontario Superior Court of Justice addressed a contentious application for a Norwich order, a legal remedy often sought to compel third-party disclosure of key information. The Applicants, Brandon and Sarah Taylor and their company JAAX Inc., sought to uncover the identity of an anonymous whistleblower who had made serious allegations against them, including fraud, embezzlement, and racketeering. These allegations were reported to Metrolinx, a Crown Corporation accountable for how public funds are spent on construction projects, where Metrolinx reported such allegations to Brandon’s employer, Dufferin Construction Company, and its subsidiary, Mosaic Transit Contractors.
The Applicants argued that they needed the complainant’s identity to pursue claims for defamation, intentional infliction of mental distress, and economic interference. Metrolinx opposed the application, pointing to confidentiality agreements and the potential risk to the safety of the anonymous complainant if their identity were disclosed. Applying the test established by the Supreme Court of Canada for granting a Norwich order, the Court considered whether the Applicants had a bona fide claim, whether Metrolinx was involved in the matter and the only practical source for the information, and whether public interest justified breaching the complainant’s privacy.
In its examination, the Court concluded that the Applicants had sufficient grounds for their claims and rejected the argument that the complainant’s identity was protected by confidential source privilege, reasoning that the communication was not confidential in nature under the Wigmore test criteria. Ultimately, the Court ruled in favor of disclosure, highlighting that the public interest in accessing the truth outweighed Metrolinx’s concerns about confidentiality and safety. In considering the four Wigmore factors, the Court emphasized that the complainant’s communication did not meet the criteria for confidential source privilege, predominantly since the communication was unsolicited and the complainant did not have an expectation of confidentiality when making the complaint. The Court concluded that the privacy policy contemplated that the personal information could be disclosed and that “this is not an individual acting in the capacity of employee seeking to take advantage of protections available to a corporate whistleblower.”
Impact of a robust policy
Metrolinx's privacy policy was crucial in determining the outcome of this decision, as it was published on the Metrolinx website and provided explicit guidance on how personal information would be collected, used, and disclosed. A robust policy not only informs individuals of their rights and what to expect when they submit personal data but also protects the organization by clarifying the boundaries of consent and disclosure.
In this case, the clear language of the policy allowed the Court to conclude that the complainant had consented to the use and potential disclosure of their information, negating any claim to privilege or anonymity. Without a strong, clear policy, organizations risk misunderstandings, legal disputes, and breaches of trust with individuals who provide sensitive information.
Implications for whistleblower confidentiality
The Taylor v. Metrolinx ruling has significant implications for the use of Norwich orders in defamation and related claims. The Court found that no assurances of confidentiality were in fact provided to the complainant through the policy, and drew a distinction between a member of the general public submitting an unsolicited report of alleged misappropriation of funds and an employee seeking the protections available to a corporate whistleblower. By granting the Applicants access to the complainant’s identity, the Court reinforced the principle that individuals making serious allegations cannot insist on their identity being withheld without a strong legal basis for doing so and should be wary in making potentially damaging claims. This decision also serves as a reminder that if an organization seeks to provide whistleblowers with confidentiality protections, they should do so explicitly in their privacy policy by utilizing clear and express language.