# 2015-160 - Disclosure, Respect of Procedures/Policies
F&R Date: 2015–11–26
The grievor contended that two members of his Chain of Command (CoC) met with his family members and disclosed his “Protected B” personal information without his consent, including incidences related to disciplinary issues.
The Initial Authority, the unit Commanding Officer, denied the grievance, but agreed to order a Summary Investigation (SI) into the handling of personal information at the unit. The final version of the SI Report concluded that members in the grievor's CoC did in fact meet with his family and did disclose some of his personal information, albeit with good intent. The conclusion was that there had been a security breach.
The Committee found that the grievor had a clear and definite right to have his personal information safeguarded by the CAF and that this was not done. The Committee agreed that the grievor had suffered embarrassment, personal grief and loss of dignity because of the breach of his privacy. The Committee found that although the CoC members involved in the breach had the best of intentions, the applicable privacy law and policy is clear and unequivocal: that a government institution must obtain an individual's consent before disclosing his or her personal information. The Committee recommended that the Final Authority ensure that the privacy breach is reported to the Director Access to Information and Privacy (DAIP) for their action, as required under CAF policy and the Privacy Act.
CDS Decision Summary
CDS Decision Date: 2016–04–01
The FA agreed with the Committee's finding that the grievor's personal information was disclosed to without his consent. The FA agreed with the Committee's recommendation and reported the privacy breach to DAIP.
- Date modified: