Almost a decade and a half after invasion of privacy was touted to be the tort of the 21st century, and after almost a century and a half of debate, Ontario got its first civil award for damages in a privacy breach this week.
Calling it “intrusion upon seclusion”, the Ontario Court of Appeals awarded the plaintiff $10,000 in Jones v. Tsige, for the defendant’s repeated, unauthorized snooping into the plaintiff’s banking records (the two were employees of the same bank).
The legal test was enumerated as follows:
“One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.”
Of particular interest in the case, is that the court explicitly noted that the right of individuals to this civil remedy lies in addition to statutory remedies available under PIPEDA and similar privacy legislation. While this ruling will have a considerable effect on privacy law in Ontario, the court does not feel that it will “open up the floodgates.” The court noted that the facts of the case limited the availability of the tort:
“The key features of this cause of action are, first, that the defendant’s conduct must be intentional, within which I would include reckless; second that the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and third, that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish.”
The court further limited the scope of what constitutes the kind of privacy breach that could give rise to an action:
“…it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.”
But perhaps the most sobering aspect of the judgment is the award. Saying that it could only award moral damages, the court decided on $10,000 for the plaintiff’s humiliation and suffering. Some analysts have suggested that this could be seen as a modest fee by those who are intent on breaching privacy for nefarious reasons.
What is unclear is the effect this will have on our clients – business owners. It is certain that the obligation to protect the privacy of customers and employers is as strong as ever, but it is important to note that in the present case, the court noted that the defendant’s actions were that if a rogue employee who had violated the employer’s code of conduct, and thus no action was available (presumably under PIPEDA) to the plaintiff.
We will be watching further developments in this area with great interest – particularly to see if this case is appealed to the Supreme Court.
Scott R. Young