New Tort Decision May Challenge the Strength of Your Privacy Policy

In a recent decision, the Ontario Court of Appeal recognized a new tort concerning invasion of privacy, called “intrusion upon seclusion”. Jones v. Tsige, 2012 ONCA 32, marks the first time that an appellate level court in Canada has been willing to recognize such a cause of action.

The facts of the case are as follows. Jones and Tsige were both employees of the Bank of Montreal, however they did not work at the same branch and they did not know each other. Tsige was in a common law relationship with Jones’ ex-husband. Jones learned that Tsige had used the BMO computer system to access Jones’ banking records approximately 174 times over a four-year period. The information accessed included Jones’ banking transactions and personal information, such as address, marital status, and date of birth. Jones sued Tsige, claiming damages of $70,000 for invasion of privacy and breach of fiduciary duty and $20,000 in punitive and exemplary damages. Tsige was successful on a summary judgment motion after the judge concluded that there was no cause of action for invasion of privacy in Ontario. The Court of Appeal overturned the motion judge’s decision and held that the common law does indeed recognize a tort of intrusion upon seclusion. The Court held that recognizing such a tort “would amount to an incremental step that is consistent with the role of the court to develop the common law in a manner consistent with the changing needs of society”.

The elements of this new tort are:

1. the defendant’s conduct must be intentional (which includes reckless conduct);
2. the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns: and
3. a reasonable person would regard the invasion as highly offensive causing distress, humiliation, or anguish.

It should be noted that it is not necessary for a plaintiff to show economic loss. However, the Court did place some limitations on the new tort:

1. A claim for intrusion upon seclusion will arise only for deliberate and significant invasions of personal privacy. Claims from individuals who are sensitive or unusually concerned about their privacy will be excluded.
2. Intrusions must be into one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.
3. Privacy claims may give rise to competing claims such as freedom of expression and freedom of the press. In such cases, the competing claims will have to be balanced.

The Court held that damages for intrusion upon seclusion would be capped at $20,000. In this case, $10,000 was awarded. In finding that this case fell into the mid-point in terms of damages, the Court noted that it was a highly offensive intrusion resulting in mental distress, but that Jones suffered no public humiliation or harm.

WHAT THIS DECISION MAY MEAN FOR YOUR ORGANIZATION

This decision has potentially significant implications not only for individuals, but also any organization that collects and/or uses personal, financial, or health information. Organizations may be at risk of liability under this new tort in cases where their employees access the private information of coworkers. In Jones, the Court of Appeal noted that Tsige was a “rogue employee” and acted contrary to BMO’s policies. This may not always be the case. To best protect themselves from claims arising from the actions of their employees, organizations should ensure that they always obtain consent from individuals for the collection, use, and disclosure of personal information. Organizations should also ensure that they have privacy policies in place with respect to employees’ personal information, and that employees receive appropriate training with respect to the importance of following such privacy policies. Although many organizations have existing privacy policies in place in accordance with provincial privacy laws, it may be necessary to review the existing policies to assess whether they need to be updated in light of this new common law development.