Court Recognizes Breach of Privacy Tort

In a decision released this week, the Ontario Court of Appeal recognized the tort of "intrusion upon seclusion" - a form of "breach of privacy" tort . This decision is the first Canadian appellate court decision which has unequivocally recognized that an invasion of privacy can constitute a common law tort. Although there are many pieces of legislation related to privacy across the country, to date courts have been reluctant to award damages for invasions of privacy based entirely on the common law. This case will change that reluctance.

In the case, an employee of BMO accessed the banking records of the Plaintiff (another employee) 174 times over four years. Although the employees did not know each other, the rogue employee was in a common-law relationship with the Plaintiff's former husband. The Plaintiff sued for invasion of privacy claiming that "her privacy interest in her confidential banking information had been irrevocably destroyed."

After a thorough review of the relevant law, the Court determined it was appropriate to recognize the tort of "intrusion upon seclusion". In order to make a successful claim under this tort, a Plaintiff must show that,

  1. the Defendant's actions were intentional;
  2. that the Defendant invaded, without lawful justification, the Plaintiff's private affairs or concerns and;
  3. that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish.

Although the Court stated that the tort would only be available when truly sensitive personal information is accessed, a Plaintiff does not have to show actual economic damages in order to be entitled to damages. Damages can be awarded for intangible harm such as hurt feelings, embarrassment or mental distress. The Court did note that these types of damages will likely be modest ($10,000 was awarded in this case), but it did not rule out the possibility that aggravated or punitive damages could be awarded in reprehensible cases.

Many employers have employees who have ready access to sensitive confidential information of others. Although this case does not deal with whether BMO was responsible for the actions of its "rogue" employee, it is conceivable that employers might be brought into such actions on the basis that they are vicariously liable for the actions of their employees. This possibility makes it even more important for employers to have in place policies relating to the access and safeguarding of personal information and to train employees with respect to their obligations when dealing with the confidential information of others.