Shafik Bhalloo has been a partner of Kornfeld LLP since 2000. His practice is focused on labour and employment law, and on commercial and civil litigation. He is also an Adjudicator on the Employment Standards Tribunal and an Adjunct Professor in the Faculty of Business Administration at Simon Fraser University.
While British Columbia, Saskatchewan, Manitoba and Newfoundland all have general privacy legislation creating a statutory tort or civil right of action for invasion of privacy (see Business Law Blog publication at http://www.businesslawblog.ca/tag/tort/), most other Canadian jurisdictions do not have comparable legislation although they may have some statutory administrative schemes that govern and regulate privacy issues and disputes in more specific contexts. Having said this, in these other jurisdictions, absent a specific applicable statutory scheme to protect one’s privacy rights, a claimant may be without a remedy for invasion of her privacy unless she can successfully establish the existence of a common law right to bring a civil action for invasion of privacy. This is precisely what the Plaintiff, Sandra Jones, did in the Ontario Court of Appeal in Jones v. Tsige, 2012 ONCA 32 (http://www.ontariocourts.on.ca/decisions/2012/2012ONCA0032.htm), an appeal of the decision of the Ontario Superior Court of Justice.
In this case, Ms. Jones and the defendant, Ms. Tsige, were both employees of the Bank of Montreal (“BMO”) but worked at different branches of the bank in different positions – Ms. Jones as a Project Manager and Ms. Tsige as a Financial Planner. The two did not work with or know each other. However, Ms. Tsige had formed a common law relationship with Ms. Jones’ former husband and, by virtue of her position with the BMO, had access to and did access on her computer at the workplace, on at least 174 occasions, details of financial transactions in Ms. Jones’ personal accounts with the BMO. She also had access to Ms. Jones’ other personal information with the BMO, such as date of birth, marital status, language spoken and residential address. It should be noted that Ms. Tsige did not make copies of any of the personal information of Ms. Jones she accessed nor did she distribute the information to anyone.
When the BMO discovered Ms. Tsige’s activities and confronted her, she confirmed that she had no legitimate reason to access Ms. Jones’ accounts and knew what she was doing was contrary to BMO’s policies and her professional training. However, she explained that she was involved in a financial dispute with her common law spouse (Ms. Jones’ former husband) and she was, by accessing Ms. Jones’ banking records, trying to confirm if he was paying Ms. Jones child support.
BMO discliplined Ms. Tsige by meting out a five-day suspension and denying her a yearly bonus. The BMO also issued her a warning that any future repetition of her conduct would result in the terminationof her employment. She was also asked to review and discuss with BMO privacy principles and standards.
The Ontario Superior Court of Justice
Ms. Jones lodged her action in the Ontario Superior Court of Justice asserting that her privacy interest in her confidential banking information was “irreversibly destroyed” and claimed damages of $70,000 for invasion of privacy and breach of fiduciary duty, and punitive and exemplary damages of $20,000. The Court held there was not any prior relationship between the parties that may be characterized as fiduciary in nature, whether in the traditional or non-traditional sense or categories, and therefore, Ms. Tsige did not owe Ms. Jones a fiduciary obligation and dismissed that claim.
With respect to her claim for damages for invasion of privacy, the Court reviewed some recent decisions in Ontario and rejected the notion that in Ontario there exists at common law a tort of invasion of privacy. The Court went on to conclude:
… this is not an area of law that requires “judge-made” rights and obligations. Statutory schemes that govern privacy issues are, for the most part, carefully nuanced and designed to balance practical concerns and needs in an industry-specific fashion.
In dismissing her claim for damages for invasion of privacy, the Court noted that this was not a case where Ms. Jones was without a remedy. The Court noted that the Personal Information Protection and Electronic Documents Act, 2000, c. 5 (“PIPEDA”), applied to the banking sector and could have been employed by Ms. Jones to seek a remedy. She could have filed a complaint with the Commissioner under that statute and ultimately obtained recourse at the Federal Court.
The Ontario Court of Appeal
While Ms. Jones did not appeal the Superior Court’s finding that Ms. Tsige did not owe her a fiduciary obligation, she appealed the Court’s finding that Ontario law does not recognize the tort of breach of privacy and the consequent dismissal of her claim for damages for invasion of her privacy.
The Court conducted an expansive review of the Canadian, American and English jurisprudence concerning the existence of a tort of invasion of privacy and was particularly influenced by Professor Prosser’s “four-tort” classification. More specifically, Professor Prosser, in his review of privacy cases, concluded that the general right to privacy includes four distinct torts, each with its own considerations and rules. In the case of Ms. Jones, the Court stated that if she has a right of action for invasion of her privacy then it falls within the first category of Professor Prosser’s classification, namely “intrusion upon seclusion” which is adopted by the Restatement (Second) of Torts (2010) and described as follows:
One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.
The Court then went on consider and reject Ms. Tsige’s argument that the existing Ontario and federal legislative framework addressing the issue of privacy is a sufficient basis for the court to refuse to recognize the emerging tort of intrusion upon seclusion and that any expansion of the law in the area should be left to the Parliament and the legislature. The Court also pointed out the deficiencies in the existing framework of privacy legislations as concerns Ms. Jones’ case with particular reference to the example of PIPEDA, which the Superior Court earlier suggested Ms. Jones could have engaged because it applies to the banking sector. The Court noted that PIPEDA, as a federal legislation deals with “organizations” that are within the federal jurisdiction and does not address the existence of a civil cause of action for invasion of privacy in the province. Moreover, under PIPEDA, Ms. Jones would be required to lodge a complaint against BMO and not the offender, Ms. Tsige, and the remedies under PIPEDA do not include damages.
In the case of provincial legislation, the Court also pointed out that existing Ontario legislation deals with individual privacy rights in context of governmental and other public institutions but does not provide for private rights of action between individuals. In the result, the Court went on to confirm the existence of a right of action for intrusion upon seclusion reasoning as follows:
Recognition of such a cause of action would amount to an incremental step that is consistent with the role of this court to develop the common law in a manner consistent with the changing needs of society.
For over one hundred years, technological change has motivated the legal protection of the individual’s right to privacy. In modern times, the pace of technological change has accelerated exponentially…. The Internet and digital technology have brought an enormous change in the way we communicate and in our capacity to capture, store and retrieve information. As the facts of this case indicate, routinely kept electronic data bases render our most personal financial information vulnerable. Sensitive information as to our health is similarly available, as are records of the books we have borrowed or bought, the movies we have rented or downloaded, where we have shopped, where we have travelled, and the nature of our communications by cell phone, e-mail or text message.
It is within the capacity of the common law to evolve to respond to the problem posed by the routine collection and aggregation of highly personal information that is readily accessible in electronic form. Technological change poses a novel threat to a right of privacy that has been protected for hundreds of years by the common law under various guises and that, since 1982 and the Charter, has been recognized as a right that is integral to our social and political order.
In so concluding, the Court expressly adopted the elements of the action for intrusion upon seclusion delineated in the Restatement (Second) of Torts set out above and went on to describe the key features of this cause of action as follows:
- The defendant’s conduct must be intentional which includes reckless conduct;
- The defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and
- A reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish.
In light of the above elements of the cause of action, the Court opined that there is not a serious risk of opening “floodgates” of litigation because a claim of intrusion upon seclusion will only arise where “deliberate and significant invasions of personal privacy” occurs and not in de minimus cases:
Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.
The Court indicated that it is not an element of the cause of action for intrusion upon seclusion for the Plaintiff to show proof of actual loss or damages. In this respect, there is a parallel between the common law right of action recognized by the Court and the legislative scheme in the four provinces, including British Columbia, creating a statutory right of action for invasion of privacy.
Having said this, the Court went on to state that where, as in this case, the Plaintiff has suffered no pecuniary loss, only “symbolic” or “moral” damages may be appropriate to acknowledge the wrong done. In determining what those damages should be in this case, the court considered case law from Ontario and also found helpful and instructive guidance in the Manitoba Privacy Act, which sets out the following catalogue of factors for determining appropriate range of damages:
1. the nature, incidence and occasion of the defendant’s wrongful act;
2. the effect of the wrong on the plaintiff’s health, welfare, social, business or financial position;
3. any relationship, whether domestic or otherwise, between the parties;
4. any distress, annoyance or embarrassment suffered by the plaintiff arising from the wrong; and
5. the conduct of the parties, both before and after the wrong, including any apology or offer of amends made by the defendant.
The Court then established the upper range for damages where no pecuniary loss is suffered at $20,000 and went on to award Ms. Jones $10,000, the mid-point of the range. While the Court found Ms. Tsige’s conduct “highly offensive to the reasonable person and caused humiliation, distress and anguish”, it did not qualify as “exceptional circumstances” meriting an award of punitive or exemplary damages. The Court left open the door for such awards in the “truly exceptional circumstances”.
While courts in British Columbia are not bound by decisions of courts in other provinces, the decision of the appellate court of another province, the Ontario Court of Appeal in this case, may be relied upon as persuasive in appropriate cases in British Columbia and other provinces. It is, in my view, a very useful decision which lends to the definition of the scope of privacy protection that may be afforded in provinces including those provinces with general privacy legislations such as British Columbia, since privacy is not defined in the legislations.
Further, the decision of the Ontario Court of Appeal, in this case, is a very well reasoned and thoughtful decision that comprehensively considers jurisprudence and legislation in other jurisdictions including some very authoritative academic literature on the subject which only adds to its persuasiveness. I note, in particular, the Court takes judicial notice of the technological change in society and the growing threat this change poses to individual privacy with the introduction of new methods of collecting and storing personal data and information that is highly accessible in electronic form. In this environment, I think, the court makes a persuasive case for “develop(ing) the common law in a manner consistent with changing society” by recognizing a common law cause of action for intrusion upon seclusion.
 William Prosser, Law of Torts, 4th ed. (West Publishing Company, 1971) at p. p. 389:
1. Intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs.
2. Public disclosure of embarrassing private facts about the plaintiff.
3. Publicity which places the plaintiff in a false light in the public eye.
4. Appropriation, for the defendant’s advantage, of the plaintiff’s name or likeness.