Ontario’s Court of Appeal will rule on whether there is a common law tort for invasion of privacy in the province.
The case under appeal is called Jones v. Tsige (March 23, 2011). Sandra Jones and the Winnie Tsige worked at different branches of the Bank of Montreal. Jones did all her personal banking with BMO. Over the course of four years and on 174 occasions, Tsige accessed and reviewed on her computer screen at work, Jones’ private banking records. After being caught doing this by BMO, Tsige acknowledged that she had no legitimate purpose in reviewing Jones’ records. She claimed to have done it for personal reasons.
Jones sued Tsige. Among other things, she claimed damages in tort for invasion of privacy. She then brought a motion for summary judgment on the issue. Tsige then cross-moved for summary judgment, arguing that there is no such common law tort.
Superior Court Justice Kevin Whitaker found that there is no tort of invasion of privacy at common law, Accordingly, he allowed Tsige’s motion and dismissed the action.
In his reasons, Justice Whitaker noted that Ontario law includes at least four statutes, which structure and enforce privacy obligations. He also acknowledged that the Superior Court’s decision in Somwar v. McDonald’s (2006) stood for the proposition that “it is not settled law in Ontario that there is no tort of invasion of privacy.”
However, in Euteneier v. Lee (2005), the Court of Appeal made the following statement:
63. But Euteneier properly conceded in oral argument before this court that there is no ‘free standing’ right to dignity or privacy under the Charter or at common law…
Although the issue in Euteneier was different, Justice Whitaker found that the “inescapable conclusion” put by the Court of Appeal in paragraph 63 was that ‘there is no “free standing’ right to …privacy…at common law.” He found that the Court of Appeal’s decision in Euteneier is binding and dispositive of the question as to whether the tort of invasion of privacy exists at common law. Accordingly, he concluded that there is no tort of invasion of privacy in Ontario.
Interestingly, Justice Whitaker concluded with the following comments:
I would also note that this is not an area of law that requires “judge-made” rights and obligations. Statutory schemes that govern privacy issues are, for the most part, carefully nuanced and designed to balance practical concerns and needs in an industry-specific fashion.
In other words, Justice Whitaker was of the view that elected lawmakers were in a better position than judges to craft laws to protect privacy rights of individuals and provide remedies for any breaches of those rights.
Indeed in the past 10 years or so, governments at all levels across Canada enacted various legislation to deal with privacy issues (obviously stimulated by the exponential rate at which Canadians started engaging in online activity). In 2000, the federal government enacted the Personal Information Protection and Electronic Documents Act (PIPEDA), and since January 2004, most Canadian businesses have been subject to the Act.
In Ontario, the Personal Health Information Protection Act, 2004 (PHIPA) provides rules for the collection, use, and disclosure of “personal health information” about individuals that protect the confidentiality of that information and “the privacy of individuals with respect to that information, while facilitating the effective provision of health care”. It also provides “effective remedies” for contraventions of the Act.
Insurers in Ontario are already subject to PIPEDA and, to a certain degree, PHIPA (when they receive claimants’ medical information). Any privacy breaches could lead to consequences under those Acts. But a tort for invasion of privacy would inevitably lead to numerous new liability claims, at possibly greater costs. For example, a telephone company that fails to protect a customer’s unlisted phone number could face “invasion of privacy” claims in tort, especially if the breach causes the customer harm. Would there be a duty to defend and indemnity under the telecom’s CGL policy?
Or suppose an accident benefits carrier, in the course of adjusting a claim, discloses some personal information without the claimant’s consent. If the Court of Appeal recognizes a common law tort for invasion of privacy, the claimant might be able to sustain a separate tort claim against their carrier for such disclosure (assuming again that they have suffered damages as a result of the disclosure).
With all the privacy breaches in the news today (see Sony Data Breach Raises Insurance Issues), it will be interesting to see whether the Court of Appeal decides that a common law tort for invasion of privacy is warranted.