The Court of Appeal for British Columbia breathed new life into a possible common law privacy tort as it upheld the certification of a data breach class action, according to the plaintiffs’ lawyers.
The arguable existence of torts for breach of privacy or intrusion upon seclusion did not actually come before the three-judge panel in the case of Tucci v. Peoples Trust Company 2020 BCCA 246, a fact lamented by Appeal Court Justice Harvey Groberman as he opined that “the time may well have come for this Court to revisit its jurisprudence” on the issue.
Ted Charney, Charney Lawyers
The world has changed since the Appeal Court’s apparent dismissal of a privacy tort in Hung v. Gardiner 2003 BCCA 257, Groberman wrote, pointing to the landmark judgment of his Ontario counterparts in Jones v. Tsige 2012 ONCA 32, when the common law tort of intrusion upon seclusion was first recognized in a case involving a bank employee who repeatedly spied on a colleague’s records over the course of four years.
“It may be that in a bygone era, a legal claim to privacy could be seen as an unnecessary concession to those who were reclusive or overly sensitive to publicity, though I doubt that that was ever an accurate reflection of reality,” Justice Groberman wrote for the unanimous panel. “Today, personal data has assumed a critical role in people’s lives, and a failure to recognize at least some limited tort of breach of privacy may be seen by some to be anachronistic.”
Ted Charney, a senior partner at Charney Lawyers, acted for the plaintiffs in the appeal — a group of clients whose personal information was compromised following a 2013 cyberattack on Peoples Trust — and said the decision could signal the resurrection of a cause of action many privacy lawyers thought dead in B.C.
Luciana Brasil, Branch MacMaster LLP
“If the issue comes before the court again, it seems highly likely based on these reasons that the tort of intrusion upon seclusion would be recognized,” Charney said. “This decision is an enormously important development in the law of privacy in B.C., because until now, the only real remedies were the relatively weak ones available under the Privacy Act.”
Almost two years passed between the time the panel reserved its decision following argument in the fall of 2018 and the release of its reasons on Aug. 31, but Luciana Brasil, Charney’s co-counsel at Vancouver firm Branch MacMaster LLP, says it was worth the wait.
“We were very happy with the decision and the way it reinforces the importance of privacy rights,” she said. “A few years ago, privacy cases were hailed as the next big thing in the class actions world, but then they fizzled a little.”
“It’ll be interesting to see if we can keep developing the law to keep pace with what’s being done technologically,” Brasil added.
According to the Appeal Court ruling, China-based hackers were able to obtain information including the names, addresses, e-mail addresses, telephone numbers, dates of birth and social insurance numbers of Peoples Trust customers who applied for services online via an unencrypted database on the company’s web server.
Ryan Berger, Lawson Lundell LLP
A motion judge certified claims framed in breach of contract and negligence, but rejected one for breach of confidence. He also concluded that no cause of action exists in B.C. for the torts of breach of privacy or intrusion upon seclusion, but allowed the claims to proceed in a restricted fashion under federal common law.
On appeal, Justice Groberman, with Justices Gregory Fitch and Susan Griffin in concurrence, upheld the motion judge’s certification of the breach of contract and negligence claims, but set aside his certification of the federal privacy tort claims, rejecting the artificial separation of federal and provincial common law. Since the plaintiffs did not challenge the motion judge’s rejection of a common law privacy tort in B.C., Charney says the ruling may ironically prevent his clients benefiting from the Appeal Court’s apparent openness to recognizing such a tort.
While the decision in Tucci indicates B.C. law may be ready to fall in line with other jurisdictions that have already recognized a common law privacy tort, Ryan Berger, a partner with Lawson Lundell LLP in Vancouver, said the province remains an outlier when it comes to breach of confidence claims.
Justice Groberman upheld the motion judge’s decision on that issue, finding that breach of confidence was “well-defined as an intentional tort,” and that other torts are “more appropriate vehicles to deal with inadvertent disclosure of data.”
Molly Reynolds, Torys LLP
“I found that a little surprising, because breach of confidence has been the basis for other claims in the federal jurisdiction and it does seem to go against case law elsewhere in the country,” Berger said.
Molly Reynolds, counsel to Torys LLP’s Toronto office, said the decision will be of interest to privacy lawyers across the country, given the dearth of substantive case law involving mass data breaches.
“It puts some parameters around causes of action going forward,” she said, adding that practitioners in the field are most eagerly anticipating a major decision on the merits.
“When they go to trial, I think these breaches based on third-party hackers getting through the company system ultimately turn on the negligence claims,” Reynolds said. “The issue will be whether systems were protected to the appropriate standard of care, and what that standard is. The interesting thing there is that the standard at the time of the breach will be very different from the time of the trial, because the technology is changing so quickly.”
Ravi Hira, partner at Hira Rowan LLP, acted for Peoples Trust, but declined an opportunity to comment.