There has been much written and said about the Ontario Court of Appeal's January 18th decision in Jones vs. Tsige.1

The case made the front page of The Lawyer's Weekly, February 3rd edition, and was described as a "new US-style common law cause of action" and a "potentially sweeping new tort for invasion of privacy".

In case you missed it, the Court recognized, at common law, the tort of "intrusion upon seclusion", which is a particular type of privacy breach.

The case arose when Sandra Jones, a customer and employee of the Bank of Montreal, became aware that another bank employee, Winnie Tsige, had snooped in Jones' personal financial records at the bank 174 times over a period of four years. Coincidentally (or not so coincidentally) Jones was the former spouse of an individual with whom Tsige was involved in a relationship. Jones and Tsige apparently did not know each other but Tsige took advantage of her employment at the bank to snoop in Jones' banking records. When Tsige was confronted with this allegation by Bank management, she apologized and reportedly offered financial compensation. Ms. Jones chose to litigate. Jones' claim was dismissed in the first instance because the Motions Judge found the common law in Ontario did not recognize a tort of invasion of privacy. The Judge was of the view that it was for legislators, and not the courts, to create the tort of breach of privacy if that was considered to be appropriate public policy.

Ms. Jones was not deterred and carried on to the Ontario Court of Appeal.

The Court of Appeal found that the time had come to recognize, at common law, the tort of "intrusion upon seclusion". Writing for a unanimous Court, Mr. Justice Sharpe found that "it is appropriate for this Court to confirm the existence of a right of action for intrusion upon seclusion. Recognition of such a cause of action would amount to an incremental step that is consistent with the role of this Court to develop the common law in a manner consistent with the changing needs of society".2

The Court's rationale for recognizing this new tort at common law was as follows:

  • while the case law was far from conclusive, the trend in the case law was to support the existence of such a cause of action;
  • privacy has long been recognized as an important underlying and animating value of various traditional causes of action to protect personal and territorial privacy;
  • jurisprudence under the Canadian Charter of Rights and Freedoms ("Charter") recognizes privacy as a fundamental value in our law and identifies informational privacy as worthy of protection;
  • many legal scholars and writers who have considered the issue support recognition of a right of action for breach of privacy;
  • in modern times, the pace of technological change has accelerated exponentially and a pressing need to preserve privacy has emerged given that science and technology have threatened privacy "to the point of surrender" (quoting legal scholar Peter Burns); and
  • the case before the Court presented facts that "cry out for a remedy" .3

The Court adopted the following as the required elements of the action for "intrusion upon seclusion":

  • the defendant's conduct must be intentional (which includes recklessness);
  • the defendant must have invaded, without lawful justification, the plaintiff's private affairs or concerns;
  • a reasonable person must regard the invasion as highly offensive causing distress, humiliation or anguish; and
  • proof of harm to a recognized economic interest is not an element of the cause of action and damages for intrusion upon seclusion would ordinarily be measured by a modest conventional sum (i.e. damages should normally fall in a range up to $20,000).

The Court awarded $10,000 damages to Ms. Jones, declined to award punitive damages and required each party to bear her own costs.

So, the question arises: is this a major development in Canadian tort law that is likely to result in a flood of litigation?

It should first be noted that the decision in Jones vs. Tsige is of less interest to British Columbians, Saskatchewanians, Manitobans, Québecers and Newfoundlanders than it is to Albertans, Ontarians, Nova Scotians, Yukoners, New Brunswickers, Prince Edward Islanders and Nunavummiuts (yes, I had to look that one up!).

British Columbia, Manitoba, Saskatchewan, Newfoundand and Québec have, for some time, had legislation allowing for a civil action for a violation of privacy to be brought in certain circumstances4. So, for example, in British Columbia, Ms. Jones could have brought her claim against Ms. Tsige under the BC Privacy Act. Unlike under the common law tort of "intrusion upon seclusion" recognized by the Ontario Court of Appeal, it would not have been necessary for Ms. Jones to establish that the invasion of her privacy was "highly offensive" in order to make out the statutory cause of action for breach of privacy under the BC Privacy Act, (only that her privacy had been unreasonably invaded in all of the circumstances)5. Ms. Jones also would not be limited to a $20,000 maximum damage claim in British Columbia. While there have not been a large number of successful breach of privacy claims brought under the BC Privacy Act, damage awards have been made for sums ranging from $100 to $60,000.

So, at least in five Canadian provinces, the decision in Jones vs. Tsige seems unlikely to bring about a significant increase in civil privacy claims.

Secondly, although it is always interesting to lawyers when a court recognizes a new tort at common law (especially a tort with such a catchy name), given that the Ontario Court of Appeal limited the damages available for intrusion upon seclusion, it seems unlikely that a flood of "one-off" litigation claims will now follow in Ontario, given the significant costs involved in bringing a case to trial. Having said that, there may be an increase in small claims of this nature that either settle relatively quickly or languish in the registries.6

There is certainly a potential for class action suits to be brought under this new tort7, even though the damages per plaintiff would be limited. Indeed, class actions are often brought precisely because the damages per claimant are minimal, particularly in circumstances where liability is relatively clear. However, for a class action to be viable, there would need to be a relatively large class of individuals whose seclusion had been intruded upon in a fairly similar fashion. Otherwise, presumably, there would be difficulty in having a court certify the case as a class action. Moreover, a class action would not appear to be viable unless the identified defendant was an individual or entity with relatively large pockets.

Thirdly, while it has been posited that the decision in Jones vs. Tsige could result in claims being brought for things like individuals accessing their spouse's or children's correspondence or diaries without permission or employers surreptitiously monitoring employee computer use, the experience in British Columbia, where the statutory civil action for breach of privacy has been available since 19688, is that there has not been a large number of actions involving these kinds of situations. This may indicate that children are still unlikely to sue their parents and that employee concerns are largely dealt with through more traditional labour and employment channels (or through the Office of the Information and Privacy Commissioner for B.C.). This may also, in part, be due to the fact that a tort claim for breach of privacy under the BC Privacy Act must be brought in the British Columbia Supreme Court and cannot be brought in Small Claims Court9. Section 4 of the BC Privacy Act states as follows:

Despite anything contained in another act, an action under this Act must be heard and determined by the Supreme Court.

Given the increased cost of pursuing a case in the superior courts, it is not all that surprising that there are a relatively small number of reported decisions involving claims by employees or between family members under the BC Privacy Act.

It will be interesting to see whether our British Columbia Small Claims Court will be asked to hear a common law claim for intrusion upon seclusion, based on Jones vs. Tsige. While the British Columbia Small Claims Court would not, of course, be bound by the decision of the Ontario Court of Appeal, a provincial court judge in British Columbia might be inclined to leave open the possibility that a civil claim could theoretically be brought in British Columbia under the tort of intrusion upon seclusion but nonetheless find that the clear intention of the British Columbia Legislature in enacting the Privacy Act was to supplant any such common law tort with the statutory cause of action. Applying such an analysis, it would seem likely that the British Columbia Provincial Court (Small Claims) would find that the Court does not have jurisdiction to hear a common law claim for intrusion upon seclusion.

Fourth, the Ontario Court of Appeal has only recognized a particular type of breach of privacy in Jones vs. Tsige. It is interesting to note that the Court accepted Professor Prosser's view that the general right to privacy embraced four distinct torts, each with its own considerations and rules10. The four torts delineated by Professor Prosser were summarized by the Court as follows:

  1. Intrusion upon the plaintiff's seclusion or solitude or into his private affairs;
  2. Public disclosure of embarrassing private facts about the plaintiff;
  3. Publicity which places the plaintiff in a false light in the public eye; and
  4. Appropriation, for the defendant's advantage, of the plaintiff's name or likeness.

The Court noted that Ontario had already accepted the existence of a tort claim for appropriation of personality. The Court was also careful to say that it was restricting itself to the particular issues posed by the facts of the case before it and was not attempting to decide more than was strictly necessary. It would seem to follow from this that the two remaining types of privacy breaches identified by Professor Prosser, namely public disclosure of embarrassing private facts about the plaintiff and publicity which places the plaintiff in a false light in the public eye, are not encompassed in the common law tort of intrusion upon seclusion recognized in Jones vs. Tsige. Accordingly, there would be room, for example, for a media outlet to argue that its publication of information about a celebrity is not actionable based on Jones vs. Tsige and would fall within a different type of tort which has not yet been recognized by the Court.

Finally it is important to note that the Ontario Court of Appeal recognized that one's right to seclusion is not absolute; in some instances, there could be competing claims such as freedom of expression, freedom of the press or other interests or duties which could override the right to seclusion11. While those issues did not arise on the facts in Jones vs. Tsige, the Court clearly recognized that not every intrusion upon seclusion will result in liability.

In light of all of the above, it would seem that the greatest potential for litigation arising from Jones vs. Tsige lies in the possibility for class actions in situations where an organization intrudes into the private information of a large number of individuals in a similar fashion (in circumstances where the invasion would be highly offensive to a reasonable person). With this in mind, one wonders if some social media providers may be taking a closer look at some of their practices12. From this writer's perspective, even if this is the only significant development to come out of Jones vs. Tsige, it will have been well worth the fuss!

There is no doubt that Jones vs. Tsige is a reminder to all organizations that information security breaches do not always involve sophisticated computer hacking from outside sources. Sometimes a security threat arises simply from human nature, uncontrolled curiosity and poor judgment. It would seem that the only way to minimize those kinds of security threats is to:

  • model good privacy practices from top management down;
  • train, train and train again; and
  • perform random audits, followed by warnings and appropriate disciplinary action where warranted.

Footnotes

1 2012 ONCA 32.

2 Ibid at para 65.

3 The Court noted that the discipline administered by BMO against Tsige (i.e. one week suspension and denial of bonus) was governed by principles of employment law and the employer's interests, and did not provide a direct response to the wrong that had been done to Jones.

4 British Columbia, Privacy Act, RSBC 1996, c 373; Manitoba, Privacy Act, CCSM c P125; Saskatchewan, Privacy Act, RSS 1978, c P-24; Newfoundland, Privacy Act, RSNL 1990, c P-22; and Québec, Civil Code of Québec arts 3 and 35-37, and Charter of Human Rights and Freedoms, RSQ c C-12, s 5.

5 Under the BC Privacy Act, the nature and degree of privacy to which a person is entitled is "that which is reasonable in the circumstances, giving due regard to the lawful interest of others". Further, in determining whether the act or conduct is a violation of another's privacy, regard must be given "to the nature, incidence and occasion of the act or conduct and to any domestic or other relationship between the parties".

6 It seems unlikely that a large number of small claims actions for this tort would go all the way to trial, as the money limit for small claims in Ontario is $25,000 (this is also the case for BC). 7As in British Columbia, a class action in Ontario cannot be brought in Small Claims Court and must be commenced in Superior Court.

8 Privacy Act, SBC 1968, c 39.

9 This is also the case, for example, in Manitoba

10 Supra note 1 at para. 21.

11 For example, would a nanny who discovered a hidden nanny camera in his or her employer's home have a valid claim for intrusion upon seclusion? From the parents' perspective, their moral and legal obligation to protect their child's well-being should certainly be given due weight when considering competing interests to the nanny's desire for privacy. It is interesting in this regard to note that BC Personal Information Protection Act does not apply to the collection, use or disclosure of personal information for the personal or domestic purposes of the individual collecting the information. The situation appears to be different in the USA however - a mother who sewed a digital recorder into her daughter's teddy bear because she suspected her ex-husband of abusing the child was recently fined $60,000 under US federal wiretap law: Lewton vs. Divignzzo, 772 F. Supp. 2d 1046 (2011)

12 It was recently reported that Facebook is facing a class action lawsuit for breach of privacy and breach of the USA federal wiretap law in a Northern California District Court.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.