Not all breaches are offensive: the narrow scope of the tort of intrusion upon seclusion
The Divisional Court recently overturned an order granting certification of an action based upon the evolving privacy tort of intrusion upon seclusion. In Stewart v. Demme, 2022 ONSC 1790 (Div. Ct.), the Court provided welcome guidance on the narrow scope of the tort in the context of unauthorized access to medical records.
In particular, the Court reaffirmed the high bar that plaintiffs need to satisfy under the third leg of the test for intrusion upon seclusion: that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. Such intrusions must be “deliberate and significant to be considered ‘highly offensive.’” As such, “minimal and fleeting” intrusions into private information – even personal health information – will not meet this standard.
Factual background and procedural history
In short, the defendant Catharina Demme – a nurse employed by the co-defendant William Osler Health System – stole thousands of opioids from the automated dispensing unit at the hospital, and in order to do so, accessed limited medical information of some 11,358 patients over the course of a decade. The representative plaintiff commenced a class proceeding against both defendants for damages stemming from intrusion upon seclusion and negligence.
On January 6, 2020, Justice Morgan of the Superior Court of Justice certified the intrusion upon seclusion claim, but not the negligence claim. Justice Morgan found that it was plain and obvious that the negligence claim could not succeed because neither causation nor damages had been pleaded. The summary judgment motion brought by the defendants was dismissed. In his reasons certifying the intrusion upon seclusion claim, Justice Morgan held, inter alia:
- “While any intrusion — even a very small one — into a realm as protected as private health information may be considered highly offensive and therefore actionable, the facts do not exactly ‘cry out for a remedy’”; and
- “an infringement of privacy can be ‘highly offensive’ without being otherwise harmful in the sense of leading to substantial damages. The offensiveness is based on the nature of the privacy interest infringed, and not on the magnitude of the infringement.”
On September 17, 2021, the Divisional Court granted the defendants leave to appeal the order of Justice Morgan, with respect to the dismissal of their summary judgment motion and the certification of the intrusion upon seclusion claim.
The decision of the Divisional Court
On appeal, the Divisional Court only needed to address one issue: whether the certification judge erred in his finding that the pleading disclosed a cause of action under section 5(1)(a) of the Class Proceedings Act for intrusion upon seclusion. Specifically, the Court was asked to determine whether Justice Morgan erred in his interpretation of the third leg of the test for the tort, that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. The standard of review applied was correctness.
The Court held that Justice Morgan indeed erred and set aside the certification order. The plaintiff’s motion to certify her action on the basis of intrusion upon seclusion was dismissed. Consequently, the Court did not address the defendants’ summary judgment motion.
Scope of intrusion upon seclusion
In setting aside the certification order, the Court summarized the required elements for intrusion upon seclusion as set out in the landmark case of Jones v. Tsige: (a) the defendant’s conduct must be intentional; (b) the defendant must have invaded, without lawful justification, the plaintiff’s private affairs; and (c) a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish.
The Court focussed its analysis on the third leg of the test and held that “Not every intrusion into private health information amounts to a basis to sue for the tort of intrusion upon seclusion. The particular intrusion must be ‘highly offensive’ when viewed objectively having regard to all the relevant circumstances. If the case does not ‘cry out for a remedy’, it is a signal that the high standard for certification of this limited tort may not be met.” It went on to hold that even though the phrase “cry out for a remedy” is not part of the test for intrusion upon seclusion, it informs the foundational purpose of the tort; that is, to remedy serious intrusions of privacy. Moreover, it reiterated that the “highly offensive” standard was an objective one, to be viewed through the lens of a reasonable person.
On that basis, the Court explicitly disagreed with the certification judge’s finding that “fleeting” intrusions into health records could be regarded as “highly offensive” merely because of the highly sensitive nature of personal health information. It also emphasized that in the context of class actions, the seriousness of intrusions must be assessed individually, not on a class-wide basis.
Given that the intrusions in Stewart were “fleeting, the information accessed was not particularly sensitive within the realm of health information, the intruder was not ‘after’ the information itself, which was otherwise available to her and/or a number of other hospital staff, and there was no discernible effect on the patients”, a reasonable person would not regard such actions as “highly offensive”. The Court held that to find otherwise would be to “open the floodgates” to claims for intrusion upon seclusion, something that the Court of Appeal cautioned against in Jones.
- Despite being first recognized in Ontario more than 10 years ago, the tort of intrusion upon seclusion remains limited and tightly circumscribed;
- Claims against defendants that manage sensitive information, such as financial or health records, will only succeed if intrusions into such information are “highly offensive” viewed on an objective standard;
- To meet the “highly offensive” standard, plaintiffs will need to prove that intrusions into their private affairs were serious and significant, not merely that the information compromised was sensitive; and
- Seriousness in the class actions context is based on an individual assessment of intrusions, not by claiming that the totality of intrusions makes them serious as a whole