Author(s):
Adam Kardash, Christopher Naudie, Lauren Tomasich, Emily MacKinnon, Mark A. Gelowitz, Céline Legendre
Sep 1, 2021
The past decade has seen a significant increase in the number of Canadian class actions filed following data breaches. Across the country, courts have varied in their approaches to provincial litigation requirements and in the remedies they have ordered. Class action litigation was the focus of an Osler AccessPrivacy call hosted by Adam Kardash, Partner, Privacy and Data Management, and featuring Osler litigation Partners Chris Naudie, Lauren Tomasich, Emily MacKinnon, Céline Legendre and Mark Gelowitz.
A couple of cases in Ontario have addressed the question of whether a defendant subject to a data breach has intentionally invaded the privacy of the plaintiffs in an offensive way. The cases involved public breaches where hackers infiltrated the systems of the defendants. In both cases, it was ruled that, when a database of a defendant is hacked, the defendant could not have acted intentionally or recklessly. The defendant could not have invaded the plaintiff’s privacy in an offensive manner because the database itself was the victim of intrusion.
The no-costs rule in British Columbia has made privacy class actions popular in that province. BC legislation pertaining to class actions prohibits the court from awarding any costs on a certification application, regardless of the outcome. If the action is certified, there can be no costs awarded at any point after that. For plaintiffs’ counsel, this means the risks are very low.
In Québec, courts have confirmed that proving fault on the part of the defendant for having lost or failed to protect the personal information of its clients does not automatically demonstrate compensable injury. Courts generally have stated that applicants must prove serious and prolonged harm. Minimal inconvenience does not constitute compensable injury.
Watch the Webinar on Demand