Twenty years ago, this October, we published "The Law of Privacy in Canada." It took about a year and half to write, and I distinctly remember starting the project with a meeting with my coauthors when we had to choose the topic for the book. We were administrative law practitioners, and I thought I was going to make a career in litigation. But, with privacy being a hot topic in Europe back then and the Personal Information Protection and Electronic Documents Act on the horizon, we thought a textbook on all aspects of privacy was something that might be interesting, different, new and exciting.
Over the years, we keep the book current and relevant by publishing updates periodically. In the first few years, the updates were pretty infrequent and not too plentiful. However, as the privacy industry grew, the need to keep the book updated became more and more laborious. Today, it occupies a good chunk of my time, and I know my current co-author, Shaun Brown, also spends a fair amount of time on his sections of the book.
With the changes coming in Quebec, news of a potential private sector privacy law in Ontario and imminent modernization at the federal level, it seems we’ll have lots to do in the future, as well.
This week, I’ve been working on the summer’s update, and I’ve come across tons of material. In fact, this update — which covers developments in certain areas from the past year — will be the largest update to the book in its 20-year existence. I’m going to share one example: the potential expansion of the tort of privacy, especially when it comes to class actions. If you subscribe to the book, the next update will contain the following new text:
"Recently the courts have certified class actions to consider whether a defendant who acts recklessly can be held vicariously liable for intrusion upon seclusion. In Agnew-Americano v. Equifax Canada Co., the Ontario Superior Court of Justice concluded that it was not settled law that an intrusion upon seclusion claim was limited to a defendant directly accessing personal information.
In this case, the defendant Equifax’s failure to safeguard its database enabled hackers to steal the personal financial information of roughly 20,000 customers. Although the hackers directly accessed the information, the court concluded that the law on intrusion to seclusion was not settled and that the claim should be determined in a hearing on its merits.
The possibility that the scope of the tort could be broadened was also considered in Kaplan v. Casino Rama where Belobaba J., opined that intrusion upon seclusion is an evolving tort that could conceivably support a claim where a defendant’s 'recklessness in the design and operation of their computer system facilitated the hacker’s intrusion.'"
Whoever said privacy was boring? And if these cases proceed to fruition — which I think is a bit unlikely — they will be precedent-setting. Don’t worry, I’ll do my best to keep you abreast of what’s going on. All you need to do is read the digest, where we try to share the most important highlights with you.