I want to use my time this week to highlight a couple of recent court cases dealing with the ever-evolving issues raised by privacy law.
The first is a recent Supreme Court of Canada ruling on the privacy rights of unionized teachers in Ontario. The court confirmed the school board employer, being part of government, was subject to the Canadian Charter of Rights and Freedoms, and therefore had to abide by the privacy protections afforded in section 8 — The right to be free from unreasonable search and seizure.
The case involved two teachers using a private chat function on their computers to discuss workplace issues.
The principal accessed one of the computers when the teachers weren't present, read the private chats and took screenshots with his phone. He sent those screenshots to his supervisors at the school board, who then disciplined the teachers. The union contested the discipline, arguing that the teachers had a reasonable expectation of privacy in their private written conversation and that their Charter rights to be free from unreasonable search and seizure were violated. Ultimately, the Supreme Court of Canada sided with the union.
The second case concerns a data breach experienced by Capital One a few years ago. Following the breach, several proposed class actions filed across Canada, including in British Columbia, Ontario and Quebec.
The Ontario case is no longer proceeding after the Ontario Court of Appeal concluded common law tort of inclusion upon seclusion did not apply to the hacked entity. However, British Columbia has the Privacy Act that establishes a legislated tort of invasion of privacy, unlike the common law tort in Ontario.
The British Columbia Court of Appeal ruled that it was not plain and obvious that the case was doomed to fail and is allowing it to proceed.
These two cases show the differences between common law and legislated torts of invasion of privacy, potentially creating an uneven playing field across Canada where some provinces are advancing with more privacy protections for its citizens than others. This complex landscape — and keeping track of it all — adds to the challenges for Canadian privacy pros.
Speaking of keeping track, I hope you have the time to read the rest of this week's digest. There's always good stuff in there.
Enjoy your summer-weather weekend.
Kris Klein, CIPP/C, CIPM, FIP, is the managing director for Canada at the IAPP.