The Ontario Court of Appeal has introduced the invasion of privacy into provincial law. In a recent decision that will surely have widespread implications for individuals and businesses alike, the new tort (a wrongdoing by one person against another) is meant to protect the public from the technological and social change of the 21st century. This article will examine the new law, with a focus on what the decision means for employers.
The Trail-blazing Decision
On January 18, 2012, the Ontario Court of Appeal released its unanimous judgment in the matter of Jones v Tsige, 2012 ONCA 32. In July of 2009, Sandra Jones discovered that Winnie Tsige used her workplace computer to access Jones’ personal bank accounts at least 174 times over a 4 year period. Although both Jones and Tsige worked for the same bank, they did not know each other personally. However, Tsige had formed a common-law relationship with Jones’ former husband.
The banking records Tsige accessed included Jones’ transaction details, marital status, and address among other things. When Jones became suspicious that Tsige was accessing her account, she complained to the bank’s management. Ultimately, Tsige admitted to looking at Jones’ account information and was subsequently suspended for one week without pay and denied a bonus. Nonetheless, Jones initiated a lawsuit against Tsige, claiming that her privacy interest in her confidential banking information had been irreversibly destroyed.
The motions judge dismissed Jones’ action on the ground that the tort for invasion of privacy does not exist at common law in Ontario. The judge added that because privacy legislation exists in several jurisdictions, any law regarding the invasion of privacy should be created by parliament in statute.
Recognizing the Need
The legal debate about whether to recognize a cause of action for invasion of privacy has been ongoing for well over a century. Aspects of invasion of privacy already received protection from other areas such as defamation, breach of confidence, and nuisance. An individual’s privacy interest is a fundamental part of such claims, and yet, the Canadian common law did not recognize invasion of privacy as a distinct right.
Paving the way for the Court of Appeal to create the tort was the decision of Justice La Forest of the Supreme Court of Canada in R v Dyment  2 S.C.R. 417. His Honour said that that “privacy is essential for the well-being of the individual. For this reason alone, it is worthy of constitutional protection, but it also has profound significance for the public order.” While the Charter of Rights and Freedoms does not apply to common law disputes between private individuals, it is well-established that courts are to develop the common law in a manner consistent with Charter values.
Since the Dyment decision, the Supreme Court has alluded to the right to privacy being an underlying constitutional right on several other occasions. This ultimately led the Ontario Court of Appeal to note that the explicit recognition of a right to privacy as underlying specific Charter rights and freedoms, and the principle that the common law should be developed in a manner consistent with Charter values, supports the recognition of a civil action for damages for intrusion upon the plaintiff’s seclusion.
In addition to evolving Charter values, the Court of Appeal also recognized that the modern pace of technology has changed, creating a pressing need to preserve privacy. Because internet and digital technology has changed the way we communicate, capture, store, and retrieve information, the law was required to keep up. In the words of Justice Sharpe, the author of the judgment:
Technological change poses a novel threat to a right of privacy that has been protected for hundreds of years by the common law under various guises and that, since 1982 and the Charter, has been recognized as a right that is integral to our social and political order.
The New Tort
To call the new tort “invasion of privacy” is actually somewhat of a misnomer. In following the path of American jurisprudence, the Court acknowledged that there are 4 different types of privacy torts:
- Intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs;
- Public disclosure of embarrassing private facts about the plaintiff;
- Publicity which places the plaintiff in a false light in the public eye; and
- Appropriation, for the defendant’s advantage, of the plaintiff’s name or likeness.
In Jones v Tsige, the Court said the first category, intrusion upon seclusion, is the applicable action. The elements of the new tort were drafted as follows:
I) The defendant must have intentionally or recklessly intruded, physically or otherwise;
II) The defendant must have invaded, without lawful justification, upon the seclusion of another of his private affairs or concerns;
III) A reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish.
By introducing an objective reasonable person standard, the Court intended the new tort to only apply to significant invasions of personal privacy, making it out of reach to people who are overly sensitive or unusually concerned about their privacy.
In terms of available damages, proof of actual loss is not necessary. All that is necessary is for the intrusion to have occurred in the first place. In this type of action, actual financial loss is rare. Instead, the courts will look at intangible harm suffered, such as hurt feelings, embarrassment or mental distress. The Court of Appeal looked to the Manitoba Privacy Act for guidance in determining damages. This requires consideration of:
- the nature, incidence and occasion of the defendant’s wrongful act;
- the effect of the wrong on the plaintiff’s health, welfare, social, business or financial position;
- any relationship, whether domestic or otherwise, between the parties;
- any distress, annoyance or embarrassment suffered by the plaintiff arising from the wrong; and
- the conduct of the parties, both before and after the wrong, including any apology or offer of amends made by the defendant.
In the end, Justice Sharpe ruled that where a plaintiff has suffered no pecuniary loss, the maximum amount they can claim is $20,000. In the case at hand, Jones suffered a very serious intrusion into her private financial affairs. But on the other hand, she suffered no public embarrassment or harm to her health. As a result, the Court put the matter in the mid-range of seriousness, and ultimately awarded Jones $10,000.
Unless this decision is overturned by the Supreme Court of Canada, it will remain the law in Ontario. As such, the implications of this decision are far-reaching. In Jones v Tsige, the employer bank avoided liability because the snooping was done by a rogue employee acting on her own accord. Nevertheless, despite the fact the Court of Appeal did not specifically discuss the possibility of the tort applying to businesses, the way the elements are framed suggests it could easily apply, especially in employer-employee relations.
In the two months since the Jones v Tsige decision was handed down, it has been tested on several occasions by arbitrators in Ontario. In both Complex Services Inc v OPSEU (Local 278), 2012 CanLII 8645 (ON LA), and Hamilton International Airport Ltd v CUPE (Local 5167), 2012 CanLII 7445 (ON LA), the arbitrators considered whether asking for an employee to disclose confidential medical information constitutes an improper or actionable intrusion on the employee’s right to privacy. In both decisions, the arbitrators held that an employer is entitled to request and receive an employee’s confidential medical or other information to the extent necessary to answer legitimate employment related concerns, or to fulfill its obligations under the collective agreement or legislation, including the human rights or health and safety legislation (for example).
Aside from seeking medical information, things like computer monitoring, pre-employment background checks, and other forms of information collection could give rise to a claim for damages against an employer. In order to avoid liability, employers should review their surveillance and information-gathering policies, and where necessary, alter the policy to ensure the proper privacy screens are in place.
Employment and Labour Law Contact: