Canadian Underwriter

Class action privacy breach lawsuit can proceed against Insurance Corporation of British Columbia

November 18, 2015   by Canadian Underwriter

Print this page Share

A class action lawsuit for breach of privacy against British Columbia’s government auto insurer, arising from an employee’s access of clients’ personal information, can proceed, but the province’s appeal court does not recognize a common law tort of invasion of privacy.

Insurance Corporation of British Columbia was denied an application to have a lawsuit, alleging vicarious liability for breach of privacy by an employee, thrown out of court

In a decision released Monday, the B.C. Court of Appeal upheld a Supreme Court of B.C. ruling, released July 22, 2013, that denied an application from Insurance Corporation of BC (ICBC) to have a lawsuit against the insurer struck in its entirety. Madam Justice Loryl Russell ruled in 2013 that the plaintiff’s claim, of vicarious liability on the part of ICBC, “is a ‘merits-based’ argument which ought to not be determined on an application to strike pleadings.”

However, Justice Russell struck the plaintiff’s claim of negligent protection of privacy (based on the province’s Freedom of Information and Protection of Privacy Act) and the plaintiff’s claim of breach of privacy pursuant to common law.

Ufuk Ari filed the statement of claim against ICBC on behalf of himself and a proposed class of persons with similar claims. Ari alleges that in or about 2010 and 2011, Ari and at least 65 other individuals had their personal information “wilfully and without a claim of right” accessed by an ICBC employee for “an unauthorized purpose.”

ICBC is the provincial crown corporation from whom all vehicle owners in B.C. must purchase basic insurance coverage. An employee of ICBC, Ari alleges, violated Ari’s right to privacy under both the province’s Privacy Act and Freedom of Information and Protection of Privacy Act, as well as under common law. Those allegations have not been proven in court.

With its Privacy Act, the province of B.C. creates a statutory cause of action for breach of privacy, noted Madam Justice Nicole Garson, of the B.C. Court of Appeal, in its unanimous decision released Nov. 17, 2015. Concurring were Mr. Justice Harvey M. Groberman and Mr. Justice P.D. Lowry.

Section 1 of B.C.’s Privacy Act stipulates that it “is a tort, actionable without proof of damage, for a person, wilfully and without a claim of right, to violate the privacy of another.” With Monday’s decision, only Ari’s claims under the Privacy Act can proceed. In his statement of claim, Ari seeks general, special and aggravated damages, among others.

“ICBC argues that it did not commit an intentional act giving rise to a breach of privacy,” Justice Russell noted in 2013. “ICBC further submits that the Employee’s acts were not deliberate, significant or highly offensive so as to give rise to a breach of privacy.”

The question of whether ICBC is vicariously liable “on the facts of this case cannot be resolved on a pleadings motion,” Justice Garson noted on behalf of the Court of Appeal. “It is not plain and obvious the claim would fail. The chambers judge considered that the appellant ought to have the opportunity to develop and argue this aspect of his claim. I see no error in her conclusion.”

In his statement of claim, Ari alleged that “at all material times,” ICBC was the employer of an individual who had access to databases containing the private information of its customers and is “therefore vicariously liable for the breaches of privacy committed by its Employee or agents, while employed by the Defendant.”

The B.C. Court of Appeal essentially agreed with ICBC’s argument that B.C.’s Freedom of Information and Protection of Privacy Act “provides a comprehensive complaint and remedy scheme for violations …. of a public body’s duty to make reasonable security arrangements to protect personal information” and that the B.C. legislature “did not intend parallel common law remedies to exist.”

Ari had argued that the tort of invasion of privacy has been recognized as an independent cause of action in Ontario and Nova Scotia. But Justice Russell found there is no common law tort of invasion or breach of privacy in B.C.

Ari had quoted a Court of Appeal for Ontario ruling, released in January 2012, in a lawsuit filed by Sandra Jones against Winnie Tsige, a co-worker of Jones at the Bank of Montreal. Court records indicate that Tsige accessed and reviewed Jones’ bank records on 174 occasions in 2006 through 2009. Tsige was involved in a relationship with Jones’ former husband and wanted to confirm whether Jones was receiving child support payments. In March, 2011, the Ontario Superior Court of Justice dismissed Jones’ lawsuit, ruling that Ontario does not have a tort of invasion of privacy. That decision was overturned on appeal.

In ruling that invasion of privacy is not a common law tort in B.C., Justice Russell cited Hung versus Gardiner, a Supreme Court of B.C. decision released in August, 2002 and upheld on appeal. Christine Hung sued 11 defendants, making a variety of allegations, including defamation, malicious prosecution, negligence, breach of confidentiality and invasion of privacy.

Hung had “not provided any authorities that persuade me there is a common law tort of invasion of privacy in this province,” Mr. Justice Brian Joyce wrote in 2002. Hung had cited a Supreme Court of Canada decision, released in April, 1998, in the case of Pascale Claude Aubry, who successfully sued Vice Versa magazine and photographer Gilbert Duclos for a privacy violation under the Quebec Charter of Human Rights and Freedoms. That ruling was upheld on appeal, but the Aubry ruling “does not stand for the proposition that there is a generally recognized common law tort of invasion of privacy,” Justice Joyce suggested in Hung in 2002.

In its ruling in Jones Vs Tsige, the Court of Appeal for Ontario noted that the Supreme Court of Canada “has consistently interpreted” Section 8 of the Canadian Charter of Rights and Freedoms – which stipulates that everyone has the right to be secure against unreasonable search or seizure – as “protecting the underlying right to privacy.”

In Jones vs Tsige, Ontario’s appeal court quoted a 2006 decision from the Ontario Superior Court of Justice in Somwar v. McDonald’s Restaurants of Canada Ltd.

“With advancements in technology, personal data of an individual can now be collected, accessed (properly and improperly) and disseminated more easily than ever before,” Mr. Justice David Stinson wrote in Somwar. “There is a resulting increased concern in our society about the risk of unauthorized access to an individual’s personal information. The traditional torts such as nuisance, trespass and harassment may not provide adequate protection against infringement of an individual’s privacy interests. Protection of those privacy interests by providing a common law remedy for their violation would be consistent with Charter values and an ‘incremental revision’ and logical extension of the existing jurisprudence.”