The Ontario Court of Appeal has created a new cause of action. It is now possible to sue for damages for a breach of privacy.
Tsige and Jones were employees at different branches of the Bank of Montreal. They did not know each other, but Tsige had a relationship with Jones’s ex-husband.
Tsige looked at Jones’s bank records 174 times over a four year period to see if the ex-husband was paying child support. She was able to see Jones’s bank transaction details, date of birth, marital status and address. She did not disclose or record the information. There was no business reason for Tsige to look at Jones’s bank records, and she was disciplined by the Bank for her conduct.
Jones sued Tsige, and the Ontario Court of Appeal decided to recognize a tort of privacy called “intrusion upon seclusion”. The Court’s decision was not dependent on the existence, or lack, of privacy legislation, and it is likely that similar claims will be made in other common law provinces in Canada.
The elements of the new tort are:
(1) intentional or reckless conduct,
(2) invading, without lawful justification, the private affairs or concerns of another,
(3) in a way that a reasonable person would consider was highly offensive, and causing distress, humiliation or anguish.
It will not be necessary to prove actual damages. Instead, a plaintiff who has suffered no pecuniary loss can expect damages of up to $20,000 depending on the circumstances.
What does this mean for employers? Well, for one thing, employers might make it a feature of privacy policies and training to advise employees of the potential liability they face for privacy breaches, in addition to being in trouble with their employer.
[Tsige v. Jones, 2012 ONCA 32]