Privacy in the Courts
Privacy in the Courts: A quarterly review provides a practical, efficient and accessible resource to help busy in-house counsel, Chief Privacy Officers and compliance professionals navigate recent court decisions and gain a broad understanding of how privacy law is evolving in Canada. Each article provides an overview of the facts and decision related to each case, as well as a discussion of the key points. Expertly written commentary helps users identify trends over time and gain insights into the potential implications for their organizations.
The Winter 2022 edition is now available with 22 informative case summaries.
Below is a sample summary from this latest edition:
Tort of intrusion upon seclusion rejected in data breach class action
Winder v. Marriott International, Inc., 2022 ONSC 390
Both parties stated a question of law regarding whether the plaintiff had pleaded a legally viable claim for intrusion upon seclusion.
The class action arises from a data breach caused by a hacker. The Ontario Divisional Court recently rejected the tort of intrusion upon seclusion as a viable claim against defendants who had been hacked, on the basis that it is the hacker who intrudes on the plaintiffs’ privacy and not the hacked company. The claim has also been rejected where a plaintiff has argued that the defendant’s failure to properly secure the data led to the intrusion by the hacker.
In this case, the defendant Marriott’s hotel reservations database was hacked, and the hackers were able to obtain substantial quantities of personal information about those who made reservations at Marriott hotels. The hack was not a single incident; rather, it occurred over a four-year period, with hacker-installed malware extracting information. The plaintiff also alleged that it took Marriott two months from the discovery of the hack to mitigate the harm to affected customers. Neither credit-monitoring services nor any compensation were offered to customers as part of this mitigation.