Posted on January 18, 2012 by Lisa Stam

New Tort of Privacy in Ontario

As of today, individuals can now sue for the tort of privacy in Ontario.   (Thanks to Professor Doorey for the heads up in a tweet and blog post this afteroon).

The new tort is based on the following statement:

One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his or her private affairs or concerns, is subject to liability to the other for invasion of his or her privacy, if the invasion would be highly offensive to a reasonable person.

 

Jones v Tsige

 

Today the Court of Appeal of Ontario released its highly anticipated decision in Jones v Tsige, which finds that an individual can now file an action with the court based on the tort of “intrusion upon seclusion”. 

 

In this case, one bank employee named Tsige looked into the bank account of another employee named Jones (who became involved with Tsige's ex-husband) at least 174 times over 4 years.  Jones sued, lost at trial and appealed.  The Ontario Court of Appeal awarded her $10,000 for the tort of intrusion upon seclusion.

 

Important Development in the Law

 

Previously, courts held that there was no right to an independent claim based on privacy, and that any privacy claims must be part of another claim, such as breach of an employment contract that contained a privacy provision.  Plaintiffs therefore required another underlying action in order to also address any privacy claims.

 

Furthermore, given that no privacy legislation applies to non-health related personal information in most private sector workplaces in Ontario, there has been a gap in the legislation that prevented employees from filing a complaint with the Privacy Commissioner.

 

See my post on Privacy in the Workplace 101 from last summer for more details on the gap.

 

Take-Away for Employers

 

Employees can now take their claims of invasion of privacy directly to court. While the Jones v Tsige case involves two employees, there is nothing that prevents an employee from taking his or her employer to court over a privacy issues. 

 

In light of this very important development in the law, employers will want to consider whether their workplace policies, procedures and processes sufficiently address protection of privacy, now that employees have direct recourse in the courts.

Tags: ,
Posted on July 5, 2011 by Lisa Stam

Privacy in the Workplace 101

Privacy in the workplace is an area that invites a broad range of views and perspectives.  Whether the information relates to data on an electronic device such as an employer-provided computer or blackberry, or personal employee information such as bank account information for pay cheque deposits, we all expect some degree of privacy in the workplace. 

What remains in dispute in many workplaces is where to draw the line between public space and personal privacy.  The law on workplace privacy continues to evolve in a non-linear fashion, in part because of the patch-work of Canadian legislation that governs privacy.   This post will outline the basic framework of law that governs privacy issues in Ontario workplaces.

Privacy Legislation in Ontario

Ontario does not have its own privacy legislation (other than for health care information) and therefore defaults to the federal Personal Information Protection and Electronic Documents Act (PIPEDA).  PIPEDA applies to the commercial information of an Ontario company, but not to personal employee information, unless the employee works for a federally governed organization (banks, railroads, etc). 

Here is the specific language in PIPEDA:

4. (1) This Part applies to every organization in respect of personal information that

(a) the organization collects, uses or discloses in the course of commercial activities; or

(b) is about an employee of the organization and that the organization collects, uses or discloses in connection with the operation of a federal work, undertaking or business.

If the information in question relates to health and medical information, then the  Personal Health Information Protection Act (PHIPA) applies.

Privacy Case Law

To keep it interesting, the courts also continue to develop the common law on privacy.  In addition to filing a claim with the applicable privacy commission office for a breach of a privacy statute, an individual or organization could instead take their matter to the courts. There is still debate, however, about whether one can file a claim in the courts based on an independent claim of a privacy breach, as opposed to adding on a privacy claim to an underlying claim such as breach of contract.

The court in the recent case of Jones v Tsige [2011] ONSC 1475 (Ont. Sup. Ct) held that there is no independent right to sue for invasion of privacy.  A bank employee in that case had accessed and viewed another employee's banking information 174 times.  The case walks through the recent authorities on the possibility of a tort of privacy as its own actionable wrong and concludes that there is no such authority in Ontario.  The court made reference to Euteneier v Lee [2005] CanLII 33024 (Ont. C.A.), a case which noted in passing that there was no free standing right to privacy under the Charter or common law.

There is another line of cases, however, that suggests it may be time to recognize the tort of privacy.  See for example, Somwar v McDonald's Restaurants of Canada Limited (2006) CanLII 202 (Ont. Sup. Ct.).

Jones v Tsige is the more recent case, so at this moment, it is likely that a party could not sue on the basis of a privacy claim alone. 

The Gap

Given the current state of the legislation and caselaw, for non-health related employee information in Ontario workplaces, there is a legislative and judicial gap.  Often the gap is taken care of through language in a collective agreement, an employment contract, an employee handbook, workplace policies on email or computer use, or general expectations communicated to employees in the workplace. 

Where the gap remains outstanding, however, companies would be wise to integrate the principles of privacy law outlined in PIPEDA throughout the organization.  Privacy legislation and privacy caselaw continues to grow and it's only a matter of time before there will be some sort of express legislation or body of caselaw that requires employers to maintain a minimum level of protection of employee personal information. 

In any event, Ontario companies are required to comply with PIPEDA in their commercial dealings, so it may prove difficult to defend if employee personal information is less protected than other corporate data. 

 

Tags: , , , ,