“The Internet and digital technology have brought an enormous change in the way we communicate and in our capacity to capture, store and retrieve information. As the facts of this case indicate, routinely kept electronic databases render our most personal financial information vulnerable. Sensitive information as to our health is similarly available, as are records of the books we have borrowed or bought, the movies we have rented or downloaded, where we have shopped, where we have travelled and the nature of our communications by cellphone, e-mail or text message.”
This is an excerpt from the Court of Appeal’s decision in Jones v. Tsige (2012), 108 O.R. (3d) 241, a case that recognized intrusion upon seclusion, commonly known as invasion of privacy, as a basis of civil liability. This case was followed in a recently released decision of the Ontario Superior Court of Justice called Jane Doe 464533 v. N.D., 2016 ONSC 541. In this decision, the plaintiff had a romantic relationship with the defendant. The defendant pressured the plaintiff into sending him an intimate video of herself. The defendant then posted the video on the internet and showed it to his friends. The plaintiff sued the defendant and the court found him liable for, among other things, breach of confidence and intrusion upon seclusion. The court awarded the plaintiff damages, including punitive damages, totalling $100,000.00.
At paragraph 21, the court set out the following elements of a claim for breach of confidence:
- The information must have the necessary quality of confidence about it;
- The information must have been imparted in circumstances importing an obligation of confidence; and
- There must be unauthorized use of that information to the detriment of the party communicating it.
At paragraph 46, the court explains the claim for intrusion upon seclusion as follows: “one who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of the other’s privacy, if the matter publicized or the act of the publication (a) would be highly offensive to a reasonable person; and (b) is not of legitimate concern to the public.”
It does not require much imagination to see that these causes of action can have implications for employers and employees alike.
For example, an employer will typically protect its confidential information used by an employee by way of a confidentiality provision in an employment agreement. The employee’s unauthorized use of such confidential information can result in a breach of contract and the employer could sue for not only an injunction prohibiting any further unauthorized use, but also for damages. On the other hand, a claim for breach of confidence is based on tort, not contract, so an employer may use it to sue for damages without necessarily having to first establish a valid, binding employment contract.
Conversely, one can also envision how an employer might seek to intrude upon an employee’s personal information. For instance, a bank supervisor accused of harassment could conceivably access the banking transactions of a direct report in order to search for information that might establish cause for dismissal. Sound unlikely? In Jones v. Tsige, the defendant accessed the banking records of the plaintiff, a fellow bank employee, who happened to be in a common-law relationship with the defendant’s former spouse. The defendant did so 174 times over four years.
The decision in Jane Doe 464533 v. N.D. is a reminder to employers, as well as employees, that private and confidential information in the workplace is not to be taken lightly and must be handled in a sensitive manner. Failure to do so can give rise to causes of action, like breach of confidence and invasion of privacy, that can result in significant damages awards.
This article is intended only to provide general information and does not constitute legal advice. Should you require advice specific to your situation, please feel free to contact me to discuss the matter further.