At What Point Does the Failure of an Organization’s Security Safeguards Amount to Recklessness?

The tort of intrusion upon seclusion, as set out by the Ontario Court of Appeal in Jones v Tsige, requires the defendant’s conduct to be intentional, or, at a minimum, reckless. The question is: at what point does the failure of an organization’s security safeguards amount to recklessness? This was the question addressed by the Ontario Superior Court of Justice in the recent case, Wilson-Flewelling v Queensway Carleton Hospital, 2019 CanLII 65155 (ON SCSM) (“Queensway Carleton Hospital”).

The facts

The court heard that the Plaintiff, Ms. Wilson-Flewelling, had attended the defendant hospital (“Hospital”) to book a surgical procedure, that the Hospital’s medical office administrator had left a completed surgical booking package in the Hospital’s dedicated, locked drop box, and that the Plaintiff had unexpectedly received the package in the mail a week later.

Read More

Privacy Commissioner Issues Notice of Consultation on Artificial Intelligence

The Office of the Privacy Commissioner of Canada (“OPC“) has released a Consultation Paper on artificial intelligence (“AI“), saying that it is of the opinion that “responsible innovation involving AI systems must take place in a regulatory environment that respects fundamental rights and creates the conditions for trust in the digital economy to flourish. “

The OPC intends to examine AI in the context of the legislative reform policy analysis as it relates specifically to the Personal Information Protection and Electronic Documents Act (“PIPEDA“). The OPC is clear that it has concerns about AI, stating:

“In our view, AI presents fundamental challenges to all PIPEDA principles and we have identified several areas where the Act could be enhanced.”

Read More

Deepfakes, Risk and Liability

“A lie gets halfway around the world before the truth has a chance to get its pants on.”

– variously attributed

As artificial intelligence (AI) advances it creates both benefits and dangers, and few applications illustrate that fact better than the emergence of “deepfakes.” A portmanteau of “deep learning” and “fake,” deepfakes are AI-generated audios or even videos of real people saying fake things. While, in the case of videos at least, it is still reasonably easy to distinguish between a deepfake and the genuine article, the gap is narrowing and it may not be long before seeing is no longer believing.

Read More

Privacy Commissioner Backs Down on Changes to Cross Border Transfers

The Office of the Privacy Commissioner of Canada (“OPC“) has backed away from attempting to reverse its position on cross border transfers of personal information, saying that at least for now, its guideline for processing data across borders remains unchanged.

The Reversal

The OPC created controversy in its Equifax Finding, wherein it declared that consent was necessary for transfers for processing, a wholesale departure from its previous position. The OPC simultaneously announced it would be holding a stakeholder consultation on transborder data flows. The consultation paper (“Consultation Paper”) proposed a reversal of the two-decades old existing policy on consent.

Read More

Ontario Adopts Digital Insurance Certificates

An annual tradition in Ontario is an insured driver opening a letter from their insurer with their new or renewed automobile insurance policy, which includes their new “pink card” certificate evidencing their automobile insurance.  This certificate is often requested by police officers during a roadside stop, and shown to other drivers in the event of an automobile accident.

The Ontario government recently approved changes to the “pink card” process which acknowledges the reality of 21st century data storage and sets the stage for further changes to automobile insurance. 

What are the changes?

Motorists now have the option of carrying proof of automobile insurance on their smart phones or other mobile devices and this electronic certificate is required to have the same data fields, text, and overall appearance as the paper certificate.

Read More

Canadian Competition Bureau Calls on Businesses to Provide Information on Anti-competitive Conduct in the Digital Economy

Like regulatory agencies everywhere, Canada’s Competition Bureau (the “Bureau”) is grappling with the fast-changing digital economy and its implications for competition and innovation. The development of new technologies, their rapid uptake by business, and the deployment of new data-driven business models has left regulators – chiefly privacy and competition regulators – examining whether these new types of business models now pose regulatory threats not previously appreciated.

On May 22, 2019 the federal government unveiled a Digital Charter with 10 principles by which the government proposes Canada should adapt to an economy characterized by artificial intelligence and data-driven products and services.

Read More

Claims for Both Punitive Damages and Damages for Intrusion Upon Seclusion Survive

The Issue

Does entering someone’s house while he is out of the country and stealing his personal documents amount to conduct that is so reprehensible that it might warrant an award for punitive damages on top of damages for breach of privacy? This was the question addressed by the Ontario Superior Court of Justice in Furfari v Pedias, 2019 ONSC 4278 (“Furfari”).

The Facts

The Plaintiff, Mr. Furfari, had previously been friends with the Defendant, Mr. Pedias, and his brother Mario, who was the vice-president of the company that the Plaintiff had previously worked for, and which was now suing him in unrelated action.

Read More