At What Point Does the Failure of an Organization’s Security Safeguards Amount to Recklessness?

The tort of intrusion upon seclusion, as set out by the Ontario Court of Appeal in Jones v Tsige, requires the defendant’s conduct to be intentional, or, at a minimum, reckless. The question is: at what point does the failure of an organization’s security safeguards amount to recklessness? This was the question addressed by the Ontario Superior Court of Justice in the recent case, Wilson-Flewelling v Queensway Carleton Hospital, 2019 CanLII 65155 (ON SCSM) (“Queensway Carleton Hospital”).

The facts

The court heard that the Plaintiff, Ms. Wilson-Flewelling, had attended the defendant hospital (“Hospital”) to book a surgical procedure, that the Hospital’s medical office administrator had left a completed surgical booking package in the Hospital’s dedicated, locked drop box, and that the Plaintiff had unexpectedly received the package in the mail a week later.

Read More

Defendants Awarded Costs Where Bringing Breach Class Action Was “Questionable”

In the costs motion (Kaplan v. Casino Rama, 2019 ONSC 3310) arising from the litigation regarding the Casino Rama breach, Justice Belobaba awarded costs to the defendant, saying there was neither public interest nor a novel issue sufficient to warrant costs being awarded to the plaintiffs. Justice Belobaba was of the view that the very basis for bringing the class action was questionable, a fact which played a role in the plaintiffs having to pay. This decision may have class counsel more closely scrutinizing the merits of bringing data breach class actions.

Background

In an earlier decision released on May 7, 2019, Justice Belobaba dismissed the plaintiffs’ motion for certification, finding that the proposed class action “collapsed in its entirety” at the common issues stage.

Read More

Certification of Breach Class Action Denied in Absence of Provable Losses, Commonality

On May 7, 2019, Justice Belobaba denied the motion for certification in the class action brought against Casino Rama relating to a 2016 data breach (Kaplan v. Casino Rama, 2019 ONSC 2025). Despite having five representatives, the plaintiffs were unable to show provable losses, which significantly hampered their case. What was ultimately fatal to the motion, however, was the lack of commonality, leading Justice Belobaba to remark:

The problem here, with almost all of the [proposed common issues (“PCI”)], is that there is no basis in fact for either the existence of the PCI or its overall commonality or both.

Read More