Skip to content

Brought to you by

Dentons logo

Dentons Data

Your trusted advisor for all things digital.

open menu close menu

Dentons Data

  • Home
  • About Us

Ontario Superior Court Confirms Hacked Companies are not “Intruding” on Anyone’s Seclusion

By Mike Schafler
January 27, 2022
  • Class Actions
  • Intrusion upon Seclusion
  • Litigation
  • Privacy Torts
Share on Facebook Share on Twitter Share via email Share on LinkedIn

In Winder v Marriott International Inc. (“Winder“), the Ontario Superior Court of Justice has recently confirmed that a hacked company is not an “intruder” within the meaning of the tort of intrusion upon seclusion. Thus, no reasonable cause of action based on this tort lies against a company solely because it has been the victim of a hack.

In Winder, the plaintiffs had commenced a proposed privacy class action against the hotel chain. Included in the statement of claim was a claim based in intrusion upon seclusion. The plaintiffs argued that the hotel chain had been a constructive intruder because it had allegedly allowed the hackers into the affected database through inadvertence and then carried out an insufficient remedial response.

This was a motion under Rule 21.01(1)(a) to determine whether the tort of intrusion upon seclusion extended beyond the actual intruder. Relying on Obodo v Trans Union of Canada Inc., Del Giudice v Thompson, and Owsianik v Equifax Canada Co., the Court held that the ambit of the tort does not extend to constructive intruders and is limited to real ones. The Court reasoned that “constructive intruders” do not accord with the “letter and spirit” and policy rationales underlying the tort. Further, extending the tort to include constructive intruders such as hacked companies would serve no purpose but to open the floodgates unnecessarily. The Court found that there were no gaps in privacy laws that needed to be filled, as liability may already be imposed on a hacked company on the basis of other established causes of action, such as breach of contract or negligence.

The trend, at least in Ontario, appears to be that courts will construe intrusion upon seclusion narrowly, making it more difficult for plaintiffs’ counsel to successfully plead the tort in cases of data breaches. However, the tort of intrusion upon seclusion rarely travels alone; plaintiffs’ counsel are likely to increasingly rely on other companion causes of action such as negligence, breach of contract, and misrepresentation.


For more information about data protection and breaches or the litigation that may result therefrom, please contact Michael Schafler or Kristin AuCoin of Dentons’ Litigation and Dispute Resolution in Canada.

For more information about Denton’s data expertise and how we can help, please see our Transformative Technologies and Data Strategy page and our unique Dentons Data suite of data solutions for every business, including enterprise privacy audits, privacy program reviews and implementation, data mapping and gap analysis, and training in respect of personal information.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Intrusion upon Seclusion, Litigation
Mike Schafler

About Mike Schafler

Mike Schafler has almost 30 years’ experience as counsel in litigation, domestic and international arbitration, and mediation. A good deal of his practice focuses on privacy and data breach litigation including class actions. He has been with Dentons Canada LLP since 1994 when he began his career there as a student, becoming a partner in the Toronto office’s litigation and dispute resolution group in 2003. He is currently one of the firm’s ten elected national board members.

All posts Full bio

RELATED POSTS

  • Class Actions
  • Data
  • Intrusion upon Seclusion
  • Litigation
  • Privacy

At What Point Does the Failure of an Organization’s Security Safeguards Amount to Recklessness?

By Luca Lucarini
  • Biometrics
  • Class Actions
  • Intrusion upon Seclusion
  • Litigation
  • Technology

Proposed class action against Cadillac Fairview for alleged use of “facial recognition” software fails in its entirety

By Kirsten Thompson, Mark Evans, Emma Irving, and Luca Lucarini
  • Class Actions
  • Privacy

Certification of Breach Class Action Denied in Absence of Provable Losses, Commonality

By Kirsten Thompson and Mike Schafler

About Dentons

Redefining possibilities. Together, everywhere. For more information visit dentons.com

Grow, Protect, Operate, Finance. Dentons, the law firm of the future is here. Copyright 2023 Dentons. Dentons is a global legal practice providing client services worldwide through its member firms and affiliates. Please see dentons.com for Legal notices.

Categories

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo in black and white

© 2025 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site