Skip to content

Brought to you by

Dentons logo

Dentons Data

Your trusted advisor for all things digital.

open menu close menu

Dentons Data

  • Home
  • About Us

Ontario Superior Court Confirms Hacked Companies are not “Intruding” on Anyone’s Seclusion

By Mike Schafler and Kristin AuCoin
January 27, 2022
  • Class Actions
  • Intrusion upon Seclusion
  • Litigation
  • Privacy Torts
Share on Facebook Share on Twitter Share via email Share on LinkedIn

In Winder v Marriott International Inc. (“Winder“), the Ontario Superior Court of Justice has recently confirmed that a hacked company is not an “intruder” within the meaning of the tort of intrusion upon seclusion. Thus, no reasonable cause of action based on this tort lies against a company solely because it has been the victim of a hack.

In Winder, the plaintiffs had commenced a proposed privacy class action against the hotel chain. Included in the statement of claim was a claim based in intrusion upon seclusion. The plaintiffs argued that the hotel chain had been a constructive intruder because it had allegedly allowed the hackers into the affected database through inadvertence and then carried out an insufficient remedial response.

This was a motion under Rule 21.01(1)(a) to determine whether the tort of intrusion upon seclusion extended beyond the actual intruder. Relying on Obodo v Trans Union of Canada Inc., Del Giudice v Thompson, and Owsianik v Equifax Canada Co., the Court held that the ambit of the tort does not extend to constructive intruders and is limited to real ones. The Court reasoned that “constructive intruders” do not accord with the “letter and spirit” and policy rationales underlying the tort. Further, extending the tort to include constructive intruders such as hacked companies would serve no purpose but to open the floodgates unnecessarily. The Court found that there were no gaps in privacy laws that needed to be filled, as liability may already be imposed on a hacked company on the basis of other established causes of action, such as breach of contract or negligence.

The trend, at least in Ontario, appears to be that courts will construe intrusion upon seclusion narrowly, making it more difficult for plaintiffs’ counsel to successfully plead the tort in cases of data breaches. However, the tort of intrusion upon seclusion rarely travels alone; plaintiffs’ counsel are likely to increasingly rely on other companion causes of action such as negligence, breach of contract, and misrepresentation.


For more information about data protection and breaches or the litigation that may result therefrom, please contact Michael Schafler or Kristin AuCoin of Dentons’ Litigation and Dispute Resolution in Canada.

For more information about Denton’s data expertise and how we can help, please see our Transformative Technologies and Data Strategy page and our unique Dentons Data suite of data solutions for every business, including enterprise privacy audits, privacy program reviews and implementation, data mapping and gap analysis, and training in respect of personal information.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Intrusion upon Seclusion, Litigation
Mike Schafler

About Mike Schafler

Mike Schafler has almost 30 years’ experience as counsel in litigation, domestic and international arbitration, and mediation. A good deal of his practice focuses on privacy and data breach litigation including class actions. He has been with Dentons Canada LLP since 1994 when he began his career there as a student, becoming a partner in the Toronto office’s litigation and dispute resolution group in 2003. He is currently one of the firm’s ten elected national board members.

All posts Full bio

Kristin AuCoin

About Kristin AuCoin

Kristin AuCoin (She/Her/Hers) is an associate in the Litigation and Dispute Resolution group at Dentons. Based in Toronto, Kristin maintains a general litigation practice.

All posts Full bio

RELATED POSTS

  • Class Actions
  • Intrusion upon Seclusion
  • Litigation
  • Privacy
  • Privacy Torts

Ontario Court of Appeal holds no intrusion upon seclusion for third-party data breaches in a trio of decisions

By Chloe Snider and Luca Lucarini
  • Class Actions
  • Litigation
  • Privacy
  • Rogue employees

No Vicarious Liability of Employers for Data Breach – A Good News Story from the UK

By Chloe Snider and Kirsten Thompson
  • Litigation
  • Privacy Torts
  • Public disclosure of private facts

The Trend Towards New Privacy Torts – Alberta Weighs In

By Kelly Osaka and Cate White

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2023 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site