An employee and accountholder of a bank was entitled to an award of $10,000 (Canadian) in damages against a co-worker who, contrary to the bank’s policy, used her workplace computer to access the complaining employee’s computer at least 174 times, the Court of Appeal for Ontario, Canada has held. In the court’s view, the Province of Ontario recognized a common-law cause of action for invasion of privacy.
Intrusion Upon Seclusion
Ontario had already accepted the existence of a tort claim for appropriation of personality, the court noted. The Province at least remained open to the proposition that a tort action will lie for an intrusion upon seclusion, as asserted by the employee.
Canadian law’s protection against unreasonable search and seizure indicated that privacy was considered worthy of constitutional protection, the court said. The interests engaged by the protection against unreasonable search and seizure were not simply an extension of the concept of trespass, but rather were grounded in an independent right to privacy held by all citizens.
A specific interest in one’s informational privacy had been identified by case law, according to the court. The complaining employee’s claim to privacy in her banking records would fall within her interest in informational privacy.
The recognition of a right to privacy was also shown by the development of the common-law tort of defamation, and privacy had been declared to be a human right by various international agreements, such as the International Covenant on Civil and Political Rights, the court noted.
Interference with Federal, Provincial Legislation?
A common-law cause of action for invasion of privacy would not interfere with federal and provincial legislation, such as the federal Personal Information Protection and Electronic Documents Act (PIPEDA), in the court’s view. PIPEDA dealt with “organizations” subject to federal jurisdiction and did not speak to the existence of a civil cause of action in Ontario.
To proceed under PIPEDA, the employee would have to file a complaint against the bank—her own employer—rather than against the co-worker who accessed the records. The co-worker acted as a rogue employee, which could provide the bank with a complete defense to a PIPEDA action. Moreover, the remedies available under PIPEDA did not include damages.
Elements of Claim
The elements of the tort of intrusion upon seclusion were derived from the Restatement (Second) of Torts (2010):
“One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.”When the plaintiff had suffered no provable pecuniary loss, the plaintiff could seek “symbolic” or “moral” damages. Damages awards for invasion of privacy would be analogous to damages awards for other torts, such as nuisance or trespass. Aggravated damages would be appropriate in cases involving egregious conduct.
In the current case, the court held that (1) the defending co-worker’s intrusion was intentional; (2) it amounted to an unlawful invasion of the complaining employee’s private affairs; (3) it would be viewed as highly offensive to a reasonable person; and (4) it caused distress, humiliation, and anguish.
Although the co-worker’s actions were deliberate and repeated, and the employee was upset by the intrusion, the employee suffered no public embarrassment or harm to her health or social position, and the co-worker had apologized for her misconduct. On balance, appropriate damages fell at the midpoint of the range of damages that would be reasonable for intrusions upon seclusion, or $10,000. The co-worker’s conduct was not deemed to be so exceptional as to warrant an award of aggravated or punitive damages.
The decision is Jones v. Tsige, CCH Privacy Law in Marketing ¶60,730.