#CyberFLASH: Canadian Privacy Class Actions At The Crossroads

spy_eye_648A. INTRODUCTION

Canadian privacy class actions are on the rise, emerging from a wealth of new technologies, novel business practices, and an ever-growing body of jurisprudence south of the border. As privacy class actions find their place in Canadian law, the question is no longer whether or when they will take hold but rather where they are going. This article canvasses the developing jurisprudence surrounding privacy class action litigation in Canada, including the circumstances in which privacy claims arise, issues around harm and damages, and the potential for ongoing influence from American precedents.


Privacy class actions largely fall into three categories: (1) claims that challenge a corporation’s business practices, (2) claims that arise from accidental breaches, and (3) claims relating to intentional, targeted conduct. The legal and strategic considerations involved in each category of claims will likely differ. For example, the targeted hacking of a company’s server can be costly to an organization’s reputation and bottom line. However, such harm may not affect the organization’s underlying business model. On the other hand, a challenge to an organization’s business practices could affect the viability of the business as a whole.

Inadvertent or intentional conduct by employees may lead to claims of vicarious liability against their employers. Although these categories are discussed separately below, organizations that collect, use, or disclose sensitive customer information in the ordinary course should develop comprehensive privacy policies, practices, and infrastructure that aim to prevent and defend against both the risks associated with business practice challenges and mishap- and crime-based breaches.


Canadian privacy class actions challenging business models and practices relating to the handling of personal information have seen mixed results. Class action jurisprudence challenging corporate privacy practices is still limited: although courts are increasingly willing to find that privacy claims meet the low bar for certification, few proceedings to date have been decided on their merits.1

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.