A recent case before the Ontario Court of Appeal dealing with the privacy of a Bank customer's personal information, may have some interesting applications for condominium corporations and property managers across Canada.
This decision has now established a new common law tort of invasion of privacy where the cause of action is called "intrusion upon seclusion." Jones v. Tsige, 2012 ONCA 32 involves a customer of the Bank of Montreal, Sandra Jones, who sued the bank's employee, Winnie Tsige, who had improperly accessed Ms. Jones’ banking records in order to determine the amount of child support payments that Ms. Jones’ was receiving. The reason for Ms. Tsige's investigation into Ms. Jones’s records, was that Ms. Tsige's was having a dispute with her common law spouse, who happened to be Ms. Jones’ ex-husband.
The Ontario Court of Appeal found that although other privacy legislation applied to the actions of Ms. Tsige, this was not enough to protect the individual whose information was accessed and therefore, the court recognized a separate tort of invasion of privacy.
The court held that a case for intrusion upon seclusion requires:
- intentional or reckless conduct on the part of the defendant;
- an unlawful invasion of the plaintiff's private affairs; and
- an invasion that a reasonable person would regard as highly offensive and that causes the plaintiff distress, humiliation or anguish.
The court established what the upper range of damages for the tort was and set it at $20,000 so that this would restrict future claims to small claims court. In this case the court ordered Winnie Tsige to pay Ms. Jones $10,000 in damages with no costs awarded, as this case dealt with a novel issue that has broken new ground.
Condominium Corporations and property managers who have access to the personal information of unit owners, such as banking information, arrears, information about tenants and residents in the unit, or even personal information about an employee or property manager, should take great care in securing the privacy of this information. Although PIPEDA and the Condominium Act deal with the privacy, use and collection of personal records of individuals, board members and property managers should be aware that there is also the potential for unit owners and other individuals to sue the Corporation, board members and property managers for breach of privacy to recover damages where the breach falls under the criteria noted by the court.
Condominium Corporations and property management companies should have strict controls put in place to ensure that personal information is not readily available to anyone other than the individuals specifically authorized to access that information and that the information can only e used for proper purposes related to the business of the Corporation. Things to keep in mind are:
- Access to units- what should staff/management do with personal information about a resident that is obtained during a maintenance/repair inspection.
- Are board members able to access private and confidential information about a resident or staff member? If so, what restrictions are imposed? Have board members signed a confidentiality agreement? Does the Corporation have a directors code of ethics in place?
It is important for Corporations to review the measures that are in place now to determine whether further steps need to be taken to avoid the potential of these types of claims.