A recent case from the Ontario Court of Appeal represents the first appellate level decision in Ontario to recognize the tort of invasion of privacy.  This decision will have significant implications for employers in Ontario, including charities and non-profit organizations. 

In Jones v. Tsige, the defendant, Winnie Tsige, was in a common law relationship with the former husband of the plaintiff, Sandra Jones. Both worked for the Bank of Montreal (“BMO”) and had never met.

Over a period of 4 years, Tsige used her workplace computer to access the personal accounts of Jones 174 times. According to Tsige, this cyber-snooping was motivated by a financial dispute with her partner. Tsige was seeking to confirm whether her partner was making support payments to Jones.  

When Jones became suspicious, BMO confronted Tsige who admitted to the allegations. BMO disciplined Tsige for violations of its Code of Conduct and Ethics by suspending Tsige for 1 week without pay and denying her a bonus.

Jones pursued a claim against Tsige for breach of fiduciary duty, invasion of privacy and punitive and exemplary damages. All her claims were dismissed on summary motion. The motions judge held that Ontario law does not recognize a cause of action for invasion of privacy.

Jones appealed to the Ontario Court of Appeal which, in a landmark decision, recognized the tort of invasion of privacy and overturned the decision of the motions judge.

In recognition of the novelty of the claim in Canada, Justice Sharpe was careful to delineate the scope of the cause of action, defining its key elements, setting out its limitations, and giving some guidance as to damages.  In doing so, Sharpe J.A. largely adopted the American definition of “intrusion upon seclusion”. The key elements of this tort are:  

  1. The defendant’s conduct must be intentional (or reckless);
  2. The defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and
  3. A reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish.

Sharpe J.A. suggested that the upper range for damages should be $20,000. In this case, Sharpe J.A. weighed the personal context and the deliberate and repeated nature of the invasion against the fact that Jones suffered no public embarrassment or harm and that Tsige had apologized for her misconduct.  Sharpe J.A. fixed damages in the amount of $10,000.  

The decision contemplates three additional privacy related torts including: (1) public disclosure of embarrassing private facts; (2) publicity which places the plaintiff in a false light in the public eye; and (3) appropriation of the plaintiff’s name and likeness. While this case makes no definitive statements with respect to these additional torts, it is clear that privacy law in Ontario is poised for rapid evolution in the coming years.

Employers should be cautious in the wake of this decision. Tsige’s misconduct was to access client records for personal reasons, which brought her actions outside the scope of her authority as an employee.  Those who are able to access sensitive information should be wary of doing so without a clear business purpose, and organizations should consider whether steps can be taken to limit such inappropriate access.  While the employer’s liability was not in issue in this case, Sharpe J.A. did comment that since “Tsige acted as a rogue employee contrary to BMO’s policy […] that may provide BMO with a complete answer to [any potential] complaint." This suggests that employers may face vicarious liability where, among other things, its policies and procedures do not make clear that such conduct is unacceptable.  Organizations should ensure that their privacy policies are up to date in the wake of this decision.