June 13, 2012by Israel Foulon LLP
In its recent decision in Jones v. Tsige, the Ontario Court of Appeal for the first time held that an individual has a right of action for damages against others for invasion of privacy. This right of action, described in terms of an “intrusion upon seclusion”, recognizes the significant interest of Canadians to be free from privacy invasions in their day-to-day interactions with strangers, friends, family members, commercial parties and, importantly, employers. The following article will describe the new tort of “intrusion upon seclusion” and will set out important considerations for employers in the wake of the Court of Appeal’s decision.
Jones and Tsige worked at different branches of the Bank of Montreal (“BMO”). Jones maintained her primary bank account there. They did not know or work with each other. However, Tsige became involved in a relationship with Jones’ former husband. For about four years, Tsige used her workplace computer to access Jones’ personal BMO bank accounts at least 174 times. The information displayed included transactions details, as well as personal information such as date of birth, marital status and address. Tsige did not publish, distribute or record the information in any way.
Jones became suspicious that Tsige was accessing her account and complained to BMO. When confronted by BMO, Tsige admitted that she had looked at Jones’ banking information, that she had no legitimate reason for viewing the information and that she understood it was contrary to BMO’s Code of Business Conduct and Ethics and her professional responsibilities. Tsige explained that she was involved in a financial dispute with the appellant’s former husband and accessed the accounts to confirm whether he was paying child support to Jones. Jones did not accept that explanation as, in her view, it was inconsistent with the timing and frequency of Tsige’s snooping. Tsige apologized for her actions and insisted that she had ceased looking at Jones’ banking information. Tsige was contrite and embarrassed by her actions.
BMO disciplined Tsige by suspending her for one week without pay and denying her a bonus. Nevertheless, Jones, seeking a personal remedy, asserted that her privacy interest in her confidential banking information was “irreversibly destroyed”, commenced a lawsuit, and claimed damages of $70,000 for invasion of privacy, among other wrongs. Jones’ action was dismissed on a preliminary motion, in part because of a higher court’s suggestion that “there is no ‘free-standing’ right to dignity or privacy under the [Charter of Rights and Freedoms] or at common law.” Jones appealed the motion judge’s decision to the Court of Appeal.
THE COURT’S DECISION
(a) Intrusion Upon Seclusion
Recognizing that a cause of action for “invasion of privacy” had not been explicitly recognized by an appeal court, the Court of Appeal broke new ground in finding in Jones’ favour. After reviewing academic literature, jurisprudence arising in Canada, the United States and other common law jurisdictions, and Canadian legislation protecting private information, the Court held that Tsige had committed an actionable wrong against Jones, found in the tort of “intrusion upon seclusion”. The Court described the tort in the following manner:
One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.
From this definition, the Court explained the following key features of the new cause of action:
1. that the defendant’s conduct is intentional or reckless;
2. that the defendant invaded, without lawful justification, the plaintiff’s private affairs or concerns; and
3. that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish.
Proof of harm to a recognized economic interest is not an element of the cause of action. In other words, the plaintiff need not demonstrate an economic loss so as to maintain his/her claim for invasion of privacy. At the same time, the Court held that a claim for intrusion upon seclusion will arise only for deliberate and significant invasions of personal privacy. Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive. The Court further held that no right to privacy can be absolute and many claims for the protection of privacy will have to be reconciled with, and even yield to, competing claims.
According to the Court, damages for intrusion upon seclusion in cases where the plaintiff has suffered no financial loss should be modest but sufficient enough to mark the wrong that has been done. The Court fixed the range at up to $20,000. The Court held that the following factors are to inform a judge’s decision when determining the amount to be awarded in a successful claim for intrusion upon seclusion:
1. the nature, incidence and occasion of the defendant’s wrongful act;
2. the effect of the wrong on the plaintiff’s health, welfare, social, business or financial position;
3. any relationship, whether domestic or otherwise, between the parties;
4. any distress, annoyance or embarrassment suffered by the plaintiff arising from the wrong; and
5. the conduct of the parties, both before and after the wrong, including any apology or offer of amends made by the defendant.
Punitive damages, which are awarded by courts as a form of punishment rather than as a form of compensation, may also be available.
(c) Application of the Principles to Jones’ Case
Having regard to the aforementioned principles, the Court found in Jones’ favour. In doing so, the Court held that Tsige committed the tort of intrusion upon seclusion when she repeatedly examined the private bank records of Jones. These acts satisfied the elements laid out above: the intrusion was intentional; it amounted to an unlawful invasion of Jones’ private affairs; it would be viewed as highly offensive to the reasonable person; and it caused distress, humiliation or anguish.
In awarding damages, the Court considered a number of factors, including that Tsige’s actions were deliberate and repeated and arose from a complex web of domestic arrangements likely to provoke strong feelings and animosity. Jones was very upset by the intrusion into her private financial affairs. On the other hand, Jones suffered no public embarrassment or harm to her health, welfare, social, business or financial position and Tsige apologized for her conduct and made genuine attempts to make amends. The Court placed this case at the mid-point of the range the Court identified and awarded damages in the amount of $10,000. The Court refused to award punitive damages.
CONSIDERATIONS FOR EMPLOYERS
(a) Use of Technology and Employee Monitoring
The case of Jones serves as a further caution to employers to balance their operational needs with their employees’ privacy interests following the 2011 decision of the Ontario Court of Appeal in R. v. Cole, which case dealt with an employee’s expectation of privacy on a work computer. In that case, the accused was a high school teacher who was provided with a laptop computer to be used in teaching a technology course and for the purposes of supervising a laptop program for students. In order to supervise the laptop program, the accused was given remote access to the data stored on the computers within the school network. One of the school’s computer technicians responsible for maintaining the integrity of the school network identified an unusual pattern of network use by this particular teacher. The laptop was then investigated by the school board’s IT staff by accessing the hard drive remotely. The contents of the laptop hard drive included nude photographs of a 16 year old girl.
In deciding that the teacher, as an employee of the school board, had a reasonable expectation of privacy related to the contents of the laptop in a subsequent criminal investigation, the Court relied upon the following factors:
he had exclusive possession of the laptop;
the laptop was password protected by a password he created;
the school board policy permitted personal use of the computer;
he had permission to take the laptop home on evenings, weekends and summer vacations;
there was no evidence the board actively monitored teachers’ use of laptops; and
the board had no clear and unambiguous policy allowing the board to monitor, search or police the teacher’s use of the laptop.
Having regard to the decisions in Jones and Cole, employers must exercise particular care when conducting computer audits and related investigations. Employers should ensure that an up-to-date Technology Use Policy is in place that:
lists all forms of workplace technology covered by the policy;
sets clear boundaries for the use of workplace technology by employees;
explains any monitoring systems that will be implemented in relation to workplace technology (having employees sign a consent to such monitoring is an added layer of protection); and
contains an explicit statement that an employee has no right of privacy in respect of his/her personal or professional use of workplace technology.
The use of video surveillance or other forms of monitoring should also be carefully limited to those instances necessary to protect legitimate business interests. If a workplace area is being monitored electronically or otherwise, employers ought to take care to inform employees of this fact. Employers who occasionally conduct locker searches, desk searches, or monitor workplace vehicles should also ensure that their employees’ consent to such arrangements as a condition of employment.
(b) Off-Site Monitoring
Having regard to the decision in Jones, employers must be vigilant when retaining private investigators to conduct off-site monitoring of employees suspected of wrong-doing. Employers risk a finding of vicariously liability for the actions of such investigators if those actions fall into the category of an intrusion upon seclusion. Keeping in mind arbitration decisions concerning the inadmissibility of off-site surveillance evidence that intrudes too far into an employee’s private affairs, investigators should be cautioned to confine their surveillance to the public realm.
(c) Social Networks
Social networks such as Facebook, MySpace, and LinkedIn contain troves of information that may assist employers when investigating workplace misconduct. To the extent that an employee’s social network settings are designed to protect the employee’s privacy, attempts to access such information may constitute an unlawful invasion of privacy. Employers should not attempt to hack into a social network by their own means or through the use of an agent such as a private investigator. Employers should instead limit their review of the employee’s social network to what may be publicly accessible.