A company learns its cybersecurity is vulnerable to hacking but fails to implement preventative measures. Hackers attack and access the private data of clients. Can these clients sue the company for the tort of privacy invasion (“intrusion upon seclusion”) or can the company escape liability because it has only allowed a third-party invasion? The question turns on the definition of invasion. As held in the leading case of Jones v Tsige, the tort of intrusion upon seclusion consists of three elements: Intentional or reckless conduct; That invades the defendant’s privacy; and The invasion must reasonably be regarded as highly offensive causing distress, humiliation or anguish. Does allowance of a third-party invasion meet the second requirement? In deciding which of two actions should proceed as a class action in Ontario, the Court in Agnew-Americano v Equifax Canada expressed preliminary support favouring the possibility of liability for third-party invasions. The Court held claims that … Read More
Insurance Coverage For Cyber Crime: The Brick v. Chubb
In the recent case of The Brick v. Chubb Insurance, the Alberta Court of Queens Bench held that the plaintiff’s commercial crime policy did not cover the money lost by the plaintiff as a result of a social engineering fraud. The plaintiff had been contacted by unknown persons pretending to be one of the plaintiff’s service providers, and requested banking information from their accounts payable department, which ultimately led to the plaintiff changing their internal records and sending of payments to the fraudsters’ own account instead of their service provider. The plaintiff sought coverage for the losses, and the insurer denied coverage. The court noted that the policy only applied to fund transfers made “without the insured’s knowledge or consent”. The plaintiff argued that they did not consent, since their actions were induced by the fraudulent correspondence. The insurer argued that the policy did not require consent to be “informed” or otherwise … Read More
Rogers Denied Costs of Complying with Copyright Infringement Norwich Order
In the recent decision of Voltage Pictures, LLC v. John Doe, 2017 FCA 97, the Federal Court of Appeal reversed the lower court and denied Rogers its costs of complying with a disclosure order (commonly called a Norwich Order) requiring them to disclose the names and details associated with IP addresses which the plaintiff alleges have infringed its copyrights. At the Federal Court, Rogers was prepared to provide the information, provided they were paid their costs of doing, as is customary for Norwich Orders from non-parties. While on an individual basis the costs may not have been unreasonable, the plaintiff’s concern was that they were pursuing thousands of individual infringers, which would make the cumulative costs of seeking these productions prohibitively expensive. The Federal Court held that the plaintiff did have to provide the amount demanded by Rogers. On appeal, the Federal Court reviewed the relatively new provisions under the Copyright Act which the plaintiff relied on to … Read More