Abstract: The Ontario Court of Appeal’s decision in Jones v Tsige established the intentional tort of intrusion upon seclusion, colloquially known as invasion of privacy. Viewed as a powerful tool for the vindication of privacy rights, the tort has become a common cause of action in the class-action context. It has been generally accepted that confidential record holders, like banks and hospitals, will be held vicariously liable for intentional privacy breaches committed by their employees. However, select critics have opposed holding record holders liable when third party hackers gain unauthorized access to confidential records. The resulting gap in privacy right coverage leaves some plaintiffs, who have nonetheless had their privacy violated, without the necessary legal recourse to obtain adequate compensation. To address this gap, we argue in favour of holding record holders liable for intrusion upon seclusion if their reckless conduct contributed to the occurrence of the third party privacy breach.
Crystal et al. (Tue,) studied this question.