2015 Privacy Class Actions in Canada

Last month, BLG hosted a panel discussion entitled “Privacy Class Actions: Update, Strategy and Lessons Learned” at the IAPP Canada Privacy Symposium taking place on May 27-29 in Toronto. Since many attendees have requested a copy of our power point slides which summarized recent privacy class actions in Canada by jurisdiction as well as their status, I have decided to reproduce the summary below:

ontario

1. ONTARIO

CLASS ACTION  TYPE OF CLAIM

 STATUS

Evans v. The Bank of Nova Scotia

Bank employee allegedly provided 643 Bank customers’ information to girlfriend who disseminated it to third parties for fraudulent purposes Certified (Appeal refused)
Condon v. Canada Loss of a hard drive containing personal information of approximately 583,000 individuals in connection with the student loan program administered by the Human Resources and Skills Development Canada Certified (March 2014); Appeal expanding the scope of the class action (July 2015)
Hopkins v. Kay Claims of improper access to health records of 280 patients at the Peterborough Regional Health Centre SCC application for leave to appeal filed on whether PHIPA precludes claim
Rouge Valley Health System Larger class action launched on behalf of 14,450 new mothers, notified by Rouge Valley Health System, some of whose contact details may have been criminally sold to RESP companies Stayed pending Hopkins
Lozanski v. The Home Depot Inc. Following the recent Home Depot credit card related security breach that affected approximately 56 million customers in Canada and the United States claiming $500 million in damages.

 BC_Flag

2. BRITISH COLUMBIA

 

 CLASS ACTION  TYPE OF CLAIM  STATUS
Douez v. Facebook, Inc.

Case involving Facebook’s Sponsored Stories “product”: advertisers who paid to make use of this product could use the names and likenesses of Facebook users in “sponsored stories” about their products or services, then be sent to the contacts of the person featured in the story.

 

B.C. law does not apply to Facebook (forum selection clause) –  certification decision reversed on jurisdictional grounds,  (no decision on whether Facebook breached B.C. privacy law)

Ladas v. Apple Inc. Recording of location data on iOS4 devices

NOT certified

Tucci v Peoples Trust Proposed class action regarding a data breach in which customers’ personal information was stored on a web server in an unencrypted format and subsequently stolen by hackers located in China.

Plaintiff won the pre-cert sequencing application, so the defendant’s strike application will be heard together with certification.

Plimmer v. Google Collection and use of personal information from emails sent to Gmail users to avoid paying for the data and to increase its revenues from third-party advertisers by displaying “targeted” ads to consumers based on information received from others.

 

quebec

3. QUEBEC

 

 CLASS ACTION  TYPE OF CLAIM  STATUS

Sofio c. OCRCVM

 

Investment Industry Regulatory Organization’s (IIROC) breach in which an employee lost an unencrypted laptop containing the financial information of more than over 52,000 brokerage firm clients

 

NOT certified

Belley c. TD Auto Finance Services Inc. (similar to Mazzona)

 

Loss of customers.’ Information while in transit Certified
Elkoby c. Google

Collection of encrypted wi-fi information by Google Streetview cars

 

  —
Gad Albilia v. Apple inc. Recording of location data on iOS4 devices Certified
Chasles v. Bell Canada Inc. (ROC Tocco v. Bell Mobility Inc.)

Relevant Advertising Program (RAP) and OPC Finding

 

 —

 

4. OTHER JURISDICTIONS

 

 CLASS ACTION  TYPE OF CLAIM  STATUS

Hynes v. Western Regional Integrated Health  Authority

An employee improperly accessing 1,043 medical records without authorization

 Certified

Health Canada on behalf

40,000 users enrolled in the medical marijuana program that received a letter with the word “Marihuana” on the outside envelope

 

Certified

 

This content has been updated on July 29, 2015 at 13 h 28 min.