2015 Privacy Class Actions in Canada
Last month, BLG hosted a panel discussion entitled “Privacy Class Actions: Update, Strategy and Lessons Learned” at the IAPP Canada Privacy Symposium taking place on May 27-29 in Toronto. Since many attendees have requested a copy of our power point slides which summarized recent privacy class actions in Canada by jurisdiction as well as their status, I have decided to reproduce the summary below:
1. ONTARIO
CLASS ACTION | TYPE OF CLAIM |
STATUS |
Evans v. The Bank of Nova Scotia
|
Bank employee allegedly provided 643 Bank customers’ information to girlfriend who disseminated it to third parties for fraudulent purposes | Certified (Appeal refused) |
Condon v. Canada | Loss of a hard drive containing personal information of approximately 583,000 individuals in connection with the student loan program administered by the Human Resources and Skills Development Canada | Certified (March 2014); Appeal expanding the scope of the class action (July 2015) |
Hopkins v. Kay | Claims of improper access to health records of 280 patients at the Peterborough Regional Health Centre | SCC application for leave to appeal filed on whether PHIPA precludes claim |
Rouge Valley Health System | Larger class action launched on behalf of 14,450 new mothers, notified by Rouge Valley Health System, some of whose contact details may have been criminally sold to RESP companies | Stayed pending Hopkins |
Lozanski v. The Home Depot Inc. | Following the recent Home Depot credit card related security breach that affected approximately 56 million customers in Canada and the United States claiming $500 million in damages. | — |
2. BRITISH COLUMBIA
CLASS ACTION | TYPE OF CLAIM | STATUS |
Douez v. Facebook, Inc. |
Case involving Facebook’s Sponsored Stories “product”: advertisers who paid to make use of this product could use the names and likenesses of Facebook users in “sponsored stories” about their products or services, then be sent to the contacts of the person featured in the story.
|
B.C. law does not apply to Facebook (forum selection clause) – certification decision reversed on jurisdictional grounds, (no decision on whether Facebook breached B.C. privacy law) |
Ladas v. Apple Inc. | Recording of location data on iOS4 devices | |
Tucci v Peoples Trust | Proposed class action regarding a data breach in which customers’ personal information was stored on a web server in an unencrypted format and subsequently stolen by hackers located in China. |
Plaintiff won the pre-cert sequencing application, so the defendant’s strike application will be heard together with certification. |
Plimmer v. Google | Collection and use of personal information from emails sent to Gmail users to avoid paying for the data and to increase its revenues from third-party advertisers by displaying “targeted” ads to consumers based on information received from others. |
— |
3. QUEBEC
CLASS ACTION | TYPE OF CLAIM | STATUS |
Sofio c. OCRCVM
|
Investment Industry Regulatory Organization’s (IIROC) breach in which an employee lost an unencrypted laptop containing the financial information of more than over 52,000 brokerage firm clients
|
NOT certified |
Belley c. TD Auto Finance Services Inc. (similar to Mazzona)
|
Loss of customers.’ Information while in transit | Certified |
Elkoby c. Google |
Collection of encrypted wi-fi information by Google Streetview cars
|
— |
Gad Albilia v. Apple inc. | Recording of location data on iOS4 devices | Certified |
Chasles v. Bell Canada Inc. (ROC Tocco v. Bell Mobility Inc.) |
Relevant Advertising Program (RAP) and OPC Finding
|
— |
4. OTHER JURISDICTIONS
CLASS ACTION | TYPE OF CLAIM | STATUS |
Hynes v. Western Regional Integrated Health Authority
|
An employee improperly accessing 1,043 medical records without authorization
|
|
Health Canada on behalf |
40,000 users enrolled in the medical marijuana program that received a letter with the word “Marihuana” on the outside envelope
|
|
This content has been updated on May 2, 2024 at 16 h 31 min.