Canada is no longer a safe haven when it comes to avoiding damages arising out of privacy breaches. Class actions are here. Regulatory and criminal investigations are here and so too are individual actions resulting in damage awards. The losses are mounting and regulators are crying for legislation to impose substantial fines. The times, they are a changing. If you are interested in examples of Canadian breaches where losses have occurred, read on.
It is no secret that there is a startling rise in privacy breaches in Canada these days, with a resulting increase in regulatory investigations and legal actions arising out of those breaches. Where a few years ago it was easy to find examples of breaches but difficult to find examples of losses arising from them, the environment in the US, and increasingly in Canada, has changed. Class action litigation and individual actions relating to privacy breaches in Canada are no longer just hypothetical, they are a new reality. The actions tend to involve disclosure of personal information through insecure disposal of records, theft and loss of unencrypted data on mobile devices, and unauthorized access to records. Set out below is a discussion of some of the recent cases resulting in actual losses.