Rising data breaches put companies at the crossroads of tech innovation and legal risk. Dive into Canada's cybersecurity litigation landscape with these five top trends from our Canadian Cybersecurity Trends Study.

1. Privacy Class Action Certification. In 2022, appellate courts upheld denials of certification in key cases like Broutzas v. Rouge Valley Health System and Setoguchi v. Uber BV. The primary hurdle? Insufficient evidence of misuse or compensable harm. This trend is a sign that courts will continue to carefully scrutinize proposed privacy class actions.

2. Intrusion Upon Seclusion Claims. The Supreme Court of Canada denied leave to appeal in Owsianik v. Equifax Canada Co., which ruled victims of cyberattacks can't be liable under this tort. Part of a trilogy, the ruling limits claims in cybersecurity cases and remains binding precedent in Ontario (and a persuasive authority in other common law provinces).

3. Privacy Probes Surge. 2022 saw heightened activity from federal and provincial privacy commissioners, especially in incidents involving private-sector service providers and government. These investigations are a signal that compliance with privacy laws continues to be under scrutiny.

4. Low Settlements, Cy-Près on the Rise. Settlement values in privacy class actions continue to be relatively low (typically between C$1 and C$100 per affected person), reflecting the significant litigation risk faced by plaintiffs. Furthermore, several courts have approved cy-près payments, shifting focus from individual payouts to supporting broader public interest initiatives.

5. Recouping Costs. In a landmark ruling, an Ontario court sentenced a hacker to nearly seven years and ordered C$2.8-million in restitution, establishing an important precedent for cybercrime sentencing in the future.

To shield themselves from attack and mitigate litigation risks, companies should be proactive about developing and implementing cybersecurity measures, audits, and incident response plans. While complete security from cyberattacks may not be possible, preparedness and compliance are key.