First Ontario Privacy Class Action Certified Against Employer via Vicarious Liability


In Evans v. Bank of Nova Scotia, 2014 ONSC 2135, Justice Smith certified a class action for, among other claims, the tort of inclusion upon seclusion, against both the Bank of Nova Scotia (the “Bank”) and Richard Wilson. This is the first “privacy law” class action certified by the Ontario Superior Court of Justice.


Mr. Wilson was a Mortgage Administration Officer of the Bank.  In this capacity, he had access to clients’ private and confidential information.  Without authority, Mr. Wilson accessed this information and provided it to his girlfriend, who then disseminated the information to third parties for fraudulent and improper purposes.

When the Bank discovered this, it identified 643 individuals whose files Mr. Wilson had accessed.  It offered them a complimentary subscription to credit monitoring and identity theft protection services, and for those who were the victims of identity theft or fraud, it offered compensation for the pecuniary losses they suffered.

The Bank vigorously opposed certification of this action.  While many arguments were advanced on each of the arms of the test for certification, and the different causes of action alleged, here we focus on the Bank’s arguments with respect to the tort of intrusion upon seclusion.


The tort of intrusion upon seclusion is relatively new, having been recognized by the Court of Appeal for Ontario in 2012 in Jones v. Tsige, 2012 ONCA 32. One of the necessary elements is that the defendant’s conduct must have been intentional – this includes recklessness.  Here, the plaintiffs did not allege that the Bank acted intentionally but instead alleged that the Bank was vicariously liable for Mr. Wilson’s intentional and wrongful actions. The Bank disputed this.

To be found vicariously liable for unauthorized acts of an employee, the act must fall “within the ambit of the risk that the employer’s enterprise creates or exacerbates”. The focus is “whether the wrongful act is sufficiently related to conduct authorized by the employer to justify the imposition of vicarious liability”.  In the case of intentional torts, relevant factors for this analysis may include:  (i) the opportunity afforded to the employee to abuse the power; (ii) the extent to which the act furthered the employer’s aims; (iii) the extent to which the act was related to friction, confrontation or intimacy inherent in the employer’s enterprise; (iv) the extent of power conferred on the employee; and (v) the vulnerability of the potential victims. Notably, vicarious liability “is strict, and does not require any misconduct on the part of the person who is subject to it”.

The court found that the customers of the Bank were entirely vulnerable to an employee releasing their confidential information.  Mr. Wilson was given complete power in relation to the victims’ confidential information, and the Bank created the opportunity for Mr. Wilson to abuse his power by providing him unsupervised access to the confidential information without installing any monitoring system.  While there was no connection between the provision of the information to third parties and the Bank’s business, and while Mr. Wilson’s acts were not related to any friction or confrontation inherent in the Bank’s enterprise, they were related to his necessary intimacy to the personal and confidential information.  As a result, there was a significant connection between the risk created by the Bank and Mr. Wilson’s wrongful conduct.  It was not plain and obvious that the Bank would not be found vicariously liable.


The Bank also argued that the tort of intrusion upon seclusion has not been recognized in other jurisdictions, in particular British Columbia and New Brunswick.  This was arguably relevant as out of the 643 individuals whose records were identified as having been wrongfully accessed, 35 were from British Columbia and New Brunswick.  This fact did not deter the motion judge, who held:

The tort of intrusion upon seclusion has only recently been recognized by the Ontario Court of Appeal and is settled in Ontario. However, until the matter is ultimately decided at the Supreme Court of Canada, I find that the law in Canada is not settled on this issue. While the Courts in British Columbia and New Brunswick have not as of yet recognized the tort of intrusion upon seclusion, I was not given caselaw to suggest that they have definitively shut the door on this cause of action. For this reason, I find that it is not plain and obvious that the plaintiffs’ claim that the Bank is vicariously liable for its employees’ tort of intrusion upon seclusion would be unsuccessful.


The Bank argued that the damages sought were akin to punitive damages, being symbolic or moral damages, and as no punitive damages have been awarded for vicarious liability there could be no such damages for breach of privacy via vicarious liability.  The motion judge held that the law was not settled on the issue of whether damages awarded for the tort of intrusion upon seclusion would be treated in the same manner as an award of punitive damages.  It was not plain and obvious that the plaintiffs would be unsuccessful in obtaining damages.

Finally, the court held that a class proceeding would be the preferable procedure to deal with pecuniary damages in order to bind the Bank to its admission of liability for the pecuniary damages suffered by class members.

Ultimately, the action against the Bank and Mr. Wilson with respect to the tort of intrusion upon seclusion was certified.  While still only at the certification stage, this class action for damages arising out of vicarious liability for breach of privacy should give cause to all employers to evaluate their supervisory systems to ensure they are adequate to protect the private and confidential information in their control. 


Topics:  Banks, Canada, Class Action, Class Certification, Intrusion Upon Seclusion, Privacy Laws, Vicarious Liability

Published In: Civil Procedure Updates, Civil Remedies Updates, Finance & Banking Updates, Personal Injury Updates, Privacy Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Lerners LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »