Skip to main content

Tag: Ari v. ICBC

ICBC Privacy Breach Class Action Allowed To Include Claim for Punitive Damages

Reasons for judgement were published today by the BC Court of Appeal expanding the scope of a class action lawsuit against ICBC to allow claims for punitive damages to be included in the claim.

In the recent case (Ari v. ICBC) ICBC was sued after an employee of theirs passed personal records ICBC kept to “an acquaintance involved in the drug trade” after which a series of attacks were carried out against some of the individuals who had their private information compromised.  The court noted the following background

Continue reading

BC Court of Appeal – Vicarious Liability Under the Privacy Act is an Open Question

Today the BC Court of Appeal released reasons for judgement finding it is an open ended question whether BC’s Privacy Act allows an employer to be vicariously liable when an employee willfully violates the privacy of another.
In today’s case, (Ari v. ICBC) a proposed class action, the Plaintiff sued ICBC alleging various improprieties arising from an employee improperly accessing “the personal information of about 65 ICBC customers“.
A chambers judge dismissed all of the claims except one under BC’s Privacy Act which makes it a tort  “for a person, wilfully and without a claim of right, to violate the privacy of another.“.
ICBC argued this section does not permit them to be sued for an employees wrongdoing.  The BC Court of Appeal disagreed and found it is an open ended question of whether vicarious liability can be attached to this statutory tort and that the issue needs to be addressed through the trial process.  In allowing this claim to survive the pleadings motion the BC Court of Appeal provided the following reasons:

[25]        It is not clear that s. 1 of the Privacy Act should be interpreted as limited in the same fashion as the relevant provisions in Nelson. Section 1(1) states that “[i]t is a tort, actionable without proof of damage, for a person, wilfully and without a claim of right, to violate the privacy of another”. There is no language (as there was in Nelson) that clearly limits a plaintiff to recovery of damages from the person identified in s. 1(1). While, as the chambers judge observed, vicarious liability for acts of intentional and deliberate wrongdoing has generally been rejected, it is not unheard of (see: Lewis Klar, Tort Law, 5th ed. (Toronto: Carswell, 2012) at 682). To the extent that s. 1(1) of the Privacy Act requires deliberate wrongdoing, it is not per se incompatible with vicarious liability.

[26]        Although Nelson may provide, by analogy, a basis for denying the availability of vicarious liability, I cannot conclude that the chambers judge erred in finding the appellant’s claim is on this basis, not bound to fail.

[27]        Alternatively, ICBC says that there is a policy argument which supports its position that there is no cause of action in vicarious liability. For policy reasons ICBC says, employers should not be held vicariously liable for wilful breaches of privacy under the Privacy Act.

[28]        ICBC also contends that the question before the chambers judge was whether vicarious liability should be imposed due to policy considerations. It says that the appropriate question to ask is: should liability lie against a public body for the wrongful conduct of its employee, in these circumstances? The question necessarily demands some exploration of the evidence about the connection between ICBC’s security procedures and the security lapse that occurred, as well as a weighing of the policy considerations involved. It is reasonable to conclude that a factual matrix is necessary in order to fairly address whether ICBC’s conduct materially enhanced the possibility of committing the breach of privacy, and to determine the connection between the impugned conduct and ICBC’s conduct. In other words, to clearly determine how public policy considerations affect the viability of the vicarious liability claim, some evidence is required.

[29]        ICBC submits in the further alternative that ss. 73 and 79 of the Freedom of Information and Protection of Privacy Act bar recovery for vicarious liability. Section 79 provides that the Act prevails where it conflicts with the provisions of other legislation. Section 73(a) prohibits proceedings against a public body for damages resulting from good faith disclosure or non-disclosure of all or part of a record under the Act.

[30]        As the disclosure alleged was not a good faith disclosure, s. 73 has no application to the circumstances of this case.

[31]        I am of the view that the question of vicarious liability on the facts of this case cannot be resolved on a pleadings motion. It is not plain and obvious the claim would fail. The chambers judge considered that the appellant ought to have the opportunity to develop and argue this aspect of his claim. I see no error in her conclusion.

[32]        For these reasons I would dismiss ICBC’s cross-appeal.