Ontario Courts Decision – Improper Access of Confidential Data by Hackers

Wagners recently obtained court approval in Nova Scotia concerning a class action filed for the breach of private and sensitive information by an employee of a medical authority. Wagners was able to achieve a settlement which awarded victims of the data breach an amount of $1,000.00 for the improper access of their medical files.

With the ever evolving and fast moving advances in technology, and as more and more of our personal and sensitive financial and medical information is retained on electronic and computer devices, the concern is growing about unwanted access or even illegal hacking endeavours that can lead to serious consequences to those who have had suffered a breach.

In the fall of 2016, a decision from the Ontario Superior Court approved a settlement that was reached in a class action where customers of a well-known corporation had their personal financial information accessed by computer hackers. The hacking led to a breach of customer information including their financial transactions with the business as well as their individual email addresses.

Once the breach was discovered by the corporation, they took a number of steps to alert the public and their customers of the successful hacking of their computer systems. In addition to notifying appropriate government agencies, a press release was issued, notices were published in national newspapers in Canada and more than 500,000 emails were sent to the corporation’s customers.

The corporation also notified its customers that they would be held harmless for any fraudulent use of their credit card information and, in addition, the corporation made services available to ensure their customers had access to credit monitoring and repair tools should the need arise.

The data breach occurred over the course of several months in 2014. Although the corporation appeared to take the breach seriously and attempted to alleviate the concerns of its customers, class actions were commenced across Canada against the corporation for the potential harm its consumers faced.

While the Ontario Court approved the settlement, see Lozanski v. Home Depot, 2016 ONSC 5447 https://www.canlii.org/en/on/onsc/doc/2016/2016onsc5447/2016onsc5447.pdf the full amount that was being sought by counsel for the plaintiffs and the class was drastically reduced by the judge.

Payments sought by the Plaintiffs in their capacity as representatives of the class were not awarded. Counsel Fees were also reduced by the judge. In coming to his conclusion, Justice Perrell felt that class had suffered miniscule damages, if any, as the risk for illegal credit card transaction has been mitigated over the years due to stronger and more secure safety measures instituted by the credit card companies. In addition, the claim itself was based on speculation and, in fact, it was the hackers who were the cause of the losses, and not necessarily Home Depot. Also, Justice Perrell found that the data breach was minor in the respect that not enough detailed information was illegally obtained which would allow for possible identity theft.

The inappropriate and illegal accessing of sensitive data, whether carried out by an employee or a hacker, continues to occur with regular frequency in Canada. Wagners are experienced in this field of law and we continue to follow the ever evolving case law as a result of these breaches of your personal data.

Back to News & Insights