Invasion of Privacy – Implications for the Workplace

Employment and Labour

I. Introduction

In the recent landmark case of Jones v. Tsige, 2012 ONCA 32, the Ontario Court of Appeal became the first Canadian appellate court to unequivocally recognize the common law tort of invasion of privacy. While actions to enforce privacy rights have been recognized for years in British Columbia by the Privacy Act, there are some important differences between the common law tort and the statutory right of action. Jones v. Tsige also raises interesting issues concerning privacy interests in the workplace that may have widespread implications for individuals and employers.

II. The evolution of common law privacy rights in Canada

For well over 100 years courts and academics have debated whether to recognize a cause of action in tort for invasion of privacy. Some argued a new tort was not necessary as many aspects of privacy were already protected by other causes of action like breach of confidence, defamation, breach of copyright, nuisance, and various property rights. The starting point in the discussion is the seminal article by S.D. Warren & L.D. Brandeis, “The Right to Privacy” (1890) 4 Harv. L. R. 193. Warren and Brandeis argued for the recognition of a right of privacy. They identified the “general right of the individual to be let alone”, the right to “inviolate personality”, “the more general right to the immunity of the person” and “the right to one’s personality” as fundamental values. They urged that open recognition of a right of privacy was well-supported by these underlying legal values and required to meet the changing demands of the society in which they lived. American courts have long recognized the right to privacy but Canadian courts had taken mostly tentative steps towards recognizing the tort. For example, in Lord v. McGregor, 2000 BCSC 750, R.A. McKinnon, J. observed:

…[T]here is some academic interest and case authority to support the notion that the common law tort of privacy is an emerging field. A.M. Linden in his text Canadian Tort Law, 6th ed. (Toronto: Butterworths, 1997) at 55 commented:

Although the right to privacy is well entrenched in American tort law, the Canadian and English courts have been reluctant to recognize a separate right to privacy. Even the great innovator Denning M.R. has declared, “[W]e have as yet no general remedy for infringement of privacy.” This statement may not be as accurate as it once was. One Canadian court has recognized a general right to privacy. Several trial judges have refused to dismiss actions for the invasion of privacy at the pleading stage on the ground that it has not been shown that our courts will not create a right to privacy. We seem to be drifting closer to the American model.

As will be discussed more below, four provinces, including British Columbia, eventually enacted privacy legislation creating a tort for invasion of privacy. With the advent of the Charter of Rights and Freedoms the right to privacy began to be recognized more and more in the criminal law particularly under section 8, the protection against unreasonable search and seizure. For example, in Hunter v. Southam Inc., [1984] 2 S.C.R. 145, at p. 158-59, Dickson J. observed that the interests engaged by s. 8 are not simply an extension of the concept of trespass, but rather are grounded in an independent right to privacy held by all citizens. In R. v. Dyment, [1988] 2 S.C.R. 417 at p. 427, La Forest J. characterized the s. 8 protection of privacy as“[g]rounded in a man’s physical and moral autonomy” and stated that “privacy is essential for the well-being of the individual. For this reason alone, it is worthy of constitutional protection, but it also has profound significance for the public order.” Then the federal government and many of the provincial governments began to enact legislation protecting privacy. For example, there is the federal Personal Information Protection and Electronic Documents Act, 2000, S.C. 2000, c. 5. There are now freedom of information and protection of privacy acts in most Canadian jurisdictions. For example, B.C. has the Freedom of Information and Protection of Privacy Act, RSBC 1996, c. 165. Further, legislatures have enacted laws to protect privacy in the private sphere. British Columbia, for example, has the Personal Information Protection Act, SBC 2003, c. 63. In addition many academic commentators argued it was time to recognize the tort of invasion of privacy in Canada: Craig, “Invasion of Privacy and Charter Values: The Common-Law Tort Awakens”, 42 McGill L.J. 355; Austin, “Privacy and Private Law: The Dilemma of Justification” 55 McGill L.J. 165; Hunt, “Conceptualizing Privacy and Elucidating Its Importance: Foundational Considerations for the Development of Canada’s Fledging Privacy Tort”, 37 Queen’s L.J. 167.

Jones v. Tsige

With this background we turn to the decision of the Ontario Court of Appeal, handed down in January of this year. Ms. Jones and Ms. Tsige worked at different branches of the Bank of Montreal (“BMO”). Jones kept her primary bank account with BMO. Jones and Tsige did not know each other. Tsige, however, became involved in a relationship with Jones’ former husband. Over the course of about four years, Tsige accessed Jones’ personal BMO bank account at least 174 times. The information displayed included transactions details, as well as personal information such as date of birth, marital status and address. Jones became suspicious that Tsige was accessing her account and complained to BMO. When confronted, Tsige admitted that she had looked at Jones’ banking information, that she had no legitimate reason for viewing the information and that she understood it was contrary to BMO’s Code of Business Conduct and Ethics. Tsige claimed that she was involved in a financial dispute with the appellant’s former husband and accessed the accounts to confirm whether he was paying child support to the appellant. Jones did not accept that explanation and said it was inconsistent with the timing and frequency of Tsige’s snooping. Tsige apologized for her actions and said she ceased looking at Jones’ banking information. BMO disciplined Tsige by suspending her for one week without pay and denying her a bonus. Jones sued Tsige. Unlike British Columbia, Ontario does not have a Privacy Act. The Court of Appeal nevertheless, declared the tort of invasion of privacy exists in Ontario law and granted judgment to Ms. Jones for $10,000.00. The court noted the recognition of a right to privacy under the Charter and said the common law should be developed in a manner consistent with Charter values. This supported the recognition of a civil action for damages for intrusion upon the plaintiff’s seclusion. In doing so, the Court adopted the definition of “intrusion upon seclusion”, from the American Restatement (Second) of Torts (2010). That tort is described by the Restatement, at § 652B as:

One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.

The Court then set out the elements required to establish a cause of action:

“Generally speaking, to make out cause of action for intrusion upon seclusion, a plaintiff must show:

  1. an unauthorized intrusion;
  2. that the intrusion was highly offensive to the reasonable person;
  3. the matter intruded upon was private; and,
  4. the intrusion caused anguish and suffering.”

The Court cautioned that the cause of action should not “open the floodgates”, and said:

“A claim for intrusion upon seclusion will arise only for deliberate and significant invasions of personal privacy. Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.

In addition, the Court recognized there may be defences available. Most notably in some cases a defendant may assert freedom of expression or freedom of the press (para. 73).


As noted the award in Jones v. Tsige was only for $10,000. This modest award is consistent with the awards made in British Columbia and the other provinces under their Privacy Acts. Indeed, the largest award in British Columbia for a violation of privacy under the Privacy Act, so far was only $35,000 for punitive damages and $15,000 for general damages: (Malcolm v. Fleming, [2000] Carswell BC 1316, (B.C.S.C.) a case where the defendant, the plaintiff’s landlord, installed a video camera in the plaintiff’s apartment and recorded her in various stages of undress in her bathroom and bedroom). The privacy legislation in B.C. and the other provinces creates the tort of violation of privacy, actionable without proof of damage. The court in Jones v. Tsige appended a table of damages awards, reproduced here to show the range of awards:

Appendix B: Damage awards under provincial privacy legislation

Facts Remedy
Pateman et. al. v. Ross (1988), 68 Mr. R. (2d) 181 (Man. Q.B.) Woman harassed ex-boyfriend and his new wife with threatening phone calls, letters and visits. Interlocutory injunction
Insurance Corp of British Columbia v. Somosh 1983 CanLII 673 (BC SC), (1983), 51 B.C.L.R. 344 (B.C.S.C.) Insurance company investigator asked invasive questions about car driver after accident, although the insurance company had no claim at law against driver. $1,000 – General Damages $1,000 – Punitive Damages
Wasserman v. Hall, 2009 BCSC 1318 (CanLII), 2009 BCSC 1318, 87 R.P.R. (4th) 184 Claim for breach of privacy and nuisance; breach was described as “relatively minor”. $3,500 – General Damages
Heckert v. 5470 Investments Ltd. 2008 BCSC 1298 (CanLII), 2008 BCSC 1298, 299 D.L.R. (4th) 689 Landlord placed a video camera in the hallway of the building. Held that there was no legitimate reason for close-up imaging people immediately outside their apartment doors. $3,500 – Nominal Damages
Hollinsworth v. BCTV (1996), 34 C.C.L.T. (2d) 95 (B.C.S.C.), aff’d 1998 B.C.C.A. 304 Defendant released videotape of plaintiff having hair transplant surgery and media aired video. $15,000 – General Damages
F. (J.M.) v. Chappell, (1998) 45 B.C.L.R. (3d) 64 (B.C.C.A.), leave to appeal to SCC refused, (1998), 231 N.R. 400 Defendant published the name of complainant in sexual assault case in breach of publication ban. Jury awarded $19,000 in damages, but the judge countenanced a defence of publication privilege and reduced this to $1,000. Court of Appeal reinstated the jury award. $3,000 – General Damages $15,000 – Punitive Damages $1,000 Non-pecuniary Damages
Lee v. Jacobson; Weber v. Jacobson reflex, (1992), 87 D.L.R. (4th) 401 (B.C. S.C.), rev’d (1994), D.L.R. (4th) 155 (B.C.C.A) Landlord drilled a secret hold to spy on tenant. Note: Findings of fact were overturned. $2,000 – General Damages $22,500 – Punitive Damages
Watts v. Klaemt 2007 BCSC 662 (CanLII), 2007 BCSC 662, 71 B.C.L.R. (4th) 362 Defendant recorded the plaintiff’s telephone conversations and then reported the content to the plaintiff’s employer. Plaintiff was then fired. $30,000 – Actual damages $5,000 – Punitive Damages
Malcolm v. Fleming, [2000] CarswellBC 1316, (B.C.S.C.) Defendant landlord secretly videotaped plaintiff while she was in her bathroom and bedroom. $15,000 – General Damages $35,000 – Punitive Damages
Nesbitt v. Neufeld, 2010 BCSC 1605 (CanLII), 2010 BCSC 1605, [2011] B.C.W.L.D. 407 Family dispute: defendant published private documents, started websites, Facebook groups, sent letters to friends / colleagues / professional associations accusing her of drug abuse, suicide attempts, mental illness and sexual promiscuity. $40,000 – General Damages

The British Columbia Privacy Statutes

As mentioned above, British Columbia is one of four provinces that has privacy legislation. In British Columbia the tort of violating the privacy of another is recognized by the Privacy Act. The Privacy Act, RSBC 1996, c. 373, provides:

Violation of privacy actionable

1 (1) It is a tort, actionable without proof of damage, for a person, wilfully and without a claim of right, to violate the privacy of another.

(2) The nature and degree of privacy to which a person is entitled in a situation or in relation to a matter is that which is reasonable in the circumstances, giving due regard to the lawful interests of others.

(3) In determining whether the act or conduct of a person is a violation of another’s privacy, regard must be given to the nature, incidence and occasion of the act or conduct and to any domestic or other relationship between the parties.

There are defences. Notably section 2 (2) provides:

An act or conduct is not a violation of privacy if any of the following applies:

(a) it is consented to by some person entitled to consent;

(b) the act or conduct was incidental to the exercise of a lawful right of defence of person or property.

It is also noteworthy that pursuant to section 4 of the Act an action for “violation of privacy” can only be brought in the Supreme Court. In Jones v. Tsige, the court reviewed the privacy acts in British Columbia, Manitoba, Newfoundland and Saskatchewan, and said:

“Significantly, however, no provincial legislation provides a precise definition of what constitutes an invasion of privacy. The courts in provinces with a statutory tort are left with more or less the same task as courts in provinces without such statutes. The nature of these acts does not indicate that we are faced with a situation where sensitive policy choices and decisions are best left to the legislature. To the contrary, existing provincial legislation indicates that when the legislatures have acted, they have simply proclaimed a sweeping right to privacy and left it to the courts to define the contours of that right.”

If British Columbia courts follow the Ontario Court of Appeal in Jones v. Tsige and determine that the common law tort exists in British Columbia, there would be some important changes to the law and practice in this Province. First, it would mean actions could be brought now in the Provincial Court, Small Claims division. This could lead to far more actions being brought as the awards are invariably modest, and frequently within the jurisdiction of the Small Claims Court. No doubt many claims have not been pursued in the past due to the prohibitive costs of prosecuting a Supreme Court action. Second, the limitation period for a statutory violation of privacy is two years. The common law tort, however, carries a six year limitation period: Lord v. McGregor 2000 BCSC 750; 1999 BCCA 102. On the other hand, the common law tort requires some proof of damages whereas the statutory tort does not. It may be argued that the common law tort should not be recognized in B.C. because of the operation of the Privacy Act and the Personal Information Protection Act. A similar argument was raised in Jones v. Tsige. The Ontario Court of Appeal rejected this argument and said:

“Tsige argues that it is not open to this court to adapt the common law to deal with the invasion of privacy on the ground that privacy is already the subject of legislation in Ontario and Canada that reflects carefully considered economic and policy choices. It is submitted that expanding the reach of the common law in this area would interfere with these carefully crafted regimes and that any expansion of the law relating to the protection of privacy should be left to Parliament and the legislature.

[49] I am not persuaded that the existing legislation provides a sound basis for this court to refuse to recognize the emerging tort of intrusion upon seclusion and deny Jones a remedy. In my view, it would take a strained interpretation to infer from these statutes a legislative intent to supplant or halt the development of the common law in this area: see Robyn Bell, “Tort of Invasion of Privacy – Has its Time Finally Come?” in Archibald and Cochrane (eds.), Annual Review of Civil Litigation (Toronto: Thompson Carswell, 2005) at p. 225.”

In Lord v. McGregor, 1999 BCCA 102, the Court of Appeal ruled Mr. Lord’s action was barred by the two year limitation period but left open the possibility that the court may recognize a common law tort of invasion of privacy, governed by a 6 year limitation period. These dicta comments suggest the Court of Appeal did not consider the Legislature had ousted the possibility of a common law tort by enacting the Privacy Act. In addition to the Privacy Act, B.C. also has the Personal Information Protection Act, SBC 2003, c. 63. That Act sets out certain statutory rights and protections the violation of which may be subject to an investigation and review by the Commissioner. Further that Act provides for a cause of action for breach of the Act:

Damages for breach of Act

57 (1) If the commissioner has made an order under this Act against an organization and the order has become final as a result of there being no further right of appeal, an individual affected by the order has a cause of action against the organization for damages for actual harm that the individual has suffered as a result of the breach by the organization of obligations under this Act.

(2) If an organization has been convicted of an offence under this Act and the conviction has become final as a result of there being no further right of appeal, a person affected by the conduct that gave rise to the offence has a cause of action against the organization convicted of the offence for damages for actual harm that the person has suffered as a result of the conduct.

The Act, however, immunizes employers in most circumstances relating to the collection, use or disclosure of personal information concerning an employee. By the operation of sections 13, 16 and 19 of the Act, an organization may collect, use and disclose an employee’s personal information without the consent of the employee where the collection is reasonable for the purposes of establishing, managing or terminating an employment relationship. Further, an organization may collect, use or disclose personal information whenever a person consents. Consent is also implied under section 8 (1) where:

(a) at the time the consent is deemed to be given, the purpose would be considered to be obvious to a reasonable person, and

(b) the individual voluntarily provides the personal information to the organization for that purpose.

One would expect most information collected by an employer will fall into this category.

Privacy Issues in the employment context

There has been considerably more consideration of the issue of employee privacy in arbitral jurisprudence: Ball, Canadian Employment Law (Canada Law Book; Toronto, 2011) p. 19A-1 which is beyond the scope of this paper. As noted above some lower courts have considered privacy issues. Much of the jurisprudence may need to be re-examined in light of Jones v. Tsige. Some examples follow. One notable case was Somwar v. McDonald’s Restaurants of Canada Ltd., (2006), 79 O.R. (3d) 172 (S.C.). In that case, Somwar accused his employer, McDonald’s Restaurants, of unlawfully invading his privacy by conducting a credit bureau check on him without his consent. The plaintiff claimed damages for invasion of privacy and for punitive damages. The defendant moved to strike the statement of claim and dismiss the plaintiff’s action on the basis that it did not disclose a reasonable cause of action. The Court refused to strike the pleadings. In Poirier v. Wal-Mart Canada Corp., 2006 CarswellBC 1876 Wal-Mart terminated the plaintiff store manager’s employment for cause. The plaintiff’s name and picture appeared in a widely distributed company flyer after the plaintiff was dismissed. The plaintiff sued for wrongful dismissal and under the Privacy Act. His action for wrongful dismissal was dismissed. The dismissal, however, was deemed to have cancelled the plaintiff’s consent to use his image. The defendant’s conduct was found to be careless and callous and the plaintiff was awarded damages of $15,000. Another interesting case was Colwell v. Cornerstone Properties Inc., [2008] O.J. No. 5092. There the employer had secretly placed a camera in an employee’s office. This was found to be conduct that amounted to a constructive dismissal. At the time the common law tort of invasion of privacy was not recognized. This sort of fact pattern would no doubt now give rise to both a claim in constructive dismissal and for intrusion of seclusion. An interesting case in the criminal law context is R. v. Cole, 2011 ONCA 218. In that case a school teacher had been given a lap top computer by his employer. The school policy allowed the teachers to use the computers for personal use and to store information on their computers. The policy, however, also prohibited the use or storage of inappropriate content, including sexually explicit material. An IT professional working for the school noticed unusual activity with the teacher’s laptop and investigated. He found nude photos of a student and determined the teacher had visited numerous pornographic sites using the computer. The computer was provided to the police and the teacher was charged with possession of child pornography. Perhaps surprisingly, the Ontario Court of Appeal held the teacher did have a right to privacy from state intrusion when using the school’s computer. One notable factor in the case was that the school policy stated the teachers were prohibited from storing such material on the computers but it did not state the computers were subject to searches. Also the policy said emails were subject to being reviewed but it did not say that other data may be reviewed by the employer. The search was, however, deemed to be appropriate as it arose in the context of the school’s obligation to protect their students. Nevertheless, the recognition that of an expectation of privacy in these circumstances is important.

Ramifications for the workplace

One can envision circumstances where an employer could be held vicariously liable for conduct of an employee that violates the privacy of another. The case law and the legislation make it clear that employers should have written policies to govern workplace privacy, including policies concerning:

  • The use of workplace computers;
  • The use of laptop computers and smart phones given to employees;
  • The use and disclosure of the personal information of all employees;
  • A code of conduct and ethics regarding workplace privacy.

These policies should also make it clear what type of conduct is permitted and what is prohibited. It should be clear employees should not expect any privacy regarding email; internet searches; downloading material, etc. Employers should also make it clear what the consequences could be for failing to abide by the policies.

Timothy Delaney
Partner in Labour and Employment Law
Lindsay Kenney – Vancouver Office