Liability for cyber attacks clarified by Ontario Court of Appeal
Molly Reynolds, Nic Wall, and Shalom Cumbo-Steinmetz of Torys LLP write:
The Ontario Court of Appeal released a trilogy of decisions on November 25 on the availability of the “intrusion upon seclusion” tort in data breach class actions. At issue was whether the tort can be used against corporate defendants that had been hacked by unknown third parties.
What you need to know
- The Court held that intrusion upon seclusion cannot be used to impose liability on the companies that had been hacked.
- This result:
- brings welcome confirmation of the scope of the tort;
- avoids expanding the risk profile of data breaches perpetrated by third-party hackers;
- prevents class action plaintiffs from leveraging this developing area of the law to secure larger settlements; and
- has the potential to impact current legislative reform.
Read more at Lexology.