Scroll Top

Invasion of Privacy in the Workplace Could Lead to Liability for Snooping Employees

Recently, the Ontario Court of Appeal recognized a new tort related to privacy rights, that is, “intrusion upon seclusion”.

This case, Jones v. Tsige, arose when the plaintiff, Sandra Jones, found out that a co-worker at the Bank of Montreal (“BMO”), Winnie Tsige, had been looking through her bank records. Tsige was in a common law relationship with Jones’ ex-husband and had full access to Jones’ banking records as a BMO employee. Tsige had accessed Jones’ personal banking information at least 174 times in a period of four years.  The Court of Appeal found that Tsige had committed this new tort of intrusion upon seclusion and awarded $10,000 in damages to Jones.

The necessary elements of intrusion upon seclusion are: the intentional intrusion, physically or otherwise, on the seclusion of another individual or his/her private affairs or concerns, to the degree that a reasonable person would find highly offensive.  The plaintiff does not need to show proof of actual harm to recover damages. The Court of Appeal broke down the key features of the tort as follows:

(f)irst, that the defendant’s conduct must be intentional, within which I would include reckless; second that the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and third, that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish.

The Court of Appeal made clear that only the most “deliberate and significant” invasions of privacy will be captured under this new law.

Recognizing a common law right to be free from intrusion into one’s private affairs is a significant step in the development of privacy law in Ontario.  Although there appears to have been no attempt to pursue the Bank as being vicariously liable in allowing its employee such liberal and unrestricted access to other employees’ private financial information, it would seem that based on the test the Court has set out, employers may also be found liable.  Accordingly, employers should assess the potential for employees to access and abuse information pertaining to other employees, customers and the general public.  In addition, an employer’s ability to conduct surveillance on an employee who has been absent from work may be curtailed by this new law. Although the damages awarded in this case were relatively modest, it opens the door for potential costly litigation.