Enthusiasts for the tort of intrusion upon seclusion as the new frontier for holding organizations and their employees to account for privacy-related wrongs will need to regroup after the Ontario Superior Court of Justice’s decision in Broutzas v. Rouge Valley Health System and Kouvas v. Scarborough and Rouge Hospital. In the clearest statement yet, it appears that the tort only protects interests in information that has a quality of “confidentiality” or “secrecy” rather than a broader conception of privacy interests as involving control over the use and dissemination of personal information. In most cases, a plaintiff’s recourse will be limited to the assistance of Privacy Commissioners and professional regulatory bodies.
Selling information about mothers
The proposed class actions in Broutzas and Kouvas involved allegations that nurses at those hospitals sold contact information about mothers admitted for childbirth at those hospitals to sales representatives of registered education savings plans. The plaintiffs advanced several theories of liability against the defendants. One of those was the tort of intrusion upon seclusion.
Tort of intrusion upon seclusion
As a reminder, the Court of Appeal added the tort of intrusion upon seclusion to the legal landscape in Ontario in 2012 in the landmark case of Jones v. Tsige. The court was concerned to provide a common law remedy that was narrowly constrained to protect significant privacy interests. In recognizing the tort as part of Ontario law, Justice Sharpe stated that the key requirements to establish the tort were:
- the defendant’s conduct was intentional or reckless
- the conduct invaded the individual’s private affairs or concerns
- a reasonable person would find the invasion as highly offensive causing distress, humiliation or anguish
Justice Sharpe went on to say that there need not be any concern about opening the flood gates. The tort required intention or at least recklessness and only significant privacy interests would be protected. Justice Sharpe said:
 Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practises and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.
Quality of the information in issue
In advancing this tort in the Broutzas and Kouvas cases, the plaintiffs had a steep uphill climb to convince Justice Perell that the interests protected by the tort extended beyond “confidential” or “secret” information to include other privacy interests that the court recognized in R. v. Spencer, such as the right to control over access to and use of information about oneself (whether or not it is secret or confidential). The plaintiffs failed in that task. Justice Perell neatly summarized his understanding of the “privacy” interest protected by the tort as being concerned with “confidential” or “secret” information at paragraph 153 of the judgment:
 Generally speaking, there is no privacy in information in the public domain, and there is no reasonable expectation in contact information, which is in the public domain, being a private matter. Contact information is publicly available and is routinely and readily disclosed to strangers to confirm one’s identification, age, or address. People readily disclose their address and phone number to bank and store clerks, when booking train or plane tickets or when ordering a taxi or food delivery. Many people use their health cards for identification purposes. Save during the first trimester, the state of pregnancy, and the birth of child is rarely a purely private matter. The news of an anticipated birth and of a birth is typically shared and celebrated with family, friends, and colleagues and is often publicized. The case at bar is illustrative. All the proposed representative plaintiffs were not shy about sharing the news of the newborns.
But is the tort that narrow?
It is not entirely clear that the Ontario Court of Appeal intended to limit the tort to protect “confidential” or “secret” information. When Justice Sharpe referred to the tort as being intrusion upon “seclusion”, he explained the invasion as on one’s “private affairs or concerns”. Some of the examples he gave (e.g. diary or private correspondence) have the quality of secrecy or confidentiality. However, other matters are somewhat more elastic. In what sense, for example, is “employment” secret or confidential?
It will remain for another day to see whether the appellate court will recognize that “seclusion” does not necessarily mean secrecy and that the very nature of “seclusion” is an assertion of control over the dissemination and use of information. Justice Perell avoided having to really grapple with that question by refusing to accept that the intrusion involved information in a health record, which was one of the enumerated protected categories of information that Justice Sharpe laid out in Tsige v. Jones. In my view, Justice Perell missed the point. The sales people weren’t buying contact lists from people who had knee surgery. The information was directly related, in an unbroken chain, to the admission of these women for care related to the birth of their children. Instead of failing on the ground of whether the information , the claims by the plaintiffs in Broutzas and Kouvas probably failed on the point of distress, humiliation or anguish. The evidence appears to be that the sales calls were merely annoying.
So, the larger question is whether the tort is really limited to protecting secret or confidential information should have been left to another day. If it is, then this is a very narrow tort indeed. However, that might not be a bad thing. The courts may not be the right place to consider the issues that are involved in privacy interests related to reasonable expectations of control over the context and flow of information.
Certainly, harm can arise from a violation of these expectations. However, this interest (assuming we continue to see it as societal values) may be more appropriately analyzed and remedied by Privacy Commissioners and professional regulatory bodies, rather than the courts. As Justice Perell noted, with one exception (who Justice Perell observed might not have been a wrongdoer), the individuals involved had all been punished in some way for their wrongdoing by regulators and the Rouge Valley Hospital had been investigated by the Information and Privacy Commissioner and had been ordered to take remedial actions, which it had done.