It has been said that privacy is “at risk of becoming a real human right.” The exponential increase of personal information in the hands of organizations, particularly sensitive data, creates a significant rise in the perils accompanying formerly negligible privacy incidents. At one time considered too intangible to merit even token compensation, risks of harm to privacy interests have become so ubiquitous in the past three years that they require special attention.
Legal and social changes have for their part also increased potential privacy liability for private and public entities when they promise – and fail – to guard our personal data (think Ashley Madison…). First among those changes has been the emergence of a “privacy culture” — a process bolstered by the trickle-down effect of the Julia Angwin’s investigative series titled “What They Know,” and the heightened attention that the mainstream media now attaches to privacy incidents. Second, courts in various common law jurisdictions are beginning to recognize intangible privacy harms and have been increasingly willing to certify class action lawsuits for privacy infringements that previously would have been summarily dismissed without hesitation.
Prior to 2012, it was difficult to find examples of judicially recognized losses arising from privacy breaches. Since then however, the legal environment in common law jurisdictions and in Canada in particular has changed dramatically. Claims related to privacy mishaps are now commonplace, and there has been an exponential multiplication in the number of matters involving inadvertent communication or improper disposal of personal data, portable devices, and cloud computing.