Instances of ransomware have exploded in the past five years. In 2020 alone, it is estimated that the total cost to Canadian organizations in paid ransoms and lost productivity was US$4 billion.
On December 14, 2020, the Privacy Commissioner of Canada, Daniel Therrien, issued a statement regarding the recent data breach at Desjardins. The statement involved the investigation conducted under the Personal Information Protection and Electronic Documents Act (PIPEDA) concerning the largest ever data breach in Canada’s financial services sector. Plainly put, the investigation revealed that Desjardins did not demonstrate the appropriate level of attention required to protect the sensitive personal information entrusted to its care.
Over the last two decades, British Columbia’s courts have consistently held that there is no common law tort for breach of privacy (or intrusion upon seclusion) in British Columbia because of the similar statutory cause of action under the Privacy Act, R.S.B.C. 1996, c. 373.