Privacy law in Ontario revolves around protecting individuals from unwarranted intrusions into their personal information, image, or private life. As technology advances and data proliferates, lawmakers and courts have devised multi-layered frameworks—both statutory and common law—to safeguard the fundamental interest in personal autonomy and dignity. From personal health records to everyday social media use, privacy considerations pervade modern life, influencing how organizations collect, process, and share sensitive data.
Origins and Scope
Historically, Canada’s legal system did not explicitly grant a single “right to privacy.” Over time, societal recognition of privacy as essential for personal development and freedom prompted legislation and common law rulings that codified such protections. In Ontario today, privacy law intersects with fields as diverse as employment, commercial transactions, health care, and media. Courts often interpret novel disputes in line with the underlying principle that individuals should have control over how, when, and to what extent personal information is disclosed.
Notably, privacy rights do not operate in a vacuum. They must be balanced against other societal values—such as freedom of expression, the public interest in transparency, and the pragmatic demands of business or governance. As a result, privacy law is inherently dynamic, evolving in response to fresh dilemmas posed by big data analytics, artificial intelligence, or genetic testing. Ontario’s legal regime, therefore, includes an assortment of statutes governing data management and a handful of judge-made torts addressing personal intrusions that slip through legislative gaps.
Tension Between Individual Rights and Societal Needs
While Canadians cherish privacy, courts and policymakers recognize that legitimate state or public interests can necessitate some data sharing. Law enforcement may require access to personal information for investigations. Regulatory bodies might demand personal records to ensure compliance. Businesses may need to handle customer data for legitimate commercial activities. The question often becomes how to reconcile these objectives with the commitment to preserve individuals’ personal domains. Consequently, Ontario courts apply reasonableness standards to evaluate whether an intrusion was justified or if it exceeded what society deems acceptable.
Technological Acceleration and Risks
The exponential growth of digital tools—cloud storage, smartphone apps, wearable devices—has made personal data more vulnerable than ever. Breaches, hacks, and identity theft illustrate how quickly private information can be exposed or exploited on a global scale. Even routine business processes (such as targeted advertising, employee monitoring, or e-commerce) require robust legal frameworks to prevent undue harm. Ontario lawmakers, along with federal legislators, have responded by reinforcing data protection obligations, but enforcement often struggles to keep pace with rapidly shifting technology.
Influence of the Charter
Canada’s Charter of Rights and Freedoms does not explicitly list privacy as a standalone right. However, courts have inferred privacy protection through provisions related to liberty, security of the person, and unreasonable search and seizure. While these Charter protections primarily guard against governmental overreach, they also shape the legal culture within which private disputes unfold. Judges may consider Charter values when adjudicating privacy lawsuits, ensuring a consistent ethos that respects personal autonomy. Nonetheless, private sector disputes or purely commercial privacy breaches often rely more directly on statutory rules (like PIPEDA) and the common law torts recognized in Ontario courts.
Cross-Border Data Flows and Global Standards
With data commonly moving across provincial or national borders, Ontario’s privacy laws sometimes intersect with international frameworks, such as Europe’s General Data Protection Regulation (GDPR). Although Canadian laws do not duplicate the GDPR, businesses with global reach must navigate multiple regimes. This cross-border reality underscores the importance of harmonizing local privacy standards with broader global expectations—a task that regulators and courts handle by referencing international best practices, comparative jurisprudence, and bilateral agreements.
Ontario’s privacy legislation comprises numerous sector-specific and general statutes, each tailored to different contexts. These laws underscore the province’s commitment to addressing privacy at diverse levels—from health records to publicly held information.
Personal Health Information Protection Act (PHIPA)
PHIPA governs how health information custodians (like doctors, hospitals, pharmacies) collect, use, and disclose patient data. Key features include:
Consent-Based Framework: PHIPA typically requires express or implied patient consent to handle health data, though certain exemptions exist for care continuity or emergencies.
Patient Rights: Patients can request access to their records, seek corrections if data is inaccurate, and complain to the Information and Privacy Commissioner of Ontario if they believe their rights were infringed.
Breach Notifications: Custodians must notify patients of unauthorized disclosures or data leaks that pose risks of harm. Failure to adhere to PHIPA can invite regulatory penalties and potential civil liability for damages.
Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and Freedom of Information and Protection of Privacy Act (FIPPA)
MFIPPA applies to Ontario’s municipalities, local boards, and certain other local bodies, while FIPPA governs provincial ministries and agencies. Both Acts share similar aims:
Access to Information: Members of the public can request data held by government bodies, subject to exceptions for law enforcement, solicitor-client privilege, or sensitive personal information.
Privacy Provisions: Institutions must safeguard personal data, collecting only what is necessary and using it consistently with stated purposes.
Appeals and Oversight: Individuals can appeal decisions regarding access or privacy breaches to the Information and Privacy Commissioner, who can order remedial steps.
These laws reflect the notion that transparency in government must coexist with respecting citizens’ privacy. Public bodies thus walk a fine line between disclosing records in the public interest and protecting personal data from unwarranted exposure.
Personal Information Protection and Electronic Documents Act (PIPEDA)
On the federal level, PIPEDA sets baseline standards for how private-sector organizations handle personal information in commercial activities. Key obligations include:
Consent and Limitation Principles: Collecting, using, and disclosing personal data only with valid consent and for purposes a reasonable person would consider appropriate under the circumstances.
Safeguards and Accountability: Requiring organizations to protect data with adequate security measures and assign responsibility for compliance to designated personnel.
Individual Rights: Granting individuals the right to access their personal data, challenge its accuracy, and complain to the federal Privacy Commissioner if they suspect a violation.
PIPEDA’s impact in Ontario is notable for businesses engaged in interprovincial or international commerce. Some Ontario-based entities that operate exclusively within the province and handle strictly non-commercial data might not fall under PIPEDA, but many still voluntarily align practices with its standards to maintain consistency or anticipate cross-border transactions.
Ontario’s courts have delineated four primary privacy torts, each designed to address a unique form of unjustified intrusion upon one’s private sphere. Unlike defamation, which centres on reputational harm linked to false statements, these privacy torts may arise even if the disclosed or obtained information is true—focusing instead on breaches of personal dignity, autonomy, or control over one’s image.
Intrusion upon seclusion arises where a defendant intentionally or recklessly invades the plaintiff’s private domain without lawful justification, in a manner that a reasonable person would find highly offensive.
Elements of the Tort
Deliberate or Reckless Conduct: The defendant’s intrusion must be purposeful or show reckless disregard, not merely accidental or inadvertent.
Private Affairs or Concerns: The plaintiff must prove a legitimate expectation of privacy in the target area or information—such as a personal diary, password-protected account, or secluded residence.
Highly Offensive to a Reasonable Person: Courts assess whether the extent and manner of intrusion offends societal standards for personal privacy.
Illustrative Examples
Digital Snooping: Hacking into someone’s email, social media, or device to peruse private messages.
Physical Surveillance: Planting hidden cameras in a private home, or peering through windows in a clandestine manner.
Banking Data: An employee at a financial institution accessing account details out of curiosity or spite rather than any legitimate operational need.
Damages and Impact
Since actual financial loss is not required, courts typically award damages for distress, humiliation, and emotional harm. Aggravated or punitive damages may also apply if the defendant acted maliciously or persisted after being warned. This tort underscores that individuals should enjoy a sphere of personal solitude free from unjustified intrusions.
Public disclosure of private facts targets the unwarranted broadcast or dissemination of intimate details about someone’s life, where the content is not of legitimate public concern, and a reasonable person would find its exposure highly offensive.
Elements of the Tort
Private, Intimate Information: The facts in question must be truly personal (e.g., medical records, sexual history, or sensitive personal relationships), not ordinarily known to the public.
Public Disclosure: Sharing must go beyond a small group—publicly revealing the information to a wide audience or in a forum with significant reach.
Highly Offensive: The disclosure must exceed mere curiosity or mild embarrassment and cause serious affront to an individual’s sense of personal dignity.
Examples
Releasing Intimate Images: An ex-partner uploading private photos or videos to social media or adult websites without consent.
Disseminating Confidential Records: Publishing someone’s therapy notes or health diagnoses on a public website.
Revealing Highly Personal Data: Exposing financial misfortunes, personal tragedies, or details about minors’ private lives when no public interest is served.
Legal Considerations
Plaintiffs need not prove the data was false—indeed, the tort presupposes the information is true but highly personal. Courts balance the desire to protect private facts against free speech, especially if the defendant claims the disclosure serves an overriding public interest. Moreover, if the plaintiff previously shared aspects of these details voluntarily or the facts are already in the public domain, the threshold for liability may not be met.
Publicity placing the plaintiff in a false light protects individuals from widespread communications that create a misleading or distorted portrayal of their personal attributes, beliefs, or experiences. Although it sometimes overlaps with defamation, the emphasis here is on the emotional or dignitary harm of being portrayed inaccurately, rather than damage to reputation per se.
Elements of the Tort
Public Communication: The portrayal must be shared publicly, not just whispered to a single individual or within a small circle.
False or Misleading Portrayal: The communication or depiction must significantly distort reality, potentially causing embarrassment, shame, or distress.
Highly Offensive Misrepresentation: A reasonable person would find the inaccuracy sufficiently severe or personal to warrant legal intervention.
Practical Scenarios
Doctored Images: Editing someone’s photo to suggest immoral behaviour or association with an offensive organization.
Misattributed Statements: Issuing a public statement falsely attributed to the plaintiff, implying they hold extremist views.
Out-of-Context Media: Selectively splicing interview footage so the plaintiff appears to advocate a position they do not, causing them distress.
Overlap With Defamation
Defamation requires a reputational sting tied to false statements. False light can involve truthful elements twisted into misleading impressions, or humiliating contexts not necessarily damaging to “reputation” in the strict sense. Plaintiffs sometimes plead both torts if uncertain which best applies. Courts examine the actual harm alleged: if the complaint is about humiliation or mischaracterization of private elements, false light might be the stronger route.
Misappropriation of personality protects against unauthorized commercial or promotional use of someone’s identity—often involving a name, likeness, or distinctive personal traits. Although frequently linked to celebrities whose images carry obvious commercial value, Ontario courts acknowledge that everyday individuals also have the right to control how their persona is used.
Elements of the Tort
Identifiable Persona: The plaintiff must be recognizable, whether through name, image, voice, or signature characteristic.
Commercial Exploitation: The defendant aims to profit or derive advantage from leveraging the plaintiff’s persona.
No Legitimate Authorisation: Consent or licence to use the personality was neither obtained nor implied.
Illustrations
Using a Celebrity’s Photo in Ads: Placing a well-known actor’s image on product packaging or promotional posters without consent.
Impostor Social Media Accounts: Creating accounts that mimic someone’s profile for endorsements or brand-building without the real person’s permission.
Voice Sampling: Employing a distinctive vocal style for automated commercials, leading listeners to believe the plaintiff endorsed the product.
Intersection With Other Laws
Misappropriation can overlap with trademark or copyright issues if the plaintiff’s name or likeness is registered or if photographs are subject to copyright licensing. However, the privacy tort centres specifically on personal identity, safeguarding individuals’ control over how they are presented and monetised.
Although these privacy torts bolster personal autonomy, defendants can invoke defences to protect legitimate activities or freedoms, such as:
Consent: A crucial factor. If the plaintiff explicitly or implicitly agreed to the exposure or use of private information, a claim may fail. Disputes often turn on whether any consent was properly informed and its scope was not exceeded.
Public Interest: Courts weigh privacy rights against freedom of expression and the broader public good. Legitimate reporting on matters of substantial societal interest—such as wrongdoing or public health concerns—may override a plaintiff’s privacy claim, provided only necessary details are disclosed.
Legal Authority: Certain intrusions are authorised by statute or court orders—for example, lawful police searches or regulated data-sharing in healthcare contexts. A defendant following legal mandates might be immune from liability.
Fair Comment and Truth: Typically more relevant in defamation, but in limited circumstances, these concepts can intersect with privacy claims if the defendant’s statements or disclosures revolve around legitimate critique or factual revelations.
Courts strive for a balance, ensuring privacy rights do not unduly stifle bona fide journalism, free expression, or law enforcement. Nonetheless, the onus is on the defendant to prove their actions were justified under one of these defences—especially if the intrusion appears otherwise unwarranted.
These four privacy torts demonstrate Ontario courts’ willingness to evolve new causes of action safeguarding personal autonomy. Claimants often combine statutory arguments—like a PHIPA complaint if health information is involved—with these tort theories for broader protection. Defendants might in turn rely on robust defences such as public interest, lawful authority, or valid consent. Consequently, successful suits require carefully establishing each tort’s distinct elements while rebutting the notion that legitimate social or commercial interests justify the invasion.
Damages awarded under these torts can compensate for emotional distress, mental anguish, and other intangible harms. Courts weigh the severity of the intrusion, the extent of dissemination, and whether the defendant acted maliciously or for financial gain. Although Canadian damage awards in privacy matters vary, there is a discernible trend toward higher sums where the wrongdoing is especially egregious or persistent.
Overall, these four torts offer Ontarians powerful tools to maintain control over their personal sphere, supplementing sector-specific laws and reflecting a growing societal consensus that privacy, in all its forms, deserves meaningful legal protection.
Compensatory Damages
Courts usually award compensatory damages for the intangible harm inflicted by privacy invasions—such as emotional distress, humiliation, and mental suffering. In evaluating compensation amounts, factors may include:
Severity of the Intrusion: Did it disclose extremely personal information or cause widespread harm (e.g., viral distribution on social media)?
Duration of the Violation: Did the defendant persist despite warnings, or was it a one-time lapse?
Defendant’s Motive: Malicious or profit-driven behaviour can heighten the damage award.
While historically modest, Canadian courts have occasionally granted substantial sums where the invasion was particularly egregious, reinforcing that personal autonomy is a valued legal interest worthy of protection.
Punitive Damages
Punitive (or exemplary) damages aim to deter especially reckless or malicious conduct. In the privacy context, courts might award them if the defendant engaged in deliberate and outrageous intrusions, for instance repeatedly publicizing private details out of spite. However, not every privacy breach qualifies; punitive damages require a clear demonstration that ordinary compensatory damages would be insufficient to denounce the wrongdoing.
Injunctive Relief
When a privacy violation is ongoing—or likely to recur—plaintiffs may seek an injunction to halt further dissemination or force removal of offending content. This remedy is critical if personal images or data remain publicly accessible online, where every additional view deepens the harm. Plaintiffs can request urgent interlocutory orders while litigation proceeds, preventing irreversible damage before a final judgment is rendered.
Statutory Complaints and Cross-Remedies
Ontario’s robust privacy statutes can sometimes provide alternative or additional routes:
PHIPA Complaints: Individuals can file with Ontario’s Information and Privacy Commissioner if they believe a health custodian mishandled their records.
PIPEDA Investigations: If commercial entities misused personal data, the federal Privacy Commissioner may investigate, and complainants might receive mediation or recommendations.
Ombuds and Other Regulators: Various bodies oversee privacy aspects in specific sectors, such as finance or education, offering potentially faster, less formal relief than litigation.
These statutory processes can co-exist with or precede a civil lawsuit, giving plaintiffs multiple avenues to address breaches.
If your privacy has been violated (or if you are defending against a privacy-related claim), Grigoras Law offers comprehensive representation throughout Ontario. We combine detailed legal analysis, effective advocacy, and a client-focused approach to safeguard your personal interests and autonomy. Our firm is dedicated to:
Disclaimer: The answers provided in this FAQ section are general in nature and should not be relied upon as formal legal advice. Each individual case is unique, and a separate analysis is required to address specific context and fact situations. For comprehensive guidance tailored to your situation, we welcome you to contact our expert team.
Based on Canadian law and legal precedents, specifically cases Jane Doe 464533 v. D. (N.) (“Jane Doe 2016) and Jane Doe 72511 v. N.M. (“Jane Doe 2018”), it is highly possible for you to sue someone who recorded a sexually explicit video of you without your consent, especially if it was then distributed on a large scale (such as on the internet). This could be a violation of your privacy rights, and it can potentially qualify as the tort of “Public Disclosure of Private Facts.”
According to the Restatement (Second) of Torts (2010) at 652D, this tort is defined as:
“One who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that (a) would be highly offensive to a reasonable person, and (b) is not of legitimate concern to the public.”
The key to this tort is the concept of publicity, meaning that the violation has been communicated on a large scale, such as through media to the public at large, rather than just to a small number of individuals.
According to the judgments in both Jane Doe 2016 and Jane Doe 2018 cases, the courts recognized this tort and found the defendants liable for the non-consensual recording and public distribution of intimate, sexually explicit videos. The judges emphasized that what is offensive is not the recording of sexual acts per se, but the non-consensual publication or sharing of such recordings, especially if the person in the video did not want to share it with others.
To establish liability for this tort, a plaintiff must prove the following:
In both Jane Doe 2016 and Jane Doe 2018, the courts awarded the plaintiffs substantial damages: $50,000 for general damages, $25,000 for aggravated damages, and $25,000 in punitive damages.
It’s important to consult with a legal professional who can assess your situation based on the specifics of your case. However, given the recent precedents in Canadian law, it seems that you may have a strong case for suing someone who recorded and distributed a sexually explicit video of you without your consent.
While it can be unsettling to learn that you have been secretly recorded by your employer, the legality of this act depends on a number of factors, including jurisdiction, the employer’s intent, and the reason for the recording.
Under certain circumstances, it may be legally permissible for an employer to secretly record an employee, particularly if there is a reasonable suspicion of misconduct. This is especially the case in civil proceedings where the results of such surveillance can be considered relevant and admissible evidence unless there’s an application of another rule of evidence that excludes it. In other words, if an employer has a good reason to believe that an employee is engaged in prohibited conduct, such as sleeping on the job, video surveillance may be seen as justified.
The case of Richardson v. Davis Wire Industries Ltd. provides an important precedent in this context. In this wrongful dismissal action, the employer had received reports that an employee was sleeping at work and used surreptitious video surveillance to investigate these allegations. At trial, the plaintiff’s lawyer sought to bar the admission of the videotape, citing an invasion of privacy. The court, however, rejected the privacy argument, ruling that the video was admissible as evidence. This case indicates that even covertly obtained video surveillance can be considered evidence, depending on the circumstances.
That being said, it’s important to note that in the Richardson case, the judge expressed regret about the employer’s choice to secretly videotape the employee rather than confronting him directly. This suggests that while such secret recordings might sometimes be legally permissible, they may not always be seen as the best or most ethical approach to addressing workplace issues.
However, the circumstances of each case can differ significantly, and laws can also vary by jurisdiction. Therefore, this information should not be considered definitive legal advice, but rather a general understanding of how such situations can potentially be handled in a legal context. If you find yourself in such a situation, it would be beneficial to consult with a qualified lawyer who can provide advice based on the specific facts of your case and your local jurisdiction’s laws.
Under Canadian law, the simple answer to whether a prospective employer is allowed to Google you is “Yes.” This includes Google searching, viewing your Facebook or Twitter feed, or any other form of online search about potential candidates. This is the modern equivalent of the longstanding accepted practice of asking a job candidate for letters of reference. In essence, employers are generally free to learn as much about a candidate as possible.
However, it’s important to note that there are privacy-related considerations that may limit these kinds of inquiries. For instance, using British Columbia as an example, the collection, use, and disclosure of personal information retrieved from social media about a job candidate is subject to the province’s privacy legislation. This includes the Freedom of Information and Protection of Privacy Act for public bodies, and the Personal Information Protection Act for private employers. Under these types of provincial legislation, employers are only entitled to collect information that a reasonable person would consider appropriate in the circumstances, and they must ensure it is accurate.
While there is no legal obligation for the employer to advise the candidate of how a search might be conducted, or how the results were used, shared, or interpreted upon hiring, there are significant privacy-specific constraints that employers need to heed.
Prospective employers can legally review publicly available information about you on the internet, including your social media profiles (Facebook, Twitter, Instagram, Snapchat, etc.), photos, written material, and other media, personal websites, including blogs and visual media. This information can provide a detailed glimpse into a candidate’s non-work life and may influence hiring decisions. However, employers should keep in mind that this information, while publicly available, tends to be personal or semi-private and may not necessarily be geared toward demonstrating job suitability.
Employers may glean certain characteristics about a candidate from their social media profiles, such as their community participation, creativity, good judgment, compassion towards public-interest, and social justice issues, to name a few. Conversely, employers may also find reasons not to hire a candidate based on their social media content, such as inappropriate photos, negative comments about previous employers, illegal drug use or excessive drinking, discriminatory language or affiliations, and others. As long as these considerations are not influenced by factors that form prohibited grounds of discrimination, an employer is entitled to consider them when making a hiring decision.
However, employers should not demand access to a job candidate’s social media accounts as part of the interview process. The Ontario Human Rights Commission has issued a statement warning employers that asking candidates for social media passwords may contravene the Human Rights Code provisions that prohibit discrimination arising from a written or oral form of employment application or inquiry. Furthermore, Facebook’s Terms of Service expressly prohibit users from sharing their passwords or accessing someone else’s account.
In conclusion, while prospective employers are allowed to conduct independent online searches for information about potential candidates, they must ensure that these searches abide by the legal requirements and respect the privacy of the candidates. They should also be careful not to use any information found on social media to discriminate against a candidate based on the prohibited grounds outlined in human rights legislation.
Yes, Canada has laws that can protect your child against cyberbullying and potentially help prosecute individuals responsible for this behaviour. These laws encompass privacy torts, defamation, and specific anti-cyberbullying and “revenge porn” regulations.
1. Privacy Laws and Torts
Several Canadian provinces have legislation or case law that explicitly recognizes the existence of a tort of violation of privacy. This includes Ontario, British Columbia, Saskatchewan, Manitoba, and Newfoundland and Labrador, each of which have Privacy Acts stating that it’s a tort to willfully violate another’s privacy without a claim of right. This can include eavesdropping or surveillance, which could apply to cyberbullying in certain contexts.
The notion of “public interest” often guides these cases, helping courts strike a balance between privacy rights and freedom of expression. In instances of conflict, public interest may enable courts to assess whether the public has a genuine stake in the disclosed private information.
2. Defamation
Defamation can be another avenue to address cyberbullying, especially when false injurious statements are made online. Even if the harmful information published is true, the Ontario Privacy Commissioner (OPC) has raised concerns about these laws’ limitations as a tool to address reputational harm. For example, in common law jurisdictions, recovery for defamation is barred if the statements are true, regardless of their potential to cause embarrassment or the level of malice intended.
In Quebec, the legal framework is a little different. The information revealed to the public must not only be true or accurate; it must also be necessary to convey the content in which the public has a “legitimate interest.” This additional layer of protection further enhances the safeguarding of individuals’ reputations.
3. Anti-Cyberbullying and “Revenge Porn” Laws
Canadian laws have evolved to address the increasing prevalence of cyberbullying and “revenge porn.” Both Parliament and provincial legislatures have enacted measures to address these issues, and courts have recognized the existence of new common law torts.
One landmark case in this area is B. (A.) v. Bragg Communications Inc., in which the Supreme Court of Canada acknowledged the importance of protecting young people’s privacy rights due to the extensive, direct, and harmful consequences of cyberbullying.
The Protecting Canadians from Online Crime Act, in force since 2014, amended the Criminal Code to introduce a new offence of non-consensual distribution of intimate images, along with complementary amendments that allow for the removal of such images from the Internet.
Several provinces have also enacted specific laws against “revenge porn” and cyberbullying, including Manitoba, Nova Scotia, Newfoundland, and Alberta. Additionally, courts have recognized the existence of other privacy-related common law torts in the context of “revenge porn.” You can read our Blog Post on the topic.
Search engines like Google, Microsoft, and Yahoo have also taken action against revenge porn by allowing victims to have it removed from search results associated with their names.
In summary, while there’s no specific “cyberbullying” law in Canada, various elements of the Canadian legal system can be used to protect individuals, including minors, from online harassment, defamation, and violation of privacy. The nature of the case, evidence available, and jurisdiction involved would determine which laws are most relevant. Always consult with a legal professional for specific guidance related to your situation.
Often, no. Consent is typically limited to the specific purpose disclosed at the time of collection. If, for example, you agreed to let a company store your data for membership verification, that does not necessarily allow them to sell or share it for targeted advertising. Courts and Privacy Commissioners examine the scope of consent carefully. If usage deviates from what you agreed to, you may have grounds for a privacy complaint or lawsuit.
Yes, organizations in Ontario can be held liable for privacy breaches committed by their employees under certain circumstances. This liability is typically addressed through the doctrine of vicarious liability, where an employer is held responsible for the actions of its employees if those actions occur in the course of their employment.
For an organization to be vicariously liable for a privacy breach, the following conditions generally need to be met:
Employee-Employer Relationship: There must be a clear employee-employer relationship. This includes situations where the employee was acting within the scope of their employment when the breach occurred.
Connection to Employment: The privacy breach must be sufficiently connected to the employee's duties or tasks as assigned by the employer. This means the employee’s actions were related to their job responsibilities, even if those actions were unauthorized or contrary to the employer's instructions.
Reasonable Foreseeability: It must be reasonably foreseeable that the employee’s actions could result in a privacy breach. If an organization fails to implement adequate safeguards or oversight, it may increase its risk of liability.
Organizations can mitigate potential liability by implementing strong privacy policies, training employees on data protection practices, and establishing procedures for monitoring and auditing access to personal information. If a breach occurs, promptly addressing the issue and taking corrective measures can also influence the extent of liability.
If an individual believes their privacy was breached by an organization’s employee, they should document the incident and consult with legal counsel to explore potential claims against the organization for intrusion upon seclusion or any other applicable legal remedies.
Generally, privacy torts are designed to protect individual interests—like personal autonomy or emotional well-being—rather than corporate identity. However, businesses sometimes pursue related claims under trademark, passing off, or breach of confidence if their brand or proprietary information is misused. In rare scenarios, a corporate representative’s personal likeness might be at stake, and if so, a combined approach using privacy torts and business torts may be warranted.
Ontario courts often evaluate if the disclosed information contributes meaningfully to public understanding of a significant issue—like political corruption or public health crises. If so, news outlets might invoke the public interest defence, arguing they only revealed essential personal details and avoided sensational or irrelevant material. The threshold involves balancing the article’s societal importance against the intrusion’s severity. Sensational or prurient revelations with negligible public value usually fail under this defence.
Defamation generally requires a false statement harming someone’s reputation. False light can involve inaccuracies or omissions that misrepresent a person’s private life, causing distress or humiliation, even if it does not directly harm their standing in the community. A defamation claim focuses on reputational damage, whereas false light zeroes in on the personal affront of being portrayed in a misleading manner—even if the statements do not strictly slander or libel the plaintiff.
If the defendant disregards a court order to remove private material or stop disclosure, they risk being found in contempt of court. This can result in fines or imprisonment. Plaintiffs can return to court to report ongoing violations, potentially receiving further remedial orders. In an online context, plaintiffs may also seek assistance from platforms, hosting services, or domain registrars to remove content or block certain webpages, leveraging the court’s injunctive authority.
Grigoras Law provides smart, strategic counsel in civil litigation, business law, and appeals across Ontario.
Smart, Strategic Counsel.
GRIGORAS LAW - Civil Litigation and Business Lawyers Toronto © 2025 All Right Reserved
our team of experienced lawyers are at your service
