Knowledge Centre

The New Tort Relating to Invasion of Privacy: Insurance Implications

FIRM:Blaney McMurtry LLP
JURISDICTION:Ontario
DATE:INTRODUCTION The Ontario Court of Appeal’s January decision in Jones v. Tsige 2012 ONCA 32 recognized the tort of “intrusion upon seclusion”  as a cause of action in Ontario. This decision may have significant  implications for policyholders and  insurers. Formal recognition of the tort in Ontario marks a significant legal development.  However, American jurisdictions have recognized the tort for over a century.  The American experience in the area of privacy have influenced the drafting of Canadian liability policies for decades.  For example, the personal and advertising liability section of many commercial general liability (“CGL”) policies extends coverage to “invasion of a right of privacy”.   The Court of Appeal Tsige decision was also influenced heavily by the approach taken many U.S. jurisdictions. The authors anticipate that Canadian insurers will face, with increasing frequency, coverage demands in respect of underlying litigation. Policyholders will with increasing frequency claim that an underlying matter alleges an  "intrusion upon seclusion" or analogous privacy tort.  The purpose of this article is twofold.  First, we explain the nature of Ontario’s latest tort.  Secondly, we address the availability of CGL coverage for such privacy offences. JONES V. TSIGE   Jones and Tsige (pronounced “see-gay”) worked at different branches of the Bank of Montreal.   Ms. Tsige was in a relationship with the Plaintiff’s former husband.  She  became embroiled in a financial dispute with him.  Over the course of about four years Ms. Tsige accessed the bank records of the Plaintiff no less than 174 times, stating  she wanted to determine if he was making child support payments.   The information accessed included transaction details, personal information such as birthdate, marital status and address information. Ms. Tsige did not publish, distribute or record the information in any matter.   However, the Plaintiff asserted that Ms. Tsige’s conduct “irreversibly destroyed” her privacy and confidentiality interest in her banking information. Further, Ms. Tsige’s conduct was contrary to BMO’s Code of Ethics and policies. Ms. Tsige was suspended by BMO for one week without pay and denied a bonus as a result. Jones proceed by way of simplified procedure seeking $70,000 for invasion of privacy and breach of fiduciary duty, $20,000 for punitive and exemplary damages and a permanent injunction to restrain further breaches by Ms. Tsige.  Jones moved for summary judgement and Ms. Tsige filed a cross motion for summary judgement pointing out there were various statutes enacted in other provinces that created statutory torts dealing with the protection of privacy and that Ontario was not one of those jurisdictions. The court of first instance concluded Judge Whitaker concluded that privacy is not an area of law that requires “judge made” rights and obligations as there are statutory schemes that govern privacy issues.  At paragraph 57 of the lower court’s decision, Justice Whitaker held there was no tort of invasion of privacy in Ontario and awarded costs against Jones for $35,000. The Court of Appeal did not agree. Justice Robert Sharpe, writing for the three panel court, overturned the motion judge’s decision awarding summary judgment to Jones noting that the existence of legislation is not a sound basis to refuse to recognize the emerging tort of intrusion upon seclusion.   Sharp J.A. noted it would take a strange interpretation to infer from the statutes a legislative intent to supplant or halt the development of the common law in the privacy area. In respect of the federal PIPEDA, Sharpe J.A. noted that it dealt with organizations and does not speak to the existence of a civil cause of action in the province.   By forcing Jones to file a PIPEDA complaint against BMO would require her to lodge a complaint against her own employer instead of Tsige.  Moreover, since Tsige acted as a rouge employee contrary to BMO’s policy, it was noted that BMO may have had a complete answer to the complaint. In respect of Ontario’s privacy legislation, it dealt with the freedom of information and protection of certain private information with respect to government or other public institutions and has nothing to do with the right of action between individuals. The Court canvassed the history and state of personal causes of action protecting privacy interest in Canada, the United States as well as Commonwealth jurisdictions.  Ultimately, the Court held it was appropriate to recognize a broadly expressed tort in line with American law.  Expressly motivated by the Court’s sense that the facts presented a situation that “cried out for a remedy”, Sharpe J.A. described the nature of the tort of intrusion upon seclusion at paragraphs 70 and 71 of his reasons as follows: I would essentially adopt as the elements of the action for intrusion upon seclusion the Restatement (Second) of Torts (2010) formulation which, for the sake of convenience, I repeat here: One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person. The key features of this cause of action are, first, that the defendant’s conduct must be intentional, within which I would include reckless; second that the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and third, that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. However, proof of harm to a recognized economic interest is not an element of the cause of action. I return below to the question of damages, but state here that I believe it important to emphasize that given the intangible nature of the interest protected, damages for intrusion upon seclusion will ordinarily be measured by a modest conventional sum. The Court expressed concern over having created the opportunity for a flood of litigation from opportunist plaintiffs.  It may be that this concern motivated the Court to comment on limits to the scope of the tort, and establish limits to the damages available as a remedy.  In respect of limitations on the scope of the tort, the Court wrote at paragraph 72: These elements make it clear that recognizing this cause of action will not open the floodgates. A claim for intrusion upon seclusion will arise only for deliberate and significant invasions of personal privacy. Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive The Court did allow for awards of “symbolic” or “moral” damages in cases where the plaintiff did not sustain pecuniary loss.   The Court noted that provable actual loss to the plaintiff is not an element of the tort.   However,  the Court expressly indicated the limit for such “symbolic” or “moral” damages would be $20,000.  This number will likely be subject to inflation going forward. Furthermore, damages could also be awarded on an uncapped pecuniary basis. In conducting its damages analysis the Court of Appeal effectively adopted the factors identified in Manitoba Privacy Act govern damages analysis:

1.       the nature of the defendant’s wrongful act; 2.       the effect of the wrong on the plaintiff’s health, welfare, social, business or financial position; 3.    any relationship between the parties; 4.       any distress, annoyance or embarrassment suffered by the plaintiff; and 5.       the conduct of the parties, both before and after the wrong, including any apology or offer of amends made by the defendant.

Applying these factors to the facts before the Court, Justice Sharpe determined that a $10,000 award would be appropriate.  Furthermore, the Court decided that Jones was not entitled to a cost award.  The writers note that it is likely Jones’ award was less than her legal fees. TYPES OF PRIVACY INTERESTS Prior to reviewing the coverage jurisprudence, we briefly identify the legal foundation of the privacy interests which underlie the formulation in the Restatement (Second) of Torts (now forming the basis of the tort in Ontario). Scholars trace the modern American invasion of privacy tort to the writings of law partners Samuel Warren and (future U.S. Supreme Court Justice) Louis Brandeis.  Their Harvard Law Review Article The Right to Privacy1 outlined the evolution of the law towards recognition of the private sphere, and a privacy tort to defend it.  Their conceptualization would reserve to the individual the right to limit the access of others to the individual’s personal affairs.   They wrote:

Thus, in the very early times, the law gave a remedy only for physical interference with life and property, for trespass vi et armis. Then the “right to life” served only to protect the subject from battery in its various forms; liberty meant freedom from actual restraint; and the right to property secured to the individual his lands and his cattle. Later, there came a recognition of a man's spiritual nature, of his feelings and his intellect. Gradually the scope of these legal rights broadened; and now the right to life has come to mean the right to enjoy life — the right to be let alone; the right to liberty secures the exercise of extensive civil privileges; and the term “property” has grown to comprise every form of possession — intangible, as well as tangible

The tort they proposed would create legal protection for the individual to decide “whether that which is [theirs] shall be given to the public”.2 In 1960, scholar and Reporter for the Second Restatement on Torts, William Prosser identified four distinct forms of invasion of privacy, which were widely accepted by American courts:

(i) intrusion upon the plaintiff's seclusion or solitude, or into his private affairs; (ii) public disclosure of embarrassing private facts about the plaintiff; (iii)publicity which places the plaintiff in a false light in the public eye; and (iv) appropriation, for the defendant's advantage, of the plaintiff's name or likeness.

In 2010 § 652B of the Restatement (Second) of Torts, which reflects tort protection of privacy rights, was updated to better reflect the modern expansion in potential privacy violations.  The formulation is virtually identical to that adopted by Justice Sharpe.  Restatement § 652B now states:

One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.

Canadian law is not devoid of torts relating to invasion of privacy.  Justice Sharpe noted a series of judicial decisions protecting the individual’s right to privacy: Saccone v. Orr (1981), 34 O.R. (2d) 317 (Co. Ct.), (recording of a private conversation without the knowledge or consent of the plaintiff);   Roth v. Roth (1991), 4 O.R. (3d) 740 (Gen. Div) (interference with the plaintiffs’ ability to use and enjoy their cottage property);  Athans v. Canadian Adventure Camps Ltd. (1977), 17 O.R. (2d) 425 (H.C.J.)  (reproduction of a distinctive photograph of the plaintiff water skiing). Further, some provinces, for example British Columbia, Manitoba, Saskatchewan, and Newfoundland and Labrador, have enacted statutes which address privacy. INSURANCE DEFENCE IMPLICATIONS ARISING FROM JONES V. TSIGE It is clear that modern concepts of privacy, and more importantly, the concept of what constitutes a violation of privacy, have expanded beyond the fixed parameters of Prosser’s four forms of privacy violations.  Ontario tort law had not kept pace.  Justice Sharpe’s review of the Canadian case law which employed tort law to protect individual privacy rights demonstrates how narrow that tort protection has traditionally been. The Ontario Court of Appeal’s decision broadens the reach of the tort considerably.  A plaintiff must establish only three broadly drawn elements:
  1. the defendant’s conduct must be intentional or reckless;
  2. the invasion, without lawful justification, the plaintiff’s private affairs or concerns; and
  3. a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish
Policyholders and insurers will  watch with interest as each of these factors is reviewed by courts, and the scope of each is determined.  Perhaps none will be so closely watched as the development of the term “private affairs or concerns”.  What constitutes “private affairs and concerns”?  The Jones decision clearly demonstrates that bank accounts fall within the scope of the term. The application of the tort in the context of social media will undoubtedly give rise to interesting case law.    Can a Facebook page or Twitter account, where a person may have hundreds or thousands of “friends” or “followers”, constitute “private affairs or concerns”?  Does spam email constitute an “invasion” of a person’s privacy?  What about taking a picture of a neighbour sunbathing in their back yard?  Must the content be objectively private or subjectively private?  Does the tort restrict the abilities of the corporations that host social media sites to use or access user data? Despite Justice Sharpe’s effort to provide examples of the Court’s intended limits of the term, the scope of “private affairs and concerns” is unlikely to be capable of specific restriction.  One of the United States’ leading thinkers on privacy, Donald J. Solove recently published an article in the Chronicle of Higher Education in which he described privacy as a “plurality of different things”:

Most attempts to understand privacy do so by attempting to locate its essence—its core characteristics or the common denominator that links together the various things we classify under the rubric of "privacy." Privacy, however, is too complex a concept to be reduced to a singular essence. It is a plurality of different things that do not share any one element but nevertheless bear a resemblance to one another. For example, privacy can be invaded by the disclosure of your deepest secrets. It might also be invaded if you're watched by a peeping Tom, even if no secrets are ever revealed. With the disclosure of secrets, the harm is that your concealed information is spread to others. With the peeping Tom, the harm is that you're being watched. You'd probably find that creepy regardless of whether the peeper finds out anything sensitive or discloses any information to others. There are many other forms of invasion of privacy, such as blackmail and the improper use of your personal data. Your privacy can also be invaded if the government compiles an extensive dossier about you.

Privacy, in other words, involves so many things that it is impossible to reduce them all to one simple idea.3

A further concern is the inclusion of “reckless” within the scope of conduct which can trigger the tort.  In what circumstances will loss of financial information from a financial institution, health related information from a health care provider,  educational information from schools, colleges and universities, or electronic usage information from internet providers constitute reckless conduct?  If a bank has insufficient firewall protection on its electronic systems, has it been “reckless” when it gets hacked?  Is a hospital “reckless” when medical records are found in a dumpster?  In such circumstances where the victims may number in the hundreds or thousands, the Court’s limitation on damages to $20,000 may not be as much protection as it seems on first review.  Of course, damages can be higher in cases where pecuniary loss has been proven. Ultimately, we believe in light of the Court’s moral damages cap, a surge of privacy cases is unlikely.  Rather the tort will most likely be referred to in pleadings that raise other torts.  Outside of the class action context and cases where there are provable pecuniary losses, the cost benefit of privacy litigation will likely discourage plaintiffs from bringing intrusion upon seclusions suits.  Having said this, corporations doing business in Ontario may have to revisit their corporate policies in respect of privacy issues.  The tort could also give rise to issues in cases involving unwanted surveillance, unreasonable search and seizures by the police, cyber bullying and investigative journalism. INSURANCE COVERAGE IMPLICATIONS ARISING FROM JONES V. TSIGE These concerns are particularly acute for insurers and their policyholders.  Intrusion upon seclusion considerably broadens the potential scope of liability faced by each.  The American experience is informative of what Canadian insurers and policyholders may expect. I)  Publication or Making Known Material that Violates a Person’s Right of Privacy The narrow traditional view of actionable invasion of privacy was reflected in the coverage contained in Canadian policy forms.  Policies issued in Canada, often provide very circumscribed protection to their policyholders for invasion of privacy interests.  The coverage found in the IBC Form 2100 is limited to “oral or written publication, in any manner, of material that violates a person’s right of privacy”. “Publication” (i.e.  making information known to a third person) is not an element of the tort.  There is a great deal of actionable conduct which will not fall within the scope of the tort. By way of example, Ms. Tsige’s conduct almost certainly would not have fallen within this coverage.  This policy structure or limitation may be of concern to policyholders who may have considerable uninsured potential liability. Insurers, none-the-less  should be concerned about this judicial development for numerous reasons.  First, the duty to defend is triggered when an allegation, if proven true, would potentially fall within the scope of the coverage provided.  Reckless conduct can trigger personal injury coverage (as, in some circumstances, can intentional conduct).   The cost of defence of tort invasion litigation has proven significant in US jurisdictions. Further, one need only look to the American experience to find examples of claims which could or are advocated to fall within the scope of coverage.   Leaving aside defence cost issues, tort invasion claims have generated significant coverage litigation in the Unites States. A claim that a policyholder sent unsolicited emails to an individual’s private email account could conceivably trigger coverage.  Sending an email would be intentional (satisfying the first factor); a private email account is arguably the individual’s private affair or concern (satisfying the second element); and depending on the content of the email, a person may regard the invasion as being “highly offensive” and “distressing” (the third element).  By sending the email to the recipient, the sender is arguably “publishing” the email.  Coverage is potentially triggered. A demand for cover may well be asserted. One need look no further than the “Blast Fax” claim litigation  which followed, in the United State,  passage of the Telephone Consumer Protection Act (“TCPA”) passed by Congress in 1991.  The TCPA forbids sending unsolicited faxes from being sent to consumers. The policyholder, who finds itself the subject of a Blast Fax suit, typically tenders the claim to its CGL insurer. It is submitted that defence and, should liability be imposed, indemnity is payable pursuant to the Personal and/or Advertising Injury section of the CGL policy. In particular it is typically submitted that the communications constitute a violation of a right of privacy. The communication is often said to violate a right to seclusion (intrusion upon the plaintiff's seclusion or solitude). A person's right to seclusion is infringed when he or she is disturbed by an unwanted interruption. When an unsolicited fax arrives, the person who receives it has had his or her right to seclusion breached. The right of a policyholder, named as a defendant in the Blast Fax suit, to coverage is dependent, in the first place, upon the precise wording of the CGL policy. For example, Courts have generally interpreted the words "making known to any person or organization written or spoken materials that violates an individual's right of privacy" differently from "oral or written publication, in any manner, of material that violates a person's right of privacy". The former offence definition has been held generally not to trigger a coverage obligation. The latter phrase has frequently been held to require defence of a Blast Fax claim. Of interest, the latter language is generally employed in the 2005 revision of the IBC Form 2100. In addition the outcome of a coverage demand is frequently dependent upon the Court's determination of whether communication of an unsolicited Blast Fax violates a "right to seclusion" or "right to secrecy". This distinction can be seen in review of two American cases:  Hooters of Augusta Inc. v. American Global Ins. Co4. and Cynosure, Inc. v St. Paul Fire& Marine5. In Hooters of Augusta, the Hooters restaurant chain in Georgia was sued for having bought advertising space on flyers faxed to businesses in Augusta Georgia.  The fax transmissions violated the TCPA, exposing Hooters to a trebled damages fine of $1500 per fax (the ultimate fine amounting to more than $11,000,000).  The definition of personal injury in the Hooters policy included “oral or written publication of material that violates a person’s right to privacy”.  The 11th Circuit determined that the claim fell within the scope of the personal injury coverage:

American Global claims, however, that even if the TCPA protects privacy rights, the insurance contract’s reference to “oral or written publication of material that violates a person’s right to privacy” does not cover Hooters’s conduct because there was no act of “publication.” American Global first says that an intrusion into the private sphere fundamentally contradicts the very notion of “publication,” which suggests a public act of dissemination of information.  This argument simply conflates two distinct perspectives. The act of transmitting an unsolicited fax indeed involves a public act by the sender. But the act is thought to violate the recipient’s privacy. There is no contradiction. The conduct by which Hooters was found to violate the TCPA, and for which it now seeks coverage under the insurance policy, is using a fax machine “to send an unsolicited advertisement.”

American Global also argues that we should interpret the term “publication” in a narrow, legal sense, as an element of three privacy-related torts: public disclosure of private facts, portrayal of a plaintiff in a false light, and misappropriation. As we have noted, though, Georgia law suggests that a reviewing court must consider both the ordinary and legal meanings of a term in an insurance contract and, when faced with ambiguity, adopt the interpretation that favors greater coverage. While it may be reasonable to read the terms “publication” and “privacy” in a technical legal sense, it is at least equally plausible to read both terms in their ordinary non-technical sense. Plainly, Georgia law directs us to adopt the interpretation that favors greater coverage.

Hooters’s conduct amounted to an act of “publication” in the ordinary sense of the word. American Global cites three definitions of the term “publish” found in Webster’s Ninth New Collegiate Dictionary: “to make generally known,” “to make public announcement,” and “to place before the public: disseminate.” Webster’s  Ninth New Collegiate Dictionary 952 (1984). Hooters purchased advertising space on weekly fliers disseminated by fax to nearly 8,000 businesses. This course of conduct squarely fits at least the third of American Global’s definitions and arguably fits the other two as well. Notably, the dictionary that American Global cites also includes a fourth definition of “publish” not mentioned in the appellants’ brief: “to produce or release for publication; specif[ically] : print.” Id. Hooters’s conduct fits this definition even more closely

This decision stands in contrast to the 1st Circuit’s decision in Cynosure (notably authored by Former U.S. Supreme Court Justice David Souter, sitting by special appointment).  Cynosure, like Hooters before it, was alleged to have sent unsolicited advertising faxes to consumers in violation of the TCPA.  Cynosure’s policy with St. Paul, however,  defined the covered personal injury coverage offence as “making known to an person or organization covered material that violates a person’s right of privacy”. Justice Souter determined that the claim did not fall within the scope of coverage.  He noted that the effect of the “making known” formulation was different from the “publication” formulation . The structure of the “making known” form implies that the content of the transmission must be reviewed in order to determine whether or not the communication included disclosure of private information.  If the material was not of a confidential nature, violating the person’s privacy, coverage was not available:

By distinguishing “person” and “organization” and thus providing that a covered advertising injury occurs when an insured makes known to an “organization” some material that violates a “person’s” right of privacy, the policy provision describes a communication  to a recipient (organization) that violates the right of a non-recipient third party (person).  Since a mere intrusion into the recipient’s repose does not violate any right of a non-recipient, in practical terms this means that the communication to the recipient violates the non-recipient’s right of privacy only if it is a communication about the non-recipient.  In order to give rise to tort liability for violating the third party’s right of privacy, the material communicated must therefore reveal some fact the third party reasonably wishes to keep others from being told.

Policyholders and insurers should look to their forms to determine the scope of coverage provided. II) Intrusions on a Plaintiff’s Seclusion or Solitude Solitude or seclusion has been a hallmark of the right to privacy in American law, and is a central issue in coverage litigation.   The right of privacy has, in some jurisdictions, been very broadly construed.  For example in St. Paul Fire & Marine Ins. Co. v. Green Tree Financial Corp.6 Texas, mobile home purchasers made claims against the insured alleging wrongful debt collection, negligence, and a violation of legislation prohibiting deceptive trade practices. The Court held that the purchasers' allegations focusing upon the insured's placement of numerous rude and abusive telephone calls to them and to their family members potentially stated a cause of action for invasion of privacy. The CGL policy at issue provided personal injury coverage for "written or spoken material made public which violates an individual's right of privacy". The abusive phone calls violated a right of seclusion or solitude. However, policyholders have been frequently unsuccessful in establishing that circumstances in underlying litigation are actually based on privacy torts. In Nova Casualty Co. v. Able Construction7  the principal of a developer/contractor filed restrictive covenants on lots on which a home was built. The home was then sold to the plaintiffs. The plaintiffs then began to operate a psychotherapy business from the home. Subsequently, the architectural committee of the subdivision informed the plaintiffs that restrictive covenant barred the operation of the psychotherapy business and demanded that they cease running it. The plaintiffs refused, claiming that the developer/contractor principal had assured them that the subdivision's restrictive covenants would allow them to operate the psychotherapy business from their home. The architectural committee then proceeded to file an action against the plaintiffs. A Court ordered them to stop operating the business from their home. The plaintiffs sued the developer/contractor for misrepresentation. The developer/contractor, seeking coverage under its CGL policy, argued that the misrepresentation alleged against them fell within the concept of invasion of privacy. The plaintiff homeowners were not able to conduct themselves "in a private manner" in their home. The alleged misrepresentation had led to a Court order requiring them to alter their lifestyle within their home. There was a privacy infringement.  The Court held that coverage was not available to the developer/contractor. Specifically the underlying allegations did not fall within the advertising injury concept of "oral or written publication of material that violates a person's right of privacy". To find that the misrepresentation allegations fell within the privacy right would be to expand the definition of invasion of privacy beyond recognition. Allstate Ins. Co. v. Dana Corp.8 the liability policy in question covered injury arising out of "invasion of rights of privacy". The insured brought an application for declaratory judgment seeking coverage in connection with allegations that it had permitted the entry of contaminants onto the underlying plaintiff's property. The contaminants allegedly violated the plaintiff's right of seclusion thus triggering Personal Injury coverage. The Court held that the invasion of a plaintiff's right to privacy takes the form of intrusion upon the occupants "physical solitude or seclusion as by invading his home or conducting an illegal search". The entry of contaminants onto the plaintiff's land did not constitute an invasion of privacy of the kind for which coverage was to be provided under the policy. The Court noted that coverage would not have been provided if the insured had been alleged to have launched a missile onto the plaintiff's property. In Corn Ins. PLC v. Valsamis, Inc.9 the privacy provision in question provided coverage for injury arising from a "publication utterance ... in violation of an individual's privacy". Predicting the evolution of the Restatement, the Court held that in order for one to state a claim amounting to an invasion of the right to privacy on the basis of "intrusion", there must have been "an intentional intrusion upon the solitude or seclusion of another or his private affairs or concerns that are highly offensive to a reasonable person". The Court took the position that this type of invasion of privacy "is generally associated with either a physical invasion of a person's property or eavesdropping on another's conversation with the aid of wiretaps, microphones or spying". Since the underlying plaintiff made no such allegation in her complaint, alleging only that offensive comments and inappropriate advances had been made towards her, a cause of action for invasion of privacy had not been made out under Texas law. There was no coverage under the CGL policy for personal injury arising out of a publication or utterance in violation of an individual's right to privacy. In Allstate Ins. Co. v. Ginsberg10 an employer sought coverage under the Personal Injury section of the CGL policy. The employer was accused by the employee of sexual touching and sexually aggressive comments. The policyholder submitted that such conduct fell within the invasion of privacy offence. The Court held that the allegations did not fall within any of the four enumerated privacy categories. In particular there was not a claim advanced alleging intrusion of a right of seclusion or solitude. The offence required evidence of intrusion into a place for which there is a reasonable expectation of privacy. Such "place" does not include a body part. Coverage was denied to the employer. (III) Public Disclosure of Embarrassing Private Facts About the Plaintiff Policyholders have also sought coverage, under the privacy offence, alleging that the underlying allegations fall within the privacy category of public disclosure of embarrassing private facts. In Marleau v. Truck Ins. Exchange11 the CGL policy contained a typical personal injury privacy offence. Specifically the policy stated that personal injury arising from "oral or written publication of material that violates a person's right to privacy" constituted a personal injury offence. The policyholder was alleged to have intentionally inflicted emotional distress upon the plaintiff. The policyholder submitted that it was entitled to a defence under the personal injury section of the CGL policy. Verbal statements constituted a public disclosure of private facts about the plaintiff. The verbal disclosure also painted the plaintiff in a "false light". The Court dismissed the policyholder's claim for coverage. The privacy category in question requires that the facts disclosed be wrongful and false. The underlying litigation did not allege that the statements said to have been communicated by the policyholder were in fact false or wrong. In Ananda Church of Self Realization v. Everest Nat.Ins. Co.12 the policy in question provided coverage for personal injury arising out of "[o]ral or written publication of material that violates a person's right of privacy". The underlying litigation involved allegations of trespass onto private property and review of private documentation. The policyholder sought coverage under the personal injury section of the CGL policy. After listing the four violations of privacy actionable under California law, the Court held that only one, public disclosure of private facts, was covered by the policy in question. The Court held:

[The language of the coverage provision], which we find clear and unambiguous, covers only oral or written publications which violate a plaintiffs right to privacy. Allegations of privacy intrusion, such as placing the plaintiffs under surveillance, trespassing onto their property, and stealing or reading private documents are not publications, and thus are not even potentially covered by the policy.

A layperson reading [the coverage provision in question] would have no reasonable expectation that its coverage extended to privacy claims not involving publication or disclosure of private facts.

In Lextron, Inc. v. Travelers Cas. and Sur. Co. of America13 the insured was a veterinary products distributor. The insured's president sued the CGL insurer for breach of contract and bad faith for refusing to defend an action brought against the company by one of their customers. The customer complained of the sale of defective vaccines. The customer alleged, in retaliation, the insured president had attempted to persuade a bank to call the customer's loans immediately. The president suggested if it did not do so, the customer could do harm to the bank. The privacy offence was defined to include "[o]ral or written publication of material that violates a person's right to privacy". The Court held that because the customer alleged that the president only "publicized" his opinion to one person, the bank's representative, the allegations in question failed to satisfy the breach of privacy requirement. The customer's private matters were not sufficiently publicized. There was not a claim advanced respecting another's private life. (IV) Claims for Employment Discrimination or Sexual Harassment Innovative policyholders' counsel have endeavoured to secured coverage under the invasion of privacy offence for claims involving employment discrimination or sexual harassment.  In Transamerica Ins. Co. v. KMS Patriots, L.P.14  the plaintiff in the underlying action complained of alleged discriminatory comments made by a superior. The policyholder sought coverage under its CGL policy alleging that the conduct fell within an invasion of privacy offence. The Court held that the comments identified in the pleading did not amount to "unreasonable, substantial, or serious interference" with the employee's right of privacy, hi the circumstances the statutory definition of invasion of privacy could not be satisfied. There was no coverage entitlement. In Maine State Academy of Hair Design, Inc. v. Commercial Union Ins. Co.15  an employee brought a sexual harassment suit against her employer. The employee alleged that her employer negligently inflicted severe emotional distress through its extreme and outrageous conduct and discriminatory actions. As well, the employee lost her professional reputation. The employer sought coverage under a CGL policy which defined the personal injury offence as "[o]ral or written publication of material that violates a person's right to privacy". The Court determined that the insurer was obligated to defend. The allegations potentially fell within the invasion of privacy offence. In Fieldcrest Cannon, Inc. v. Fireman's Fund Ins. Co.16  the Court held that allegations of intimidation and harassment contained in a sexual discrimination and retaliatory discharge action brought by an employee did not constitute personal injury arising out of a "publication or utterance in violation of an individual's right of privacy". Thus the allegations did not satisfy the invasion of privacy requirements in the jurisdiction issue. In Cornhill Ins. PLC v. Valsamis, Inc.17, it was held that, under Texas law, a claim of sexual harassment did not constitute a "publication or utterance ... in violation of an individual's privacy". Coverage was not available under the privacy offence of the policy in question. In Owners Ins. Co. v. William Benjamin Trucking, Inc.,18 the CGL policy in question defined personal injury as injury arising out of, among other things, the "[o]ral or written publication of material that violates a person's right of privacy". The Court stated that the plaintiff employee did not allege that the employer had invaded his privacy. Rather, the plaintiff merely alleged that the actions of the employer constituted "an outrageous invasion of [the plaintiff's] personal rights". The plaintiff had not amended his complaint to state which personal rights were violated by the employer or to state clearly that the employer had invaded his rights to privacy. The Court held that the plaintiff's Complaint did not allege a personal injury as defined in the relevant policy. (V)  Inducing Others to Violate Another’s Right of Privacy Not Covered In Butts v. Royal Vendors, Inc.,19 it was held that allegations that an employer had induced a physician to breach his fiduciary duty towards one of the employer's employees did not fall within personal injury coverage for "[o]ral or written publication of material that violates a person's right of privacy". The Court found that in order for coverage to be available pursuant to this provision, the employee would have had to allege that the employer published material that invaded the employee's privacy. However, a fair reading of the employee's complaint suggested that the employer induced a third party physician to publish material that violated the employee's right of privacy. As the complaint did not allege that the employer itself published the material, coverage was not available. (VI) Coverage Available Only for Violations of Right to Privacy of Natural Persons, Not Organizations In Fibreboard Corp. v. Hartford Accident & Indemnity Co.20 the Court held that an organization does not enjoy privacy rights:

... [W]e concur with Hartford that the plaintiffs in the underlying cases have no protectable privacy interest because they are corporations, partnerships and public entities, not natural persons. "The right protected by the action for invasion of privacy is a personal right, peculiar to the individual whose privacy is invaded." (Rest.2d Torts, § 6521, com. a, at p. 403.) "A corporation, partnership or unincorporated association has no personal right of privacy." ( Id., com. c, at p. 403.) Therefore, as a matter of law the plaintiffs pursuing the underlying claims cannot state a cause of action for invasion of privacy.

In Heritage Mut. Ins. Co. v. Advanced Polymer Technology, Inc.,21 the insured argued that the plaintiff company's allegations of invasion of privacy were covered as injury arising from "oral or written publication of material that violates a person's right of privacy". The Court did not agree. The Court's reasoning was based in part on its conclusion that coverage for invasion of the rights of privacy under the insurance policy in question applied only where the privacy rights at issue were those of an individual and not of an organization. In Ananda Church of Self Realization v. Everest Nat. Ins. Co.,22 the relevant invasion of privacy provision provided coverage for personal injury arising out of "[o]ral or written publication of material that violates a person's right of privacy". The Court refused to find coverage in relation to the publication of facts embarrassing to a law firm because "neither a law firm nor any other business entity possesses a cause of action for violation of the right of privacy", since such right is vested exclusively in natural persons. The Court added that although the two individual plaintiffs had a right to privacy, none of the documents stolen could have disclosed shameful facts about the private life of cither of them because they were all "law firm documents" which revealed only "confidential attorney-client communications and other private information in their case files ..." It was stressed that the documents were firm documents stolen from the firm's business premises and pertaining to internal affairs of the firm. In the opinion of the Court, any disclosure of these documents to others could not have revealed "truthful but embarrassing private facts" about either individual plaintiff's past, much less facts which the average person would find offensive or objectionable. CONCLUSION Canadian Courts have not frequently been required to consider the availability or not of coverage for invasion of privacy. That situation appears to be about to change.  Canadian policyholders face the potential of suits based on the new tort of intrusion upon seclusion.   Canadian insurers can, in turn, anticipate demands for coverage focused on the right of privacy offence. Review of American jurisprudence suggests that the present IBC 2005 CGL form makes use of relatively broad offence language. Such language leaves open the question of whether innovative policyholder arguments, particularly in respect of the defence obligation, will trigger coverage under the right of privacy offence. Query whether this scope of this personal injury offence requires further "refinement" intended to limit the extent to which coverage may be available, or re-evaluation of the premiums charged for provision of such coverage. 1 4 Harv. L. Rev 193 (1890) 2 See Also:  Danielle Keats Citron, Mainstreaming Privacy Torts, 98 Cal. L. Rev 1804 (2010). 3 Daniel J. Solove: Why Privacy Matters Even if You Have ‘Nothing to Hide’; The Chronicle of Higher Education, May 15, 2011. 4 No. 04-11077, 2005 U.S. dist. LEXIS 26765 (llth Cir. Dec. 6, 2005) 5 2011 U.S. App. LEXIS 9713 (1st Cir. May 12, 2011). 6 249 F.3d 289 (C.A.5 (Tex.) 2001) 7 983 P.2d 575 (Utah 1999) 8 759 N.E.2d 1049 (Ind. 2001) 9 106 F.3d 80 (C.A.5 (Tex) 1997 10 351 F.3d 473 (C.A. 11 (Fla.) 2003) 11 37 P.3d 148 (Or. 2001) 12 2003 WL 205144 (Cal.App. 3 Dist 2003) 13 267 F.Supp.2d 1041 (D.Colo. 2003) 14 52 Mass.App.Ct. 189 (2001) 15 699 A.2d 1153 (Me. 1997) 16 124 N.C. App. 232 (1996) 17 106 F.3d 80 (C.A.5 (Tex) 1997) 18 2005 WL 1398836 (Ohio App. 9 Dist. 2005) 19 202 W.Va. 448 (1998) 20 16 Cal.App.4th 492 (Cal.App. 1 Dist 1993) 21 97 F.Supp.2d 913 (S.D.Ind. 2000) 22 2003 WL 205144 (Cal.App. 3 Dist 2003)June 2012
CATEGORIES:Articles, Class Action, Coverage, Directors And Officers, Errors & Omissions

INTRODUCTION

The Ontario Court of Appeal’s January decision in Jones v. Tsige 2012 ONCA 32 recognized the tort of “intrusion upon seclusion”  as a cause of action in Ontario. This decision may have significant  implications for policyholders and  insurers.

Formal recognition of the tort in Ontario marks a significant legal development.  However, American jurisdictions have recognized the tort for over a century.  The American experience in the area of privacy have influenced the drafting of Canadian liability policies for decades.  For example, the personal and advertising liability section of many commercial general liability (“CGL”) policies extends coverage to “invasion of a right of privacy”.   The Court of Appeal Tsige decision was also influenced heavily by the approach taken many U.S. jurisdictions.

The authors anticipate that Canadian insurers will face, with increasing frequency, coverage demands in respect of underlying litigation. Policyholders will with increasing frequency claim that an underlying matter alleges an  “intrusion upon seclusion” or analogous privacy tort.  The purpose of this article is twofold.  First, we explain the nature of Ontario’s latest tort.  Secondly, we address the availability of CGL coverage for such privacy offences.

JONES V. TSIGE  

Jones and Tsige (pronounced “see-gay”) worked at different branches of the Bank of Montreal.   Ms. Tsige was in a relationship with the Plaintiff’s former husband.  She  became embroiled in a financial dispute with him.  Over the course of about four years Ms. Tsige accessed the bank records of the Plaintiff no less than 174 times, stating  she wanted to determine if he was making child support payments.   The information accessed included transaction details, personal information such as birthdate, marital status and address information.

Ms. Tsige did not publish, distribute or record the information in any matter.   However, the Plaintiff asserted that Ms. Tsige’s conduct “irreversibly destroyed” her privacy and confidentiality interest in her banking information. Further, Ms. Tsige’s conduct was contrary to BMO’s Code of Ethics and policies. Ms. Tsige was suspended by BMO for one week without pay and denied a bonus as a result.

Jones proceed by way of simplified procedure seeking $70,000 for invasion of privacy and breach of fiduciary duty, $20,000 for punitive and exemplary damages and a permanent injunction to restrain further breaches by Ms. Tsige.  Jones moved for summary judgement and Ms. Tsige filed a cross motion for summary judgement pointing out there were various statutes enacted in other provinces that created statutory torts dealing with the protection of privacy and that Ontario was not one of those jurisdictions.

The court of first instance concluded Judge Whitaker concluded that privacy is not an area of law that requires “judge made” rights and obligations as there are statutory schemes that govern privacy issues.  At paragraph 57 of the lower court’s decision, Justice Whitaker held there was no tort of invasion of privacy in Ontario and awarded costs against Jones for $35,000. The Court of Appeal did not agree.

Justice Robert Sharpe, writing for the three panel court, overturned the motion judge’s decision awarding summary judgment to Jones noting that the existence of legislation is not a sound basis to refuse to recognize the emerging tort of intrusion upon seclusion.   Sharp J.A. noted it would take a strange interpretation to infer from the statutes a legislative intent to supplant or halt the development of the common law in the privacy area.

In respect of the federal PIPEDA, Sharpe J.A. noted that it dealt with organizations and does not speak to the existence of a civil cause of action in the province.   By forcing Jones to file a PIPEDA complaint against BMO would require her to lodge a complaint against her own employer instead of Tsige.  Moreover, since Tsige acted as a rouge employee contrary to BMO’s policy, it was noted that BMO may have had a complete answer to the complaint.

In respect of Ontario’s privacy legislation, it dealt with the freedom of information and protection of certain private information with respect to government or other public institutions and has nothing to do with the right of action between individuals.

The Court canvassed the history and state of personal causes of action protecting privacy interest in Canada, the United States as well as Commonwealth jurisdictions.  Ultimately, the Court held it was appropriate to recognize a broadly expressed tort in line with American law.  Expressly motivated by the Court’s sense that the facts presented a situation that “cried out for a remedy”, Sharpe J.A. described the nature of the tort of intrusion upon seclusion at paragraphs 70 and 71 of his reasons as follows:

I would essentially adopt as the elements of the action for intrusion upon seclusion the Restatement (Second) of Torts (2010) formulation which, for the sake of convenience, I repeat here:

One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.

The key features of this cause of action are, first, that the defendant’s conduct must be intentional, within which I would include reckless; second that the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and third, that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. However, proof of harm to a recognized economic interest is not an element of the cause of action. I return below to the question of damages, but state here that I believe it important to emphasize that given the intangible nature of the interest protected, damages for intrusion upon seclusion will ordinarily be measured by a modest conventional sum.

The Court expressed concern over having created the opportunity for a flood of litigation from opportunist plaintiffs.  It may be that this concern motivated the Court to comment on limits to the scope of the tort, and establish limits to the damages available as a remedy.  In respect of limitations on the scope of the tort, the Court wrote at paragraph 72:

These elements make it clear that recognizing this cause of action will not open the floodgates. A claim for intrusion upon seclusion will arise only for deliberate and significant invasions of personal privacy. Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive

The Court did allow for awards of “symbolic” or “moral” damages in cases where the plaintiff did not sustain pecuniary loss.   The Court noted that provable actual loss to the plaintiff is not an element of the tort.   However,  the Court expressly indicated the limit for such “symbolic” or “moral” damages would be $20,000.  This number will likely be subject to inflation going forward. Furthermore, damages could also be awarded on an uncapped pecuniary basis.

In conducting its damages analysis the Court of Appeal effectively adopted the factors identified in Manitoba Privacy Act govern damages analysis:

1.       the nature of the defendant’s wrongful act;
2.       the effect of the wrong on the plaintiff’s health, welfare, social, business or financial position;
3.    any relationship between the parties;
4.       any distress, annoyance or embarrassment suffered by the plaintiff; and
5.       the conduct of the parties, both before and after the wrong, including any apology or offer of amends made by the defendant.

Applying these factors to the facts before the Court, Justice Sharpe determined that a $10,000 award would be appropriate.  Furthermore, the Court decided that Jones was not entitled to a cost award.  The writers note that it is likely Jones’ award was less than her legal fees.

TYPES OF PRIVACY INTERESTS

Prior to reviewing the coverage jurisprudence, we briefly identify the legal foundation of the privacy interests which underlie the formulation in the Restatement (Second) of Torts (now forming the basis of the tort in Ontario).

Scholars trace the modern American invasion of privacy tort to the writings of law partners Samuel Warren and (future U.S. Supreme Court Justice) Louis Brandeis.  Their Harvard Law Review Article The Right to Privacy1 outlined the evolution of the law towards recognition of the private sphere, and a privacy tort to defend it.  Their conceptualization would reserve to the individual the right to limit the access of others to the individual’s personal affairs.   They wrote:

Thus, in the very early times, the law gave a remedy only for physical interference with life and property, for trespass vi et armis. Then the “right to life” served only to protect the subject from battery in its various forms; liberty meant freedom from actual restraint; and the right to property secured to the individual his lands and his cattle. Later, there came a recognition of a man’s spiritual nature, of his feelings and his intellect. Gradually the scope of these legal rights broadened; and now the right to life has come to mean the right to enjoy life — the right to be let alone; the right to liberty secures the exercise of extensive civil privileges; and the term “property” has grown to comprise every form of possession — intangible, as well as tangible

The tort they proposed would create legal protection for the individual to decide “whether that which is [theirs] shall be given to the public”.2

In 1960, scholar and Reporter for the Second Restatement on Torts, William Prosser identified four distinct forms of invasion of privacy, which were widely accepted by American courts:

(i) intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs;
(ii) public disclosure of embarrassing private facts about the plaintiff;
(iii)publicity which places the plaintiff in a false light in the public eye; and
(iv) appropriation, for the defendant’s advantage, of the plaintiff’s name or likeness.

In 2010 § 652B of the Restatement (Second) of Torts, which reflects tort protection of privacy rights, was updated to better reflect the modern expansion in potential privacy violations.  The formulation is virtually identical to that adopted by Justice Sharpe.  Restatement § 652B now states:

One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.

Canadian law is not devoid of torts relating to invasion of privacy.  Justice Sharpe noted a series of judicial decisions protecting the individual’s right to privacy: Saccone v. Orr (1981), 34 O.R. (2d) 317 (Co. Ct.), (recording of a private conversation without the knowledge or consent of the plaintiff);   Roth v. Roth (1991), 4 O.R. (3d) 740 (Gen. Div) (interference with the plaintiffs’ ability to use and enjoy their cottage property);  Athans v. Canadian Adventure Camps Ltd. (1977), 17 O.R. (2d) 425 (H.C.J.)  (reproduction of a distinctive photograph of the plaintiff water skiing).

Further, some provinces, for example British Columbia, Manitoba, Saskatchewan, and Newfoundland and Labrador, have enacted statutes which address privacy.

INSURANCE DEFENCE IMPLICATIONS ARISING FROM JONES V. TSIGE

It is clear that modern concepts of privacy, and more importantly, the concept of what constitutes a violation of privacy, have expanded beyond the fixed parameters of Prosser’s four forms of privacy violations.  Ontario tort law had not kept pace.  Justice Sharpe’s review of the Canadian case law which employed tort law to protect individual privacy rights demonstrates how narrow that tort protection has traditionally been.

The Ontario Court of Appeal’s decision broadens the reach of the tort considerably.  A plaintiff must establish only three broadly drawn elements:

  1. the defendant’s conduct must be intentional or reckless;
  2. the invasion, without lawful justification, the plaintiff’s private affairs or concerns; and
  3. a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish

Policyholders and insurers will  watch with interest as each of these factors is reviewed by courts, and the scope of each is determined.  Perhaps none will be so closely watched as the development of the term “private affairs or concerns”.  What constitutes “private affairs and concerns”?  The Jones decision clearly demonstrates that bank accounts fall within the scope of the term.

The application of the tort in the context of social media will undoubtedly give rise to interesting case law.    Can a Facebook page or Twitter account, where a person may have hundreds or thousands of “friends” or “followers”, constitute “private affairs or concerns”?  Does spam email constitute an “invasion” of a person’s privacy?  What about taking a picture of a neighbour sunbathing in their back yard?  Must the content be objectively private or subjectively private?  Does the tort restrict the abilities of the corporations that host social media sites to use or access user data?

Despite Justice Sharpe’s effort to provide examples of the Court’s intended limits of the term, the scope of “private affairs and concerns” is unlikely to be capable of specific restriction.  One of the United States’ leading thinkers on privacy, Donald J. Solove recently published an article in the Chronicle of Higher Education in which he described privacy as a “plurality of different things”:

Most attempts to understand privacy do so by attempting to locate its essence—its core characteristics or the common denominator that links together the various things we classify under the rubric of “privacy.” Privacy, however, is too complex a concept to be reduced to a singular essence. It is a plurality of different things that do not share any one element but nevertheless bear a resemblance to one another. For example, privacy can be invaded by the disclosure of your deepest secrets. It might also be invaded if you’re watched by a peeping Tom, even if no secrets are ever revealed. With the disclosure of secrets, the harm is that your concealed information is spread to others. With the peeping Tom, the harm is that you’re being watched. You’d probably find that creepy regardless of whether the peeper finds out anything sensitive or discloses any information to others. There are many other forms of invasion of privacy, such as blackmail and the improper use of your personal data. Your privacy can also be invaded if the government compiles an extensive dossier about you.

Privacy, in other words, involves so many things that it is impossible to reduce them all to one simple idea.3

A further concern is the inclusion of “reckless” within the scope of conduct which can trigger the tort.  In what circumstances will loss of financial information from a financial institution, health related information from a health care provider,  educational information from schools, colleges and universities, or electronic usage information from internet providers constitute reckless conduct?  If a bank has insufficient firewall protection on its electronic systems, has it been “reckless” when it gets hacked?  Is a hospital “reckless” when medical records are found in a dumpster?  In such circumstances where the victims may number in the hundreds or thousands, the Court’s limitation on damages to $20,000 may not be as much protection as it seems on first review.  Of course, damages can be higher in cases where pecuniary loss has been proven.

Ultimately, we believe in light of the Court’s moral damages cap, a surge of privacy cases is unlikely.  Rather the tort will most likely be referred to in pleadings that raise other torts.  Outside of the class action context and cases where there are provable pecuniary losses, the cost benefit of privacy litigation will likely discourage plaintiffs from bringing intrusion upon seclusions suits.  Having said this, corporations doing business in Ontario may have to revisit their corporate policies in respect of privacy issues.  The tort could also give rise to issues in cases involving unwanted surveillance, unreasonable search and seizures by the police, cyber bullying and investigative journalism.

INSURANCE COVERAGE IMPLICATIONS ARISING FROM JONES V. TSIGE

These concerns are particularly acute for insurers and their policyholders.  Intrusion upon seclusion considerably broadens the potential scope of liability faced by each.  The American experience is informative of what Canadian insurers and policyholders may expect.

I)  Publication or Making Known Material that Violates a Person’s Right of Privacy

The narrow traditional view of actionable invasion of privacy was reflected in the coverage contained in Canadian policy forms.  Policies issued in Canada, often provide very circumscribed protection to their policyholders for invasion of privacy interests.  The coverage found in the IBC Form 2100 is limited to “oral or written publication, in any manner, of material that violates a person’s right of privacy”.

“Publication” (i.e.  making information known to a third person) is not an element of the tort.  There is a great deal of actionable conduct which will not fall within the scope of the tort. By way of example, Ms. Tsige’s conduct almost certainly would not have fallen within this coverage.  This policy structure or limitation may be of concern to policyholders who may have considerable uninsured potential liability.

Insurers, none-the-less  should be concerned about this judicial development for numerous reasons.  First, the duty to defend is triggered when an allegation, if proven true, would potentially fall within the scope of the coverage provided.  Reckless conduct can trigger personal injury coverage (as, in some circumstances, can intentional conduct).   The cost of defence of tort invasion litigation has proven significant in US jurisdictions.

Further, one need only look to the American experience to find examples of claims which could or are advocated to fall within the scope of coverage.   Leaving aside defence cost issues, tort invasion claims have generated significant coverage litigation in the Unites States. A claim that a policyholder sent unsolicited emails to an individual’s private email account could conceivably trigger coverage.  Sending an email would be intentional (satisfying the first factor); a private email account is arguably the individual’s private affair or concern (satisfying the second element); and depending on the content of the email, a person may regard the invasion as being “highly offensive” and “distressing” (the third element).  By sending the email to the recipient, the sender is arguably “publishing” the email.  Coverage is potentially triggered. A demand for cover may well be asserted.

One need look no further than the “Blast Fax” claim litigation  which followed, in the United State,  passage of the Telephone Consumer Protection Act (“TCPA”) passed by Congress in 1991.  The TCPA forbids sending unsolicited faxes from being sent to consumers.

The policyholder, who finds itself the subject of a Blast Fax suit, typically tenders the claim to its CGL insurer. It is submitted that defence and, should liability be imposed, indemnity is payable pursuant to the Personal and/or Advertising Injury section of the CGL policy. In particular it is typically submitted that the communications constitute a violation of a right of privacy. The communication is often said to violate a right to seclusion (intrusion upon the plaintiff’s seclusion or solitude).

A person’s right to seclusion is infringed when he or she is disturbed by an unwanted interruption. When an unsolicited fax arrives, the person who receives it has had his or her right to seclusion breached.

The right of a policyholder, named as a defendant in the Blast Fax suit, to coverage is dependent, in the first place, upon the precise wording of the CGL policy. For example, Courts have generally interpreted the words “making known to any person or organization written or spoken materials that violates an individual’s right of privacy” differently from “oral or written publication, in any manner, of material that violates a person’s right of privacy”. The former offence definition has been held generally not to trigger a coverage obligation. The latter phrase has frequently been held to require defence of a Blast Fax claim. Of interest, the latter language is generally employed in the 2005 revision of the IBC Form 2100. In addition the outcome of a coverage demand is frequently dependent upon the Court’s determination of whether communication of an unsolicited Blast Fax violates a “right to seclusion” or “right to secrecy”.

This distinction can be seen in review of two American cases:  Hooters of Augusta Inc. v. American Global Ins. Co4. and Cynosure, Inc. v St. Paul Fire& Marine5.

In Hooters of Augusta, the Hooters restaurant chain in Georgia was sued for having bought advertising space on flyers faxed to businesses in Augusta Georgia.  The fax transmissions violated the TCPA, exposing Hooters to a trebled damages fine of $1500 per fax (the ultimate fine amounting to more than $11,000,000).  The definition of personal injury in the Hooters policy included “oral or written publication of material that violates a person’s right to privacy”.  The 11th Circuit determined that the claim fell within the scope of the personal injury coverage:

American Global claims, however, that even if the TCPA protects privacy rights, the insurance contract’s reference to “oral or written publication of material that violates a person’s right to privacy” does not cover Hooters’s conduct because there was no act of “publication.” American Global first says that an intrusion into the private sphere fundamentally contradicts the very notion of “publication,” which suggests a public act of dissemination of information.  This argument simply conflates two distinct perspectives. The act of transmitting an unsolicited fax indeed involves a public act by the sender. But the act is thought to violate the recipient’s privacy. There is no contradiction. The conduct by which Hooters was found to violate the TCPA, and for which it now seeks coverage under the insurance policy, is using a fax machine “to send an unsolicited advertisement.”

American Global also argues that we should interpret the term “publication” in a narrow, legal sense, as an element of three privacy-related torts: public disclosure of private facts, portrayal of a plaintiff in a false light, and misappropriation. As we have noted, though, Georgia law suggests that a reviewing court must consider both the ordinary and legal meanings of a term in an insurance contract and, when faced with ambiguity, adopt the interpretation that favors greater coverage. While it may be reasonable to read the terms “publication” and “privacy” in a technical legal sense, it is at least equally plausible to read both terms in their ordinary non-technical sense. Plainly, Georgia law directs us to adopt the interpretation that favors greater coverage.

Hooters’s conduct amounted to an act of “publication” in the ordinary sense of the word. American Global cites three definitions of the term “publish” found in Webster’s Ninth New Collegiate Dictionary: “to make generally known,” “to make public announcement,” and “to place before the public: disseminate.” Webster’s  Ninth New Collegiate Dictionary 952 (1984). Hooters purchased advertising space on weekly fliers disseminated by fax to nearly 8,000 businesses. This course of conduct squarely fits at least the third of American Global’s definitions and arguably fits the other two as well. Notably, the dictionary that American Global cites also includes a fourth definition of “publish” not mentioned in the appellants’ brief: “to produce or release for publication; specif[ically] : print.” Id. Hooters’s conduct fits this definition even more closely

This decision stands in contrast to the 1st Circuit’s decision in Cynosure (notably authored by Former U.S. Supreme Court Justice David Souter, sitting by special appointment).  Cynosure, like Hooters before it, was alleged to have sent unsolicited advertising faxes to consumers in violation of the TCPA.  Cynosure’s policy with St. Paul, however,  defined the covered personal injury coverage offence as “making known to an person or organization covered material that violates a person’s right of privacy”.

Justice Souter determined that the claim did not fall within the scope of coverage.  He noted that the effect of the “making known” formulation was different from the “publication” formulation . The structure of the “making known” form implies that the content of the transmission must be reviewed in order to determine whether or not the communication included disclosure of private information.  If the material was not of a confidential nature, violating the person’s privacy, coverage was not available:

By distinguishing “person” and “organization” and thus providing that a covered advertising injury occurs when an insured makes known to an “organization” some material that violates a “person’s” right of privacy, the policy provision describes a communication  to a recipient (organization) that violates the right of a non-recipient third party (person).  Since a mere intrusion into the recipient’s repose does not violate any right of a non-recipient, in practical terms this means that the communication to the recipient violates the non-recipient’s right of privacy only if it is a communication about the non-recipient.  In order to give rise to tort liability for violating the third party’s right of privacy, the material communicated must therefore reveal some fact the third party reasonably wishes to keep others from being told.

Policyholders and insurers should look to their forms to determine the scope of coverage provided.

II) Intrusions on a Plaintiff’s Seclusion or Solitude

Solitude or seclusion has been a hallmark of the right to privacy in American law, and is a central issue in coverage litigation.   The right of privacy has, in some jurisdictions, been very broadly construed.  For example in St. Paul Fire & Marine Ins. Co. v. Green Tree Financial Corp.6 Texas, mobile home purchasers made claims against the insured alleging wrongful debt collection, negligence, and a violation of legislation prohibiting deceptive trade practices. The Court held that the purchasers’ allegations focusing upon the insured’s placement of numerous rude and abusive telephone calls to them and to their family members potentially stated a cause of action for invasion of privacy. The CGL policy at issue provided personal injury coverage for “written or spoken material made public which violates an individual’s right of privacy”. The abusive phone calls violated a right of seclusion or solitude.

However, policyholders have been frequently unsuccessful in establishing that circumstances in underlying litigation are actually based on privacy torts.

In Nova Casualty Co. v. Able Construction7  the principal of a developer/contractor filed restrictive covenants on lots on which a home was built. The home was then sold to the plaintiffs. The plaintiffs then began to operate a psychotherapy business from the home. Subsequently, the architectural committee of the subdivision informed the plaintiffs that restrictive covenant barred the operation of the psychotherapy business and demanded that they cease running it. The plaintiffs refused, claiming that the developer/contractor principal had assured them that the subdivision’s restrictive covenants would allow them to operate the psychotherapy business from their home. The architectural committee then proceeded to file an action against the plaintiffs. A Court ordered them to stop operating the business from their home. The plaintiffs sued the developer/contractor for misrepresentation. The developer/contractor, seeking coverage under its CGL policy, argued that the misrepresentation alleged against them fell within the concept of invasion of privacy. The plaintiff homeowners were not able to conduct themselves “in a private manner” in their home. The alleged misrepresentation had led to a Court order requiring them to alter their lifestyle within their home. There was a privacy infringement.  The Court held that coverage was not available to the developer/contractor. Specifically the underlying allegations did not fall within the advertising injury concept of “oral or written publication of material that violates a person’s right of privacy”. To find that the misrepresentation allegations fell within the privacy right would be to expand the definition of invasion of privacy beyond recognition.

Allstate Ins. Co. v. Dana Corp.8 the liability policy in question covered injury arising out of “invasion of rights of privacy”. The insured brought an application for declaratory judgment seeking coverage in connection with allegations that it had permitted the entry of contaminants onto the underlying plaintiff’s property. The contaminants allegedly violated the plaintiff’s right of seclusion thus triggering Personal Injury coverage. The Court held that the invasion of a plaintiff’s right to privacy takes the form of intrusion upon the occupants “physical solitude or seclusion as by invading his home or conducting an illegal search”. The entry of contaminants onto the plaintiff’s land did not constitute an invasion of privacy of the kind for which coverage was to be provided under the policy. The Court noted that coverage would not have been provided if the insured had been alleged to have launched a missile onto the plaintiff’s property.

In Corn Ins. PLC v. Valsamis, Inc.9 the privacy provision in question provided coverage for injury arising from a “publication utterance … in violation of an individual’s privacy”. Predicting the evolution of the Restatement, the Court held that in order for one to state a claim amounting to an invasion of the right to privacy on the basis of “intrusion”, there must have been “an intentional intrusion upon the solitude or seclusion of another or his private affairs or concerns that are highly offensive to a reasonable person”. The Court took the position that this type of invasion of privacy “is generally associated with either a physical invasion of a person’s property or eavesdropping on another’s conversation with the aid of wiretaps, microphones or spying”. Since the underlying plaintiff made no such allegation in her complaint, alleging only that offensive comments and inappropriate advances had been made towards her, a cause of action for invasion of privacy had not been made out under Texas law. There was no coverage under the CGL policy for personal injury arising out of a publication or utterance in violation of an individual’s right to privacy.

In Allstate Ins. Co. v. Ginsberg10 an employer sought coverage under the Personal Injury section of the CGL policy. The employer was accused by the employee of sexual touching and sexually aggressive comments. The policyholder submitted that such conduct fell within the invasion of privacy offence. The Court held that the allegations did not fall within any of the four enumerated privacy categories. In particular there was not a claim advanced alleging intrusion of a right of seclusion or solitude. The offence required evidence of intrusion into a place for which there is a reasonable expectation of privacy. Such “place” does not include a body part. Coverage was denied to the employer.

(III) Public Disclosure of Embarrassing Private Facts About the Plaintiff

Policyholders have also sought coverage, under the privacy offence, alleging that the underlying allegations fall within the privacy category of public disclosure of embarrassing private facts.

In Marleau v. Truck Ins. Exchange11 the CGL policy contained a typical personal injury privacy offence. Specifically the policy stated that personal injury arising from “oral or written publication of material that violates a person’s right to privacy” constituted a personal injury offence. The policyholder was alleged to have intentionally inflicted emotional distress upon the plaintiff. The policyholder submitted that it was entitled to a defence under the personal injury section of the CGL policy. Verbal statements constituted a public disclosure of private facts about the plaintiff. The verbal disclosure also painted the plaintiff in a “false light”. The Court dismissed the policyholder’s claim for coverage. The privacy category in question requires that the facts disclosed be wrongful and false. The underlying litigation did not allege that the statements said to have been communicated by the policyholder were in fact false or wrong.

In Ananda Church of Self Realization v. Everest Nat.Ins. Co.12 the policy in question provided coverage for personal injury arising out of “[o]ral or written publication of material that violates a person’s right of privacy”. The underlying litigation involved allegations of trespass onto private property and review of private documentation. The policyholder sought coverage under the personal injury section of the CGL policy. After listing the four violations of privacy actionable under California law, the Court held that only one, public disclosure of private facts, was covered by the policy in question. The Court held:

[The language of the coverage provision], which we find clear and unambiguous, covers only oral or written publications which violate a plaintiffs right to privacy. Allegations of privacy intrusion, such as placing the plaintiffs under surveillance, trespassing onto their property, and stealing or reading private documents are not publications, and thus are not even potentially covered by the policy.

A layperson reading [the coverage provision in question] would have no reasonable expectation that its coverage extended to privacy claims not involving publication or disclosure of private facts.

In Lextron, Inc. v. Travelers Cas. and Sur. Co. of America13 the insured was a veterinary products distributor. The insured’s president sued the CGL insurer for breach of contract and bad faith for refusing to defend an action brought against the company by one of their customers. The customer complained of the sale of defective vaccines. The customer alleged, in retaliation, the insured president had attempted to persuade a bank to call the customer’s loans immediately. The president suggested if it did not do so, the customer could do harm to the bank. The privacy offence was defined to include “[o]ral or written publication of material that violates a person’s right to privacy”. The Court held that because the customer alleged that the president only “publicized” his opinion to one person, the bank’s representative, the allegations in question failed to satisfy the breach of privacy requirement. The customer’s private matters were not sufficiently publicized. There was not a claim advanced respecting another’s private life.

(IV) Claims for Employment Discrimination or Sexual Harassment

Innovative policyholders’ counsel have endeavoured to secured coverage under the invasion of privacy offence for claims involving employment discrimination or sexual harassment.  In Transamerica Ins. Co. v. KMS Patriots, L.P.14  the plaintiff in the underlying action complained of alleged discriminatory comments made by a superior. The policyholder sought coverage under its CGL policy alleging that the conduct fell within an invasion of privacy offence. The Court held that the comments identified in the pleading did not amount to “unreasonable, substantial, or serious interference” with the employee’s right of privacy, hi the circumstances the statutory definition of invasion of privacy could not be satisfied. There was no coverage entitlement.

In Maine State Academy of Hair Design, Inc. v. Commercial Union Ins. Co.15  an employee brought a sexual harassment suit against her employer. The employee alleged that her employer negligently inflicted severe emotional distress through its extreme and outrageous conduct and discriminatory actions. As well, the employee lost her professional reputation. The employer sought coverage under a CGL policy which defined the personal injury offence as “[o]ral or written publication of material that violates a person’s right to privacy”. The Court determined that the insurer was obligated to defend. The allegations potentially fell within the invasion of privacy offence.

In Fieldcrest Cannon, Inc. v. Fireman’s Fund Ins. Co.16  the Court held that allegations of intimidation and harassment contained in a sexual discrimination and retaliatory discharge action brought by an employee did not constitute personal injury arising out of a “publication or utterance in violation of an individual’s right of privacy”. Thus the allegations did not satisfy the invasion of privacy requirements in the jurisdiction issue.

In Cornhill Ins. PLC v. Valsamis, Inc.17, it was held that, under Texas law, a claim of sexual harassment did not constitute a “publication or utterance … in violation of an individual’s privacy”. Coverage was not available under the privacy offence of the policy in question.

In Owners Ins. Co. v. William Benjamin Trucking, Inc.,18 the CGL policy in question defined personal injury as injury arising out of, among other things, the “[o]ral or written publication of material that violates a person’s right of privacy”. The Court stated that the plaintiff employee did not allege that the employer had invaded his privacy. Rather, the plaintiff merely alleged that the actions of the employer constituted “an outrageous invasion of [the plaintiff's] personal rights”. The plaintiff had not amended his complaint to state which personal rights were violated by the employer or to state clearly that the employer had invaded his rights to privacy. The Court held that the plaintiff’s Complaint did not allege a personal injury as defined in the relevant policy.

(V)  Inducing Others to Violate Another’s Right of Privacy Not Covered

In Butts v. Royal Vendors, Inc.,19 it was held that allegations that an employer had induced a physician to breach his fiduciary duty towards one of the employer’s employees did not fall within personal injury coverage for “[o]ral or written publication of material that violates a person’s right of privacy”. The Court found that in order for coverage to be available pursuant to this provision, the employee would have had to allege that the employer published material that invaded the employee’s privacy. However, a fair reading of the employee’s complaint suggested that the employer induced a third party physician to publish material that violated the employee’s right of privacy. As the complaint did not allege that the employer itself published the material, coverage was not available.

(VI) Coverage Available Only for Violations of Right to Privacy of Natural Persons, Not Organizations

In Fibreboard Corp. v. Hartford Accident & Indemnity Co.20 the Court held that an organization does not enjoy privacy rights:

… [W]e concur with Hartford that the plaintiffs in the underlying cases have no protectable privacy interest because they are corporations, partnerships and public entities, not natural persons. “The right protected by the action for invasion of privacy is a personal right, peculiar to the individual whose privacy is invaded.” (Rest.2d Torts, § 6521, com. a, at p. 403.) “A corporation, partnership or unincorporated association has no personal right of privacy.” ( Id., com. c, at p. 403.) Therefore, as a matter of law the plaintiffs pursuing the underlying claims cannot state a cause of action for invasion of privacy.

In Heritage Mut. Ins. Co. v. Advanced Polymer Technology, Inc.,21 the insured argued that the plaintiff company’s allegations of invasion of privacy were covered as injury arising from “oral or written publication of material that violates a person’s right of privacy”. The Court did not agree. The Court’s reasoning was based in part on its conclusion that coverage for invasion of the rights of privacy under the insurance policy in question applied only where the privacy rights at issue were those of an individual and not of an organization.

In Ananda Church of Self Realization v. Everest Nat. Ins. Co.,22 the relevant invasion of privacy provision provided coverage for personal injury arising out of “[o]ral or written publication of material that violates a person’s right of privacy”. The Court refused to find coverage in relation to the publication of facts embarrassing to a law firm because “neither a law firm nor any other business entity possesses a cause of action for violation of the right of privacy”, since such right is vested exclusively in natural persons.

The Court added that although the two individual plaintiffs had a right to privacy, none of the documents stolen could have disclosed shameful facts about the private life of cither of them because they were all “law firm documents” which revealed only “confidential attorney-client communications and other private information in their case files …” It was stressed that the documents were firm documents stolen from the firm’s business premises and pertaining to internal affairs of the firm. In the opinion of the Court, any disclosure of these documents to others could not have revealed “truthful but embarrassing private facts” about either individual plaintiff’s past, much less facts which the average person would find offensive or objectionable.

CONCLUSION

Canadian Courts have not frequently been required to consider the availability or not of coverage for invasion of privacy. That situation appears to be about to change.  Canadian policyholders face the potential of suits based on the new tort of intrusion upon seclusion.   Canadian insurers can, in turn, anticipate demands for coverage focused on the right of privacy offence.

Review of American jurisprudence suggests that the present IBC 2005 CGL form makes use of relatively broad offence language. Such language leaves open the question of whether innovative policyholder arguments, particularly in respect of the defence obligation, will trigger coverage under the right of privacy offence. Query whether this scope of this personal injury offence requires further “refinement” intended to limit the extent to which coverage may be available, or re-evaluation of the premiums charged for provision of such coverage.

1 4 Harv. L. Rev 193 (1890)
2 See Also:  Danielle Keats Citron, Mainstreaming Privacy Torts, 98 Cal. L. Rev 1804 (2010).
3 Daniel J. Solove: Why Privacy Matters Even if You Have ‘Nothing to Hide’; The Chronicle of Higher Education, May 15, 2011.
4 No. 04-11077, 2005 U.S. dist. LEXIS 26765 (llth Cir. Dec. 6, 2005)
5 2011 U.S. App. LEXIS 9713 (1st Cir. May 12, 2011).
6 249 F.3d 289 (C.A.5 (Tex.) 2001)
7 983 P.2d 575 (Utah 1999)
8 759 N.E.2d 1049 (Ind. 2001)
9 106 F.3d 80 (C.A.5 (Tex) 1997
10 351 F.3d 473 (C.A. 11 (Fla.) 2003)
11 37 P.3d 148 (Or. 2001)
12 2003 WL 205144 (Cal.App. 3 Dist 2003)
13 267 F.Supp.2d 1041 (D.Colo. 2003)
14 52 Mass.App.Ct. 189 (2001)
15 699 A.2d 1153 (Me. 1997)
16 124 N.C. App. 232 (1996)
17 106 F.3d 80 (C.A.5 (Tex) 1997)
18 2005 WL 1398836 (Ohio App. 9 Dist. 2005)
19 202 W.Va. 448 (1998)
20 16 Cal.App.4th 492 (Cal.App. 1 Dist 1993)
21 97 F.Supp.2d 913 (S.D.Ind. 2000)
22 2003 WL 205144 (Cal.App. 3 Dist 2003)

Comments are closed.