B.C. Court of Appeal decision sets precedent for mass data breaches

The Court of Appeal for British Columbia has upheld the certification of a data breach class action whereby China-based hackers obtained personal information of a financial institution’s customers via an unencrypted database on the firm’s web server.

Speaking to The Lawyer’s Daily on the court’s ruling, privacy lawyer Molly Reynolds pointed out that even through the case was in B.C., it would still gain attention from privacy lawyers nationwide due to the limited cases Canada has seen regarding mass data breaches.

According to Molly, the case “puts some parameters around causes of action going forward,” although stakeholders in the privacy realm are still waiting for a privacy class action to be decided on the merits.

Molly noted that although most data breach cases plead privacy torts, many are likely to be decided under negligence claims when they get to trial, adding that this is an area of law that is significantly impacted by the rapid rate at which technology is evolving.

MORE: Read Molly Reynolds and Shalom Cumbo-Steinmetz’s piece that explores data breach class actions.

“When they go to trial, I think these breaches based on third-party hackers getting through the company system ultimately turn on the negligence claims,” she said.  

“The issue will be whether systems were protected to the appropriate standard of care, and what that standard is. The interesting thing there is that the standard at the time of the breach will be very different from the time of the trial, because the technology is changing so quickly.”

You can read more about our Privacy practice on the expertise page.