Information, Privacy and Data Security Post
Hicks Morley Information and Privacy Post – 2013
Date: October 9, 2013
Dear Friends:
It’s early October 2013, and here’s what’s on our minds.
With great pleasure, we’ve released this year’s Information and Privacy Post – a review of 60 information management and privacy cases that caught our attention in the last year.
We like the exercise of producing the Post because pulling together and organizing recent case law developments sheds some light on trends. The prevailing view in the social media production cases, for example, has clearly departed from the view expressed in Leduc v Roman, a 2009 Ontario case in which Justice Brown of the Ontario Superior Court of Justice suggested photos on Facebook are presumptively relevant when a Facebooking plaintiff claims loss of enjoyment of life. We’ve reported on three cases in which courts have taken a more conservative approach and drawn a line between “action photos” that are probative of physical restrictions and more ambiguous photos of individuals in social situations that, in ordinary circumstances, are too marginally relevant to warrant production.
The Facebook cases are in our section on “production” – a seemingly mundane collection of cases that you may find useful in deriving insight about corporate information management. State Street Global Advisors Ltd, for example, is an example of the great difficulties that can befall organizations that do not properly govern e-mail communications.
Finally, we also have reported on a notable data incident class action settlement – Maksimovic – which involves an action that followed a 2011 attack on their online services that caused a significant service outage and a loss of personal information. The affected company offered its subscribers a substantial remedial package soon after the incident, and after two years without evidence that the loss of personal information led to any identity fraud, settled by promising class members some modest benefits plus a claims process by which they could pursue reimbursement of out-of-pocket payments for losses arising out of proven harm. Although class counsel’s approved fees were $265,000, the settlement is the second of its kind in Canada that is rather benign. Boards of directors should be very concerned about data security, but the greatest pain associated with typical incidents is suffered whether or not there is a lawsuit and is associated with the required investigation, remedial planning and stakeholder and public affairs management. Maksimovic is further evidence that typical data incidents start with a bang and finish with a whimper.
Please enjoy. If you have questions or if your organization requires assistance on related matters, we would be very pleased to speak with you.
Read the full PDF Information and Privacy Post 2013.