For U.S. Companies, Ignorance Of Canada Privacy Law Could Be Costly

A Q&A with Fasken Martineau partner Alex Cameron, about recent developments in Canadian privacy and cybersecurity law. Plaintiffs are seeking damages in these cases under a number of novel or heretofore neglected theories, including “waiver of tort,” which can entail disgorgement of profits by a defendant who has avoided incurring the cost of doing effective data security, and the common law tort of “intrusion upon seclusion.” Under that theory, confirmed by a 2012 precedent called Jones v. Tsige, the defendant can be liable for the breach itself, even where there is no showing of actual harm. Another important development in Canadian privacy law of direct interest to many U.S. companies is Canada’s Anti-Spam Law (CASL), with its strict opt-in requirements both for commercial messages and for updates and apps.