On July 14th, the Supreme Court of British Columbia dismissed a privacy breach claim against a public body as being within the exclusive jurisdiction of the Office of the Information and Privacy Commissioner for British Columbia.
The plaintiff sued the ICBC and others for wrongs arising out of the collection and use of his personal information. He framed his action in a number of valid legal bases including breach of contract and breach of confidence. The claim referred to duties under the British Columbia Freedom of Information and Protection of Privacy Act; the plaintiff said these references were simply recitations of “material facts.”
The Court found that significant parts of the claim (in their essence) addressed subject matter governed exclusively by FIPPA and its complaint resolution process. It said:
In summary, I conclude that FIPA is an exhaustive legislative scheme for the investigation and adjudication (subject to judicial review) of complaints related to the collection, use and disclosure of personal information in this province. Investigations of complaints about how a public body such as ICBC has collected, used or disclosed personal information are prescribed in FIPA. I am unable to find a role for the civil courts in these matters (except for judicial review).
This issue has been litigated in Ontario. For a case in which the Ontario Superior Court of Justice struck a claim based solely on a breach of MFIPPA, see Sampogna v Smithies. For a more recent case in which the Ontario Superior Court of Justice allowed a privacy breach claim to proceed against an health information custodian and others despite an argument that the Ontario Personal Health Information Protection Act covered the field, see Hopkins v Kay. Hopkins has been appealed to the Court of Appeal for Ontario.