Tag Archives: civil procedure

Court approves settlement, limits recovery of class counsel fees

15 Sep

On August 29th, Justice Perell of the Ontario Superior Court of Justice approved settlement of an action brought against Home Depot following a significant 2014 payment card system intrusion. The Court approved a settlement that featured a $250,000 non-reversionary settlement fund for documented claims of “compromise” and an agreement to pay up to $250,000 in credit monitoring. It also denied payment of approximately $407,000 in (docketed) legal fees to class counsel as unjustified, approving instead, payment of $120,000 in fees.

This is a good outcome for organizations exposed to potential class action claims for data security incidents. It was driven by two factors: (1) the Court found the incident was associated with a limited risk of damage; and (2) the Court was impressed by Home Depot’s incident response.

Regarding damage, the Court assessed the risk of damage flowing from a compromise to payment card information and e-mail address information as minimal:

[46] Professor Archer outlined three heads of damage to consumers from a payment card breach:  (1) the risk of a fraudulent charge on one’s credit card; (2) the risk of identity theft; and (3) the inconvenience of checking one’s credit card statements. The so-called non-reversionary Settlement Fund of $250,000 is designed to provide compensation for these heads of damages.

[47] Of the three heads of damage, practically speaking, there is little risk of fraudulent charges because of sophisticated safeguards developed by credit card companies. Moreover, when there are frauds, the losses are almost always absorbed by the credit card company or the retailer. The credit card companies are not Class Members.

[48] In the immediate case, there is no evidence that a Class Member absorbed a fraudulent charge. Neither Merchant Law Group nor McPhadden Samac Tuovi LLP have been contacted by a putative Class Member who said that he or she suffered a financial loss attributable to the data breach.

[49] There is also little risk that the data breach, including the disclosure of email addresses, increased the risk of identity theft, because the stolen data would have been inadequate to allow a criminal to fake another’s identity.

[50] Mr. Hamel’s evidence was that for identity theft, the most important information to have is a government-issued identification number such as a driver’s licence number, social insurance number or passport number and preferably all three. In the immediate case, the data stolen from Home Depot did not include this information.

[51] As for inconvenience damages, in the immediate case, there are none, because credit card holders are already obliged to check their statements for fraudulent purchases.

(Note that the Office of the Information and Privacy Commissioner of Alberta has recognized that the loss of e-mail address is associated with a risk of spear phishing – a risk that is arguably remote.)

Regarding incident response, Home Depot had offered to pay for a number of fraud protection services following the incident – including credit monitoring, identity theft insurance and credit repair services. The Court commented that this reduced the need for behavior modification:

[100] The case for Home Depot being culpable was speculative at the outset and ultimately the case was proven to be very weak. The real villains in the piece were the computer hackers, who stole the data. After the data breach was discovered, there was no cover up, and Home Depot responded as a good corporate citizen to remedy the data breach. There is no reason to think that it needed or was deserving of behaviour modification. Home Depot’s voluntarily-offered package of benefits to its customers is superior to the package of benefits achieved in the class actions.

These two factors led the Court to place little value on the action or the settlement. Justice Perell (who is outspoken), commented, “I would have approved a discontinuance of Mr. Lozanski’s proposed class action with or without costs and without any benefits achieved by the putative Class Members.”

Lozanski v The Home Depot, Inc., 2016 ONSC 5447 (CanLII).

Advertisements

BCSC dismisses privacy claim against lawyer

28 Jul

On July 26th, the Supreme Court of British Columbia dismissed a claim against a lawyer based in part on his service of application materials and based in part his conveyance of information about the plaintiff in a casual conversation with another lawyer.

The application that became the subject of the claim was made in an earlier family law proceeding. It was for production of financial documentation from the plaintiff relating to seven companies in which he had an interest.

The defendant represented the plaintiff’s wife. He served the companies with application materials (a notice plus affidavit) without redaction and in an unsealed envelope. Apparently his process server left the materials with two unrelated companies in an attempt to affect service.

The Court dismissed this claim because the lawyer was at all times acting as counsel in furtherance of his client’s interest and was protected by absolute privilege. Justice Griffin commented favorably on the lawyer’s conduct in any event, declining to give effect to the plaintiff’s argument about the need for redaction and sealed envelopes and giving wide berth to counsel’s judgement. She said:

As a matter of ethics, professionalism and good practice generally, I do agree that lawyers should consider the privacy of litigants and not unnecessarily reveal the private information of the opposite party nor should they seek to embarrass the opposite party… But that does not mean that an action lies for a lawyer’s steps in the conduct of litigation if the opposite party does not like how the lawyer exercised his or her judgment in bringing and serving applications which disclose private information.

The “casual conversation claim” arose from a discussion the lawyer had with another lawyer during a break in discovery in another case. The lawyer said he represented a woman whose former husband had sold a business in Alberta for $15 million and that the couple had three young children. Another person who was present came to believe the lawyer was speaking about the plaintiff.

The Court dismissed the claim because the plaintiff had not proven the fact of the $15 million sale was private. More notable is Justice Wilson’s obiter finding that the lawyer’s disclosure was not “wilful” because he could not reasonably have expected the plaintiff to be identified. She said:

I have found the question of whether Mr. Lessing was wilful in violating Mr. Duncan’s privacy to be a difficult one. On balance, however, because the information he stated was very innocuous; he did not reveal names of the persons or the companies; and there is no evidence that he ought to have known someone in the room would know Mr. Duncan, I find that it cannot be said that he “knew or should have known” that what he said would breach Mr. Duncan’s privacy. I therefore find that if Mr. Lessing did breach Mr. Duncan’s privacy it was not a wilful violation of privacy within the meaning of the Privacy Act.

Duncan v Lessing, 2016 BCSC 1386 (CanLII).

Some relevant comments on e-discovery in recent Ontario order

18 Jun

Master Callum McLeod – long time member of the Sedona Canada Working Group – was recently appointed a judge of the Ontario Superior Court of Justice. On June 6th, still sitting as master, he issued an order that addressed a number of e-discovery issues. Here are some snipets of Master McLeod’s views.

…on the utility of manually producing a Schedule A

This is not a new problem. But it is a problem that is greatly compounded when dealing with any significant amount of electronically stored information. In such cases, listing and describing all relevant documents is virtually impossible and threatens to become a hugely expensive make work project of little practical utility. What is required instead is to unearth the important and probative documents that will be necessary to prove or disprove facts that are in issue.

Under the Sedona Canada Principles incorporated into the rules, counsel are to actively co-operate in formulating a practical discovery plan. Counsel are required to seek agreement on the subset of potentially important relevant information and how it is to be located, preserved, exchanged, organized, described and retrieved. Some form of mutually acceptable electronic indexing that permits rapid identification and retrieval of each document should be adopted for purposes of production, discovery and trial. It is for this reason that the parties are now expected to engage in a collaborative discovery planning exercise in which they are to robustly apply the principle of proportionality.

Of course production through affidavit of documents process is not the end of the story. There are at least four other ways to extract documents from the other party. The first is a demand to inspect documents under Rule 30.04, the second is by listing documents in the Notice of Examination, the third is by cross examination on the affidavit of documents as part of the discovery process and the fourth is by obtaining disclosure and undertakings through the discovery process itself.

… on the use of shared document repositories

In the case at bar, the record is replete with technical production problems and unilateral attempts to satisfy production obligations. Malfunctioning USB keys, courier delivery of hard copies, delivery of copies on DVDs and refusal to make use of web based technology such as Google Docs are some examples. While there are many issues with cloud based storage of sensitive documents almost all of these can be overcome. The advantages and speed of a secure web based document vault utilizing standardized document formats and software should be readily apparent. Correctly utilized, such tools can eliminate production delays and arguments about who produced what and when.

… on providing access to cloud-based evidence as an alternative to production

As I understand it, the defendant is not taking the position that the logs are not relevant, they are simply inviting the plaintiffs to access the information themselves. They have not listed the Google logs in the affidavit of documents. As I indicated earlier, there is much to be said for web based production and the use of document vaults. This is not the same thing as inviting the other party to access the originals of the web site and to extract their own information without concern for forensic continuity or admissibility of the evidence. Counsel should not be put in the position of becoming a witness as to the provenance of documents.

For more, see:

Thompson v Arcadia Labs Inc, 2016 ONSC 3745 (CanLII).

Party defending against claim based on prior settlement does not waive settlement privilege

30 Oct

On September 30th, the Divisional Court held that a party defending against claim based on prior settlement does not waive settlement privilege. The Court reasoned as follows:

Consistent with such notions of fairness, we are satisfied that the LCBO has not waived settlement privilege in this case. The LCBO claims that Magnotta’s current actions advance the same claims as the prior settled proceedings, and we express no view on that assertion. However, the LCBO should, as a matter of fairness, be able to raise the settlement in its defence and in support of its proposed motion, without automatically losing the benefit of settlement privilege. In particular, the LCBO should be able to rely on the Minutes of Settlement for this purpose.

The defendant obtained a sealing order based on the public interest in encouraging parties to settle their disputes.

Magnotta Winery Corp v Ontario (Alcohol and Gaming Commission), 2015 ONSC 6234 (CanLII).

Newfoundland privacy breach class action moves forward

22 Nov

On November 14th the Supreme Court of Newfoundland and Labrador Trial Division held that the pleadings in a privacy breach class action disclose a reasonable cause of action.

Even for an application of the Hunt v Carey standard, the Court did not probe at the pleadings with any significant force. It:

  • held that an alleged failure to establish safeguards was enough to found a “willful violation” claim;
  • held that a question about whether Newfoundland’s statutory privacy tort could operate together with the common law vicarious liability doctrine should be determined at trial;
  • held that the availability of the common law intrusion upon seclusion tort in Newfoundland should be determined at trial;
  • allowed a negligence claim for distress and humiliation to proceed even though no specific psychiatric illness or prolonged psychological injury was pleaded because “the threshold of compensable harm will depend on the evidence at trial”; and
  • held that the availability of contract claim for non-economic loss should be determined at trial.

The Court struck claims for breach of statute, breach of the Charter and breach of fiduciary duty. The Court remains seized of the certification application.

Hynes v Western Regional Integrated Health Authority, 2014 CanLII 67125 (NL SCTD).

Addressing the privacy interests of affected individuals

20 Nov

I presented today at the Canadian Institute’s program on advanced administrative law. My topic was about how to deal with the privacy interests of affected non-parties. Here are my slides, revised based on my evolving understanding of this (difficult) issue. My thesis as it stands: we need to develop a principled exception to the audi alteram partem rule that governs when affected non-parties get notice and right to be heard. Courts and admin law decision makers appear to be attracted to solution that rests on the involvement of an appropriate representative party, but the current solutions are not driven by any express principle.

Request for jury contact information dismissed

1 Nov

On October 22nd, the Ontario Superior Court of Justice dismissed a motion for third-party production of the names, telephone numbers and home addresses of 800 people summoned to jury duty. The plaintiff in a slip and fall claim wanted this information to contact potential witnesses, a plan that Mulligan J held the plaintiff did not establish was necessary. Notably, Mulligan J also reviewed various authorities about the role of a criminal jury and held that, in the context, the contact information at issue was “core biographical information.”

I’m most interested about the Court’s sensitivity to the privacy interest and procedural rights of the affected 800 individuals. It apparently adjourned the first day of the motion and ordered the plaintiffs to serve the IPC/Ontario. The IPC chose not to attend, perhaps because it viewed attendance as inconsistent with its mandate. The Court referenced a recent Alberta case in which the Court of Queen’s Bench of Alberta appointed an amicus and directed it to give notice to a group of jury members (and not a large jury pool) whose privacy interests were at stake in light of a similar production request. I’ll be addressing the procedural dilemma posed in similar circumstances at the Canadian Institute’s upcoming “Advanced Administrative Law and Practice” conference. I’ve clipped the program below.

Champagne v Corporation of the City of Barrie, 2014 ONSC 6103 (CanLII).