Cybercrime highlights the unique value of information and the
need for a risk strategy to deal with online security and
liability. In particular, data breaches and network outages can
cause significant consequences for individuals, governments,
organizations, and companies of all sizes.
Resulting costs include recovering lost or corrupted data,
economic loss, copyright and patent infringement, business
interruption, violation of privacy, reputation damage, and legal
fees and fines.
For example, the Canada Revenue Agency encountered the
"Heartbleed Bug" which compromised taxpayer information;
a prominent electronics company lost over $150 million responding
to a cyber attack exposing 77 million customer files; and software
and social media companies faced similar attacks affecting over 40
million users. An estimated 40% of such attacks involve small to
In Jones v. Tsige (2012),
the Ontario Court of Appeal provided a judicial response to digital
crime. A new tort – intrusion upon seclusion –
exemplifies the importance of a risk strategy to protect privacy
and digital assets and reduce exposure to liability. When an
employee infiltrated a colleague's personal financial records
and Justice Stinson held that invasion of privacy was not a
recognized tort in Ontario, this prompted judicial lawmaking by the
Court of Appeal.
An intrusion upon seclusion may be established where:
" a Defendant invades a plaintiff's private affairs
without lawful justification;
" the Defendant's conduct is intentional or reckless;
" a reasonable person would regard the invasion as highly
offensive, causing distress, humiliation, or anguish.
This case serves as a reminder of the vicarious liability
employers face and the need for strict policies governing privacy
and security. Corporations, organizations, legal professionals, and
criminal agencies must constantly adapt as technology advances.
A Risk Strategy (including an incident response plan) is an
important component of a proactive approach to cybercrime and
should focus on:
" creating guidelines and policies to ensure best
" prioritizing prompt communication, investigation, and
" adherence to mandatory notification requirements (eg.
Personal Health Information Protection Act and Personal Information
Protection and Electronic Documents Act)
" protecting data, eradicating threats, and reducing exposure
" specialized insurance coverage where electronic data is
excluded from general policies (eg. in definitions of tangible
Cybercrime and related legal issues require attention and
preparedness. Individuals, governments, and organizations of all
sizes are recommended to address technological challenges
pre-emptively before they cause significant harm.
"Sink or swim the internet is a vast cyberspace enabling
instant connectivity with global markets, seemingly endless growth
potential, and an innovative pulse driving rapid
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).