The recent decision of the British Columbia Court of Appeal, Lamarche v. British Columbia (Securities Commission),1 confirms that a regulator may face civil liability if it does not appropriately protect privilege during an investigation. Although the decision concerns the British Columbia Privacy Act, which creates a tort for intentional breach of privacy,2 it has broader implications given similar statutory privacy torts in other provinces3 and similarities to the common law privacy tort.4
Background
The British Columbia Securities Commission compelled the email records of Jean Andre Lamarche from a third party as part of its investigation into alleged unregistered trading and advising. Lamarche sued the Commission, alleging that the Commission knew or ought to have known that their investigation would capture solicitor-client privileged information and they took no steps to protect that privilege. Among other things, he sought damages under the Privacy Act.5 Most of the lawsuit was stayed but notably, Lamarche's claim under the Privacy Act was not struck by the Court of Appeal.
The Decision
There are three notable points in the appeal decision.
1. Failing to implement a protocol to protect solicitor-client privilege can amount to bad faith, disentitling the regulator from relying on statutory immunity
To succeed in his civil claim, Lamarche first had to overcome the immunity provisions in the Securities Act, which insulate the Commission from liability for actions taken in good faith.6 The Court of Appeal held that Lamarche's allegations, if true, could ground a finding of bad faith:
- The Commission knew or ought to have known that the compelled data contained privileged communications;7 and
- The Commission failed to implement an effective protocol to protect those privileged communications, which at a minimum required the Commission to (a) seal the records being examined, (b) notify the privilege holder, and (c) apply to assess the claim of solicitor-client privilege.8
2. A breach of solicitor-client privilege is a privacy breach
Lamarche also had to establish that the Commission's conduct was "disproportionate to the gravity of the crime or matter subject to investigation" under the Privacy Act.9 The Court of Appeal confirmed that the Commission's alleged conduct could give rise to both a Privacy Act and Charter claim.10 According to the Court, "[s]olicitor-client privilege encompasses and is animated by a set of values extending beyond privacy, but privacy is nevertheless among its constituent values," and "confidential communications to a lawyer represent an important exercise of the right to privacy."11
3. Solicitor-client privilege's impact on Privacy Act immunity to be decided another day
The Court of Appeal did not decide the issue but appeared to endorse the notion that breaches of solicitor-client privilege will almost never be proportionate under the Act:
Without purporting to comment on the merits of the underlying claim, it seems at least arguable that the unique constitutional nature of solicitor-client privilege mandates an interpretation of the Privacy Act that only recognizes breaches of the privilege as proportionate in a very narrow, exceptional set of circumstances.12
Takeaways
- Regulators and self-regulated organizations could face civil exposure for failing to take appropriate steps to protect privileged information when conducting an investigation, especially when information is compelled.13
- The decision serves as an important caution to regulators to avoid taking their civil liability immunities for granted, particularly where staff know or ought to know of a privilege claim during an investigation.
- In addition to civil liability, regulators might also compromise investigations and enforcement proceedings if appropriate care is not taken with privileged documents. For instance, in Baazov v. Financial Markets Authority,14 the Quebec Superior Court stayed a proceeding concerning alleged insider tipping, insider trading and market manipulation charges because, among other things, the Autorité des marchés financiers had repeatedly disclosed documents to the accused that had not been reviewed for privilege.
Footnotes
1. 2025 BCCA 146 ("Lamarche").
2. Privacy Act, RSBC 1996, c 373, s. 1; Insurance Corporation of British Columbia v. Ari, 2025 BCCA 13 ("Ari"), para. 32.
3. Manitoba (s. 2, The Privacy Act, C.C.S.M., c. P125); Saskatchewan (s. 2, The Privacy Act, R.S.S. 19878, c. P-24); Newfoundland (s. 3, Privacy Act, R.S.N.L. 1990, c. P-22)
4. Ari, para. 30.
5. Lamarche, para. 4.
6. Securities Act, s. 170(1)(c).
7. Lamarche, para. 51.
8. Lamarche, para. 51.
9. Lamarche, para. 46.
10. Lamarche, para. 59.
11. Lamarche, para. 59.
12. Lamarche, para. 58.
13. The investigators' powers at section 144 of the BC Securities Act are similar to the powers vested in other regulators across Canada. See for example s. 13 of the Ontario Securities Act, R.S.O. 1990, c. S.5. The immunity provision at s. 170(1)(c) of the BC Securities Act is also similar to provisions protecting other securities commissions in Canada. See for example s. 222 of the Alberta Securities Act, R.S.A. 2000, c. S.-4.
14. 2018 QCCQ 4449.
To view the original article click here
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
