48 www.canadianlawyermag.com
FEATURE
LITIGATION
Two examples of judges taking a harder
line on allowing certifications for privacy
breaches class actions are Broutzas v. Rouge
Valley Health System and Kaplan v. Casino
Rama, says Flood.
In the latter case, doubly unfortunate
was Casino Rama — first the victim
of a cyberattack, where hackers stole
information on their employees, vendors
and patrons and asked for a ransom in
exchange for the data's return. Rebuffed in
their ransom request, the thief posted the
personal information of more than 10,000
people online, creating a class to pursue
Casino Rama for the breach of privacy.
T hough Justice Edward Belobaba
said he found there was a valid case to be
made for negligence, breach of contract
and intrusion upon seclusion, he said it
was the hacker and not Casino Rama that
invaded the class members' privacy. More
importantly, as the intrusion would have
to be shown to be offensive to a reasonable
person class-wide, there was "no evidence"
"I think that courts are increasingly
recognizing that privacy is inherently
subjective and individual."
Catherine Flood, Blake Cassels & Graydon LLP
that scope of consistent harm could be
established without individual inquiries,
said the decision.
Casino Rama's response to the hack
was "prompt and exemplary," says Nicole
Henderson, who is a class action litigator
with a focus on cybersecurity and product
liability and a partner at Blake Cassels &
