[1]           This is an application brought by the defendant, the Insurance Corporation of British Columbia (“ICBC”), for the plaintiff’s Amended Notice of Civil Claim (“Amended Claim”), to be struck in its entirety on the basis that it fails to disclose a reasonable claim pursuant to R. 9-5(1)(a) of the Supreme Court Civil Rules, B.C. Reg. 168/2009 [Rules].

[2]           The plaintiff opposes the defendant’s application. He asserts that it is not plain and obvious that the Amended Claim discloses no reasonable cause of action that cannot be remedied by a further amendment.

[3]           The Amended Claim is brought on behalf of the plaintiff and on behalf of a proposed class of persons with similar claims pursuant to the Class Proceedings Act, R.S.B.C. 1996, c. 50 [CPA]. The plaintiff alleges that in or about 2010 and 2011, the plaintiff and at least 65 other individuals had their personal information “wilfully and without a claim of right” accessed by an employee of ICBC (the “Employee”) for an unauthorized purpose. Many of those persons subsequently had their premises, vehicles and other personal possessions made the target of shootings, arson and other property damage.

[4]           I note that the only named defendant in the original Notice of Civil Claim, filed June 1, 2012, and the Amended Claim is ICBC.

[5]           In the Amended Claim, the plaintiff claims against ICBC for:

[6]           From my reading of the Amended Claim, the plaintiff alleges that:

[7]           ICBC applies to strike each of these grounds.

[8]           Counsel for the plaintiff in his Application Response and opening submissions clarified that the plaintiff alleges the Employee’s breach of privacy is actionable under the common law and the Act.

[9]           He further clarified that the claims against ICBC are only grounded in vicarious liability and negligence.

[10]        This position is different from what is claimed in the Amended Claim. Specifically, the plaintiff abandons the claim that the Employee breached the plaintiff’s privacy rights pursuant to FIPPA. He also abandons the allegation that ICBC breached the plaintiff’s right to privacy pursuant to the common law, the Act and FIPPA by failing to secure the plaintiff’s private information reasonably or at all.

[11]        The claim in negligence against ICBC was “clarified” as follows in the Application Response, which says at paragraph 17 under Part 5 “Legal Basis”:

[12]        On that latter point, counsel for the plaintiff is referring to a so-called legislated duty of care pursuant to s. 30 of FIPPA, which provides:

[13]        The plaintiff argues that the legislature intended for this right to be enforced by way of a civil action.

[14]        I will, accordingly, limit my analysis to whether it is plain and obvious, assuming the facts pleaded are true, that the claims against ICBC for:

[15]        I consider the claim that the Employee breached the plaintiff’s right to privacy under FIPPA abandoned.

[16]        I further consider the claim that ICBC breached the plaintiff’s right to privacy pursuant to the common law, the Act and FIPPA abandoned.

[17]        I have included a brief summary of the alleged incident from which the plaintiff’s claims arise to provide context for the pleadings at issue in this application. This background is summarized from the Amended Claim. I note the facts pleaded are rather sparse.

[18]        In January 2012, the plaintiff was visited by two plain clothes RCMP officers at his home. The officers questioned him about his whereabouts on particular dates in 2010. The officers informed the plaintiff that they were investigating a crime without going into further particulars.

[19]        The plaintiff received a letter from ICBC dated March 1, 2012. In that letter, ICBC advised that on June 17, 2010, an ICBC employee viewed the plaintiff’s personal information “without an apparent business purpose”. ICBC further advised the plaintiff that it had notified the RCMP of the unauthorized access on January 12, 2012. The RCMP had advised ICBC that this unauthorized access may be related to an ongoing criminal investigation.

[20]        No particulars are pleaded in relation to that criminal investigation. The plaintiff vaguely alleges those persons who had their information accessed for an unauthorized purpose were also the victims of targeted shootings, arson and personal property destruction.

[21]        The law with regard to striking pleadings is not at issue.

[22]        Rule 9-5(1) of the Rules reads as follows:

[23]        I note the Rules generally apply to proceedings commenced under the CPA (see s. 40).

[24]        By applying to strike the pleadings, ICBC anticipates the application for class certification and potentially enjoins it from being brought. By doing so, ICBC bears the burden of proof.

[25]        The test on an application to strike pleadings is whether it is plain and obvious, assuming the facts pleaded are true, that the pleadings disclose no reasonable cause of action: Hunt v. Carey Canada Inc., 1990 CanLII 90 (SCC), [1990] 2 S.C.R. 959 at 980 (Hunt); R. v. Imperial Tobacco Canada Ltd., 2011 SCC 42 at para. 17 (Imperial Tobacco). This test applies to R. 9-5(1): see Woolsey v. Dawson Creek (City), 2011 BCSC 751 at para. 29; Callan v. Cooke, 2012 BCSC 1589 at para. 17.

[26]        In Hunt, Madam Justice Wilson, writing for the Court, explained that the test for striking a claim is not easily met at para. 980:

[27]        In Citizens for Foreign Aid Reform Inc. v. Canadian Jewish Congress, [1999] B.C.J. No. 2160, 1999 CanLII 5860 (S.C.) at para. 34, Mr. Justice Romilly summarized the test another way. He held that so long as the pleadings disclose a triable issue, either as they exist or as they may be amended, the issue should go to trial. The fact that the case is weak or unlikely to succeed is not a ground for striking the pleadings. His reasons were adopted by the British Columbia Court of Appeal in Poirier v. Community Futures Development Corp., 2005 BCCA 169 at para. 9.

[28]        In Imperial Tobacco, Chief Justice McLachlin identified the policy rationale for striking pleadings. She found that the power to strike out claims that have no reasonable prospect of success is an essential tool in the promotion of effective and fair litigation. It also promotes efficiency in the conduct of litigation and correct results (paras. 19 - 20). On the other hand, McLachlin C.J.C. noted at para. 21:

[29]        ICBC takes the position that neither it nor the Employee breached the privacy of the respondent. ICBC argues that it did not commit an intentional act giving rise to a breach of privacy. ICBC further submits that the Employee’s acts were not deliberate, significant or highly offensive so as to give rise to a breach of privacy.

[30]        ICBC suggests the plaintiff conflates the actions under FIPPA, the Act and the common law tort of privacy; each is a separate cause of action. In supplemental written argument, with no objection raised by plaintiff’s counsel, ICBC submits that the common law tort of breach of privacy does not exist in British Columbia.

[31]        Viewed objectively, the plaintiff’s name and residential address enjoy a lesser degree of privacy in comparison to, as an example, confidential banking records, referring to the circumstances in Jones v. Tsige, 2012 ONCA 32 (Jones). Jones affirmed the existence of a common law cause of action for breach of privacy in Ontario.

[32]        In any event, ICBC submits that the only proposed class members who would possibly be entitled to relief would be those that suffered property damages.

[33]        The allegation that ICBC failed to secure private information reasonably or at all must also fail because breach of privacy is an intentional tort. Pursuant to the common law and the Act, some type of act must violate the privacy of another in order to constitute an actionable tort; that act must be wilful and intentional. (The plaintiff abandoned this allegation in the Application Response, as noted above. All the same, I note this argument from ICBC for the record).

[34]        ICBC submits that it is not vicariously liable for the Employee’s acts because there is no required policy rationale for imposing vicarious liability if the plaintiff already has a remedy pursuant to FIPPA. FIPPA, ICBC alleges, is a comprehensive statutory scheme that provides for its own complaint procedures and remedies in relation to the protection and disclosure of personal information, thereby fulfilling the remedial and deterrence objectives of vicarious liability.

[35]        ICBC argues there are no cases that determine the vicarious liability of an employer for breach of privacy. The factors for determining whether there is a significant connection between the creation or enhancement of a risk by an employer and the wrong that occurred also weigh against a finding of vicarious liability. Significantly, the policy reasons that found the doctrine of vicarious liability (providing a just and practical remedy and deterrence of future harm) are not engaged by these circumstances.

[36]        ICBC argues that the allegation of “negligent protection of personal information” is a novel cause of action. It is not actionable under FIPPA. Nor does it satisfy the elements of the test for finding a duty of care exists.

[37]        Finally, even if ICBC did owe a duty of care to the class members, the plaintiff has not adequately pleaded causation or damages.

[38]        The plaintiff responds by arguing that it is not plain and obvious that the Amended Claim discloses no reasonable cause of action that cannot be remedied by further amendment.

[39]        The plaintiff alleges that the Employee’s breach of privacy is actionable under the common law and the Act and that ICBC is vicariously liable for the unauthorized acts of the Employee.

[40]        Furthermore, the plaintiff submits ICBC owes a duty of care to the plaintiff and proposed class members to implement reasonable security arrangements to protect their private information. ICBC negligently failed to implement reasonable security arrangements to address the risk of unauthorized access, use and disclosure of the proposed class’ personal information within its control.

[41]        With regard to the allegation of breach of privacy against the Employee, the plaintiff notes that the tort of invasion of privacy is not a novel cause of action: it has been recognized as an independent cause of action in Ontario and Nova Scotia. That action requires proof on a balance of probabilities that (i) the conduct was intentional; (ii) there must have been an invasion, without lawful justification, of private affairs or concerns; and (iii) a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. Counsel for the plaintiff submits that “proof of harm to an economic interest” is not an element of the cause of action. The plaintiff argues that while the personal information accessed by the Employee may not be as personal as found in Jones, the use of the illegally obtained information was highly offensive, causing distress, humiliation and anguish and pecuniary loss.

[42]        The plaintiff maintains the claim in vicarious liability is a “merits-based” argument which ought to not be determined on an application to strike pleadings. Sufficient particulars have been pleaded such that it should not be struck. Permitting an employee to have ready-access to the personal information of a large number of individuals enhances the chances of invasion of privacy. The plaintiff alleges: “ICBC’s enterprise and empowerment of the employee materially increased the risk of the harm that was done.” ICBC should bear this loss, serving the policy goals of fair and effective compensation and deterrence of future harm.

[43]        The plaintiff also claims that ICBC has negligently failed to implement a legislative decree, found under s. 30 of FIPPA, which provides that a public body must protect personal information in its custody or under its control by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or disposal. The plaintiff clarifies that it is not a claim for negligent breach of statute. As FIPPA does not provide any specific penalty or mechanism of enforcement for the duty established under s. 30, the court must infer that the legislature intended the right to be enforced by civil action. If the cause of action is novel, the viability of the claim will rest on the duty of care analysis. The plaintiff submits that there are no policy considerations to limit the Court from finding a duty of care exists.

[44]        The plaintiff argues that to find otherwise would leave the proposed class without any remedy for the “extensive damages” they have suffered as a result of ICBC’s negligent implementation of the protections mandated under s. 30 of FIPPA.

[45]        The plaintiff finally submits that damage need not be pleaded as it is not an element of the tort of breach of privacy. In any event, the Amended Claim has particularized that many of the proposed class members had their premises, vehicles and other personal possessions made the target of shootings, arson and other property damage. This particularization, the plaintiff suggests, is sufficient.

[46]        I will begin by considering the allegation that ICBC is vicariously liable for the unauthorized acts of the Employee.

[47]        In order to determine whether the Amended Claim discloses a reasonable claim for vicarious liability, I must first examine whether the pleadings disclose a reasonable claim against the Employee. The claims alleged against the Employee in the Amended Claim are as follows:

[48]        As stated above, I consider the claim against the Employee for breach of privacy pursuant to FIPPA abandoned.

[49]        The Amended Claim alleges that the Employee wilfully and without a claim of right breached the plaintiff’s right to privacy pursuant to the Act.

[50]        At the outset, I must note that the plaintiff does not anywhere in his Application Response engage with the provisions of the Act that give rise to the statutory cause of action for breach of privacy. Instead, he refers generally to the elements of proof for the common law cause of action for breach of privacy in his discussion of the Employee’s alleged breach of the plaintiff’s privacy. As expressed by the applicant, plaintiff’s counsel has conflated the common law cause of action with the statutory cause of action for violation of privacy. Despite these deficiencies in argument, I will go through the elements of the statutory cause of action for violation of privacy in British Columbia.

[51]        Subsection 1(1) of the Act establishes a statutory cause of action for violation of privacy. Subsections 1(2)-(4) circumscribe the scope of that cause of action.

[52]        Section 1 provides:

[53]        Relevant exceptions are laid out under s. 2(2):

[54]        In Hollinsworth v. BCTV (1998), 1998 CanLII 6527 (BC CA), 59 B.C.L.R. (3d) 121 (C.A.) at para. 29, the British Columbia Court of Appeal defined “wilfully” under s. 1(1) of the Act as “an intention to do an act which the person doing the act knew or should have known would violate the privacy of another person.”

[55]        The court then explained the meaning of “without a claim of right” at para. 30:

[56]        Subsection 1(2) of the Act instructs that the right to privacy is not absolute. Factors to be considered are set out under s. 1(3) - (4).

[57]        Assuming the facts pleaded to be true, it is not plain and obvious that there is no reasonable claim in breach of privacy against the Employee.

[58]        While the Employee was authorized to access the plaintiff’s personal information, the purpose for which the access was exercised was unauthorized.

[59]        A potential weakness in this claim may lie in the degree of privacy the plaintiff and other class members were entitled to in these circumstances, based on the nature of the information shared with ICBC.

[60]        On the other hand, the alleged number of persons subjected to this privacy violation and the alleged criminal purpose for the breach, if accepted as true, strengthen the claim against the Employee for breach of privacy pursuant to s. 1(3) of the Act.

[61]        Any potential liability for ICBC would arise under the doctrine of vicarious liability.

[62]        The Amended Claim alleges the Employee wilfully and without a claim of right breached the plaintiff’s right to privacy pursuant to the common law.

[63]        There is no common law tort of invasion or breach of privacy in British Columbia: Hung v. Gardiner, 2002 BCSC 1234 (affirmed 2003 BCCA 257) at para. 110; Bracken v. Vancouver Police Board, 2006 BCSC 189 at para. 28.

[64]        This status of the law was most recently affirmed by Mr. Justice Ball in Demcak v. Vo, 2013 BCSC 899:

[65]        Given the clear status of the law in British Columbia that the tort for invasion of privacy does not exist, it is “plain and obvious” that the claim for common law breach of privacy fails to disclose a reasonable claim. This claim will be struck.

[66]        I now turn to examine whether it is plain and obvious, assuming the facts pleaded are true, that the pleadings fail to disclose a reasonable cause of action in vicarious liability against ICBC with regard to the claim under the Act against the Employee.

[67]        I note that no issue was raised with respect to the plaintiff’s failure to name the Employee as a defendant. This issue has been addressed in other jurisdictions in favour of the plaintiff (Deciantis v. Toronto (City) Police Services Board, [2001] O.J. No. 2615 (S.C.) at para. 9; Jaman Estate v. Hussain (2000), 2000 CanLII 20689 (MB KB), 146 Man. R. (2d) 156 (Q.B.) at para. 8). I decline to make any findings on this particular issue. I am satisfied that this point was never raised by the parties and is therefore conceded.

[68]        An employer is vicariously liable for (1) employee acts authorized by the employer or (2) unauthorized acts so connected with the authorized acts that they may be regarded as modes of doing an authorized act. This is referred to as the “Salmond test” (referring to the Salmond and Heuston text, The Law of Torts, 19th ed. (London: Sweet & Maxwell, 1987)) and was upheld in Bazley v. Curry, 1999 CanLII 692 (SCC), [1999] 2 S.C.R. 534 at para. 10 (Bazley). In other words, vicarious liability is a strict form of liability for employers.

[69]        The plaintiff has alleged the violation of his privacy was an unauthorized act, engaging the second branch of the Salmond test.

[70]        The Supreme Court of Canada in Bazley outlined a two-part approach for determining whether vicarious liability should be imposed in circumstances of an unauthorized act (para. 15). First, a court should determine whether there are precedents that “unambiguously” determine whether the facts give rise to vicarious liability. If no precedents exist, the court must then determine whether vicarious liability should be imposed in light of the broader policy rationales behind strict liability.

[71]        With regard to the first part, the Court noted that generally three categories exist for precedents where vicarious liability has been found at para. 17:

[72]        After surveying the case law, the Court identified one unifying principle for the outcome of those decisions at para. 23:

[73]        The applicant submits “[t]here are no reported cases which determine the vicarious liability of an employer for an employee’s breach of privacy.” No cases were brought to my attention by the plaintiff.

[74]        I am satisfied that no precedents “unambiguously” determine whether vicarious liability should apply. However, as a word of caution, I observe the comment of Lewis Klar in his text Tort Law, 5th ed. (Toronto: Carswell, 2012) at 682 that vicarious liability has generally been rejected for cases of intentional and deliberate wrongdoing.

[75]        Turning to policy considerations, I note the Court in Bazley instructed the policy purposes underlying the imposition of vicarious liability are only served when the wrong is so connected with the employment that it can be said the employer has introduced the risk of the wrong. The question that must be posed is as follows “whether there is a connection or nexus between the employment enterprise and that wrong that justifies imposition of vicarious liability on the employer for the wrong, in terms of fair allocation of the consequences of the risk and/or deterrence” (para. 37).

[76]        The Court further instructed that when case precedent is inconclusive, the courts should be guided by the following principles in considering the policy rationale for applying vicarious liability at para. 41:

[77]        The plaintiff alleges that the wrongful acts of the Employee are sufficiently connected with ICBC’s ordinary course of business, justifying the imposition of vicarious liability.

[78]        As noted by the applicant, the only factor pleaded to establish “sufficiency of the connection” is the opportunity the enterprise afforded the Employee to abuse his or her power. ICBC suggests the other factors either do not exist or weigh against a finding of sufficient connection. While this may weaken the claim, it is not plain and obvious that the Amended Claim fails to disclose a reasonable claim in vicarious liability. Accepting the facts pleaded as true, the Employee as part of her employment duties was required to access the personal information of ICBC’s customers. Certainly, this authorization created an opportunity for the Employee to abuse her position of power.

[79]        I decline to strike the pleading in vicarious liability.

[80]        The plaintiff also claims against ICBC as follows:

[81]        The plaintiff clarified in his Application Response that this duty arises from the “legislative decree” found under s. 30 of FIPPA.

[82]        In R. v. Saskatchewan Wheat Pool, 1983 CanLII 21 (SCC), [1983] 1 S.C.R. 205 at 225 (Saskatchewan Wheat Pool), the Supreme Court of Canada held that breach of statute, where it has an effect upon civil liability (proof of standard of care), should be considered in the context of the general law of negligence. The Court declined to recognize a nominate tort of statutory breach.

[83]        Saskatchewan Wheat Pool was affirmed in Holland v. Saskatchewan, 2008 SCC 42 (CanLII), [2008] 2 S.C.R. 551 at para. 9. The Court went on to recognize at para. 14, however, that once a legislature decides to act, it may be liable in negligence for the manner in which it implements that decision:

[84]        While the plaintiff has attempted to cast s. 30 of FIPPA as a legislative decree, in substance, the plaintiff’s claim is that ICBC negligently failed to implement a statutory provision. It comes squarely within the rule in Saskatchewan Wheat Pool that the law has not recognized an action for negligent breach of statutory duty.

[85]        The plaintiff also relies on K.L.B. v. British Columbia, 2003 SCC 51 (K.L.B.), arguing “in K.L.B., the court upheld the Province’s direct liability arising from the breach of a duty imposed on it pursuant to the Protection of Children Act, R.S.B.C. 1960, c. 303”. However, K.L.B. dealt with circumstances that clearly fall within the category of operational acts in relation to particular foster care children that suffered abuse as a result of being placed in inadequate foster care homes.

[86]        It is plain and obvious therefore that the plaintiff has failed to disclose a reasonable claim for negligent protection of private information.

[87]        The claim in vicarious liability against ICBC in relation to the Employee’s alleged violation of the Act will not be struck. The remainder of the claims will be struck.

[88]        ICBC is entitled to costs.