SlideShare a Scribd company logo

Cyber class action claims at an inflection point

Download as PPTX, PDF
Dan Michaluk
Dan Michaluk

Presentation to Canadian insurance defence counsel and insurance professionals and adjusters.

Law
1 of 11
Presented By CICMA cyber security Update Dan Michaluk October 18, 2021
o Self-regulatory organization oversees all investment dealers o Laptop with unencrypted data left of subway in 2013 – never found o Estimated 48,000 affected individuals o Robust, transparent response by the organization o Plaintiff a victim of identity theft o Claimed compensatory damages (actual attempted fraud plus anxieties) and punitive damages based on response Lamoreaux The first class action merits decision 2
o No compensable damages proven • Normal anxiety associated with receiving a notification is not compensable • Testimony provided (translation) “few details, concrete facts or significant manifestations of their psychological states” • No causation proven regarding identity theft – some evidence that plaintiff’s social insurance number and driver’s license were not even ever received by defendant from his brokerage • Defendant provided necessary protective measures Lamoreaux The first class action merits decision 3
o No punitive damages - response exemplary • conducted investigations and carried out internal checks • promptly informed the police • retained a firm of consultants as quickly as possible to perform forensic investigation • notified the privacy commissions concerned of the loss • notified the brokerage firms having investors concerned about the situation • notified the class members concerned of the loss of their personal information, by means of bilingual letters • published a press release announcing the loss • informed class members that it was unaware of any identity theft Lamoreaux The first class action merits decision 4
o Ontario cases are about the scope of liability for the common law privacy torts, which give access to moral damages o In negligence, no harm means no foul o Privacy torts are intentional, so the wrong arises from the act alone, and one who is reckless has bad intent o Defendant attacked in 2017 via exploit of web application vulnerabilities o Announced as affecting 100,000 Canadians, 20,000 ultimately notified Owsianik Big wins for defendants in Ontario 5
o Div. Ct. overturns intrusion upon seclusion certification decision o “The intrusion need not be intentional; it can be reckless. But it still has to be an intrusion. It is the intrusion that has to be intentional or reckless and the intrusion that has to be highly offensive. Otherwise the tort assigns liability for a completely different category of conduct, a category that is adequately controlled by the tort of negligence.” o Leave to appeal to Ont. CA granted last month Owsianik Big wins for defendants in Ontario 6
o About the theft of credit card application data by a former employee of a bank’s cloud service provider – alleged to have used her understanding to conduct exploits o “A failure to prevent an intrusion, even a reckless failure to prevent, is not an intrusion.” o No vicarious liability either - “absurd and unfair” to impose liability on a defendant for the actions of a former employee o Contractual claims failed based on the contract terms Thompson Big wins for defendants in Ontario 7
o The Lamoreaux and Owsianik defences are critical to the outcome the privacy class action “dialogue” o The Lamoreaux case provides good practical guidance for responders o This cynic’s view - all the harm flows from notification alone o We therefore must notify based on the facts and evidence – never, never notify because there’s a speculative risk of unauthorized access or theft o Yes, there is mischief, which is why we will see logging regulation come into force in the next five years – e.g. PHIPA We are at an inflection point Where does that leave us? 8
o If class actions prove themselves to be the wrong means of enabling justice, will there be alternatives o Ontario has posed an administrative compensation regime in its privacy reform materials o Questions • Will it be exclusive? • Will it be capped New administrative compensation regime? Keep an eye on Ontario 9
Questions? Questions?
For more information, contact: The information contained herein is of a general nature and is not intended to constitute legal advice, a complete statement of the law, or an opinion on any subject. No one should act upon it or refrain from acting without a thorough examination of the law after the facts of a specific situation are considered. You are urged to consult your legal adviser in cases of specific questions or concerns. BLG does not warrant or guarantee the accuracy, currency or completeness of this presentation. No part of this presentation may be reproduced without prior written permission of Borden Ladner Gervais LLP. © 2020 Borden Ladner Gervais LLP. Borden Ladner Gervais is an Ontario Limited Liability Partnership. Thank You Dan Michaluk Partner 416.367.6097 dmichaluk@blg.com

Recommended

The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacyDan Michaluk
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationDan Michaluk
 
Union access to information
Union access to informationUnion access to information
Union access to informationDan Michaluk
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOIDan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Dan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public bodyDan Michaluk
 
The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resourceDan Michaluk
 

Recommended

The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacyDan Michaluk
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationDan Michaluk
 
Union access to information
Union access to informationUnion access to information
Union access to informationDan Michaluk
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOIDan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Dan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public bodyDan Michaluk
 
The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resourceDan Michaluk
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Dan Michaluk
 
Studentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceStudentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceDan Michaluk
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013Dan Michaluk
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayDan Michaluk
 
Privacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updatePrivacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updateDan Michaluk
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Ethisphere
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksThis account is closed
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesMeg Weber
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Accellis Technology Group
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Mandatory data breach notification for Australia
Mandatory data breach notification for AustraliaMandatory data breach notification for Australia
Mandatory data breach notification for AustraliaPatrick Dwyer
 
Professionalism and Civility in Electronic Discovery
Professionalism and Civility in Electronic DiscoveryProfessionalism and Civility in Electronic Discovery
Professionalism and Civility in Electronic DiscoveryParsons Behle & Latimer
 
File000167
File000167File000167
File000167Desmond Devendran
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
Ee defamation prejudice
Ee defamation prejudiceEe defamation prejudice
Ee defamation prejudiceDan Michaluk
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesEvents2018
 
LS IDT 2014
LS IDT 2014LS IDT 2014
LS IDT 2014Gabriel Avalos
 
Idt
IdtIdt
IdtSpringboard
 

More Related Content

What's hot

Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Dan Michaluk
 
Studentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceStudentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceDan Michaluk
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013Dan Michaluk
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayDan Michaluk
 
Privacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updatePrivacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updateDan Michaluk
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Ethisphere
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksThis account is closed
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesMeg Weber
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Accellis Technology Group
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Mandatory data breach notification for Australia
Mandatory data breach notification for AustraliaMandatory data breach notification for Australia
Mandatory data breach notification for AustraliaPatrick Dwyer
 
Professionalism and Civility in Electronic Discovery
Professionalism and Civility in Electronic DiscoveryProfessionalism and Civility in Electronic Discovery
Professionalism and Civility in Electronic DiscoveryParsons Behle & Latimer
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
Ee defamation prejudice
Ee defamation prejudiceEe defamation prejudice
Ee defamation prejudiceDan Michaluk
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesEvents2018
 

What's hot (20)

Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice
 
Studentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceStudentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus Violence
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys today
 
Privacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updatePrivacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal update
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
Rules of Professional Conduct and Cybersecurity presented by Accellis Technol...
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Mandatory data breach notification for Australia
Mandatory data breach notification for AustraliaMandatory data breach notification for Australia
Mandatory data breach notification for Australia
 
Professionalism and Civility in Electronic Discovery
Professionalism and Civility in Electronic DiscoveryProfessionalism and Civility in Electronic Discovery
Professionalism and Civility in Electronic Discovery
 
File000167
File000167File000167
File000167
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMS
 
Ee defamation prejudice
Ee defamation prejudiceEe defamation prejudice
Ee defamation prejudice
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
 

Similar to Cyber class action claims at an inflection point

Resolving Consumer Identity Theft for Foster Youth 2013 Edition
Resolving Consumer Identity Theft for Foster Youth 2013 EditionResolving Consumer Identity Theft for Foster Youth 2013 Edition
Resolving Consumer Identity Theft for Foster Youth 2013 Edition- Mark - Fullbright
 
Bringing together a strategic plan to manage a major insurance incident
Bringing together a strategic plan to manage a major insurance incidentBringing together a strategic plan to manage a major insurance incident
Bringing together a strategic plan to manage a major insurance incidentBrowne Jacobson LLP
 
Child Identity Theft LegalShield Business Solutions
Child Identity Theft LegalShield Business SolutionsChild Identity Theft LegalShield Business Solutions
Child Identity Theft LegalShield Business Solutionslegalshieldofficial
 
West Point ID Theft and FCRA Presentation updated
West Point ID Theft and FCRA Presentation updatedWest Point ID Theft and FCRA Presentation updated
West Point ID Theft and FCRA Presentation updatedAdam Singer
 
Experience, Expertise, and Preparation: Keys to a Successful Workers' Compen...
Experience, Expertise, and Preparation: Keys to a Successful Workers' Compen...Experience, Expertise, and Preparation: Keys to a Successful Workers' Compen...
Experience, Expertise, and Preparation: Keys to a Successful Workers' Compen...NationalUnderwriter
 
Encouraging Internal Compliance Communication Webinar
Encouraging Internal Compliance Communication WebinarEncouraging Internal Compliance Communication Webinar
Encouraging Internal Compliance Communication WebinarCase IQ
 
Juvenile Expungement Presentation to The Chicago Community Trust
Juvenile Expungement Presentation to The Chicago Community TrustJuvenile Expungement Presentation to The Chicago Community Trust
Juvenile Expungement Presentation to The Chicago Community TrustSmart Chicago Collaborative
 
Reclaiming Your Identity: 10 Steps To Recovery
Reclaiming Your Identity: 10 Steps To RecoveryReclaiming Your Identity: 10 Steps To Recovery
Reclaiming Your Identity: 10 Steps To Recoveryjonmcdowall
 
Whistleblowers on Wall Street: A Guide to SEC Whistleblower Rewards and Prote...
Whistleblowers on Wall Street: A Guide to SEC Whistleblower Rewards and Prote...Whistleblowers on Wall Street: A Guide to SEC Whistleblower Rewards and Prote...
Whistleblowers on Wall Street: A Guide to SEC Whistleblower Rewards and Prote...John Howley, Esq.
 
IDSHield Services and Features
IDSHield Services and FeaturesIDSHield Services and Features
IDSHield Services and FeaturesAntonio Muniz Olan
 
Identity Theft It's Devasting Impact
Identity Theft It's Devasting ImpactIdentity Theft It's Devasting Impact
Identity Theft It's Devasting ImpactRob Taylor
 
ID Theft Final Oct 2015
ID Theft Final Oct 2015ID Theft Final Oct 2015
ID Theft Final Oct 2015James Kane
 

Similar to Cyber class action claims at an inflection point (20)

LS IDT 2014
LS IDT 2014LS IDT 2014
LS IDT 2014
 
Idt
IdtIdt
Idt
 
Resolving Consumer Identity Theft for Foster Youth 2013 Edition
Resolving Consumer Identity Theft for Foster Youth 2013 EditionResolving Consumer Identity Theft for Foster Youth 2013 Edition
Resolving Consumer Identity Theft for Foster Youth 2013 Edition
 
Bringing together a strategic plan to manage a major insurance incident
Bringing together a strategic plan to manage a major insurance incidentBringing together a strategic plan to manage a major insurance incident
Bringing together a strategic plan to manage a major insurance incident
 
Child Identity Theft LegalShield Business Solutions
Child Identity Theft LegalShield Business SolutionsChild Identity Theft LegalShield Business Solutions
Child Identity Theft LegalShield Business Solutions
 
HIPAA 2015 webinar
HIPAA 2015 webinarHIPAA 2015 webinar
HIPAA 2015 webinar
 
West Point ID Theft and FCRA Presentation updated
West Point ID Theft and FCRA Presentation updatedWest Point ID Theft and FCRA Presentation updated
West Point ID Theft and FCRA Presentation updated
 
Watch Your Step on the Internet!
Watch Your Step on the Internet! Watch Your Step on the Internet!
Watch Your Step on the Internet!
 
Experience, Expertise, and Preparation: Keys to a Successful Workers' Compen...
Experience, Expertise, and Preparation: Keys to a Successful Workers' Compen...Experience, Expertise, and Preparation: Keys to a Successful Workers' Compen...
Experience, Expertise, and Preparation: Keys to a Successful Workers' Compen...
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
 
Encouraging Internal Compliance Communication Webinar
Encouraging Internal Compliance Communication WebinarEncouraging Internal Compliance Communication Webinar
Encouraging Internal Compliance Communication Webinar
 
Juvenile Expungement Presentation to The Chicago Community Trust
Juvenile Expungement Presentation to The Chicago Community TrustJuvenile Expungement Presentation to The Chicago Community Trust
Juvenile Expungement Presentation to The Chicago Community Trust
 
Reclaiming Your Identity: 10 Steps To Recovery
Reclaiming Your Identity: 10 Steps To RecoveryReclaiming Your Identity: 10 Steps To Recovery
Reclaiming Your Identity: 10 Steps To Recovery
 
Whistleblowers on Wall Street: A Guide to SEC Whistleblower Rewards and Prote...
Whistleblowers on Wall Street: A Guide to SEC Whistleblower Rewards and Prote...Whistleblowers on Wall Street: A Guide to SEC Whistleblower Rewards and Prote...
Whistleblowers on Wall Street: A Guide to SEC Whistleblower Rewards and Prote...
 
IDSHield Services and Features
IDSHield Services and FeaturesIDSHield Services and Features
IDSHield Services and Features
 
Identity Theft It's Devasting Impact
Identity Theft It's Devasting ImpactIdentity Theft It's Devasting Impact
Identity Theft It's Devasting Impact
 
Minors & ID Theft
Minors & ID TheftMinors & ID Theft
Minors & ID Theft
 
ID Theft Final Oct 2015
ID Theft Final Oct 2015ID Theft Final Oct 2015
ID Theft Final Oct 2015
 
Senior Audience Presentation
Senior Audience PresentationSenior Audience Presentation
Senior Audience Presentation
 
ASIS Phoenix February Presentation
ASIS Phoenix February PresentationASIS Phoenix February Presentation
ASIS Phoenix February Presentation
 

More from Dan Michaluk

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxDan Michaluk
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityDan Michaluk
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Dan Michaluk
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateDan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coachDan Michaluk
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boardsDan Michaluk
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidenceDan Michaluk
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeDan Michaluk
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Dan Michaluk
 
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityStudent Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityDan Michaluk
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breachDan Michaluk
 
Cacuss 2015 sexual violence
Cacuss 2015 sexual violenceCacuss 2015 sexual violence
Cacuss 2015 sexual violenceDan Michaluk
 
Responding to Data Breaches
Responding to Data BreachesResponding to Data Breaches
Responding to Data BreachesDan Michaluk
 

More from Dan Michaluk (17)

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coach
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boards
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidence
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and Practice
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
 
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityStudent Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breach
 
Cacuss 2015 sexual violence
Cacuss 2015 sexual violenceCacuss 2015 sexual violence
Cacuss 2015 sexual violence
 
Responding to Data Breaches
Responding to Data BreachesResponding to Data Breaches
Responding to Data Breaches
 

Recently uploaded

VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSDr. Oliver Massmann
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfDrNiteshSaraswat
 
Role and Responsibilities of Mediator and Approach
Role and Responsibilities of Mediator and ApproachRole and Responsibilities of Mediator and Approach
Role and Responsibilities of Mediator and Approach2020000445musaib
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxAdityasinhRana4
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书Fir sss
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书SD DS
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书SD DS
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791BlayneRush1
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxAbhishekchatterjee248859
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaAbheet Mangleek
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书Fir sss
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesHome Tax Saver
 
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书SD DS
 

Recently uploaded (20)

VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdf
 
Role and Responsibilities of Mediator and Approach
Role and Responsibilities of Mediator and ApproachRole and Responsibilities of Mediator and Approach
Role and Responsibilities of Mediator and Approach
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptx
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptx
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in India
 
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Serviceyoung Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax Rates
 
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
 

Cyber class action claims at an inflection point

  • 1. Presented By CICMA cyber security Update Dan Michaluk October 18, 2021
  • 2. o Self-regulatory organization oversees all investment dealers o Laptop with unencrypted data left of subway in 2013 – never found o Estimated 48,000 affected individuals o Robust, transparent response by the organization o Plaintiff a victim of identity theft o Claimed compensatory damages (actual attempted fraud plus anxieties) and punitive damages based on response Lamoreaux The first class action merits decision 2
  • 3. o No compensable damages proven • Normal anxiety associated with receiving a notification is not compensable • Testimony provided (translation) “few details, concrete facts or significant manifestations of their psychological states” • No causation proven regarding identity theft – some evidence that plaintiff’s social insurance number and driver’s license were not even ever received by defendant from his brokerage • Defendant provided necessary protective measures Lamoreaux The first class action merits decision 3
  • 4. o No punitive damages - response exemplary • conducted investigations and carried out internal checks • promptly informed the police • retained a firm of consultants as quickly as possible to perform forensic investigation • notified the privacy commissions concerned of the loss • notified the brokerage firms having investors concerned about the situation • notified the class members concerned of the loss of their personal information, by means of bilingual letters • published a press release announcing the loss • informed class members that it was unaware of any identity theft Lamoreaux The first class action merits decision 4
  • 5. o Ontario cases are about the scope of liability for the common law privacy torts, which give access to moral damages o In negligence, no harm means no foul o Privacy torts are intentional, so the wrong arises from the act alone, and one who is reckless has bad intent o Defendant attacked in 2017 via exploit of web application vulnerabilities o Announced as affecting 100,000 Canadians, 20,000 ultimately notified Owsianik Big wins for defendants in Ontario 5
  • 6. o Div. Ct. overturns intrusion upon seclusion certification decision o “The intrusion need not be intentional; it can be reckless. But it still has to be an intrusion. It is the intrusion that has to be intentional or reckless and the intrusion that has to be highly offensive. Otherwise the tort assigns liability for a completely different category of conduct, a category that is adequately controlled by the tort of negligence.” o Leave to appeal to Ont. CA granted last month Owsianik Big wins for defendants in Ontario 6
  • 7. o About the theft of credit card application data by a former employee of a bank’s cloud service provider – alleged to have used her understanding to conduct exploits o “A failure to prevent an intrusion, even a reckless failure to prevent, is not an intrusion.” o No vicarious liability either - “absurd and unfair” to impose liability on a defendant for the actions of a former employee o Contractual claims failed based on the contract terms Thompson Big wins for defendants in Ontario 7
  • 8. o The Lamoreaux and Owsianik defences are critical to the outcome the privacy class action “dialogue” o The Lamoreaux case provides good practical guidance for responders o This cynic’s view - all the harm flows from notification alone o We therefore must notify based on the facts and evidence – never, never notify because there’s a speculative risk of unauthorized access or theft o Yes, there is mischief, which is why we will see logging regulation come into force in the next five years – e.g. PHIPA We are at an inflection point Where does that leave us? 8
  • 9. o If class actions prove themselves to be the wrong means of enabling justice, will there be alternatives o Ontario has posed an administrative compensation regime in its privacy reform materials o Questions • Will it be exclusive? • Will it be capped New administrative compensation regime? Keep an eye on Ontario 9
  • 11. For more information, contact: The information contained herein is of a general nature and is not intended to constitute legal advice, a complete statement of the law, or an opinion on any subject. No one should act upon it or refrain from acting without a thorough examination of the law after the facts of a specific situation are considered. You are urged to consult your legal adviser in cases of specific questions or concerns. BLG does not warrant or guarantee the accuracy, currency or completeness of this presentation. No part of this presentation may be reproduced without prior written permission of Borden Ladner Gervais LLP. © 2020 Borden Ladner Gervais LLP. Borden Ladner Gervais is an Ontario Limited Liability Partnership. Thank You Dan Michaluk Partner 416.367.6097 dmichaluk@blg.com

Editor's Notes

  1. Nice to be here This is return performance In the past I've given practical advice on threat environment, defence and incident response This time I actually have some new law to talk about So I'll do that And give you an update on legal developments   -first class action decision on its merits   -two Ontario cases   -a buried issue in 
  2. -we're about 10 years into our data seucirty and prrivacy class action experience -finally had our first decision on the merits … -quebec -Lamoreaux and Investment Industry Regulatory Organization of Canada  … -simple scenario -good facts, good law -lost laptop, unencrypted      -most beign scenario      -no evidence of any malicious actor  -lots of data, 48,000 affected individuals … -rep plaintiff victim of identity theft     -tort lawyers – causation -nontheless claimed these damages
  3. -Feb 2021 judgement – Quebec Superior Court – 2021 QCCS 1093 … two points -anxiety -more closely connecte to the loss -but draws on the common law of negligence – mustapha v culligan -damages for the ordinary anxities of life are not compensable -not suprising but imporatnt -only damages that can get over the causation burden of proof is the damaged caused when one opens the letter … -actual damage, from identity theft is not proven -very hard to prove that  -here we had rebuttal ifnormation …. -make a point IIROC provided creidt monitoring -one years -suggestion is that this would have been compensale had it not been provided
  4. -no punitive damages  -response was exmplary -checklist like endorsement … -informed the police -court proably views that as mitigation of harms to affected individuals -cynical view is that isn't warranted -but if a court is going to view it that we... got to do it … Reporting to law enforcmenet and sharing threat iformation Is a big topic today Don't think it will mitigate harm to affected But it will helpin the long run
  5. -Lamoreaux is a civil code claim, but behaves like a neglience claim … -common law jurisdictions  -intentional privcy torts -access to moral or presumed damages -don't suffer from the causation problem that a negligence claim will almost certainly fail about … -but they are intentional torts -question about what that means -and whether the courts are willing to weed out claims alleging intentional conduct at the certification stage … -common and classic negligence scenario here - Equifax -stilen information -bad actor infoved
  6. June 2021 decision – appeal of a cert decision – divi court -this is not intentional enough to warrant certification on this cause of action -really imporatnt point -if you take away intrusion claim -an neglience is going to run in to mustapha -what's really left? -looking at contractual claims, but contractual claims can be limited
  7. -this is exactly what happened in Thompson – Captial One incident … -justice perrell make same finding as in equfax -more heafily articulated … -one scenario that will run you into another legal issue is an insider  -insider is intentional -perell deals with that too -huge issue -favorable finding