The Federal Court recently released its second award of damages for a violation of PIPEDA in Landry v. Royal Bank of Canada, 2011 FC 687 (CanLII).1
The Federal Court recently released its second award of damages for a violation of PIPEDA in Landry v. Royal Bank of Canada, 2011 FC 687 (CanLII).
In this case, the client, Nicole Landry, was going through divorce proceedings. As part of the proceedings, Landry’s husband’s lawyer sent a subpoena to RBC ordering a bank employee to attend court with information on Landry’s accounts. The employee also faxed account statements to the husband’s lawyer without Landry’s consent. This was a violation of RBC’s own policies, which required the consent of an account holder before releasing information. The faxing of the documents directly to the husband’s lawyer was also a violation of the Personal Information Protection and Electronic Documents Act (PIPEDA), as it was outside the scope of the subpoena, which requested the documents for court records.
The disclosure of Landry’s account information exposed the fact that she had been concealing the existence of a personal bank account, contrary to her legal obligation to reveal all her assets in the divorce proceedings. Landry sued RBC, claiming its disclosure of information contrary to its policies and PIPEDA had caused her personal harm and humiliation.
The court agreed RBC’s disclosure of Landry’s account information directly to the husband’s lawyer violated PIPEDA. However, it also found the disclosure of the documents to the divorce court was proper under the subpoena. Regardless of the latter, however, the court said the PIPEDA violation was a serious error on the part of RBC.
The court found most of the humiliation and personal harm Landry suffered came from the release of the divorce settlement and her own secretive conduct. However, in recognition of the bank’s breach of her privacy, it awarded Landry a token amount of $4,500 in damages. She had asked for $100,000 in her claim.
RBC argued that it acted in good faith – conducting an internal investigation and re-training staff on following bank policy when faced with third party requests for personal information. The bank also argued that since the information would have been disclosed as a result of the subpoena, the customer did not suffer any harm as a direct result of the wrongful disclosure. The case brings into question whether, due to this precedent, companies will automatically face PIPEDA damage awards due to employee errors, despite reasonable efforts to avoid such breaches.
Though the decade-old PIPEDA allows for monetary damages for humiliation suffered as a result of a violation of the act, this is only the second time damages have actually been awarded. In 2010, the Federal Court awarded $5,000 to a client of a bank whose credit profile contained the credit history and personal information of someone else.1