THE ADVOCATE 837
VOL. 76 PART 6 NOVEMBER 2018
tery framework to the dissemination of a sex tape. Further, privacy advocates
have long argued that information should be treated in the same way
physical property is treated,34 which would support the use of a tort
designed to protect intangible property.
Gathering Information—The Dangerous “Substance”
Just as in Rylands v. Fletcher, where a large amount of water was gathered,
data brokers and other organizations collect information from a wide variety
of sources which is then stored indefinitely. This information is derived
from contest entries, surveys, apps, store and credit card purchases, and
countless other typical consumer transactions35 and is then retained, sold
and in many cases combined by data brokers.
Aggregated information not only raises the risk of identity theft and insecurity
but also perpetuates discrimination. It does this by allowing marketing
companies and scammers alike to target consumers based on
identifiable information that, by definition, has been synthesized into a
portrait. This results in a manipulation of possibly non-consensually disclosed
information in a way that increases danger to the individual it represents,
making this information “dangerous”.
Likely to Do Harm on Release
As evidenced by “sucker lists” mentioned above, identity thieves are more
able to successfully target their victims the more that is known about them.
Aggregated information has also been linked to fraudulent password
retrieval and foreclosure scams. Finally, information that is released is virtually
uncontainable and irretrievable, and the harmful effects may go on
The protection available to individuals who become victim to breaches of
their aggregated information is inadequate, and plaintiffs are often left
without a remedy. The use of the Rylands v. Fletcher framework may overcome
jurisdictional issues, for example where a consumer has a valid claim
against an organization under privacy legislation but is prevented from pursuing
this claim due to a forum selection clause. Use of the framework may
also step around the restrictive objective reasonableness standards imposed
by privacy legislation.
Safeguards for Potential Defendants
In June 2015 the federal Digital Privacy Act,36 which set out a framework for
reporting of data breaches in Canada, received royal assent. By order-incouncil
dated March 26, 2018, the provisions establishing this framework
came into effect on November 1, 2018. As a result, organizations are now
required to report to the Privacy Commissioner any breach of security safe-