This case involves an accident at QK Fitness (“QK”) when the plaintiff, Fatemeh Hosseinkhani (the “plaintiff”), tripped and fell on a dumbbell during a gym class. She sued QK for negligence. QK successfully brought a motion for summary judgment to dismiss the plaintiff’s action arguing that it could not be negligent for two reasons: because the plaintiff signed a waiver or, in the alternative, that the plaintiff was solely responsible for her accident. The plaintiff took the position that she had no opportunity to read the Agreement before she signed it, that no one brought the exclusion of liability clause to her attention when she signed it, and that the defendant failed in its duty of care to properly instruct the plaintiff on the safe use of round dumbbells.
The plaintiff joined QK in February 2014 on a one-year membership agreement. Upon joining, she was given a tour of the facility and, at its conclusion, was presented with an Agreement to sign. Clause 3.3 “Exclusion of Liability” appeared on the reverse side of the Agreement. This clause released QK from any liability for personal injury arising out a member’s participation in a program or use of the facilities and/or arising out of the negligence of QK. The plaintiff signed the Agreement.
On August 8, 2014 the plaintiff participated in an exercise class requiring the use of two dumbbells and a low step. She had been participating in this class about once every two weeks since joining the club. As there were not enough hexagonal plastic covered dumbbells, the plaintiff used a pair of circular metal dumbbells located in the room where the class was being taught. The plaintiff would usually use the hexagonal dumbbells, but had occasionally used the circular ones.
Some exercises involved using the step, others required the use of dumbbells and some required the use of both. About 20 minutes into the class, during an exercise requiring the step, and not the dumbbells, the plaintiff placed her dumbbells about 18 inches in front of her, on her right-hand side, as instructed by the fitness instructor. The plaintiff received no instructions on what type of dumbbells to use or how to place the dumbbells when they were not in use. The plaintiff was instructed to step off the step to her right. When she did so, she stepped on one, or both, of the dumbbells. She believes that one, or both, of the dumbbells rolled from their original position and caused her to fall. The plaintiff suffered a burst fracture of her T12 vertebrae.
Exclusion of Liability Clause
The court relied on the Court of Appeal decision Schnarr v Blue Mountain Resorts Limited, 2018 ONCA 313 which confirmed the ability of occupiers to obtain waivers or exclusions of liability under section 3(3) of the Occupiers Liability Act (“OLA”); however, to rely on such an exclusion of liability, the occupier must take “reasonable steps” to bring the restriction or exclusion to the attention of the person to whom the duty of care is owed, as set out in section 5(3) of the OLA. Reasonable steps may be apparent in the Agreement itself (ie) large instructions such as “PLEASE READ CAREFULLY” the exclusion of liability clause, red lettered instructions such as “THE CONDITIONS WILL AFFECT YOUR LEGAL RIGHTS INCLUDING THE RIGHT TO SUE OR CLAIM FOR COMPENSATION FOLLOWING AN ACCIDENT”, or having the person sign or initial the specific provision providing for the exclusion or restriction.
In this case, the court found that QK did none of these things and, therefore, failed to meet the requirement in section 5(3) of the OLA. On this basis, the defendant’s motion for summary judgment could not be satisfied. The court then went on to consider QK’s second argument, that it bore no responsibility for this accident.
Negligence on the Part of the Defendant
According to section 3 of the OLA, to succeed in a claim against QK, the plaintiff must pinpoint some act or failure on the part of QK that caused the plaintiff’s injury before liability can be established (see Hamilton v Ontario Corporation #2000533 o/a Toronto Community Housing Corporation, 2017 ONSC 5467). The presence of a hazard does not, in itself, lead to the conclusion that QK has breached its duty. QK is not required to take unrealistic or impractical precautions against known risks (see Drummond v The Cadillac Fairview Corp Ltd., 2018 ONSC 4509).
In the present case, the court noted there was no allegation that the round dumbbells were defective or inherently dangerous when properly used. Rather, the allegation was that the defendant failed to properly warn or instruct the plaintiff on their proper use. There is no evidence that round dumbbells are a known hazard. To the contrary, the evidence of the defendant was that they were routinely used by participants in the exercise class without incident.
The only issue left for the court was whether QK had a duty to instruct the plaintiff regarding the proper placement of the dumbbells when not in use. The plaintiff relied on the Miltenberg v Metro Inc., 2012 ONSC 1063 decision, where the plaintiff was injured after a tub of ice cream fell on her as she reached for the bottom of two tubs stacked on the top shelf of the freezer. In that case, the court held that to avoid liability, a person must exercise the standard of care that would be expected of an ordinary, reasonable and prudent person in the same circumstances. The court refused to accept the plaintiff’s argument that the defendant had a duty to warn customers that reaching for goods on the top shelf could cause injury. The court found that risk to be obvious. The court, in Miltenberg, also rejected the plaintiff’s argument that there should have been signs warning customers that items may fall from their placement on higher shelves as “customers do not need to be warned that ice cream containers or any item could fall on them if not gripped properly.”
The plaintiff, In the subject case, also relied on a couple of cases involving the standard of care to be exercised by school authorities when providing supervision and protection of students and tried to argue that the same duty of proper training and instruction was applicable to an exercise instructor at QK, a gym for adults. In rejecting this argument, as well, the court found that children require more supervision and instruction than adults. And, the cases the plaintiff relied on involved a child injured playing tackle football and a child who was injured while doing a somersault over a boxhorse as part of a gymnastics program. Both of these activities are inherently dangerous, an both require instruction and the progressive development of specific skills (see Thomas v Hamilton, 1994 CanLII 739; 20 OR (3d) 598 (C.A.) and Thornton v Board of School Trustees of School District No. 57, 1976 CanLII 1083 (BCCA),  S.W.R. 240, 73 D.L.R. (3d) 35 (BCCA).
In the subject case, the court found that the exercise activities involved were simple and the skills involved were rudimentary. Neither the exercises themselves nor the equipment used were inherently dangerous. There was no evidence that the round dumbbells represented an unusual hazard or that the defendant had any reason to believe that they were hazardous. There is no evidence that the round dumbells were not reasonably safe for the purpose for which they were intended. The evidence suggests they had been used thousands of times without incident.
More importantly, the court also found that a round dumbbell might roll is an obvious risk. An occupier does not have to warn an adult about obvious risks (see Jassal v Hilcox, 2016 ONSC 5523).
The court held that the plaintiff had not proven a case of negligence against the defendant for failure to warn her that a round dumbbell placed on the floor on its side could roll and granted summary judgment to the defendant. The plaintiff’s action was dismissed.
This decision clarifies the ability of occupiers to obtain waivers under the OLA so long as reasonable steps are taken to ensure the exclusion is brought to the attention of the person signing the waiver and that an occupier is not required to provide warnings about obvious risks.
Limitation periods continue to be a hot topic in the context of disability benefits. A recently released Divisional Court decision seems to have shed a little light on this matter. In Western Life Assurance Company v. Penttila, the insurer brought a summary judgment motion to dismiss the plaintiff’s claim due to being statute barred and out of time. The motion was denied. The insurer appealed the motion judge’s decision.
The relevant dates in this matter are as follows:
May 16, 2012 - the plaintiff was approved for long term disability benefits due to back problems.
February 19, 2013 – the insurer advised the plaintiff that her benefits would be denied as of March 7, 2013 due to a change in the definition of her disability. The insurer’s correspondence advised that she could appeal its decision by providing a written request for review along with supportive medical documentation.
April 8, 2013 – the plaintiff advised the insurer that she wished to appeal the denial, and provided further medical information.
November 13, 2013 - the insurer requested reports from two doctors from the plaintiff and advised: “upon receipt of all of the above requested information, we will complete our review of your appeal and advise you of the decision.”
The plaintiff provided the requested documentation. On October 21, 2014, the insurer advised that the file had been reviewed and that its position “remained unchanged.”
May 25, 2015 - the plaintiff requested a letter from the insurer that outlined its decision from its review of her file.
June 18, 2015 - the insurer sent a letter advising that it could not conclude on the basis of the information available that she was unable to perform her occupation and that benefits beyond March 6, 2013 remain declined.
June 6, 2016 - the plaintiff issued a Statement of Claim.
At the summary judgment motion, the insurer argued that the Statement of Claim was issued outside of the two year limitation period, which should have commenced as of either February 19, 2013 (the date of the denial letter) or March 7, 2013 (the initial termination date). The motion judge held that either October 21, 2014 (the date the insurer denied the plaintiff’s appeal) or June 18, 2015 (the date of the insurer’s final letter) were the applicable dates on which a reasonable person would have understood that a proceeding was a legally appropriate means to seek a remedy.
On appeal, the Divisional Court found that the motion judge was correct in holding that the triggering event for the commencement of the two-year limitation period was the date upon which it would be legally appropriate to commence legal proceedings to seek payment of disability benefits that the insurer refused to pay. Given that there was an agreed upon right to appeal the insurer’s denial directly to the insurer, it would be premature to commence legal proceedings until that process ran its course.
As a result, the Divisional Court upheld the Motion Judge’s decision, dismissed the summary judgment motion and awarded costs to the plaintiff.
This decision supports the idea that the limitation period for commencing a claim at Court in the disability context only begins to run once there is a final, clear, unequivocal denial of benefits. It also supports the idea that the limitation period only commences once it becomes “legally appropriate” to commence a Court proceeding. If there is another method of appeal that is either agreed upon or should reasonably be concluded prior to commencing a Court proceeding, the limitation period will likely commence only after that appeal process is completed.
This means that insurers should be very wary about providing open-ended rights to insureds to appeal the denial of disability benefits. The insurer should be able to demonstrate that a final decision was made and that the decision was communicated to the insured in a way that makes the denial clear and unequivocal.
Gabe Flatt has an insurance law practice that has focused exclusively on insurance defence for the past 8 years. He has developed an expertise in complex priority and loss transfer disputes as well as general coverage issues.
The Ontario Court of Appeal concurrently released two eagerly awaited decisions that speak to the interplay between tort damage awards and statutory accident benefits (SABs) under s. 267.8 of the Insurance Act in motor vehicle accident personal injury cases. Cadieux v. Cloutier addressed the deductibility of SABs paid before trial from tort damage awards, while Carroll v. McEwen dealt with the assignment of future SABs to the tort liability insurer.
In a nutshell, the five-judge panel hearing both of these cases held as follows:
The modern “silo” approach based on the three broad SABs categories (specified weekly benefits, health care benefits and other pecuniary benefits) is preferred over the strict “apples to apples” matching approach in relation to both the deduction and assignment of SABs from tort damage awards
SABs deductions are allocated between Defendants on the basis of each Defendant’s respective liability share (found to be a 50/50 split of the deduction in Cadieux)
There is no basis for making a temporal distinction between past and future SABs for the purpose of deductibility of SABs settlements from the tort damage award
Past SABs payments are deductible from the tort damage award even if those payments were made to third parties instead of the Plaintiff directly
SABs settlements are deductible from the tort award before factoring in the Plaintiff’s legal costs of SABs recovery, although those costs may be awarded to the Plaintiff in certain circumstances
The amendments to theInsurance Act concerning pre-judgment interest on general damages are procedural and apply retrospectively (as considered by MacFarland J.A. more thoroughly in the 2017 Court of Appeal Cobb and El-Khodr decisions)
1. Deductibility of Statutory Accident Benefits from Tort Damages
Cadieux v. Cloutier revolves around a 2006 motor vehicle accident involving a pedestrian (Cadieux) who got into an altercation with another pedestrian (Saywell). Saywell pushed the Plaintiff toward the road, causing him to stumble into the path of a truck being driven by the Defendant, Cloutier, causing a brain injury and multiple orthopaedic injuries. The Plaintiff claimed SABs from his no-fault insurer, Aviva, and also brought a tort action for damages against the Defendants. Before the trial, the Plaintiff settled his SABs claim with Aviva for $900,000 and also settled his tort claim against the Defendant truck driver, Cloutier, vis-à-vis a Pierringer agreement.
After a seven-week jury trial solely against the Defendant, Saywell, the jury awarded damages in excess of $2.3 million. The jury also apportioned liability equally amongst each of the parties involved: 1/3 against the Plaintiff and 1/3 against each of the Defendants, Cloutier and Saywell. Following the jury’s verdict, Saywell brought a motion dealing with several issues, including:
A. Should SABs deductibility be based on a strict “apples to apples” comparison of the items in the jury award against the SABs payments received, or is it sufficient that the tort award generally corresponds with the three SABs “silos”?
This issue arose because the jury did not make any specific award for the costs of future attendant care. Instead, the jury awarded over $700,000 for the future care costs of an ABI support worker, which related to medical/rehabilitation benefits – not attendant care benefits. Using an “apples to apples” approach, the Plaintiff argued that only the SABs settlement for medical/rehabilitation benefits ($250,000) should be deducted as opposed to the portion of SABs payments related to attendant care ($350,000). The Defendant, Saywell, argued that both medical/rehabilitation and attendant care benefits were captured within the silo of “health care” expenses and are properly deductible from the jury’s award for future care costs.
The trial judge favoured Saywell’s argument that SABs deductibility under s. 267.8(4) of the Insurance Act should be interpreted by applying the definition of “health care” under s. 224(1), which includes “all goods and services for which payment is provided by the medical, rehabilitation and attendant care benefits provided for in the SABs” (emphasis added).
The Court of Appeal five-judge panel unanimously upheld the trial judge’s preference for the “silo” approach to SABs deductibility, noting that he did not err in reducing the jury’s damage award by the SABs received by the Plaintiff for both medical/rehabilitation and attendant care benefits. According to the panel, the strict “apples to apples” matching approach complicates tort actions unnecessarily by focusing on irrelevant labels for heads of damages as opposed to simply matching the tort damage award to the corresponding SABs “silos” of (1) specified weekly benefits, (2) health care benefits and (3) other pecuniary benefits.
B. Is a tort Defendant entitled to deduct 100% of a SABs settlement, or is the deduction allocated amongst Defendants based on their respective share of liability?
Although the Insurance Act is silent on the apportionment of SABs deductions between two or more Defendants, the trial judge relied on the principles of equity and common sense to find that SABs deductions are allocated based on the liability proportion of each Defendant. If the non-settling tort Defendant were to enjoy a 100% reduction from his 1/3 share of damages, he would be unjustly enriched, which would deter pre-trial settlements. The Court of Appeal agreed, finding that the SABs deduction ought to be apportioned 50/50 as between the two Defendants.
2. Assignment of Future SABs to the Tort Liability Insurer
Carroll v. McEwen involved a pedestrian motor vehicle accident occurring in 2009. The Defendant driver/owner (the McEwens) carried $1 million in liability insurance with Aviva, so the Plaintiff also sued her own automobile insurer, Pilot, on the basis of the OPCF 44R endorsement under her policy and the underinsured motorist provisions of the Insurance Act.
Following a seven-week jury trial, the McEwens were found 62% liable, with the Plaintiff bearing 38% contributory negligence. The jury awarded damages in excess of $2.6 million net of the Plaintiff’s contributory negligence, including a lump sum award of over $2.2 million for the Plaintiff’s “future care costs”. The trial judge granted Aviva and Pilot a conditional order that if they paid the judgment in full, they would receive an assignment of the future medical/rehabilitation and attendant care SABs that the Plaintiff received from her no-fault insurer. This could potentially reduce Aviva and Pilot’s net liability in the event that the outstanding SABs payments were greater than the excess amount awarded after applying the combined $2 million liability coverage.
The Plaintiff appealed the conditional assignment order for the main reason that it violated the strict “apples to apples” matching principles identified in earlier case law.
For similar reasons outlined in Cadieux, the Court of Appeal ultimately dismissed the Plaintiff’s appeal. The Court disagreed with the approach of strict identification and matching between specific SABs benefits and damages for the identical head of damages awarded by the jury within the same silo. In their view, the “silo” approach adopted in Cadieuxshould equally apply to the assignment of future SABs. As the jury’s damages award for future care costs exclusively falls within the “health care” silo, the Court of Appeal found that the same was true of future SABs. As such, the trial judge did not err by ordering a conditional assignment of the future medical/rehabilitation and attendant care SABs available to the Plaintiff. The Court of Appeal also varied the conditional order by requiring the Plaintiff to disclose the amount of SABs received following the conclusion of the trial of the tort action.
These two important decisions deal with several complex issues in the motor vehicle litigation realm which make them worthy of paying attention to. Overall, the Court of Appeal has no doubt expressed strong support for the more modern “silo” approach as opposed to the strict “apples to apples” matching approach adopted under an earlier and very different legislative regime. At the end of the day, this means that the three broad categories or “silos” of SABs benefits are deductible from the corresponding tort damage award categories. The Court of Appeal has also adopted the same approach and reasoning in relation to the assignment of future SABs granted to tort liability insurers post-trial.
It is notable that the Court of Appeal found that the deductibility of SABs payments from tort awards does not warrant what has been described as the “complicated and cumbersome process” of matching heads of damages in tort to particular SABs benefits. So even if a jury neglects to make a specific tort damage award for “attendant care” expenses, SABs payments for attendant care benefits may still be deductible from the tort damage award for the reason that they are captured within the silo of “health care” as defined in s. 224(1) of the Insurance Act.
Thanks to Cadieux, we also now have another Court of Appeal decision which explicitly recognizes that the Insurance Act amendments regarding the calculation of pre-judgment interest on general damages are procedural in nature and that they apply retrospectively to accidents which took place before the amendments came into effect.
Krista has a diverse insurance law practice which focuses on bodily injury litigation, including general negligence/liability claims, motor vehicle accidents, commercial general liability, homeowners’ liability and occupiers’ liability, as well as priority/loss transfer disputes between insurers. Read more...
The Defendant, Ceeps-Barneys Limited (“the Ceeps”), is a popular pub / sports bar beloved by students of Western University (past and present). In this matter, the Ceeps brought a motion for summary judgment for a dismissal of the plaintiffs’ action against it, as well as a dismissal of the co-defendants cross-claims against it. The plaintiffs took the position that the Ceeps breached its common-law duty of care owed by a commercial host, as well as the statutory duty of care under the Liquor Licence Act and the Occupiers Liability Act, as the plaintiff was injured by the actions of its patrons. The Ceeps took the position that the evidence established that it was not liable.
On October 24, 2009, the co-Defendant brothers, Sean and Brenden Woods, were celebrating Brenden’s graduation. They had both consumed alcohol prior to arriving at the Ceeps on the night of the incident. A representative for the Ceeps confirmed that the brothers were asked to leave after Sean had consumed alcohol at the Ceeps and was visibly intoxicated. The representative advised that a taxi was not offered because Brenden did not appear to be intoxicated. The evidence was unclear on how much alcohol Brenden had consumed that day but Brenden agreed that he was not intoxicated when he voluntarily accompanied his brother out of the Ceeps.
The Ceeps had nine to twelve security officers on duty that night. One of them provided evidence that he saw Sean and Brenden leaving the bar around the same time that the plaintiff, who was stumbling down the street in an intoxicated manner, tried to hail a cab but was refused. Sean indicated he would take the cab and slapped the plaintiff on his back. The plaintiff wrongly interpreted the slap to be malicious and a scuffle ensued. The plaintiff kicked, punched and chased Sean, who eventually swung back. The supervisor of the Ceeps security team intervened in the fight. While doing so, Brenden came from behind the supervisor and struck the plaintiff in the face. Brenden admitted to running towards the fight, interpreting the plaintiffs clenched fists as possible further aggression and then punching the plaintiff. Sean had little memory of what happened.
The supervisor of the Ceeps security team’s evidence undermined Brenden’s interpretation of the incident. The supervisor recalled that he ran over to the scuffle and was focused on verbally calming the plaintiff down. He was able to do so for 15 to 20 seconds, without physically touching the plaintiff. He did not interpret any aggression from the plaintiff when he saw a fist coming over his left shoulder, striking the plaintiff’s face. The security video also confirmed the above events / evidence.
The plaintiff could not recall the altercation as his last memory of the night was being poured a drink at another bar up the street. He conceded that he was ejected from the bar and that his blood-alcohol level was significantly high when the ambulance arrived shortly after the above altercation.
The plaintiffs tendered expert reports to support their allegations of liability against the Ceeps. Their experts opined that the altercation could have been avoided if the Ceeps had met the industry-standards of having proactive and effective security measures in place. Namely, that the Ceeps served Sean alcohol and then failed to escort him out into a taxi / bus, failed to have adequate security present outside to prevent the altercation and failed to prevent Brenden from joining the fight.
The Court ultimately dismissed the Ceeps’ motion, finding that there was a genuine issue requiring a trial on whether the Ceeps’ breached its obligations under the Occupiers Liability Act since the altercation occurred on its own parking lot premises and as none of the Ceeps’ security members monitored Brenden or took steps to prevent him from joining the altercation.
The Court noted that whether something was “reasonably foreseeable” was an objective test, requiring an analysis that focuses on whether someone in the defendant’s position ought reasonably to have foreseen the harm prior to the incident occurring rather than whether the specific defendant did. This imposed a positive obligation on the Ceeps security staff which the Ceeps failed to establish they had discharged, in order to escape liability.
The Court also found that the issue of causation and foreseeability of the plaintiff’s injuries, as well as the plaintiff’s own contributory negligence, would be for the Court to decide based on all of the evidence, including what weight should attach to the plaintiffs’ expert evidence, since the defendants had not tendered their own expert evidence on the issue of liability.
The Court found that there would be no savings in terms of time or expense to resolve the liability issues between the plaintiff and other defendants, including the plaintiff’s own contributory negligence, if summary judgment is granted in favor of the one defendant, the Ceeps.
This decision indicates that summary judgment, on the issue of liability, is unlikely to be granted in a case involving multiple layers of liability and multiple parties. While it cannot be said with certainty that the outcome would have been different if the Ceeps had obtained a rebuttal report from their experts on the issue of liability, it certainly did not assist their position to have the plaintiffs’ expert evidence proceed uncontested.
Shalini defends insurance claims covering all aspects of general insurance liability including motor vehicle accidents, occupiers’ liability, slip and falls, as well as accident benefits litigation and arbitration and priority and loss transfer disputes.
I met Logan when we were presenters at a Cyber Security Conference in Toronto. Our interests intersected and we decided to enlighten business owners about cybersecurity developments in Canada. I am a lawyer practicing civil litigation with a keen interest in privacy law. Logan is a cybersecurity and threat intelligence consultant focusing on providing cybersecurity solutions to businesses. This article was begging to be written by us.
The New and Improved PIPEDA: What you need to know and what you need to do
By: Stanislav Bodrov (Strigberger brown Armstrong LLP) and Logan Wolfe (Gearhead Software)
Part 1 – The Amendment
It has become a bit of a jingle – “the question is not if your organization will get hacked, it’s when” – but Canadian lawmakers are taking this mentality seriously. There is a clear commitment in Canada to ensure that individuals retain power over their personal information; how it is used; and, most importantly, how it is protected by organizations.
Earlier this year, the EU passed the revolutionary General Data Protection Regulation (GDPR). On November 1, 2018, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) will be amended to include mandatory breach notification rules, which are similar to the provisions included in the GDPR. On an International scale, Canada is seen as a leader in personal data protection and the changes to the existing legislation further reinforces that image.
The amendment will require organizations to do three things:
Report data breaches to the Privacy Commissioner of Canada;
Notify the affected individuals who were affected by a data breach; and,
Keep records of every breach of security safeguards.
These requirements will apply to every organization that collects, uses, or discloses personal information in the course of commercial activities in Canada.
The drafters of the legislation prescribe targeted requirements. For instance, a “breach of security safeguards” is defined as a loss of, unauthorized access to, or unauthorized disclosure of personal information resulting from a breach of the organizations security safeguards. This type of breach ranges from an employee accessing a consumer’s personal information without authorization (i.e. bank teller accessing information of an ex-spouse to see what they were spending money on) to an outside hacker accessing the organization’s network through illicit means. All breaches of security safeguards must be recorded by the organization and are subject to review by the Privacy Commissioner of Canada.
However, not every breach will require the organization to notify the consumer and be reported to the Privacy Commissioner. Only those breaches that pose a real risk of “significant harm” will trigger these obligations. The current PIPEDA does not define the term “significant harm”. However, the new PIPEDA defines it as including bodily injury, humiliation, damage to reputation or relationships, loss of employment, identity theft, negative effects on the credit report and damages to or loss of property.
In the course of determining whether a breach will cause significant harm, the organization must balance a number of factors including the sensitivity of the personal information; the probability of the information being misused; and, other relevant factors specific to each case.
The Regulation states that the organization must give notification “as soon as feasible” after the breach is discovered. There is no definition of this phrase. However, considering the number of reactionary steps that must be taken by an organization, the notification need not be immediate (otherwise it would say so in the Regulation), but it must certainly be considered a top priority in the organization’s data breach response plan.
Failure to maintain records of breaches, report breaches to the Commissioner, and notify the affected user, can lead to penalties prescribed by PIPEDA. An organization guilty of such non-compliance will be subject to a fine of up to $100,000. This is in addition to the exposure associated with lawsuits initiated against the organization by the affected consumers and the legal costs associated with defending such actions.
Part 2 – PIPEDA v. GDPR: Similarities and Trends
The GDPR went into effect in May of this year and was immediately used as a basis for complaints against Facebook and Google. The GDPR, like PIPEDA, requires organizations to disclose to consumers when a company’s security mechanisms have been breached. It also requires the organization to disclose to its consumers how their information is going to be used, all in an effort to revert power over personal information back to the individual providing it.
One of the prevalent similarities between the two pieces of legislation is the territorial application of the laws. Specifically, organizations that conduct business in Canada will be subject to PIPEDA as well as the GDPR, if that organization is accessible in the European market. As such, the organization will be required to pay fines prescribed in the GDPR for non-compliance. The GDPR fines are much more severe than those in PIPEDA – up to €20 million or four percent of the organization’s annual global turnover. Similar to PIPEDA, the fines are discretionary and are levied based on the blameworthiness of the organization; the sensitivity of the information breached; and, number of other applicable factors.
Some sources note that reported breaches to the Information Commissioner’s Office in the UK, quadrupled within a month of the GDPR’s implementation1, other sources report a doubling in reporting2. Regardless, one thing is clear, organizations suffered breaches significantly more than they were reporting prior to the implementation of the GDPR. In September, Fieldfisher, a law firm in the UK, reported a ten-fold increase in security breach cases since the implementation of the GDPR.3
If history is any indicator, it is likely that a similar trend will follow in Canada with the passing of the PIPEDA amendments. Companies will be exposed to not just the fines prescribed in the legislation, but also the insipient legal actions that will be based on negligence and violation of privacy.
In essence, the Regulations are forcing organizations to owe a duty of care to their consumers. Implementing effective cyber security strategies to avoid significant financial devastation will be vital to a business’ success, while failure to do so will result in significant legal and financial exposure.
Part 3 – Cyber Security Strategies
Security safeguard requirements vary based on the sensitivity of data. However, as a rule of thumb, a strategy’s end goal is protecting personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held.
The nature of the safeguards will depend on a variety of factors including the sensitivity of the information that has been collected; the amount, distribution, format of the information; and, the method of storage. Implementing these safeguards will affect an organization’s reputation. In the event of a data breach and the resulting mandatory incident disclosure to affected customers and third parties, an organization will be forced to demonstrate that adequate security measures were implemented and the organization leadership met the requisite standard to protect its affiliates.
Realistically, risk cannot be reduced to zero without reducing the usefulness of the asset - the goal is to find an acceptable balance between protection and usability. That said, more sensitive information should be safeguarded by a higher level of protection, which will typically decrease the usability of that information. Various types and levels of security controls are vital to a business’ cyber security success, these include:
Physical measures (CCTV, locks, access cards, restricted access to premises);
Finally, having a detailed data breach response and business continuity plans will make all the difference in the event of a security incident. These plans cover all preparatory and reactionary steps in case of a breach in great detail. The plans ought to include tiered impact analysis; automated backups; load balancing and IT-focused forensics procedures focusing on determining affected areas and containing damage; escalation and notification practices; mitigation steps; lessons learned; high-level financial and technical reporting; recovery procedures; designated first responders; loss control; and, reputation management.
Data breach response plans are no longer optional – they are mandatory. Organizations will be responsible to ensure that their customer’s data is protected with a strategy that meets the standard of care prescribed by the cyber security industry. Additionally, organizations will be required to report breaches to the Privacy Commissioner; inform users of a breach; and, maintain detailed records of all security safeguards breaches. Failure to comply with these requirements may result in significant fines levied pursuant to the amended PIPEDA and/or the European GDPR.
Organizations must ensure to not only have a sufficient preventative mechanism but also a requisite reactionary plan. This includes having a cybersecurity agency on-call to follow a response plan and a competent lawyer to minimize an organization’s exposure in legal actions. Cyber liability insurance policies play a vital role in covering the costs of both services based on your own choosing.
Stas practices in insurance-related litigation. He has a broad range of experience including tort claims, accident benefits, subrogation, priority and loss transfer disputes, WSIB matters, and fraudulent claims. Read more...
Long-term disability (“LTD”) coverage is often a key benefit employees derive from their employment. LTD benefits can provide significant security to employees in the form of income continuation when they are disabled due to an illness or injury. I previously talked about some misconceptions that employers may have regarding LTD benefits, here. Today we deal with some common misconceptions that employees may have with LTD benefits.
Misconception #1: An Employer is not entitled to know why I am off work
Generally speaking, if an employee is taking a sick day or two, an employer is not entitled to ask for specifics, such as a diagnosis. In fact, the recent amendments to the Employment Standards Act 2000 brought in by Bill 148 explicitly prohibit the requirement for a doctor’s note when making use of Personal Emergency Leave. However, when employees are off work for an extended period of time, their employers become entitled to obtain further information. Generally this may mean an employee has to provide a diagnosis and details of their general functional abilities for the purposes of determining proper accommodation. In the extreme cases, Ontario’s Divisional Court has ruled that under the Ontario Human Rights Code employers are entitled to request that an employee undergo an independent medical examination as part of the duty to accommodate, provided the medical information required by the employer cannot reasonably be obtained from the employee’s treating practitioner.
Practically speaking, it is in the employee’s best interest to keep the employer in the loop. The employer and the LTD carrier are entitled to updates on an employee’s condition and their ability to return to work, within reasonable limits. A failure to communicate with the employer about an employee’s medical status may lead to an eventual claim for frustration of contract, as we discussed in a previous blog, here.
Misconception #2: The Employer and LTD Carrier have the obligation to obtain updated information
While most employers and LTD carriers will take the initiative to check in with an injured employee, ultimately, it is the employee’s responsibility to ensure they are providing sufficient information to satisfy the policy definition for disability.
LTD carriers require information in order to appropriately adjudicate a file. That information comes from the employee and their treatment team. As a recipient of LTD benefits, an employee has an obligation to provide ongoing information to the LTD carrier. In fact, many disability definitions require that the employee be under the continuous care of a physician in order to qualify for benefits. If an employee fails to provide the required information, the carrier may be entitled to terminate entitlement to benefits on the basis that there is insufficient information to determine their ongoing disability.
Where a medical picture is particularly complex or prolonged, many LTD policies allow the LTD carrier to arrange their own independent medical examination to determine an employee’s ongoing eligibility.
Misconception #3: An employee cannot be terminated while on disability and does not have to return to work unless they are 100% recovered
Just like employers have a duty to accommodate, employees have a duty to participate in reasonable accommodation attempts. If employers can provide modified meaningful work to an injured employee, the employee may be required to attempt a return to work. Many LTD policies will have provisions regarding “rehabilitation programs” which allow for gradual returns. Employees who fail to comply with these provisions may find themselves in violation of the Policy.
Similarly, an employee can be terminated while receiving LTD benefits, so long as their disability did not form part of the basis for the termination. As an example, during a factory shut down. However, it is worth noting that employees in this situation may still be entitled to pay in lieu of notice rather than “working notice.” Additionally, in some cases employees can be terminated on the basis that their disability has made it impossible to complete their contract of employment, resulting in frustration of contract. While each case is unique, an employer who is capable of showing there was no reasonable likelihood of the employee returning to work within the foreseeable future may have a valid claim for frustration, as seen in Roskraft v. RONA Inc. In a valid frustration scenario, employers are entitled to consider the contract at an end and employees will only be entitled to the minimum statutory payments required under the Employment Standards Act, 2000.
Conclusion: Avoiding Disputes Through Collaboration
When dealing with an injured employee, benefit entitlement, accommodation, and potential termination of employment are areas of significant risk and concern for all parties involved. Early, often, and accurate information exchange can bust many of the myths in these complex multi-party disability situations. The overlap of contractual, statutory and common law obligations between the three parties make the management of long-term disability claims particularly complex. If an employee fails to take positive steps to advise their employer of their situation or cooperate with the LTD carrier, they may find themselves on the receiving end of a claim for frustration or abandonment.
Devan Marr’s practice has focused on bodily injury, long term disability, statutory accident benefits, and employment claims.