Privacy & Security
Lawyers take privacy action against NWT government
September 11, 2019
YELLOWKNIFE, NT – A group of law firms plans to file a statement of claim with the Supreme Court of the Northwest Territories, and launch a representative action on behalf of thousands of people who suffered a loss of personal health information.
The territory doesn’t have class action legislation, so the lawyers plan to “go old school” and use a representative action, which is a similar tool. The lawsuit could apply to tens of thousands of people and will resemble a class action, said Steven Cooper (pictured), one of the lawyers involved.
According to CBC News, the action will cover several breaches, including the theft of a laptop containing health data for 80 percent of N.W.T. residents and a breach in which hundreds of confidential documents appeared in a banker’s box at the Fort Simpson dump.
Cooper says the territorial government won’t be deterred by a $10,000 fine. “The government the Northwest Territories, as the keeper of the sacred information, is only going to take notice when punitive damages are in the millions, because it’s going to hurt them. They have to be hurt. They have to feel the economic pain,” said Cooper.
Cooper Regal, Guardian Law and Edmonton-based firm James H. Brown & Associates have been working independently on the N.W.T. breaches. They realized they were pursuing similar claims and joined forces.
Their representative plaintiff is from Fort Simpson and will be named in the initial statement of claim.
Confidential information about patients’ mental health, drug use, applications for treatment and detailed notes from counselling appeared at the Fort Simpson dump in December 2018.
The territorial Health and Social Services Department has seen other notable breaches. There was a lost, unencrypted USB stick with 4,000 patients’ information on it and in 2010 and 2012, medical records were inadvertently faxed to CBC.
The territory’s health department declined to comment for this story, because it hasn’t been notified about the claim, department spokesperson Damien Healy said in an email.
The lawsuit is in response to a “steady stream of privacy breaches of healthcare information,” said Cooper.
Asked whether he thinks the action is likely to be certified by the courts, Cooper said that N.W.T. and Nunavut have few precedents.
One of them is a $1 million settlement against Bell Mobility in 2016, penalizing them for charging Northern customers for a non-existent 911 service.
So far, several people have contacted the lawyers involved, but the firms are seeking others whose privacy has been compromised. Anyone joining the proposed lawsuit will have their information collected as data and made anonymous for the purpose of the claim, he said.
If the action is certified and succeeds, the lawyers will seek damages, which will be determined as the firms collect more information from people affected, the defendant and experts.
Cooper said there should be compensation for people to get credit monitoring. Compromising information like social insurance numbers exposes people to identity theft and credit damage.
“Generally speaking, your health information is probably the most expansive collection of information about a human being that is available. This is the problem,” he said.
The damages could be influenced by how people have been affected – including mental anguish over the breaches and the risk of future fraud or identity theft.
For that, there are precedents elsewhere.
Calgary lawyer Clint Docken helped reach a $725,000 settlement in 2016 for a breach involving 620,000 Albertans health information. That amount was for monitoring and the inherent risk of identity theft.
When a person’s confidential information is compromised, the fear of what that information could be used for is often the most discomforting, said Cooper.
Once the statement of claim is filed, it could take months to certify the lawsuit. If it comes to trial, it could be months or years before a potential settlement is reached, he said.