SYSTEMS EXPOSED TO HACKERS? THIS IS WHY YOU’RE WORRIED ABOUT LIABILITY …
The latest privacy class action to be certified by the Federal Court of Canada has taken liability to the next level. The case, Sweet v. Canada, wherein thousands of Government of Canada online accounts were subject of a cyber attack (a credential stuffing attack) and subsequently used stolen credentials to fraudulently apply for the Canada Emergency Response Benefit. The certification is noteworthy for IIAC members as it implies that public and private entities may yet be held accountable for third-party data breaches where the underlying breach of privacy was the result of third-party wrongdoing. As such, this decision may have implications for the future of privacy class action in Canada. We are please to share a summary by Lerners LLP here.