The Litigation Consequences of Cybersecurity Breaches – Part I

December 5, 2022
Computer Screen System Hacked Warning Icon


Cybercriminals are on the loose, and civil litigators – many others, too – must be ready to help remedy the consequences. The authors of this article, litigators all, propose to address the risks cybersecurity breaches pose and the civil remedies that do or may present themselves as appropriate.

Our topic is not specifically privacy, but in cybersecurity law’s current nascent state, cyberbreaches in Canada (and elsewhere) are accreting around privacy. This accretion is befitting, as privacy law is itself in a nascent state. It is in emerging privacy torts that most, if not all, cyberbreaches seek their civil litigation footing, in addition to repurposed existing torts (e.g., negligence) or breach of contract.

Given these nascent states, our vista is limited. Just as there is no perfect technology or perfect technological solution to cyberbreaches, civil litigation as yet offers no single or perfect solution to cybersecurity issues.1 Cyberbreach litigation is only beginning to take shape. Its Donoghue v Stevenson moment has yet to arrive.

It is in that context that we approach our inquiry. It will fall into two parts. Part 1 will address (i) cybersecurity terms and concepts, and (ii) the statutory Canadian framework for data security and privacy. Part 2, to be released in March 2023, will focus on (i) common law remedies, and (ii) some liability avoidance strategies.

This is a pre-copy edited, post-peer reviewed version of the Contribution accepted for publication in The Advocates’ Quarterly. Reproduced by permission of Thomson Reuters Canada Limited.