Beyond Broken Bones: Rethinking Harm in Data Breaches
By Isabela Bibulovic, 3L, Lincoln Alexander School of Law Introduction Data breaches have become acute in the post-covid age. In just two years, ransomware payments have increased in Canada 51.6% but “only 42% of organizations who paid the ransom had their data completely restored” (National Cyber Threat Assessment 2023-2024). Legislators have imposed compliance requirements on private-sector entities following data breaches (Personal Information Protection and Electronic Documents Act [PIPEDA]) but affected users often find themselves without compensation. Consequently, many have turned to class actions. Overview Class actions enable multiple individuals (class members) to collectively pursue legal action, effective against powerful opposing parties. For a class action to proceed it must first be “certified” by a judge. The application of class actions to technological threats has encountered challenges, often involving intricate legal technicalities too remote for the general public to care (ex: appropriateness of an intrusion upon seclusion claim if the intrusion