Effective cyber risk management and privacy protection require a comprehensive framework based on three pillars people, processes and technology. The importance of people and processes for effective privacy protection is demonstrated by a recent decision of the Supreme Court of Newfoundland and Labrador regarding the admissibility of expert evidence in a medical record snooping class action lawsuit.
Hynes v. Western Regional Health Authority
The decision in Hynes v. Western Regional Health Authority involved a class action lawsuit on behalf of over one thousand individuals whose privacy was violated when the defendant’s employee accessed the plaintiffs’ electronic medical records without a valid reason. The plaintiffs relied on several legal causes of action (e.g. breach of statutory and common law privacy rights, negligence and breach of contract) based on the defendant’s failure to adequately safeguard the plaintiffs’ personal health information. The parties applied to court to qualify their respective expert witnesses to give opinion evidence to assist the court in determining the applicable standard of care owed by the defendant to the plaintiffs in safeguarding their…
