On Thursday I posted about the new Federal Court case of Chitrakar v. Bell TV (Canadian Privacy Law Blog: Federal Court chastises Bell for accessing customer credit file without consent; $21K in damages) and promised I'd provide some thoughts once I'd had an opportunity to read the decision.
I managed to get a copy of the decision (Chitrakar v. Bell TV, 2013 FC 1103 [Google Doc]) from the Federal Court yesterday and it provides a lot of food for thought and some important questions for practitioners of Canadian privacy law.
In this case, the Court awarded the Applicant $21,000 in total, broken down as $10,000 in general damages, $10,000 in exemplary damages and $1000 in costs. The award of exemplary damages is completely attributable to the Court's view of Bell's handling of the case. They gave him the "royal run-around" and did not even show up in Court to respond to the Applicant's allegations. The Court obviously was not impressed.
But what of the $10,000 in general compensatory damages? What was alleged is that Bell TV had done a credit inquiry on the Applicant without the full knowledge and consent of the Applicant. (The inquiry was made one month BEFORE the customer had signed any agreement with Bell.) The credit inquiry, in and of itself, may have a negative impact upon a consumer's credit rating. The Applicant was subsequently denied a loan, but it was not proved that this was attributable to Bell's credit inquiry. So, in the end, the Court awarded $10,000 for a credit inquiry without consent that may or may not have actually caused any harm or damage to the Applicant.
The Court's discussion of how the damage award was arrived at is interesting:
 The fixing of damages for privacy rights’ violations is a difficult matter absent evidence of direct loss. However, there is no reason to require that the violation be egregious before damages will be awarded. To do so would undermine the legislative intent of paragraph 16(c) which provides that damages be awarded for privacy violations including but not limited to damages for humiliation.
 Privacy rights are being more broadly recognized as important rights in an era where information on an individual is so readily available even without consent. It is important that violations of those rights be recognized as properly compensable.
 The Court must bear in mind such factors as meaningful compensation, deterrence and vindication (see Vancouver (City) v Ward, 2010 SCC 27,  2 SCR 28).
 In this case, Chitraker had his rights violated in a real sense with potentially adverse consequences. Bell is a large company for whom a small damages award would have little material impact. Chitraker spent a considerable period dealing with the Bell bureaucracy and in pursuing his claim. These factors suggest that a damages award should not be minimalistic.
The Court found his rights were violated and there may have been consequences (but this was unproven). The Court also found that given the size of Bell, a small damage award would have little material consequence. On this basis, the Court awarded $10,000.
Damage awards under PIPEDA have generally been modest, such as $5000 for an inaccurate credit report that resulted in a loan application being denied and $4500 for a bank sending a customer's records to the customer's soon-to-be ex-spouse following receipt of a subpoena. In many other cases, the courts have declined to award damages at all.
This can and should be contrasted to the Jones v Tsige case from the Ontario Court of Appeal. In that case, which was outside of PIPEDA and established the tort of "intrusion upon seclusion" in Ontario, the Court found that general damages for non-pecuniary loss for that tort would range up to $20,000 and fixed the damages payable at the middle of the range.
While these damage awards appear to remain modest in light of the size of the companies involved, one can easily see how this could multiply in connection with a class-action. If a company adopted a procedure under which hard credit inquiries are routinely carried out before the customer signs any contract, each of those customers may be essentially entitled to $10,000 in compensation. Though we have not yet seen a class-action lawyer devise a way to get a class of complainants through a Privacy Commissioner investigation (which is a pre-requisite for getting to the Federal Court), I am sure that day will come and companies should be mindful that a bad practice spread across a customer base may give rise to a very large cumulative liability.