The Federal Court of Appeal in Condon v Canada, 2015 FCA 159 (not yet available on CanLII but here as a Google Drive PDF), has reversed a lower court decision to not certify claims of negligence and breach of confidence in the class action lawsuit that followed the Federal Government's loss of a hard drive containing personal information about 583,000 Canada Student Loan recipients.
The plaintiffs, in Condon v Canada, 2014 FC 250, sought certification under a number of causes of action, including breach of contract, intrusion upon seclusion (invasion of privacy), negligence and breach of confidence. Breach of contract and intrusion upon seclusion do not require damages for an individual to recover, and both of these causes of action were certified. Those that do require damages to succeed, negligence and breach of confidence, were not successful at the certification motion.
The Court of Appeal noted that the proper test for certification is only to review the pleadings and to not inquire into the evidence. Since the plaintiffs had pleaded damages, that should be determinative:
 As stated by the Supreme Court, the determination of whether the pleadings disclose a reasonable cause of action is to be based on the assumption that the facts as pleaded are true. This would mean that evidence is not to be submitted at the hearing of the motion. Otherwise, the hearing of the motion could turn into a full hearing on the merits.
 In this case, the parties submitted affidavit evidence. In paragraphs 68 and 69 of her reasons the Federal Court Judge noted that:68 In addition, a summary review of the evidence adduced by both parties leads the Court to the conclusion that the Plaintiffs have not suffered any compensable damages. The Plaintiffs have not been victims of fraud or identity theft, they have spent at most some four hours over the phone seeking status updates from the Minister, they have not availed themselves of any credit monitoring services offered by the credit reporting agencies nor have they availed themselves of the Credit Flag service offered by the Defendant. It appears that the Federal Court Judge evaluated the evidence in concluding that the Appellants had not suffered any “compensable damages”. The determination of whether the Appellants had a reasonable cause of action in negligence or breach of confidence should have been made based on the facts as pled, not on the evidence adduced in support of the motion.
69 Nor does the evidence adduced support a claim for increased risk of identity theft in the future. Since the Data Loss, Equifax has produced reports pertaining to the credit files of the 88,548 individuals who availed themselves of the Credit Flag service. These reports show that there had been no increase in the relevant indicia that would be consistent with an increase in criminal activities involving those individuals' Personal Information. The rate of criminal activities registered was not higher than the 3% of the population generally victim of identity theft. Moreover, the Plaintiffs submitted a CBC news article concerning a Class Member who had been a victim of identity theft yet the article noted no proven causal link between the Data Loss and that theft.
 Reading the Consolidated Statement of Claim with this principle in mind, the Appellants have claimed that they have suffered damages and they have identified the nature of the damages that they are claiming. In particular, the Appellants have claimed special damages for “costs incurred in preventing identity theft” and “out-of-pocket expenses” and, as noted above, it is to be assumed that these costs have been incurred. As a result there was no basis to not include the claims for negligence and breach of confidence as part of the class proceeding.
The Federal Court of Appeal has sent the matter back to the trial level for determination, including the claims for negligence and breach of confidence and to determine the common questions in the class proceeding in relation to those claims.