An Ontario-based casino which has been facing a class-action lawsuit would have to hand over a computer forensics investigation report to the plaintiffs under a court’s ruling.
The Casino Rama, which claimed that the results of the investigation announced in the report in question were confidential, would have to provide plaintiffs with the data. The gambling venue said that the report was protected by litigation privilege or solicitor-client privilege, which is a legal principle set to protect the confidentiality of communications between legal representatives and their clients.
The computer system of the gambling venue situated in close proximity to Lake Simcoe was hacked in 2016, which resulted in a significant amount of customers’, employees’ and vendors’ data being stolen. The results of the hacker attack became clear in 2017, at the time of the Kaplan v. Casino Rama Services case.
The Ontario Superior Court of Justice’s ruling was on so-called carriage motion, with law firms deciding to proceed with a class-action lawsuit.
For the time being, the plaintiffs – Leonid Kaplan and Cheryl Mizzi – are trying to sue Casino Rama over the hacker attack suffered by the venue in 2016. Still, no allegations against the casino have been proven in court, with both Mr. Kaplan and Ms. Mizzi having asked the Ontario Supreme Court of Justice to order the casino to provide them with the documents related to the breach investigation.
Two Investigation Reports Produced by the Contractor
One of the major issues which need to be unraveled in court is related to the scope of the breach, or if we have to put this in other words, the number of people who were affected by the hacker attack still needs to be determined. This, on the other hand, would affect the number of plaintiffs who could be awarded damages by the court.
As explained above, Mr. Kaplan and Ms. Mizzi who are currently constituted as plaintiffs, have insisted that the breach investigation report must be handed over to them, while Casino Rama used some information from the reports to claim that only a small number of individuals were actually affected by the data privacy breach.
In fact, the contractor who was entitled to the investigation of the breach produced two reports. The first one included its findings, observations, and opinions on the hacker attack suffered by the casino, while the second one included recommendations on how to correct the damage. Casino Rama, however, was not willing to make public any data included in these reports.
As reported above, Justice Glustein ruled that the defendant must disclose the reports to the plaintiffs, but only to an extent relatable to the size and scope of the class action. The contractor’s investigation reports are used as evidence of the number of people affected by the breach, hence as evidence of the number of potential plaintiffs who could join the legal action against the casino and be awarded damages.