Click here to load reader
Upload
dan-michaluk
View
717
Download
3
Embed Size (px)
DESCRIPTION
Citation preview
Workplace Privacy Here and Now
Dan MichalukFebruary 3, 2011OBA Institute - Fulfilling Your Privacy Obligations
Workplace Privacy Here and Now
Outline
• The four hot button issues relate to• The boundary between work and private life
• The right of access to stored communications
• PIPEDA application to employment in the province
• HO-010 – Managing the risk of employee
malfeasance
Workplace Privacy Here and Now
Work Life Versus Private Life
Bob and Sue had a long day. They go to the Dirty Dog Pub after work and, over the course of four
hours, take jabs at their supervisor, Phil.
Workplace Privacy Here and Now
Work Life Versus Private Life
Jack had a long day. He goes home, cracks open a beer, and boots up his home computer.
Using a picture of his supervisor taken from the company intranet and some internet based
software, he alters the picture so the manager looks ridiculous.
Jack posts it to his Facebook page. He feels good.
Workplace Privacy Here and Now
Work Life Versus Private Life
• Duty of fidelity applies when employee expression is likely to significantly affect a legitimate employer interest
• All other activity is “private”• The kind of social interaction we engage in today
is more likely to conflict with employer interests
Workplace Privacy Here and Now
Work Life Versus Private Life
• Employee speech can negatively…• …affect an employer’s duty to other employees
• …affect an employee’s ability to do his/her job
• …affect public perception of employee performance
• …affect an employer’s reputation
Workplace Privacy Here and Now
Work Life Versus Private Life
• Cape Breton-Victoria Regional School Board• From NSCA on January 25th
• Recognizes potential harm to reputation, but no
jurisdiction to impose penalty in circumstances
• Likely means that potential harm to reputation can
only be acted upon if “substantial and warranted”
• If that’s balancing at the threshold, okay
Workplace Privacy Here and Now
Access to “Personal” Communications
• Employers need access to their systems• Text messages can be incredibly useful in an
investigation• Three rights
• Routine monitoring (limited and needs based)
• Periodic audit (standard)
• Investigation on reasonable suspicion (standard)
Workplace Privacy Here and Now
Access to “Personal” Communications
• Unfettered right or access is dying a slow death• Lethbridge College – Arbitrator Ponak, 2007
• Johnson v. Bell Canada – Fed Ct., 2008
• Cole – Ont. S.C.J., 2009
• Tfaily – Ont. C.A., 2010
• City of Ottawa – Ont. S.C.J., 2010 (subtext)
Workplace Privacy Here and Now
Access to “Personal” Communications
What does balancing look like?
The College recognizes the value of being able to work and study without concern of being under constant surveillance and
therefore does not routinely monitor the activities of individuals.
Workplace Privacy Here and Now
Access to “Personal” Communications
What does balancing look like?
However, the College does perform periodic random audits to ensure acceptable network use and will investigate situations based on a reasonable suspicion of breach. As such, users
should have no expectation of privacy when using the College’s network.
If you wish to send personal communications that are private you should not use the College network.
Workplace Privacy Here and Now
PIPEDA Application
• Pre State Farm – Are we PIPEDA regulated?• We use service providers as processing agents
• They have no independent interest in the
information
• They handle personal information in our stead
• But we pay them
Workplace Privacy Here and Now
PIPEDA Application
• State Farm - Landmark• Insurer conducts surveillance for insured defendant
(through its counsel, as agent)
• Insurer does have an independent interest in collection…
insurer does get paid
• But no a collection in course of commercial activity… this
is about defending a civil claim
• Ratio – construe the essence of the activity
• More flexible than agency… more ambiguous
Workplace Privacy Here and Now
HO-010 – Managing Employee Malfeasance
• Unauthorized access by diagnostic imaging tech.• Second similar breach at hospital (see HO-002)• Limited role-based access restrictions on health
care providers (access to systems and not within systems controlled)
• All systems not audited
Workplace Privacy Here and Now
HO-010 – Managing Employee Malfeasance
• Findings on duty to manage malfeasance• Unreasonable to continue access without a written
undertaking to abide by rules (ordered)
• Hospitals must report to regulatory college (ordered)
• Complainant has right to know what discipline was
imposed
• Post-breach communiqué to employees called for
(ordered)
Workplace Privacy Here and Now
HO-010 – Managing Employee Malfeasance
• Suggestion that identity of wrongdoer and penalty imposed should be published• A suggestion at best… not backed by order or
reasoning in text of order
• Not normative in employee and labour relations
• Seems mean-spirited
• Raises defamation issues
Workplace Privacy Here and Now
Dan MichalukFebruary 3, 2011OBA Institute - Fulfilling Your Privacy Obligations