Workplace privacy here and now

Workplace Privacy Here and Now

Dan MichalukFebruary 3, 2011OBA Institute - Fulfilling Your Privacy Obligations


Outline

• The four hot button issues relate to• The boundary between work and private life

• The right of access to stored communications

• PIPEDA application to employment in the province

• HO-010 – Managing the risk of employee

malfeasance


Work Life Versus Private Life

Bob and Sue had a long day. They go to the Dirty Dog Pub after work and, over the course of four

hours, take jabs at their supervisor, Phil.



Jack had a long day. He goes home, cracks open a beer, and boots up his home computer.

Using a picture of his supervisor taken from the company intranet and some internet based

software, he alters the picture so the manager looks ridiculous.

Jack posts it to his Facebook page. He feels good.



• Duty of fidelity applies when employee expression is likely to significantly affect a legitimate employer interest

• All other activity is “private”• The kind of social interaction we engage in today

is more likely to conflict with employer interests



• Employee speech can negatively…• …affect an employer’s duty to other employees

• …affect an employee’s ability to do his/her job

• …affect public perception of employee performance

• …affect an employer’s reputation



• Cape Breton-Victoria Regional School Board• From NSCA on January 25th

• Recognizes potential harm to reputation, but no

jurisdiction to impose penalty in circumstances

• Likely means that potential harm to reputation can

only be acted upon if “substantial and warranted”

• If that’s balancing at the threshold, okay


Access to “Personal” Communications

• Employers need access to their systems• Text messages can be incredibly useful in an

investigation• Three rights

• Routine monitoring (limited and needs based)

• Periodic audit (standard)

• Investigation on reasonable suspicion (standard)



• Unfettered right or access is dying a slow death• Lethbridge College – Arbitrator Ponak, 2007

• Johnson v. Bell Canada – Fed Ct., 2008

• Cole – Ont. S.C.J., 2009

• Tfaily – Ont. C.A., 2010

• City of Ottawa – Ont. S.C.J., 2010 (subtext)



What does balancing look like?

The College recognizes the value of being able to work and study without concern of being under constant surveillance and

therefore does not routinely monitor the activities of individuals.



What does balancing look like?

However, the College does perform periodic random audits to ensure acceptable network use and will investigate situations based on a reasonable suspicion of breach. As such, users

should have no expectation of privacy when using the College’s network.

If you wish to send personal communications that are private you should not use the College network.


PIPEDA Application

• Pre State Farm – Are we PIPEDA regulated?• We use service providers as processing agents

• They have no independent interest in the

information

• They handle personal information in our stead

• But we pay them


PIPEDA Application

• State Farm - Landmark• Insurer conducts surveillance for insured defendant

(through its counsel, as agent)

• Insurer does have an independent interest in collection…

insurer does get paid

• But no a collection in course of commercial activity… this

is about defending a civil claim

• Ratio – construe the essence of the activity

• More flexible than agency… more ambiguous


HO-010 – Managing Employee Malfeasance

• Unauthorized access by diagnostic imaging tech.• Second similar breach at hospital (see HO-002)• Limited role-based access restrictions on health

care providers (access to systems and not within systems controlled)

• All systems not audited



• Findings on duty to manage malfeasance• Unreasonable to continue access without a written

undertaking to abide by rules (ordered)

• Hospitals must report to regulatory college (ordered)

• Complainant has right to know what discipline was

imposed

• Post-breach communiqué to employees called for

(ordered)



• Suggestion that identity of wrongdoer and penalty imposed should be published• A suggestion at best… not backed by order or

reasoning in text of order

• Not normative in employee and labour relations

• Seems mean-spirited

• Raises defamation issues


Dan MichalukFebruary 3, 2011OBA Institute - Fulfilling Your Privacy Obligations

Technology

Workplace privacy here and now