• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Internal Investigations and Employee Privacy
 

Internal Investigations and Employee Privacy

on

  • 1,197 views

A presentation to fraud investigators on managing privacy issues in investigations. Focus is on bridging the divide between legal and privacy officers and investigators.

A presentation to fraud investigators on managing privacy issues in investigations. Focus is on bridging the divide between legal and privacy officers and investigators.

Statistics

Views

Total Views
1,197
Views on SlideShare
1,047
Embed Views
150

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 150

http://allaboutinformation.ca 150

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Internal Investigations and Employee Privacy Internal Investigations and Employee Privacy Presentation Transcript

    • Internal Investigations and Employee Privacy (and More)
      Dan Michaluk13th Annual ACFI Fraud Conference
      May 3, 2011
    • Outline
      Investigators and employee privacy
      How the investigation exemptions work
      Special collection issues
      The investigation record
    • Investigators and Employee Privacy
      Employee privacy rights
      Come from statute in the federal sector, the public service (excluding Ont.) and in B.C., Alta. and PQ
      Come from collective agreements and arbitrator-driven law (for unionized employees)
      At the very outside range of acceptable conduct, come under an individual employment contract (Colwell)
    • Investigators and Employee Privacy
      Why your internal clients care about privacy
      Employees and unions care more now
      There’s been a slow shift in attitude about privacy in the workplace
      An institution’s relationship with its privacy regulator matters
      Some labour arbitrators exclude evidence obtained through an “unlawful” collection
    • Investigations and Employee Privacy
      Help your client view investigation tactics by their risk
      Legal issue is usually “reasonable necessity”
      It’s never right to say “yes or no” - assessing a tactic is about articulating the degree of risk
      Usually your client should make the call
      Demand that your clients make a risk-based assessment
    • Investigations and Employee Privacy
      Your quid pro quo is to acknowledge that privacy matters
      You can help by recognizing some tactics as invasive and assessing its relative efficacy
      If you dismiss privacy as inimical to your role you will run in to problems
      Protect your own internal credibility
    • How the Investigation Exemptions Work
      You’re not “law enforcement” any more
      Public sector privacy statues include broad authorizing provisions to enable law enforcement
      Courts have recognized that police need to police and can make assumptions about criminal behaviour
      Private security is different
    • How the Investigation Exemptions Work
      Relieve against consent rule on certain conditions*
      Condition 1 – reasonable grounds
      Condition 2 – necessary part of covert investigation
      Condition 3 – breach of agreement or “law”
      *Differ by statute and have interpretive peculiarities
    • How the Investigation Exemptions Work
      Commissioner powers
      Have broad power to scrutinize how you investigate
      They don’t have a strong history of interference
      UBC Spyware case is a notable exception
      If you think about privacy and can demonstrate you have done so they are less likely to interfere
    • Specific Collections
      Electronic communications
      Very rich information
      Fairly full right of access historically and today
      Ont. C.A. has recently recognized an expectation of privacy in stored files (different than e-mail and text messages)
      Employers should make personal use conditional on an audit right and investigation right
    • Specific Collections
      Covert video surveillance
      Surveillance images are recognized by commissioners as sensitive personal information
      Now addressed by (relatively strict) OPC guideline
      More than “mere suspicion” required
      Likely to be efficacious
      Consider less invasive means
      Delete or depersonalize extraneous PI
      Decision-making process is key
    • Specific Collections
      Customer records of employees
      There’s a “two hat” problem here
      Employees enrol as customers and expect to be treated as customers
      The “use” exemption in PIPEDA is worded than the “disclosure” exemption – does this pose a problem for investigations that can’t be framed as an investigation into a breach of public law?
    • Specific Collections
      Records of PI held by third-parties
      Cell phone records or credit history records
      Private security has limited ability ask and receive from 3P under privacy statutes (check jurisdiction)
      So generally part of the “open” investigation
      Enforcement duty to cooperate with investigation will hinge on the logic of the demand (won’t get away with fishing, but ee “right to silence” is limited)
    • The Investigation Record
      Interview notes
      Name and date
      No paraphrasing
      Essence of response plus behaviour
      No commentary
      Nothing beats ink
    • The Investigation Record
      Project communications
      Facts and plans are safe
      Don’t deliberate over e-mail
      Don’t send draft conclusions/reports over e-mail
    • Internal Investigations – Staying on Side of Employee Privacy (and More)
      Dan Michaluk13th Annual ACFI Fraud Conference
      May 3, 2011