Investigating without running afoul of privacy laws

  • 1,080 views
Uploaded on

 

More in: Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,080
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Investigating without running afoul ofprivacy lawsDan MichalukOctober 3, 2012
  • 2. Outline• Governing privacy law• Access to business system information• Surveillance outside the workplace• Gathering internet evidenceInvestigating without running afoul of privacy laws
  • 3. Governing privacy law• Nothing stops you from investigating (or auditing) • But there are a variety of means by which individuals can cause the conduct of an investigation to be reviewed • There may be liability for over-steppingInvestigating without running afoul of privacy laws
  • 4. Governing privacy law• Privacy regulation (patchy application to EEs) • Federal works and undertakings – PIPEDA • State Farm, 2010 FC 736 • Johnson v Bell Canada, 2008 FC 1086 • Employment in BC, Alberta Quebec • Broad public sector application o/s OntarioInvestigating without running afoul of privacy laws
  • 5. Governing privacy law• Individual privacy rights • Implied rights under a collective agreement • Intrusion upon seclusion tort • Jones v Tsige, 2012 ONCA 32 • Privacy statutes • BC, Sask, Man, NL (+ Quebec Charter) • Section 8 of the Charter (for government) • See Longueuil, 1997 SCC on applicationInvestigating without running afoul of privacy laws
  • 6. Governing privacy law• Rules of evidence • Labour arbitrators split 50/50 on authority to exclude • Some court cases accept authority to exclude • See Mathews, 2007 BCSC 1825 • Section 7 of Manitoba Privacy ActInvestigating without running afoul of privacy laws
  • 7. Governing privacy law• A recent example – Calgary Police, F2012-07 • Internal sexual misconduct investigation • Review of work e-mail account • Search for “password” • Found password to outside account • Searched outside accountInvestigating without running afoul of privacy laws
  • 8. Governing privacy law• A recent example – Alberta Govt (Sims, 2012) • Credit checks on 26 employees by internal investigator as part of a needs or motive analysis • Without consent • Agreed that employees “suffered emotional stress” as a result of privacy breach • Arbitrator awards $1,250 eachInvestigating without running afoul of privacy laws
  • 9. Access to business system information• The ideal – single purpose systems Mine YoursInvestigating without running afoul of privacy laws
  • 10. Access to business system information• The reality – significant intermingling • Utility of internet invites personal use at work • Utility of handheld devices puts work on personal devices • Utility and value of cloud computing puts your work system on a computer with others’ work systemsInvestigating without running afoul of privacy laws
  • 11. Access to business system information• The problem – bad law • CACE asks this Court to re-balance employer and employee interests. To strike a proper balance, the Court should give significant weight to the primary function of a work-issued computer and should recognize that a work- issued computer is only one part of a work information system that must be routinely accessed by an employer for a variety of legitimate reasons. (CACE factum in R v Cole)Investigating without running afoul of privacy laws
  • 12. Access to business system information• One solution – more law and policy • You deal with data security in your cloud contracts. Have you dealt with audit and investigation requirements? • Your acceptable use policies must be clear that personal use is conditional on specific and detailed rights and requires a sacrifice of personal autonomyInvestigating without running afoul of privacy laws
  • 13. Access to business system information• Other more fundamental solutions • Revert to a no personal use rule • Segregate the data created by personal use from the data created by work use (this is what BYOD technology and policy attempts to do)Investigating without running afoul of privacy laws
  • 14. Surveillance outside the workplace• Intrusion upon seclusion tort One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of privacy, if the invasion would be highly offensive to a reasonable person. 1. Intentional, unauthorized intrusion 2. Upon private affairs or concerns 3. Highly offensive to the reasonable personInvestigating without running afoul of privacy laws
  • 15. Surveillance outside the workplace• An obvious risk that you ought to address• Structure the decision to retain • Reasonable grounds? • Who decides?• Structure the retainer • Authorized means? Unauthorized means? • Requirements (e.g., video only in public) • Indemnification for breachInvestigating without running afoul of privacy laws
  • 16. Gathering internet evidence• If published, then likely okay • Judges likely to be conservative • see Murphy v Perger, 2007 ONSC • see UFCW v Alberta, 2012 ABCA 130 • Most privacy statutes have exclusions for “publicly available information” • Subject to interpretation • Seek advice if privacy legislation applies • If not excluded, investigation exemption may applyInvestigating without running afoul of privacy laws
  • 17. Gathering internet evidence• If not published • Receiving a printout from a friend is okay • Hacking in (e.g., through a found password) is prohibited by the Criminal Code • Impersonating someone with intent to gain advantage is prohibited by the Criminal CodeInvestigating without running afoul of privacy laws
  • 18. Gathering internet evidence• If not published… • The CBA Code of Professional Conduct (lawyer as advocate rule) says: • The lawyer may properly seek information from any potential witness (whether under subpoena or not) but should disclose the lawyer’s interest and take care not to subvert to suppress any evidence or procure the witness to stay out of the way. The lawyer shall not approach or deal with an opposite party who is professional represented save through or with the consent of that party’s lawyer.Investigating without running afoul of privacy laws
  • 19. Gathering internet evidence• If not published… • The CBA Code of Professional Conduct (avoiding questionable conduct) says: • Public confidence in the administration of justice and the legal profession may be eroded by irresponsible conduct on the part of the individual lawyer. For that reason, even the appearance of impropriety should be avoided. • Arguably applies because the tactic for gaining access to information entails taking advantage of the subjectInvestigating without running afoul of privacy laws
  • 20. Investigating without running afoul ofprivacy lawsDan MichalukOctober 3, 2012