Key Issues In Workplace Privacy

Key issues in workplace privacy
Dan Michaluk
May 12, 2010

Overview
Monitoring business systems
Publication and “off duty” conduct
Background check developments

Why?
To engage in maintenance, repair and management
To meet a legal requirement to produce
To ensure continuity of business practice
To improve business processes
To maintain internal control (including preventing misconduct and ensuring legal compliance)

How businesses maintain internal control
Conduct routine audits*
Investigate suspicions of misconduct*
Respond to what they find
Keep a good record of the same

The traditional law
Notification does count
The employer owns the medium and has lots of good reasons to look
E-mail communication is too insecure to expect privacy
No balancing of interests at all

Challenge #1 – Decision-maker value shift
LethbridgeCommunity College (2007)
MS Hotmail e-mails retrieved through forensic analysis
First case to impose a reasonable grounds requirement for investigation
Value shift may also be gleaned from Cole and Tfaily (two very recent and hot Ontario cases)

Challenge #2 – Supervisor value shift
Quontext message case heard by SCOTUS in April 2010
Will your supervisors enforce policies they deem to be intrusive?

Change #3 – Privacy legislation
Imposes an “objective reasonableness” requirement
At play in UBC spyware case
But, notably, Johnson case suggests PIPEDA does not apply to “personal” e-mails

Option #1 – Try harder to control expectation
Personal use does not come with privacy!
Routine acknowledgements
Audit and communicate audit results to employees

Option #2 – Go with a purpose-based policy
List purposes and stick with purposes
Give the same expectation of privacy warning re personal use
Set a evidence-based standard for investigation
Set a protocol or procedure for audits

Bob and Sue had a long day. They go to the Dirty Dog Pub after work and, over the course of four hours, take jabs at their supervisor, Phil.

Jack had a long day. He goes home, cracks open a beer, and boots up his home computer.
Using a picture of his supervisor taken from the company intranet and some internet based software, he alters the picture so the manager looks ridiculous.
Jack posts it to his Facebook page. He feels good.

Duty of fidelity applies when employee expression is likely to significantly affect a legitimate employer interest
All other activity is “private”

Nexus commonly derived from
Impact on other employees rights
Impact on job responsibilities
Impact on reputation

Whistleblower exception for speaking publicly
Serious and imminent threat to health and safety
Illegality
Subject to the “report up the ladder” principle (Merk)
Criminal Code immunity for reports to law enforcement and regulators
Not for blogging or tweeting
Not for giving information to mainstream media

An information collection model
for efficient and responsible
recruiting

Internet searches
Do it at the end, not the beginning
Question, “Is it necessary? What’s relevant?”
Set objective criteria for a non-decision maker search agent
Create a business record of the search

Access to the CPIC database
Enforcement of name and d.o.b. check rule due to privacy/accuracy concerns
About 120 days from a “we can’t complete the check” answer
Commercial service providers can’t conduct vulnerable sector checks
Release of vulnerable sector report to applicant first

Where no human rights regulation
Response = “we can’t complete the check” = lapse of offer
Option to hire anyway
Get a declaration and apply due diligence
Weigh need to hire against risk in light of controls
Make completion of check condition clear

Where human rights regulation
You must weigh need to hire against risk in light of controls
Get a declaration and apply due diligence
Make completion of check condition clear

Pressure to use local checks
CPIC results are very qualified
Ontario criminal case highlights staleness of CPIC data

Risks of local checks
Much broader information
Non-standard information
See Tadros(Ont. C.A.) about disclosure of withdrawn charges
At the same time, Ontario HRT has said charges are not protected in MyTrak Health Systems

Dan Michaluk
daniel-michaluk@hicksmorley.com
http://danmichaluk.wordpress.com
http://twitter.com/danmichaluk
http://ca.linkedin.com/in/danmichaluk

Key issues in workplace privacy
Dan Michaluk
May 12, 2010

http://lawiscool.com	257
http://danmichaluk.wordpress.com	67
http://www.omarha-redeye.com	58
http://allaboutinformation.ca	15
http://www.slideshare.net	13
http://translate.googleusercontent.com	2
http://static.slidesharecdn.com	1

Key Issues In Workplace Privacy

by Dan Michaluk on May 12, 2010

Accessibility

Categories

Tags

Upload Details

Usage Rights

7 Embeds 413

Statistics

Key Issues In Workplace Privacy — Presentation Transcript