One hour presentation to Ontario public sector institutions that looks at the privacy and security implications the main information flows associated with COVID-19 workplace health and safety.
3. Agenda
o COVID safety and the processing of personal information
o What law governs the collection of personal information by Schedule 2
employers?
o Key personal information flows
• Basic active screening
• Advanced screening (vaccination status, negative antigen test)
• Location tracking in the workplace
• Illness reporting and alerting to the risk of an exposure
o Other information flows
• Accommodation, antigen testing, surveys, accommodation, work from home
flows
Pandemic and privacy issues
3
4. o Prevention
• Everyone who breathes process a risk – we make sure
they are “fit” to enter the workplace, which requires us to
gather information that allows us to be satisfied that the risk
is acceptable
• We crave any meaningful information that speaks to the
risk – e.g., symptoms (including temperature), contact
history, travel history, and now vaccination status
o Response
• We need to know when someone is likely to have been
contagious when in the workplace
• We need to know who they were in close contact with when
in the workplace
• We then need to warn and exclude (which takes us back to
prevention)
Workplace safety rests on the processing of information
COVID safety and processing of PI
4
5. o PHIPA does not apply to an employer who collects
health information for employment-related purposes
– i.e., for screening purposes
• This is the Information and Privacy Commissioner’s
clear position (see Sunnybrook Health)
• Arbitrators remain confused by an old court case called
Hooper
o (M)FIPPA has an employment-related records
exclusion that leaves employees (for the most part)
without statutory privacy rights
o Ramifications are more technical than practical, but
it certainly doesn’t help to suggest to employees
your collection is governed by these statutes
o The Canadian Charter of Rights and Freedoms is
also a fairly poor basis for any objection
Neither PHIPA nor (M)FIPPA apply
What law governs?
5
6. o The issue - whether the collection of a particular
data element is reasonable and justified considering
both the privacy impact and the safety related
benefit (and the bias towards data minimization)
o Employment contracts grant a form of privacy right
by implication
• Unreasonable rule requiring collection of information =
potential constructive dismissal of non-union employee
or potential collective agreement breach
o The actual risk in many of these policy issues turns
on practical factors
• How many non-union employees are likely to quit and
sue?
• Are the unions on side?
There are employment law risks
What law governs?
6
7. o The province says active screening for
workers is required by law
o It maintains a screening protocol that
continuously changes
o PI collected correlate to risk factors
(symptoms, travel, exposure)
o Need is not controversial, though under or
over-shooting the provincial protocol raises
questions – e.g., temperature checks
o Left with a retention and security issue – use
for the data is spent within a very short time,
leaving 30 day retention a best practice
Basic active screening
Key personal information flows
7
8. o The fundamental question – can we collect?
o This is a question of need and proportionality
o People say vaccination status information
status is sensitive, but it isn’t really
o Risks in the Ontario public sector
• Weak Charter challenge rests on coercion
• Discrimination risks that can be mitigated
• Privacy claims via the employment contract or
collective agreement
o We have a public sector standard developing
that is relevant and part of the defence, though
certainly not determinative
Advanced screening – only the vaccinated may enter
Key personal information flows
8
9. o Privacy and security risks arise out quick
move to adopt applications and third-party
services – see YRDSB case for guidance
o Dealing with proof
• One time authentication? (best practice)
• Record the proof? (its done)
o Scope of the record – status only or + vaccine
type + dates of inoculation
o Retention – life of program with purge for
departing employees
o Program review – quarterly? bi-annually?
Advanced screening – other issues
Key personal information flows
9
10. o CMOH has presented it as a lower-impact
alternative to vaccination mandates, which
has split the public sector and created
issues and risks
o Can be integrated into screening function,
raising similar issues to collecting
vaccination status information
o Regarding sensitivity – one can argue that
antigen testing information is at the very low
end of sensitivity because it says very little
about an individual, though it does reveal
they are not vaccinated
Advanced screening – antigen tests
Key personal information flows
10
11. o This is part of the standard of care and supported
by ample guidance
o Key privacy issue relates to the level of precision
that’s needed and respect for the data minimization
principle
o What’s really needed, and what’s the impact?
• A work schedule
• A work schedule plus enhanced information?
• Precise location tracking at intervals
• Live location tracking
o There are technologies in use
• Apps for those without work schedules
• Is anyone using wearables? (there is labour case law)
Location tracking in the workplace
Key personal information flows
11
12. o Good screening should limit this
o But we must know when screening has failed to
prevent someone from entering the workplace while
potentially contagious
o This requires an administrative rule and a collection
– you must report if you are diagnosed/test positive
o We then must notify and exclude close contacts
(now, who are not vaccinated, which invites
collection of status information!)
o We do that without direct identification, though there
is certainly a risk of indirect identification that is
generally borne by those who get sick (arguably an
acceptable balance)
Illness reporting and exposure notification
Key personal information flows
12
13. o A “hard” vaccination mandate invites a large
number of religious accommodation requests
o Fairly simple information flow – rationale
collected for the purpose of administering the
request
o Don’t promise who will access that request –
leave that to you discretion
o Our experience
• 5 requests per 1,000 employees, and a much
higher student rate
• 20% reconsideration request rate
• 8% approval rate
Accommodation
Other information flows
13
14. o Administering testing (versus self-testing) is health care
and should be administered as health care = PHIPA
• If institution is the custodian, testing records should be kept
at arms’ length
o Surveys – typically optional, identifiers collected +
constraint on use and security, including through
pseudo anonymization
o Work from home flows
• I don’t believe Ontario employers are tracking productivity,
regardless of what the media says
• Ontario employers should be monitoring endpoints for
security purposes anyway!
• There are some issues to manage about video calls from
home – can an employer justify a cameras on rule?
Testing, surveys and work from home
Other information flows
14