Employee Privacy in Canada
Cases in Canada
Perhaps the most similar case in Canada is Pacific Northwest Herb Corp. v. Thompson (1999). The plaintiff in this case dismissed the defendant as president of the corporation, initiating proceedings that included returning a computer that had been previously used by the defendant at home for both business and personal use.
Correspondence from this computer included emails to his solicitor, D. R. Eyford, now a partner at Borden Ladner Gervais LLP in Vancouver, but also with other solicitors concerning matrimonial proceedings.
The defendant “wiped” the hard-drive, but upon receipt the plaintiff searched through the computer as part of their fraud investigation, and was able to retrieve data.
The court cited s. 1 of the British Columbia Privacy Act,
(1) It is a tort, actionable without proof of damage, for a person, wilfully and without claim of right, to violate the privacy of another.
(2) The nature and degree of privacy to which a person is entitled in a situation or in relation to a matter is that which is reasonable in the circumstances, giving due regard to the lawful interests of others.
(3) In determining whether the act or conduct of a person is a violation of another’s privacy, regard must be given to the nature, incidence and occasion of the act or conduct and to any domestic or other relationship between the parties.
(4) Without limiting subsections (1) to (3), privacy may be violated by eavesdropping or surveillance, whether or not accomplished by trespass.
The defendant sought an injunction to protect this confidential information, and although the court found a reasonable expectation of privacy existed despite it being a company computer, they failed to uphold the injunction. Instead, the court ordered that a list of files be prepared, and the defendant could then identify which specific files were protected by solicitor-client privilege. The employer did have legitimate access to files that the court wanted to balance with these rights.But cases even on this subject have not been consistent in creating a balance. Employees generally have no reasonable expectation of privacy in email at work.
Camosun College v. CUPE (1999) ruled against an employee who sent an e-mail to Union members critical of some faculty members, which was then forwarded to management, who in turn disciplined the employee.
No reasonable expectation of privacy was held to exist.
Melanie C. Samuels and Sara Gregory explain in Privacy issues in the workplace: Employer monitoring of employee technology use,
One critical part of implementing an effective computer use policy is obtaining the employee’s consent to be bound by the terms and procedures outlined in the policy.
Briar et al v. Treasury Board (2003) disciplined 54 employees for sharing sexually degrading images over e-mail among themselves. A clear log-in warning that the system was monitored to ensure compliance with company policy was considered reasonable, and overrided any s. 8 Charter concerns.
There are also other previous cases that address earlier concerns of employer monitoring of the workplace aside from e-mail that follow a similar pattern.
Wire-Tapping Phones and Privacy
In Saconne v. Orr (1981), the defendant secretly taped telephone conversations and then played them back at a municipal meeting, which was later printed in the newspaper.
Jacob J. stated,
…at the commencement of trial, defendant’s counsel, Mr. Crowe, moved that the action be dismissed, mainly on the grounds that there is no such cause of action as “invasion of privacy” known to the common law and insofar as this province particularly is concerned.
The court cited Burnett v. The Queen (1979), and Krouse v. Chrysler Canada Ltd. (1970), where claims for invasion of privacy were not stricken, and he upheld the claim with damages:
22 Be that as it may, it’s my opinion that certainly a person must have the right to make such a claim as a result of a taping of a private conversation without his knowledge and, also, as against the publication of the conversation against his will or without his consent.
23 Certainly, for want of a better description as to what happened, this is an invasion of privacy and, despite the very able argument of defendant’s counsel that no such action exists, I have come to the conclusion that the plaintiff must be given some right of recovery for what the defendant has in this case done.
But courts have ruled differently when it comes to workplaces.
The employer in Ste-Marie c. Placements J.P.M. Marquis (2005) hired a secret investigator who,
…écoute les enregistrements des divers appels de la veille, dont celui d’une conversation entre Ste-Marie et un tiers alors inconnu, dont il sera révélé ultérieurement qu’il s’agit selon toute probabilité d’un perceur de coffre-fort bien connu de la police. Le contenu de cette conversation, que retranscrit intégralement le jugement de première instance, est de nature à laisser croire que Ste-Marie prépare avec son interlocuteur le vol du coffre-fort du supermarché ou qu’à tout le moins il transmet des renseignements susceptibles de faciliter la perpétration d’un tel vol.
(Rough translation) …listened to recordings of the previous day between the plaintiff and a safe-cracker well known to the police force. The contents of the conversation lead the investigator to believe that they were going to break into the safe, or at the very least facilitate it.
The defendant provided this information to the police, who arrested but did not charge the plaintiff. The plaintiff claimed their rights were violated under s. 5 of the Quebec Charter,
Respect for private life.
5. Every person has a right to respect for his private life.
and s. 35 of the Quebec Civil Code,
RESPECT OF REPUTATION AND PRIVACY
35. Every person has a right to the respect of his reputation and privacy.
No one may invade the privacy of a person without the consent of the person unless authorized by law.
The court ruled that the plaintiff did not have a reasonable expectation of privacy at the workplace, even though they were not directly bound by an employment contract.
Creating a Balance
Samuels and Gregory, in reviewing the case law, provide four criteria they feel are useful in establishing this balance between employer rights and privacy rights:
- Whether the monitoring was done openly or surreptitiously
- if falling within policy, surreptitious monitoring can still be upheld
- Purpose of the monitoring
- Location of the document
- monitoring personal files are considered more intrusive
- Type of information gathered by surveillance
Re Saint Mary’s Hospital (New Westminster) and H.E.U. (1997) looked at the options an employer had available to them, and ruled that the surreptitious surveillance was unwarranted. They described what they called a “hierarchy of protection afforded by the right to privacy”:
- actual bodily intrusions, protected by the law of trespass and assault
- searches of personal effects and spaces
- tresspass and assault have no role
- privacy rights are not absolute and may give employer interests
- surveillance cases
- analagous to searches
- measured on a variable scale:
- benign surveillance for employee benefit
- surveillance for security of employer and employee
- surreptitious surveillance
Merely accessing computer files is not necessairly considered surreptitious, as in Re Insurance Corporation of B.C. and Office and Technical Employees Union, Local 378 (1994).
Courts also look at the context of a case to evaluate intrustion. In Canadian Pacific Railway v. International Brotherhood of Electrical Workers (Lahaie Grievance) (2000), an employee was discharged for violation of the Harrassment and Discrimination Policy for sending off-colour jokes about another employee and a supervisor.
The arbitrator found that the behaviour constituted misuse warranting discipline, but was not a violation of the Policy and did not justify dismissal.
Samuels and Gregory elaborate on the role of legislation in this balance,
The Personal Information Protection and Electronic Documents Act has significantly impacted the way in which a business may collect, use, and disseminate the personal information of its customers and employees. In its first stage of development, this Act only applies to certain federal enterprises. Under the Act, an employer will bear the consequences for any dissemination of information not in accordance with the Act. Employees with computer access who send information via e-mail or the Internet carelessly could pose a significant liability risk for their employers.
Under personal information protection legislation, the focus is on the collection, use and disclosure of personal information, not simply private information. Previous judicial and arbitral decisions may be helpful in determining reasonableness by discussing the extent to which employee privacy is affected. However, their discussions of reasonableness do not generally address the collection of personal information and the obligation of employers to limit their collection and use of personal information. Specifically, case law and arbitral analysis may not address questions of whether the monitoring is reasonably necessary, whether there are alternatives available to the monitoring and the reasonable scope of investigation in the circumstances. All these considerations will be key issues under the legislation.