Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workplace privacy here and now
1. Workplace Privacy Here and Now Dan Michaluk February 3, 2011 OBA Institute - Fulfilling Your Privacy Obligations
2. Outline The four hot button issues relate to The boundary between work and private life The right of access to stored communications PIPEDA application to employment in the province HO-010 – Managing the risk of employee malfeasance
3. Work Life Versus Private Life Bob and Sue had a long day. They go to the Dirty Dog Pub after work and, over the course of four hours, take jabs at their supervisor, Phil.
4. Work Life Versus Private Life Jack had a long day. He goes home, cracks open a beer, and boots up his home computer. Using a picture of his supervisor taken from the company intranet and some internet based software, he alters the picture so the manager looks ridiculous. Jack posts it to his Facebook page. He feels good.
5. Work Life Versus Private Life Duty of fidelity applies when employee expression is likely to significantly affect a legitimate employer interest All other activity is “private” The kind of social interaction we engage in today is more likely to conflict with employer interests
6. Work Life Versus Private Life Employee speech can negatively… …affect an employer’s duty to other employees …affect an employee’s ability to do his/her job …affect public perception of employee performance …affect an employer’s reputation
7. Work Life Versus Private Life Cape Breton-Victoria Regional School Board From NSCA on January 25th Recognizes potential harm to reputation, but no jurisdiction to impose penalty in circumstances Likely means that potential harm to reputation can only be acted upon if “substantial and warranted” If that’s balancing at the threshold, okay
8. Access to “Personal” Communications Employers need access to their systems Text messages can be incredibly useful in an investigation Three rights Routine monitoring (limited and needs based) Periodic audit (standard) Investigation on reasonable suspicion (standard)
9. Access to “Personal” Communications Unfettered right or access is dying a slow death Lethbridge College – Arbitrator Ponak, 2007 Johnson v. Bell Canada – Fed Ct., 2008 Cole – Ont. S.C.J., 2009 Tfaily – Ont. C.A., 2010 City of Ottawa – Ont. S.C.J., 2010 (subtext)
10. Access to “Personal” Communications What does balancing look like? The College recognizes the value of being able to work and study without concern of being under constant surveillance and therefore does not routinely monitor the activities of individuals.
11. Access to “Personal” Communications What does balancing look like? However, the College does perform periodic random audits to ensure acceptable network use and will investigate situations based on a reasonable suspicion of breach. As such, users should have no expectation of privacy when using the College’s network. If you wish to send personal communications that are private you should not use the College network.
12. PIPEDA Application Pre State Farm – Are we PIPEDA regulated? We use service providers as processing agents They have no independent interest in the information They handle personal information in our stead But we pay them
13. PIPEDA Application State Farm - Landmark Insurer conducts surveillance for insured defendant (through its counsel, as agent) Insurer does have an independent interest in collection… insurer does get paid But no a collection in course of commercial activity… this is about defending a civil claim Ratio – construe the essence of the activity More flexible than agency… more ambiguous
14. HO-010 – Managing Employee Malfeasance Unauthorized access by diagnostic imaging tech. Second similar breach at hospital (see HO-002) Limited role-based access restrictions on health care providers (access to systems and not within systems controlled) All systems not audited
15. HO-010 – Managing Employee Malfeasance Findings on duty to manage malfeasance Unreasonable to continue access without a written undertaking to abide by rules (ordered) Hospitals must report to regulatory college (ordered) Complainant has right to know what discipline was imposed Post-breach communiqué to employees called for (ordered)
16. HO-010 – Managing Employee Malfeasance Suggestion that identity of wrongdoer and penalty imposed should be published A suggestion at best… not backed by order or reasoning in text of order Not normative in employee and labour relations Seems mean-spirited Raises defamation issues
17. Workplace Privacy Here and Now Dan Michaluk February 3, 2011 OBA Institute - Fulfilling Your Privacy Obligations