Spying, snooping, sleuthing – whatever you choose to call monitoring your employees, there’s no denying it’s a contentious issue in the workplace. But what legally constitutes snooping on your staff? And when are you allowed, or prohibited, from perusing their computers, emails and phones?
We spoke to Cameron Wardell, a lawyer at Mathews, Dinsdale & Clark LLP, who gave us his take on this complicated topic.
“In 2012, the Supreme Court of Canada ruled in a case called R. v. Cole that individuals may have an expectation of privacy on workplace computers, including with respect to their browsing history on those computers. The case itself involved the criminal law: a teacher had been charged with possession of child pornography after the school discovered nude photos of a student on his work computer. The school turned those photos over to the police without a warrant. In finding that the teacher’s Constitutional rights had been contravened, the Court said:
“Computers that are reasonably used for personal purposes -- whether found in the workplace or the home -- contain information that is meaningful, intimate, and touching on the user's biographical core. […] While workplace policies and practices may diminish an individual's expectation of privacy in a work computer, these sorts of operational realities do not in themselves remove the expectation entirely: The nature of the information at stake exposes the likes, interests, thoughts, activities, ideas, and searches for information of the individual user.
“The Court left it open as to whether an employer had lawful authority to search this kind of computer. Remember – as arising from the criminal context, the question was whether the state could review this kind of ‘private’ material without a warrant.” According to Wardell, as a general rule, Constitutional protections don’t bind private entities. “There are still questions of human rights and tortious or statutory liability,” added Wardell. “The legal landscape is complicated and R. v. Cole was and remains a surprising piece of law.”
In British Columbia the right to privacy is protected by statute in multiple forms, including through the Privacy Act. That Act makes it a “tort actionable without proof of damage, for a person, willfully and without a claim of right, to violate the privacy of another.” Privacy protections are also legislated through the Personal Information Protection Act (“PIPA”). PIPA applies to private organizations while similar legislation, the Freedom of Information and Protection of Privacy Act (“FOIPPA”) applies to the public sector.
BC’s Privacy Commissioner is responsible for the oversight and enforcement of BC’s privacy laws including PIPA and FOIPPA. That said, individuals claiming breach of privacy can sue for breach of the Privacy Act without complaining first to the Commissioner. Breaches of PIPA must go through the Commissioner first and complaints under FOIPPA can’t go to Court at all. “Like I said, it’s complicated,” Wardell repeated.
“A recent BC case, Tebaerts v. Penta Builders Group Inc., involved an employee who worked for a family business,” added Wardell. “She was terminated after it was found out she’d deleted files from the employer’s system. The employer discovered this misconduct through accessing her emails via her work computer. The employee then sued for wrongful dismissal breach of privacy under both the Privacy Act and PIPA.”
The employee did not pursue the claim under PIPA which is likely a result of the framework of PIPA which makes bringing such a claim to Court very difficult, Wardell explained.
“In looking at the alleged privacy breach, the Court framed the question for consideration as whether the employee could reasonably expect that her computer files, emails or text messages would remain private, in keeping with societal and legal norms in Canada.” Wardell paused, “I think this is a very difficult question given the present rate of technological development and easy access to social media. What’s truly private anymore?”
Wardell returned to the judgment: “In answering the question, the Court looked at four factors: the subject matter of the search, whether the claimant had a direct interest in said subject matter, the claimant’s subjective expectation of privacy, and the objective reasonableness of their subjective expectation.”
In parts of Canada which don’t have any statutory support, things work a little differently, Wardell told us. “In Ontario, the recent case of Jones v. Tsige, outlines the tort of ‘intrusion upon seclusion’. This is defined as ‘One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person’.”
In jurisdictions that don’t have legislation similar to our Privacy Act, individuals may pursue similar lawsuits for intrusion upon seclusion.
“The framework for privacy protections in BC and Canada is quite complex, and the law about it can be surprising,” observed Wardell “I would say that the biggest take-home point in this digital age is that the Courts and other decision-makers will assign privacy rights outside of what we might historically think of as private. In 2018, employers are well-advised to consider this—and to consult legal counsel—before searching any workplace computer or even the social media profiles of employees or prospective employees.”
Snooping on employees’ tech is one thing, but do you know how much time you waste checking hour phone during work? Find out the surprising statistic here.