The purpose of this assignment is to allow you to analyze policies in place at your organization and another organization, and illustrate your understanding of the impact of the policies on the ability of the employer to respond to the actions of their employees.

Using an organization of your choice. You may use the same organization you used for the previous assignment. Regardless of what organization you choose, you may use a pseudonym to keep the organization anonymous in your assignments.

To conduct this assignment:

1.Review theSocial Media Policyfor Government of Manitoba Workers.

2.Find social media policies from your selected organization.

3.response.

a. Compare the two policies, including an analysis of the impact of off duty conduct of the employee, and of employee privacy; and

b. Recommend changes to your organization's social media policy, and explain the rationale behind them. If you would not recommend any changes, justify why.

References:

https://www.gov.mb.ca/csc/policyman/socialmedia.html

https://www.cba.org/Publications-Resources/CBA-Practice-Link/2015/2014/Social-media-policies-in-the-workplace-What-works

CHAPTER 26

Privacy Law at Work^*

LEARNING OBJECTIVES

After reading this chapter, students will be able to:

Understand the legal sources of privacy protection in Canadian law.

Recognize the kinds of privacy issues that can arise in the workplace.

Understand the jurisdictional differences in the protection of an employee's privacy.

Understand how the protection of an employee's privacy differs in a unionized versus a non-unionized workplace.

I. Introduction

Canadian privacy law has been characterized as a loose collection of concepts and doctrines that establish a sort of "legal checkerboard" whose application depends on the jurisdiction and the status of the employee. The legal protection of privacy in the workplace comes from a variety of sources (see Table 26.1 for a brief snapshot of the sources of law that touch upon issues related to privacy at work). These sources include public and private sector privacy statutes, anti-discrimination statutes, the tort of "intrusion upon seclusion," contract law, and arbitration decisions in unionized environments.¹Some sources of privacy protection overlap in their application, while others apply exclusively to certain groups of employees.

The aforementioned legal sources of privacy protection are not unified by a universal "right" to privacy applicable to employees across Canada. Instead, the levels and types of privacy protection afforded to employees in Canada are entirely dependent on the legal regimes applicable to the particular employment relationship. Therefore, it would be inaccurate to claim that all employees in Canada enjoy the same right to privacy and, correspondingly, that all employers in Canada have the same legal obligations and rights with respect to the collection and use of information from employees. Determining the right of an employee to privacy and the right of an employer seeking to collect and retain information about its employees can be a complex exercise. This chapter provides an overview of the various sources of workplace privacy law and the employment contexts to which they apply.

TABLE26.1Sources of Law That Govern Issues Related to Privacy at Work

Source of Law

Jurisdiction(s)

Conduct Regulated

Enforcement

Regulatory Regime: Privacy Legislation

BC, Saskatchewan, Manitoba, Newfoundland and Labrador, Quebec

Legislation creates a new "tort of privacy" that protects workers from unreasonable invasions of privacy. The employer's business interests are weighed against the employee's expectation of privacy in the circumstances.

Lawsuit in court for violation of the tort that is created by the statute

Regulatory Regime: Information Privacy Legislation

Federal:Personal InformationProtection and Electronic DocumentsAct(PIPEDA)

Alberta, British Columbia, and Quebec have enacted their own similar legislation that applies to provincially regulated employers

PIPEDAapplies only to federally regulated companies, like banks, airlines, and telecommunications companies (see Chapter 17). Regulates the collection and disclosure of personal information that could disclose information about the employee, including contact information and images. Employers may collect information about employees if a "reasonable person" would consider it appropriate in the circumstances. Often the employer requires employee consent to collect and disclose personal information, but the statutes create some exceptions to this.

Complaint filed with a privacy commissioner, who investigates and issues a report; if either party is unhappy with the report, they can bring an action in federal court

Regulatory Regime: Human Rights Legislation

All jurisdictions

It is unlawful for employers to rely on some types of personal information related to "prohibited grounds" in making employment-related decisions. For example, an employer cannot ask a job applicant about their religion or marital status and cannot consider those characteristics in decision making.

Complaint filed under human rights legislation

Common Law Regime: Tort of "Intrusion upon Seclusion"

So far, this tort has been recognized by courts in Ontario, Manitoba, and Nova Scotia, but other provinces may follow

Tort applies when an employer intentionally violates an employee's privacy at work "without lawful justification" if the intrusion is highly offensive and would cause distress, humiliation, or anguish to a reasonable person.

Lawsuit in court alleging the tort was committed

Common Law Regime: Contracts

All jurisdictions

An expressed or implied contract term may protect employee privacy.

Lawsuit in court for breach of contract

Collective Bargaining Regime: Labour Arbitration Law

All jurisdictions, in unionized workplaces

Arbitrators have recognized an implied right of privacy in arbitration case law. Employers must justify any intrusion on employee privacy with reference to pressing business concerns that outweigh employee privacy concerns.

Grievance filed under the collective agreement that, if not settled, would be litigated before a labour arbitrator

Before we delve into a discussion of workplace privacy law in Canada, it is useful to consider how technology, which is often central to concerns about privacy, has affected the legal protection of privacy interests (see Box 26.1).

BOX 26.1 TALKING WORK LAW

Emerging Issues in Technology and Privacy

Historically, one of the main drivers of privacy law has been the rise of technologies that can be used (or abused) to intrude upon private life. Consider the ever-increasing development and use of surveillance and communications technologies with privacy-invasive potential: video monitoring, listening devices, voice recognition, and global positioning systems, to name just a few. Today, aerial drones are available and affordable, allowing users to fly over their neighbours and "spy" on them from the sky. What will be next? Ask yourself:

Does privacy exist in modern society, when everything an individual says and does can be monitored, recorded, and disseminated globally on the Internet? Or is the legal protection of privacy more important and urgent than ever before? Given the availability and affordability of these technologies, to what extent should an employer be permitted to monitor employees?

The rise of social media (Facebook, Twitter, etc.) presents additional legal challenges. Prior to the widespread use of social media, an author could only publish information to a relatively narrow audience. Today, any posting on social media can "go viral" and potentially reach hundreds of millions of people. Ask yourself:

Does privacy exist in social media? Can an individual have any expectation of privacy in anything they put on the Internet? Or is privacy lost the moment an individual engages with social media? How should the law respond? Should the law permit an employer to rely on information posted by an employee on social media as justification for discipline or termination of employment?

Modern workplaces provide employees with ready access to technologies that can be used to enhance productivity and the work experience but that can also threaten privacy. Ask yourself:

How important is it for an employer to have clear policies concerning the proper use of technology at work? What should be included in such a policy?

These are just some of the difficult questions that arise in relation to the modern challenge of governing privacy in the workplace.

II. Privacy Legislation in Canada

As noted in the introduction, Canada has a loose patchwork of privacy legislation. Some provinces have enacted privacy legislation applicable to the workplace, but most have not. In those provinces that do not have stand-alone privacy legislation, other statutes may indirectly regulate aspects of workplace privacy, and tort and contract law also may play a minor role in protecting privacy interests (as we will see below). The federal government has enacted legislation that affects some aspects of workplace privacy, but that law applies only to federally regulated employers.

A. Provincial Privacy Acts

Several provinces (British Columbia, Saskatchewan, Manitoba, Newfoundland and Labrador, and Quebec) have created a tort of invasion of privacy through their privacy legislation.²That legislation filled a void in the common law since, until recently, Canadian courts resisted recognizing a general tort of invasion of privacy (as we will discuss below, recent significant movement in that direction has been made).³For example, British Columbia'sPrivacy Actincludes a provision for "violation of privacy actionable":

1(1) It is a tort, actionable without proof of damage, for a person, wilfully and without a claim of right, to violate the privacy of another.

(2) The nature and degree of privacy to which a person is entitled in a situation or in relation to a matter is that which is reasonable in the circumstances, giving due regard to the lawful interests of others.

(3) In determining whether the act or conduct of a person is a violation of another's privacy, regard must be given to the nature, incidence and occasion of the act or conduct and to any domestic or other relationship between the parties.

(4) Without limiting subsections (1) to (3), privacy may be violated by eavesdropping or surveillance, whether or not accomplished by trespass.⁴

That provision, and similar language in other provincial privacy legislation, creates a tort of privacy that enables an employee to sue their employer in court for alleged invasion of privacy. Damages for infringement of the tort are assessed in accordance with the rules of tort damages discussed in Chapter 16.

Note that privacy legislation does not necessarily restrict the right of an employer to conduct surveillance or to search an employee or an employee's locker, work computer, or even personal belongings. The courts will weigh the "reasonableness" of the employer's actions against the employee's privacy interests, considering also whether the employee would have a reasonable expectation of privacy in the circumstances. For example, inRichardson v. Davis Wire Industries Ltd., a BC court ruled that thePrivacy Actwas not violated when the employer relied on videotape evidence of an employee sleeping on the job in its defence to a wrongful dismissal lawsuit.⁵The court found that the employee had no expectation of privacy in the area where the camera was placed. It also noted that even if the camera were a violation of thePrivacy Act, the images it recorded would have been admissible in the wrongful dismissal lawsuit, since the legislation "merely provides the foundation for a claim in tort and does not prohibit the admission of evidence."⁶

B. Federal Information Privacy Law: The Federal Personal Information Protection and Electronic Documents Act

The federalPersonal Information Protection and Electronic Documents Act(PIPEDA)⁷introduced information privacy law to the federally regulated private sector in 2001, but it expressly does not apply to provincially regulated employment relationships.⁸PIPEDA only applies to federally regulated private employers (both unionized and non-unionized), such as banks, airlines, railways, and telecommunications companies (see the discussion of jurisdiction in Chapter 17). A provincially regulated employer is impacted by PIPEDA only to the extent that the province in question has enacted substantially similar legislationand only British Columbia, Alberta, and Quebec have done so.⁹It remains the case today, as in 2001, that provincially regulated private sector employers in the other seven provinces are not subject to information privacy legislation.

PIPEDA, like the substantially similar provincial laws, regulates "personal information" about an individual, which is defined as "information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization" (i.e., basic business card information). "Personal information" is a broad concept and generally includes any information related to an individual that could be used directly or indirectly to identify the individual, including video and photographs.

The regulatory framework of PIPEDA is built on two fundamental and sometimes conflicting principles: (1) reasonableness and (2) consent. Hence, section 5(3) of PIPEDA states "[a]n organization may collect, use or disclose personal information only for purposes that areasonable personwould consider are appropriate in the circumstances (emphasis added)."¹⁰Section 7(1) then adds that "an organization may collect personal information without the knowledge or consent of the individual only if" certain exceptions apply.¹¹Even if an individual consents to the collection of personal information, no exception appears in PIPEDA that would allow collection, use, or disclosure of personal information to occur in unreasonable circumstances. PIPEDA is uniquely structured because many of its key legal standards are found in a schedule.