everything you need to know about workplace privacy

Everything you need to know about workplace privacy

Dan MichalukJanuary 27, 2010

Everything You Need to Know About Workplace Privacy

Outline

• Employee privacy rights - the patchwork quilt• How to run an internet background check• Why and how your acceptable use policy needs

to change• Yes, you can transfer that data to the U.S., but…• How to manage the risk of communicable

diseases in the workplace• Questions


Employee privacy rights and the patchwork quilt

• Statutory codes

• Federal

• Alberta, B.C. and Quebec

• Other statutes

• The law of the unionized workplace

• Civil claims for breach of contract and tort


Employee privacy rights and the patchwork quilt

• Ontario non-unionized employees have no readily available means to assert a privacy right…

• …but• Risk of constructive dismissal claims (Colwell)

• Risk of tort claims (Somwar)

• Risk of human rights liability (e.g. drug testing)

• Employee relations

• So be careful


How to run an internet background check

An information collection model for efficient and compliant

recruiting


How to run an internet background check

• Do it at the end, not the beginning

• Question what’s relevant

• Set objective criteria

• Create a business record of the check


Why your acceptable use policy needs to change

• Then

• No personal use

• No mobile devices

• No social media (blurring of personal and

professional)

• Therefore…

• …no reasonable expectation of privacy



• Now

• Limited personal use

• Employer-issued mobile devices

• Social media means you’re always on

• Therefore…

• … individual privacy expectations are rising



WILL THE LAW CATCH UP?


How your acceptable use policy needs to change

• Relying on policy not based in reality is risky

• Consider a balanced approach

• Reserve the right to..

• …audit (with controls)

• …investigate (with controls)

• …extract and produce (e-discovery)

• Tell them data stored on cloud services counts


Yes you can transfer data to the U.S. but…

• Recognized rules

• Data security must be equivalent

• You should be aware of risks that flow from socio-

political conditions (but not likely a barrier)

• Notice should ordinarily be given (but whether it

must be given depends on your jurisdiction)


Yes you can transfer data to the U.S. but…

• What to do

• Employ due diligence

• Enter contract to control the information

• Enter a contract to guarantee security

• Give notice subject to legal advice that notice is not

required


How to manage the risk of disease

Employer

Employee HCP

Medical Advisor



• Screening

• Be transparent about policy

• Only above an objective threshold

• Use a process based on medical science

• Use a occupational health professional if you can

• Keep records (of due diligence) secure



• Warnings

• Be transparent about policy

• Only above an objective threshold

• Routine disclosure highly questionable

• Disclosure based on a real need to allow people to

mitigate risk

• Notification of disclosure back to individual


Dan Michaluk

Hicks Morley Hamilton Stwart Storie LLP

(416) 864-7253

[email protected]

or

Twitter

LinkedIn

Everything you need to know about workplace privacy

Dan MichalukJanuary 27, 2010

everything you need to know about workplace privacy

Business

whyyour acceptable use

howyour acceptable use

employee privacy rights

workplace privacy dan

risk of disease screening

risk of disease warnings

limited personal use

risk of communicable