The employment relationship as the privacy laboratoryElizabeth DenhamInformation and Privacy Commissioner for B.C.

Privacy, Law and the Contemporary WorkplaceFaculty of Law, Queen’s UniversityNovember 22, 2013

The free market

@

• Applies to 300,000 “organizations”

• Consent not necessary to collect, use or disclose personal information that is reasonably necessary to manage the employment relationship.

Personal Information Protection Act

B.C. OIPC Orders F13-04 (UBC) & P12-01 (Schindler Elevator Corporation)

B.C. OIPC Orders F13-04 (UBC) & P12-01 (Schindler Elevator Corporation)

• GPS used to track vehicle location and monitor distance, speed, acceleration, idling time, on/off information.

• The employer argued information was about vehicles, not employees. The B.C. OIPC disagreed.

• Commissioner determined the data is “personal information”

• Schindler & UBC both authorized to collect in the circumstances

• Employers inadequately notified employees – new notice required

B.C. OIPC Orders F13-04 (UBC) & P12-01 (Schindler Elevator Corporation)

B.C. OIPC Orders F13-04 (UBC) & P12-01 (Schindler Elevator Corporation)

Personal Information and Protection of Electronic Documents Act

(PIPEDA)

Federal legislation

Wansink v. TELUS Communications Inc. (F.C.A.), 2007 FCA 21, [2007] 4 F.C.R. 368

If an employer is acting reasonably in the management of the employment relationship, the employer can rely on the implied consent of the employees.

Wansink v. TELUS Communications Inc. (F.C.A.), 2007 FCA 21, [2007] 4 F.C.R. 368

Employers using social media to manage employment relationship could collect:

• Inaccurate information• Excessive information• Third-party information

Risks of social media collection

B.C. OIPC Mediation Summary P11-01-MSInvestigation of BC NDP use of social media

The BC NDP requested social media passwords for all personal accounts held by leadership candidates.

“An organization may collect personal information only for purposes that a reasonable person would consider appropriate in the circumstances...”

section 11, B.C. Personal Information Protection Act

B.C. OIPC Mediation Summary P11-01-MSInvestigation of BC NDP use of social media

Employment related record checks

• 2012: Published investigation report on the use of Criminal Record Checks by the B.C. Government

• 2013: Launched investigation of police information checks as employment screening tool (public & private sector)

Bring your own device (BYOD)

Bring your own device (BYOD)

Employers and BYOD

• Adopt a BYOD policy, because employees may already be using devices at work

• Consider tech solutions that keep personal and work data separate

• Balance security considerations with employee privacy

Alberta Information and Privacy Commissioner v. United Food and Commercial Workers, Local 401

Latest Case: 2013 SCC 62

• A successful employer-employee relationship is built on trust, collaboration and mutual respect.

• Privacy-invasive technologies can undermine that relationship.

The bottom line:

www.oipc.bc.ca @BCInfoPrivacy