Employee privacy during the COVID crisis is a major concern in workplaces across Canada. For the non-essential business, new rules have required the shut-down of the physical work site. These rules have resulted in temporary shutdowns and layoffs for some organizations. In contrast, those less dependent on their physical operations have shifted toward telecommuting and working from home. This has in turn raised questions of privacy and supervision.
More than ever, workplaces and employees are engaging with one another in a virtual world. Zoom or Skype meetings are becoming the norm and employees are bringing more and more employer equipment into the home. In light of these changes, real questions are emerging about an employee’s digital privacy rights and an employer’s right to supervise. These questions go beyond whether wearing pants is a requirement for working and include more legitimate questions such as:
- My employer says that because everyone is now required to work from home, they can regularly check my browsing history during work hours? Is this allowed?
- Our workforce has been given laptops to assist them with working from home. What rights do we have to review activities on this equipment?
- Because we’re now working from home without supervision, my employer has installed a keyboard tracer on our laptops to track what we type and search. This was never required. Is it allowed now?
The Short Answer
Although somewhat modified for the unionized employee, employee privacy rights are generally based on a complete review of the specific workplace circumstances. This review includes looking at the protected information (e.g. e-mails or browsing history), any workplace policies on the topic, the general understanding of employees related to the employer’s practices, and anything else that might be considered relevant. The more the Employer has cracked down on digital privacy rights over time, the lower the privacy expectation. In contrast, if an employer has been more lenient and flexible, the greater the right to privacy.
When thinking about privacy rights in the COVID world, there is no reason to believe that the assessment will change. If an Employer has seldomly reviewed e-mails and browsing history, then they are unlikely to have a full blown right to do so now simply because of COVID. At the same time, as restrictions on business operations increase during the COVID crisis, arbitrators and courts may begin to grant employers more flexibility in their practices. Ultimately, and if COVID persists, privacy rights today are unlikely to be the same as privacy rights 6 months from now, but how those rights will change is still to be decided.
Developments in Privacy Law
As discussed in an earlier blog post, the concept of employee privacy in the Canadian workplace is a muddied one. A patchwork of provincial and federal laws applies to some types of employee personal and personal health information. At the same time, a significant gap exists in the privacy interests of employees concerning their general use of employer equipment, e-mails, or other forms of digital communication, storage, and content.
Referencing our earlier blog, Canadian Courts now recognize that you can be sued for “intrusion upon seclusion” or for invading someone’s privacy. In Jones v Tsige (2012) ONCA 32, the key case on this issue, it was suggested that such a claim could also apply to “non-physical” forms of investigation such as “private and personal mail”.
Employee Privacy Rights
Despite the decision in Jones v Tsige, it is important to understand that this development did not answer whether an employer can review the private e-mails, browser history, or communications of their employees. What then are an employer’s rights to monitor private communications and what are the protections available to an employee?
Expectation of Privacy
As already suggested, the concept of employee privacy is not the same across Canada. In addition, privacy is subject to the specific terms and facts that exist in a specific work environment.
In the case of R v Cole (2012) SCC 53, where a teacher with nude photos of a student on his work computer had his work computer accessed during a routine scan by his employer, the Supreme Court of Canada suggested a “diminished expectation” of privacy over the work device. At the same time, the Court noted that the privacy expectation would depend on the “totality of the circumstances” including: 1) an examination of the subject matter; 2) a determination of the direct interest in the subject matter; 3) whether there was a subjective expectation of privacy in the subject matter; and 4) whether the subjective expectation of privacy was reasonable.
On the question of reasonable expectations, the Court said that the issue would be determined by a holistic review of various factors such as the workplace policies, practices, and the customs addressing private information.
Privacy Expectations in the Workplace
What then are the privacy rights of an employee or the extent of an employer’s supervisory rights? This question has been answered differently depending on the specific facts or the “totality of the circumstances” described in R v Cole.
Broadly, in the unionized environment, whether intrusive searches can be conducted depends first on the reasonableness of the search and the available alternatives; if there is a less intrusive way of investigating, the less intrusive path should be taken. however, even establishing that a search is reasonable does not automatically entitle an employer to access. Decision makers must also consider the privacy expectation that attaches to the information in a manner consistent with R v Cole.
In New Brunswick v CUPE Local 2745 (2015), a unionized employee under investigation for an unrelated issue was terminated for e-mailing sexually explicit material with her husband. In that case, while being a reasonable search conducted for a legitimate underlying concern, it was determined that the employer’s broad policies did not entitle it to review e-mails exchanged between spouses which otherwise had an expectation of privacy.
In the non-unionized environment, employees are likely more vulnerable to intrusions of privacy. While the unionized employee can take comfort in knowing a search must be reasonable to begin with, the non-unionized employee will have their rights determined by the “Totality of the circumstances” as described in R v Cole. Although likely to be less significant than the protections afforded to unionized employees, employees still retain an expectation of privacy, albeit diminished, based on circumstances relevant to their specific employment. Again, the circumstances include the relevant policies, practices, and the customs in play at the workplace.
Employee Privacy During COVID
COVID privacy rights will still be determined using the principles that have been broadly described here. Yes, there has been a fundamental shift in the way that work is being conducted; working from home and telecommuting have become the norm for broad sections of the economy and perhaps more than ever, employees are working without supervision. But these changes do not affect the underlying road maps that have been laid out by the Courts and labour arbitrators.
Employers will have rights to investigate certain information and communication, but those rights will be limited by the privacy expectations of its workforce which will in turn depend on the specific policies and practices in play at the workplace. At the same time, the societal changes that are taking place are likely to become key factors in determining the strength of the privacy expectation in the COVID workplace, especially if these changes persist over a longer period of time.
Going forward through the COVID and post-COVID world, employees should acquaint themselves with the policies and practices of employers relating to the monitoring of private information circulated on their systems, networks and equipment. Employers should also assume that any access decision will likely be opposed by some expectation of privacy and should work to make these expectations clear for employees. At the same time, a claim for “intrusion upon seclusion” may make itself available depending on the nature of the privacy intrusion. In determining the rights of either party, the key then is to establish the proper balance.
If you have any questions about employee privacy rights or the policies in your workplace, please feel free to contact the lawyers at Molyneaux Law to assist you in the navigation of these issues.
You make like some of our past blog posts:
DISCLAIMER: This blog is for educational and informational purposes only may not be typical and are not guaranteed. The accuracy of Moly Law Blog posts is not guaranteed, and laws may change from time to time. If you would like legal advice or have questions about your particular workplace problems, please contact a lawyer. Click Here to contact Hamilton labour, employment and human rights lawyers Sarah Molyneaux or Roberto Henriquez now. Contacting Molyneaux Law or using this website does not create a lawyer-client relationship. Your use of this website is entirely at your own risk.