But it’s a new year and I’ve recovered from my illness and my holidays, so without further ado…

Will we see national anti-spam legislation this year?
Industry Canada has signalled the federal government’s intention to enact early in 2012 its cumbersomely named anti-spam legislation.* Previously known as the Fighting Internet and Wireless Spam Act and the Electronic Commerce Protection Act, the broad and strict anti-spam law mandates significant penalties for contravention and covers activities beyond email and applies to all types of organizations and individuals. Any individual or organization that sends commercial electronic messages must be aware of its obligations under this new legislation.

Organizations should act now to prepare. Alongside a review of the new law, organizations and individuals should take a close look at their current practices and take steps right away to modify them to comply with the law.

Privacy Commissioner reports on online behaviour
The Office of the Privacy Commissioner released its Report on the 2010 Office of the Privacy Commissioner of Canada’s Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing. It’s no surprise the commissioner recommends organizations take a proactive and transparent approach to protecting customers’ privacy, aiming to meet or exceed the standards of the Personal Information Protection and Electronic Documents Act (PIPEDA) or whatever law applies.

New tools to capture, analyze and use customer information have been a boon to business, but they are not without risk. Users often interact with organizations online without a clear understanding of what information is in play, or without knowing that personal information is floating around at all. Organizations might be tempted to take advantage of the personal customer information available to them, for example via online sales, but they should resist.

In more privacy news…
The commissioner decided that an employer may not reveal an employee’s earnings, even if that employee’s salary is subject to public disclosure rules.

The privacy complaint arose when an employee of a PIPEDA employer overheard a superior discussing the employee’s pay with another person. The commissioner found that the supervisor did not clearly understand the personnel policy, and the employer was “insufficiently aware of its obligations under the Act concerning personal information protection.” None of the employer’s arguments swayed the commissioner’s order to implement a legally compliant privacy policy and train employees on their obligations under it.

Controversial copyright law to pass?
In October, the federal government said it wants to pass the Copyright Modernization Act soon. With a majority government, this is fairly likely.

The Act would make significant changes to the way we use and interact with copyrighted content. For one thing, it would explicitly legalize much of users’ already common behaviour, but place strict limits on that behaviour. The Bill should make it easier to prosecute (and hopefully discourage) copyright infringers, if not to catch them.

Just cause to quit
The Federal Court of Appeals affirmed the conditions under which employees can claim they had just cause to quit.

An employee can’t claim to have just cause unless the conditions of employment offer “no reasonable alternative to leaving the employment.” Before that stringent condition arises, an employee must try to work out the problems or attempt to find alternative employment. Without evidence of these efforts, an adjudicator is unlikely to find an employee had just cause to quit. Furthermore, jurisprudence “imposes an obligation on claimants, in most cases, to attempt to resolve workplace conflicts with an employer, or to demonstrate efforts to seek alternative employment before taking a unilateral decision to quit a job.” Employers can feel confident that, in such cases, they won’t be on the hook for damages, other payments or penalties.

And finally…
In an important case from Quebec, the workplace injury tribunal allowed a claimant to rely on Facebook posts to support her allegations of workplace harassment. The defendants argued that the comments were incomplete, they were no better than hearsay and the printed pages of evidence could violate others’ privacy. The tribunal found that the pages offered sufficient context and the defendants had the time and opportunity to confirm the relevant comments and commenters. With respect to privacy, the tribunal argued that:

Considering the multitude of people who might have access to them, the contents of a Facebook profile are not part of the private domain. A user’s list of friends can be long, and the list of each friend’s friends can be equally long. Therefore, the Facebook evidence submitted by the employee does not constitute an attack on the private lives of third parties.

There you have it. Of course, lots more happened, and you can look back over 2011 any time on First Reference Talks. We’ll continue to keep you updated on these developing stories.

*The full name of the Bill is An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act

Adam Gorley
First Reference Internal Controls, Human Resources and Compliance Editor

© 2012 First Reference Inc. All Rights Reserved. | Permalink | Make a comment |

We would like to thank the CLawBie judges (Steve Matthews, Jordan Furlong and Simon Fodden) for considering our blog, First Reference Talks as a finalist. We appreciate the recognition and will continue to strive to provide in depth, timely and well written articles in 2012.

We especially would like to thank all of our blog authors for their great contributions and dedication to their work. We could not have done it without them and they deserve mention here:

• Adam Gorley
• Christina Catenacci
• Andrew Taillon, Cox & Palmer
• Stuart Rudner, Miller Thompson LLP
• Andrew Lawson, Learn―Don’t Litigate
• Earl Altman, Garfinkle, Biderman
• Henry J. Chang, Blaney McMurtry LLP
• Maanit Zemel, Miller Thompson LLP
• Suzanne Cohen Share, Access (SCS) Consulting Services
• Ian J. Cook, BC HRMA and HR Metrics
• Alan R. McEwen, Alan McEwen & Associates
• David Hyde, David Hyde and Associates
• Matt Lalande, Haber & Associates
• John Procter

If you would like to read more about them, click here.

We would also like to congratulate B.C. Injury Law Blog for the ClawBie Fodden Award choice for best Canadian law blog, and Employment & Human Rights Law in Canada by Lisa Stam as one of the Best Practitioner Blog 2011 CLawBie winner.

Also, our congratulations to all other award recipients, runner-ups, finalists, and nominees; for more on the 2011 ClawBies, click here.

Yosie Saint-Cyr
First Reference Human Resources and Compliance Managing Editor

© 2012 First Reference Inc. All Rights Reserved. | Permalink | One comment |

Mobile devices and applications only exacerbate the problem. Mobile users are even more impatient than desktop users to put the apps they download to use—and the screens, well, they might be fine for reading tweets, Facebook updates, and maybe longer things of interest, but privacy policies? No thanks!

This is the strange state we live in: users increasingly want companies to protect their information, but they remain unwilling to follow basic privacy principles, such as, you know, reading a company’s privacy policy.

Jim Brock, founder of PrivacyChoice, told the New York Times:

Everybody complains that no one reads privacy policies and that privacy policies are too long and too difficult. The mobile environment requires you to say things very succinctly, and it requires you to say things in layers.

PrivacyChoice analyzes and indexes online privacy policies. It has compiled hundreds of online policies and used the data to create a tool that allows organizations to create compliant privacy policies without a lawyer. According to the Times:

Developers who want to use the tool can select answers to basic questions about how they collect data, how that data is used and whether it can be deleted. … The resulting policy boils complicated policy language down to a few sentences like “We collect or share your location only with your permission” or “We keep personal data until you delete it.”

The app is based on law in the United States, and it is still in developers’ beta, but I’m sure Canadian organizations and application developers could apply the principles of simplicity and layers to their own privacy policies.

I think there needs to be a trade-off. Privacy policies should be written in short, plain-language sentences, and only as much information as is immediately necessary should be presented, but apps should present users with the information as needed, and require consent to proceed. If I were presented a short and clear policy statement (e.g., one–three sentences), rather than an invitation to click through to read a longer policy somewhere else, I would gladly read the former and ignore the latter. If that means I have to view these brief messages more frequently, that is the price I’ll pay to be informed. A reminder of the importance of the message might help.

Of course I have no idea if anybody else agrees!

But please let me know. Does your organization have trouble informing customers of your privacy policies? Do you worry that customers might not understand how you treat their personal information once you’ve collected it? Do you have clear policies that your employees can understand and apply?

Adam Gorley
First Reference Internal Controls, Human Resources and Compliance Editor

© 2011 First Reference Inc. All Rights Reserved. | Permalink | Make a comment |

The teacher posted on her Facebook wall that she was “a warden for future criminals“. Some of her 333 Facebook friends shared the post, and eventually some parents of the teacher’s students saw it. An administrative judge decided that it was a termination-worthy offence.

The comment is a bit harsh for first-graders, isn’t it? The judge sure thought so. In fact, the judge labeled the conduct “inexcusable”.

However, not surprisingly, the teacher has decided to appeal the decision. She claims that the context was important; she was exasperated after several students disrupted her class and after one boy hit her.

At this point, the state education commissioner must accept, reject or modify the judge’s decision within 45 days.

The comments that follow the linked article mainly support the teacher and contain an understanding tone. One parent agreed that it is unacceptable to be disrespectful to authority figures, and it is a shame when parents do not teach these principles to their children.

One commenter stated that abuse is not acceptable and the spoiled, entitled kids needed to be taught respect at school because they were clearly not being taught at home. One person noted that there is not a great deal of institutional support for teachers who are abused by disruptive students.

Only one comment mentioned that if a teacher can’t handle teaching children, the teacher should not teach.

This case reminds me of the Canadian case we reported on about two car dealership workers were terminated for cause after they wrote offensive and harassing messages on Facebook about their employer and managers.

But is this the same thing? A single comment after being struck by a student?

What do you think? Was the comment inappropriate? Was it so inappropriate that the teacher should lose her job? Is the context of the situation relevant here?

Also, what can employers do to manage and prevent this from happening? We wrote about tips regarding Facebook and privacy in the workplace here.

Essentially, the goal for employers should be about drafting a clear and consistent social media policy. The policy should explain what social media is and what the policy covers; non-work usages of social media; how publishing reflects on employees and the employer; how it is not permitted to speak on behalf of the employer; what the rules are regarding the use of social media in a business capacity; how the employer plans on monitoring employee usage of social media while at work; and the consequences of breaching the policy.

Christina Catenacci
First Reference Human Resources and Compliance Editor

© 2011 First Reference Inc. All Rights Reserved. | Permalink | Make a comment |

Recently, the Missouri state legislature attempted to block contact between students and former students under age 18 and their teachers via social networking sites that provide “exclusive” access (a private, one-on-one means of communication). The overall goal of this law, the Amy Hestir Student Protection Act, enacted on July 14, 2011, is to protect school-aged children from sexual predators at school.

Although this case is currently being debated in the United States, it is a topic of interest for all countries including Canada.

For more information, read my latest post on Slaw.

© 2011 First Reference Inc. All Rights Reserved. | Permalink | Make a comment |

In Manson v. Doe, Mr. Manson, a lawyer, commenced legal action against anonymous online bloggers, alleging that they had defamed him. Manson brought applications to the court for orders against various website operators and Internet Service Providers (ISPs), seeking information necessary to track down the bloggers. Although Manson was successful in obtaining the orders against the ISPs, he hit a snag when the information provided by the ISPs did not reveal the identity of “John Doe 1”.

Mr. Manson then brought an application to the court, seeking that it order “John Doe 1” to reveal his or her identity and that “John Doe 1” remove the defamatory blogs from the web. Not surprisingly, “John Doe 1” did not appear in court to oppose this application.

Mr. Manson succeeded in his application, and “John Doe 1” was ordered to reveal his or her identity and to remove the offending blogs. Good news for Mr. Manson, bad news for “John Doe 1”, right? Not necessarily.

Imagine you are “John Doe 1”. Would you reveal your identity to comply with the order? Sure, penalties for not complying may include contempt of court, or even imprisonment, but how would anyone locate you? Therein lies the irony of this order: it is an order to reveal an identity of an alleged wrongdoer, but one would need to know the identity of the wrongdoer to enforce the order.

This case illustrates the difficulties faced by plaintiffs in online defamation cases. They may have legal remedies available to them, but those remedies may not necessarily be practical solutions to the defamation.

Maanit Zemel
Miller Thomson LLP

© 2011 First Reference Inc. All Rights Reserved. | Permalink | Make a comment |

The report is valuable enough for its descriptions of the issues and how they affect individuals and businesses. One of the major concerns is whether Canada’s existing privacy law framework is sufficiently robust to protect citizens from online threats. Some experts believe it is; others do not. At any rate, the office of the privacy commissioner has proposed several actions to reduce the risks associated with online tracking, profiling, targeting and cloud computing:

• Monitoring and funding research developments on the implications of changing perceptions of public and private spaces (as well as the challenges of maintaining a professional and personal presence online)
• Conducting public opinion research on Canadians’ perceptions of the public-private divide
• Conducting outreach activities, including developing best practices for organizations to support people’s capacity to be as private or as public as they want
• Continuing public education efforts
• Working with Industry Canada to consider how best to integrate privacy by design principles and privacy impact assessments into private sector practices
• Monitoring and drawing on the work of international privacy organizations that are working on similar issues
• Focusing online privacy activities on adult Canadians who may be newer users in the online environment
• Continuing dialogue with the technical community on how to build the principles contained in PIPEDA into both user interfaces and underlying technologies
• Continuing to reach out to youth and seeking innovative and creative ways of doing so

And much more besides.

If you are concerned about expanding your operations to include more online activity, if you’re looking for information about privacy law and how your current practices stand up, or if you’re just looking for a primer on these pertinent issues, read the privacy commissioner’s report. It’s short and written for you.

When you’re done, consider the First Reference best practice guide, Protecting employee and customer privacy, which contains the most crucial information Canadian companies in the private sector must have to understand the “why”, “what” and “how” of Canadian privacy legislation. The guide is aimed primarily at providing information on privacy issues related to the employment relationship, however, it also helps organizations deal with customer privacy. In addition, there is information about common privacy issues such as record keeping, access to information, video surveillance, breach of privacy, medical information, social networking, etc.

Adam Gorley
First Reference Internal Controls, Human Resources and Compliance Editor

© 2011 First Reference Inc. All Rights Reserved. | Permalink | Make a comment |

Yosie wrote about it on Slaw.ca last fall.

The case is a few months old now, but no less important in its implications for employers. Terminations based on employees’ use of social media (aka, “Facebook firings”) remain rare in Canada, but you can be sure the numbers will grow. It is likely that there are several such cases before Canadian courts right now.

The primary defence in such proceedings is a strong, clear and consistent social media policy. When preparing your policy, consider these provisions:

• Explain what social media is and what the policy covers
• Remind employees about the nature of social media
• Include non-work usages of social media
• Remind employees that what they publish reflects both on themselves and the employer
• Prohibit the violation of laws
• Prohibit the violation of employer policies
• Prohibit speaking on behalf of the employer
• Advise that revisions may be requested
• Include specific rules regarding the use of social media in a business capacity
• Advise that the employer will monitor employee usage of social media while at work, if applicable
• Advise of the consequences of a breach

See the link above for more detail, and find more about how social media are affecting the workplace here on the blog.

© 2011 First Reference Inc. All Rights Reserved. | Permalink | Make a comment |

These days, it appears to be a fact of life that some employees surf the Internet for brief periods of time after working on tough assignments to give themselves a mental break before beginning the next task.

Contrary to what some may believe, associate professor Vivien K. G. Lim and graduate student Don J. Q. Chen of the National University of Singapore, found that employers can actually increase productivity by giving employees some time to surf the Internet during work hours. Those in the group that were given time to surf reported significantly lower levels of mental exhaustion and boredom, and significantly higher levels of psychological engagement. What’s more, the researchers linked browsing the Internet with more positive mental states, including excitement, interest, alertness and activity. This is because, according to the researchers, the brief moments of Internet browsing serves an important restorative function.

On the other hand, it was found that the more employers monitor for web browsing, the more employees do it, since employees view policies banning browsing as a form of mistrust in them. Further, interestingly, the acts of reading and answering emails were more associated with negative mental states including feeling distressed, fearful, hostile and jittery.

So what does this mean for employers?

Perhaps blanket bans are not the way to go; maybe the best way to deal with the issue of employee browsing is to create a more reasonable policy. For instance, a reasonable Internet browsing policy can balance the employer’s need for productivity and the employees’ need to briefly browse to enable mental breaks between complex tasks. This policy could take the form of allowing some time and visits to certain appropriate sites (such as selected websites offering news, social networking, online gaming, entertainment and hobby-related activities) with certain time restrictions.

Moreover, pursuant to the results of the study, it may be a good idea to limit the time spent on personal emails in order to maintain positive mental states in the workplace.

The comments following the linked article demonstrate both views on the issue. What do you think? Do you believe that web surfing provides a restorative function, or is this just an excuse to socialize and minimize the time spent working?

Christina Catenacci
First Reference Human Resources and Compliance Editor

© 2011 First Reference Inc. All Rights Reserved. | Permalink | Make a comment |

In Morris v. Johnson , Phyllis Morris, the former mayor of the Town of Aurora, brought a motion for an order against the operators of a blog that Ms. Morris alleged had defamed her while she was the mayor. Ms. Morris wished to have the identity of the anonymous bloggers revealed, so that she could name them as defendants to her defamation action. After reviewing the recent trend in the caselaw, Justice C.J. Brown refused to grant Ms. Morris’ request.

Although she does not specifically say so in her reasons, Justice Brown’s decision suggests that different standards may be applied to cases where the plaintiff is a politician. The Judge’s approach appears to be that, when a person expresses his or her views on a political figure anonymously, that person is validly exercising their constitutional right of freedom of expression and is entitled to remain anonymous. This approach is different than the one taken by the courts to the alleged defamation of lay people. In those cases, the courts have assumed that, because the blogger chose to remain anonymous, he or she may have had ulterior and possibly malicious motives in posting the allegedly defamatory comments.

In my view, a different standard should not be applied to disclosure requests made by politicians. In an open and democratic society, someone who wishes to validly criticize a political figure should be able to do so openly and freely, without fear of repercussion. If he or she defames the politician and chooses to do so anonymously, maybe there was an ulterior motive to the posting – to maliciously cause harm to his or her reputation. Otherwise, why choose to remain anonymous?

Maanit Zemel, Associate
Miller Thomson LLP

© 2011 First Reference Inc. All Rights Reserved. | Permalink | Make a comment |