Last week, Alison J. Bird wrote for the First Reference Talks blog about the R. v. Cole case, involving a high school teacher who had kept photos of a naked, underage student on his work computer. In the past several days, there have been a flurry of news stories calling attention to privacy boundaries employees can expect to encounter regarding work-licensed technology.
The Supreme Court of Canada’s decision in the Cole trial determined that Cole could have anticipated some privacy regarding his work computer, though at a level diminished from what he would anticipate on a privately-owned computer. The decision also made a distinction around material regarded as “information that is meaningful, intimate and touching on the user’s biographical core.”
The response to the case has largely been around ramifications of the trial, questions around workplace policies on employee privacy, and an employee’s information to which an employer should have access. In a recent article in The Lawyers Weekly, Daniel Michaluk of the Canadian Association of Counsel to Employers raises the question at hand: ” Any access [by the employer] to its own system that causes an employer to run across employee information now comes with a question: Was that reasonable and legitimate, or not?”.
Employers are encouraged to review and, if necessary, revise policies around work-issued computers and other electronic devices where employees may store any personal information. This attention to company policy is in the interest of both the employees and the organization, with the aim that clarified boundaries will allow for guidelines for protected privacy, as well as making clear the responsibilities of due diligence for administrators. Where before, the tendency for employers to have a more ready access to workers’ internet browsing history and files saved on their computers, Michaluk cautions employers that they may be more likely to be subject to litigation from employees for potentially seeking more personal information on work computers than they are entitled to have.
What can employers do?
Following a review and possible revision of company IT and employee privacy policies, employers can put a few safeguards in place to make data and privacy boundaries clear and easier to work within.
Passwords: creating password-coded logins for work computers is a good practice for more than one reason. Using logins with passwords are useful barriers for employees to protect their personal information. They also serve another practical, and near-opposite purpose of reminding employees that when they access their work computers, they are effectively entering a work environment, be it virtual or physical. These logins and passwords in this way can serve a similar purpose to digitized key cards issued to employees, which make clear each time they are used that a work area has been accessed, and it is characterized by boundaries.
Modifications: within your company policy, specific modifications to employee access can be made, so long as they are in keeping with employees’ rights. For example, if a specific type of digital file is potentially harmful to a work-based network of computers, that type of file may be added to be against company IT policy. Alternately, if saved data takes up too much space on a server, limitations to data stored may be outlined.
Clarity: when employee privacy policies are presented to employees, it is helpful for them to understand why the rules and standards have been put into place, and to have clear reminders about the definitions and practical applications of the policies. This conversation should include an explanation of the reasons why employers would require access to certain employee files and information, and when employees should expect to potentially have that information viewed by employers. Also, it is advisable that this conversation happens more than once, and be open, so it is a normal part of a working environment.
First Reference Human Resources and Compliance Editor
- Ontario Human Rights Commission to update its policy on creed and religious observances - November 29, 2012
- The control of the personal data ecosystem belongs to the individual - November 26, 2012
- Report on the Ontario human rights review revisited:Concerns it may raise for employers - November 19, 2012