Understanding employee privacy and work-issued computers

October 31, 2012 Lauren Bride Employee Relations, HR Policies and Procedures, Human Resources, Privacy and Security

Image: Stuart Miles / FreeDigitalPhotos.net

Last week, Alison J. Bird wrote for the First Reference Talks blog about the R. v. Cole case, involving a high school teacher who had kept photos of a naked, underage student on his work computer. In the past several days, there have been a flurry of news stories calling attention to privacy boundaries employees can expect to encounter regarding work-licensed technology.

The Supreme Court of Canada’s decision in the Cole trial determined that Cole could have anticipated some privacy regarding his work computer, though at a level diminished from what he would anticipate on a privately-owned computer. The decision also made a distinction around material regarded as “information that is meaningful, intimate and touching on the user’s biographical core.”

The response to the case has largely been around ramifications of the trial, questions around workplace policies on employee privacy, and an employee’s information to which an employer should have access. In a recent article in The Lawyers Weekly, Daniel Michaluk of the Canadian Association of Counsel to Employers raises the question at hand: ” Any access [by the employer] to its own system that causes an employer to run across employee information now comes with a question: Was that reasonable and legitimate, or not?”.

Employers are encouraged to review and, if necessary, revise policies around work-issued computers and other electronic devices where employees may store any personal information. This attention to company policy is in the interest of both the employees and the organization, with the aim that clarified boundaries will allow for guidelines for protected privacy, as well as making clear the responsibilities of due diligence for administrators. Where before, the tendency for employers to have a more ready access to workers’ internet browsing history and files saved on their computers, Michaluk cautions employers that they may be more likely to be subject to litigation from employees for potentially seeking more personal information on work computers than they are entitled to have.

What can employers do?

Following a review and possible revision of company IT and employee privacy policies, employers can put a few safeguards in place to make data and privacy boundaries clear and easier to work within.

Passwords: creating password-coded logins for work computers is a good practice for more than one reason. Using logins with passwords are useful barriers for employees to protect their personal information. They also serve another practical, and near-opposite purpose of reminding employees that when they access their work computers, they are effectively entering a work environment, be it virtual or physical. These logins and passwords in this way can serve a similar purpose to digitized key cards issued to employees, which make clear each time they are used that a work area has been accessed, and it is characterized by boundaries.

Modifications: within your company policy, specific modifications to employee access can be made, so long as they are in keeping with employees’ rights. For example, if a specific type of digital file is potentially harmful to a work-based network of computers, that type of file may be added to be against company IT policy. Alternately, if saved data takes up too much space on a server, limitations to data stored may be outlined.

Clarity: when employee privacy policies are presented to employees, it is helpful for them to understand why the rules and standards have been put into place, and to have clear reminders about the definitions and practical applications of the policies. This conversation should include an explanation of the reasons why employers would require access to certain employee files and information, and when employees should expect to potentially have that information viewed by employers. Also, it is advisable that this conversation happens more than once, and be open, so it is a normal part of a working environment.

Lauren Bride
First Reference Human Resources and Compliance Editor

• About
• Latest Posts

Follow me

Lauren Bride

Writer and editor at Hudson's Bay Company

Lauren Bride, B.A. (English Literature / Philosophy) is a writer, copywriter, and editor, working in both fiction and nonfiction. She has done extensive writing and editing for commercial, private, and government clients, as well as story editing and fiction publication. Lauren also volunteers with the not for profit group NABORS (Toronto). Read more

Follow me

Latest posts by Lauren Bride (see all)

• Ontario Human Rights Commission to update its policy on creed and religious observances - November 29, 2012
• Report on the Ontario human rights review revisited:Concerns it may raise for employers - November 19, 2012
• Attorney General’s report on the Ontario Human Rights Review, 2012 Part 1 - November 14, 2012

Canadian Association of Counsel to Employers, company IT and employee privacy policies, company policy, Daniel Michaluk, Due diligence, Employee privacy, employee privacy and work-issued computers, employment law, internet browsing history, passwords, personal information, policies around work-issued computers and other electronic devices, privacy boundaries, privacy law, private-sector privacy laws, R. v. Cole, safeguards, Supreme Court of Canada, The Lawyers Weekly, type of digital file, work-licensed technology, workplace policies

Taking our kids to work day scheduled for November 7, 2012 Accommodation of family status