Privacy claims in the workplace

By Ashley Mitchell, Miller Thompson associate

Recently, headlines have been dominated by the high-profile termination of Jian Ghomeshi from CBC. Mr. Ghomeshi has claimed that CBC misused his private and confidential information.  While this story continues to unfold in the media, an interesting issue that arises from the headlines is the scope of an employee’s right to privacy in the workplace, and the fact that more terminated employees are making privacy claims.

It is generally understood that employees are entitled to a degree of privacy at work. Privacy laws are in place to ensure that an employee’s right to privacy is balanced with an employer’s right to operate and manage its organization efficiently and effectively.  As the opportunities to disseminate information have increased, so have the risks to employers.

Across Canada, provincial and federal legislation govern an employer’s ability to collect, use and disclose personal information of its employees. Personal information is broadly defined and generally includes any information relating to a particular individual.  Federally regulated, private sector employees are governed by the Personal Information Protection and Electronic Documents Act.  British Columbia, Alberta and Québec also have specific privacy legislation for provincially regulated private sector employers.   Although these laws generally require that employers seek the consent of employees to collect, use and disclose their personal information, the British Columbia and Alberta legislation enables employers to collect, use or disclose employee personal information without consent if it is reasonably required for the purposes of establishing, managing or terminating an employment relationship. 

There is also an evolving body of law emerging from our courts, which is helping to define the scope of an employee’s right to privacy.   In the decision of Jones v. Tsige, the Ontario Court of Appeal recognized a common law tort for breach of privacy, known as the tort of “intrusion upon seclusion.”  In this case, the Court held that liability for invasion of privacy will arise if the defendant’s intrusion:

• is intentional;
• amounts to an unlawful invasion of the plaintiff’s private affairs;
• causes stress, humiliation or anguish; and
• would be viewed as highly offensive to a reasonable person.

Surveillance and monitoring of employees, as well as the collection and disclosure of employee personal information must be justified on legitimate operational concerns, such as the safety and security of employees and assets.  To strike a balance between an employer’s right to manage its workplace and the employees’ reasonable expectation of privacy in the workplace, employers should consider whether:

• the collection, use or disclosure of an employee’s personal information is required to meet a specific organizational need;
• the invasion of the employee’s privacy is reasonable and proportional to the fulfillment of the organizational need; and
• there are any less intrusive ways to achieve the specific need.

It is also recommended that employers develop and enforce workplace policies on the collection, use and disclosure of employees’ personal information.  Such policies will help to avoid potential complaints, grievances or actions arising from a breach of an employee’s privacy rights.  Workplace policies on privacy should set out:

• rules on the use of company-owned electronic equipment, internet access and the use of social media for communications about the employer’s business or employees;
• how employee personal information will be collected, stored and used; and
• the purpose for which the personal information will be collected, used or disclosed, including whether the information will be used for monitoring, performance, discipline or safety purposes.

Finally, employers should ensure that all employees are aware of and provide written acknowledgement of privacy policies, including those relating to email monitoring or surveillance.  Adopting and implementing clear and effective policies on privacy will not only reduce potential liability for employers, but will also ensure that both employees and employers understand their responsibilities and expectations when it comes to privacy in the workplace.