Labour and employment lawyer Ashley Mitchell looks at privacy laws in the Canadian workplace.
By Ashley Mitchell, Miller Thompson associate
Recently, headlines have been dominated by the high-profile termination of Jian Ghomeshi from CBC. Mr. Ghomeshi has claimed that CBC misused his private and confidential information. While this story continues to unfold in the media, an interesting issue that arises from the headlines is the scope of an employee’s right to privacy in the workplace, and the fact that more terminated employees are making privacy claims.
It is generally understood that employees are entitled to a degree of privacy at work. Privacy laws are in place to ensure that an employee’s right to privacy is balanced with an employer’s right to operate and manage its organization efficiently and effectively. As the opportunities to disseminate information have increased, so have the risks to employers.
Across Canada, provincial and federal legislation govern an employer’s ability to collect, use and disclose personal information of its employees. Personal information is broadly defined and generally includes any information relating to a particular individual. Federally regulated, private sector employees are governed by the Personal Information Protection and Electronic Documents Act. British Columbia, Alberta and Québec also have specific privacy legislation for provincially regulated private sector employers. Although these laws generally require that employers seek the consent of employees to collect, use and disclose their personal information, the British Columbia and Alberta legislation enables employers to collect, use or disclose employee personal information without consent if it is reasonably required for the purposes of establishing, managing or terminating an employment relationship.
There is also an evolving body of law emerging from our courts, which is helping to define the scope of an employee’s right to privacy. In the decision of Jones v. Tsige, the Ontario Court of Appeal recognized a common law tort for breach of privacy, known as the tort of “intrusion upon seclusion.” In this case, the Court held that liability for invasion of privacy will arise if the defendant’s intrusion:
Recently, headlines have been dominated by the high-profile termination of Jian Ghomeshi from CBC. Mr. Ghomeshi has claimed that CBC misused his private and confidential information. While this story continues to unfold in the media, an interesting issue that arises from the headlines is the scope of an employee’s right to privacy in the workplace, and the fact that more terminated employees are making privacy claims.
It is generally understood that employees are entitled to a degree of privacy at work. Privacy laws are in place to ensure that an employee’s right to privacy is balanced with an employer’s right to operate and manage its organization efficiently and effectively. As the opportunities to disseminate information have increased, so have the risks to employers.
Across Canada, provincial and federal legislation govern an employer’s ability to collect, use and disclose personal information of its employees. Personal information is broadly defined and generally includes any information relating to a particular individual. Federally regulated, private sector employees are governed by the Personal Information Protection and Electronic Documents Act. British Columbia, Alberta and Québec also have specific privacy legislation for provincially regulated private sector employers. Although these laws generally require that employers seek the consent of employees to collect, use and disclose their personal information, the British Columbia and Alberta legislation enables employers to collect, use or disclose employee personal information without consent if it is reasonably required for the purposes of establishing, managing or terminating an employment relationship.
There is also an evolving body of law emerging from our courts, which is helping to define the scope of an employee’s right to privacy. In the decision of Jones v. Tsige, the Ontario Court of Appeal recognized a common law tort for breach of privacy, known as the tort of “intrusion upon seclusion.” In this case, the Court held that liability for invasion of privacy will arise if the defendant’s intrusion:
- is intentional;
- amounts to an unlawful invasion of the plaintiff’s private affairs;
- causes stress, humiliation or anguish; and
- would be viewed as highly offensive to a reasonable person.
- the collection, use or disclosure of an employee’s personal information is required to meet a specific organizational need;
- the invasion of the employee’s privacy is reasonable and proportional to the fulfillment of the organizational need; and
- there are any less intrusive ways to achieve the specific need.
- rules on the use of company-owned electronic equipment, internet access and the use of social media for communications about the employer’s business or employees;
- how employee personal information will be collected, stored and used; and
- the purpose for which the personal information will be collected, used or disclosed, including whether the information will be used for monitoring, performance, discipline or safety purposes.