DNH lists can create privacy, human rights liability for employers
No employer wants to hire (or re-hire) those “bad seed” employees, who lied on their resume, stole from their manager, or damaged company property. To avoid this fate, “Do-Not-Hire” (DNH) lists have been used as a common screening method for employers to help track bad seed employees during the hiring process. While these lists are intended to streamline the hiring process and flag unsuitable candidates, they can also create unintended trouble for employers - which begs the question: Is it worth it?
DNH lists usually involve a list of individuals, often former (or even potential) employees, who are deemed unacceptable for future employment. The implications of such lists are significant to an individual, as it can effectively block access to job opportunities, damage reputations, and limit an individual’s ability to earn a living. It is not surprising then, that individuals are asking to see and understand these lists and employers should be aware of the potential to disclose information and the various risks with creating and maintaining a DNH list.
Employers who maintain DNH lists can face unintended legal consequences.
An individual can be placed on a DNH list for any number of reasons, such as previous work experience or past interview conduct, but if an individual is refused employment on the basis of a prohibited ground of discrimination (such as disability, religion, or sex, for example), employers are at risk of liability for violating human rights legislation. As a result, it is critical for the employer to ensure the reason for placing an employee on a DNH list doesn’t relate, in any way, to a protected ground.
If an employee can prove that they were unjustly placed on a DNH list and not hired as a result, they may file a lawsuit or complaint to the human rights commission for damages, which may include compensation for lost wages, reinstatement, emotional distress, and/or even punitive damages. Additionally, companies defending a claim or found liable for violating human rights legislation often face reputational damage and loss of trust within their industry.
Saskatchewan Information & Privacy Commissioner comments on DNH lists
Recently, the use of DNH lists prompted scrutiny from Saskatchewan’s Information and Privacy Commissioner (IPC) in Saskatchewan Health Authority (Re), 2024 CanLII 79974. In its report dated July 26, 2024, the IPC discussed the potential disclosure impacts of DNH lists, drawing attention to the complex interplay between this employment practice and privacy rights.
This case involved an employee who submitted a request to their employer, the Saskatchewan Health Authority (SHA) for access to records related to a DNH/Cautionary Hire list. The SHA rejected the request and withheld, in full, its “Cautionary Hire List” spreadsheet, noting that it was withholding some information pursuant to ss. 30(2) of The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP).
Subsection 30(2) of LA FOIP allows the head of a local authority to refuse disclosure of personal information that is:
- Evaluative or opinion material.
- Compiled solely for the purpose of determining an individual’s suitability, eligibility, or qualifications for employment, awarding of contracts, or other benefits by the local authority.
- Provided explicitly or implicitly in confidence.
In its submission, the SHA stated that the information “is provided by the manager to HR in confidence, implicitly.” The IPC noted that the SHA must establish how personal information is provided implicitly in confidence, and pointed to a non-exhaustive list of factors to consider from the IPC Guide to LA FOIP:
- The nature of information - whether a reasonable person would regard it as confidential, whether it would ordinarily be kept confidential by the party providing it or by the local authority.
- Whether the information was treated consistently in a manner indicating a concern for protection by the party providing it and the local authority from the point at which it was provided until the present time.
- Whether the information is available from sources accessible to the public.
- Whether the local authority has internal policies or procedures regarding how such records or information are to be handled confidentially.
- Whether there is a mutual understanding that the information would be held in confidence.
Finding that the SHA had not met its burden to establish that ss. 30(2) should apply, the IPC recommended that the requested information be released to the employee. While the recommendation of the IPC is not binding, this case provides valuable useful guidance for any employer who engages in the practice of DNH lists.
Broader privacy questions about hiring lists
The IPC also commented on the privacy issues surrounding these lists in general. Of particular concern, was the SHA’s process for adding to and maintaining the list, which required employees to check all resumes against the cautionary hire list before any employment offer is made. The number of individuals across the SHA who could access this list was also raised as a concern by the IPC.
The IPC also questioned how potential breaches of privacy related to this list would be caught, handled, and challenged, and encouraged the SHA to reconsider its use of DNH lists, unless it could demonstrate that all access and privacy related concerns are adequately addressed.
While there is no current legislation barring employers from maintaining DNH lists, each province has human rights legislation and laws governing the collection, use and disclosure of personal information and employers should be aware of the potential risks and liability related to the use of DNH lists.
Employers who use DNH lists would be well advised to conduct a privacy impact assessment so that their use of DNH lists are compliant with applicable privacy laws. Careful management of any DNH list to ensure compliance with human rights legislation is also highly recommended to mitigate any further risk or liability associated with any DNH list.
Jana Linner is a partner at MLT Aikins in Regina, specializing in in labour, employment, and human rights issues. Kristél Kriel is a partner at MLT Aikins in Regina, co-leading the firm’s privacy, data protection, and cypersecurity area. Stephanie Yang-Morris is a labour and employment lawyer at MLT Aikins in Regina.
