Workplace Privacy - What information about me can my employer gather?

The information provided on this webpage is of a general nature and does not constitute legal advice. Moreover, it addresses only some issues in information privacy, labour and employment law. If you have questions about privacy and your workplace, you should consult a lawyer, your union representative, or the human resources department of the organization you work for. For general information on private sector data protection laws, see CIPPIC’s webpage on Privacy. CIPPIC welcomes feedback and comments on this webpage at cippic@uottawa.ca.


Employees should be aware that technology has given employers a powerful ability to collect information from employees in several different ways.  Some example of data collection are through:

•    background checks on creditand ;

•    resumes, cover letters and job applications;

•    video surveillanceof work premises and off-duty conduct;

•    Global Positioning Systemsfor couriers, delivery and transport workers;

•    telephone monitoring;

•    keystroke logging;

•    monitoring internet activities;

•    “smart” ID cards that track work attendance, access to the workplace and resources and drug and dental plans;

•    biometrics(fingerprint, handprint, voice and eye scanning to verify employee identity for security purposes);

•    drug and alcohol tests; and

•    workplace investigations.

Whether any particular method of collection is permissible depends on whether:

a)    the employee was aware of the monitoring;

b)    whether consent was obtained;

c)    the intrusiveness of the collection;

d)    the appropriate balance between employer and employee interests; and

e)    the facts of the situation.

  

•    Can an employer conduct a credit check on me?

•    Can an employer conduct a security check on me?

•    Are my personnel files, resumes and employment references protected?

•    Can my employer collect my medical information?

•    Can my employer videotape me while I am at work?

    ?   Can my employer videotape me when I am off duty?

•    Can my employer use a Global Positioning System (GPS) to monitor me?

•    Can my employer monitor my telephone calls, emails or what websites I visit?

    ?   Monitoring telephone, Internet and computer use

    ?   Keystroke monitoring on workplace computers

    ?   Workplace policies may put employees “on notice”

•    Can my employer use fingerprint scans and other biometrics in the workplace?

 

 

Q.   Can an employer conduct a credit check on me?

When staffing positions that require high levels of trust relating to financial matters, employers may conduct credit checks to determine the appropriateness of an applicant. In Ontario, for example, employers may conduct credit checks for these reasons according to section 8(1)(d) of Ontario’s Consumer Reporting Act. (See also Feldman J.A.’s discussion on the importance of credit and credit rating in society in Haskett v. Equifax Canada Inc. et al, (2003) 63 O.R. (3d) 577 (ON C.A.) at p. 589-590, para 29 and note 2.)

For positions where “honesty and trustworthiness are the hallmark of the positions,” employers have a greater duty to make appropriate inquiries into the relevant background of a candidate. However, under section 10(2) of the Consumer Reporting Act, R.S.O. 1990, Ch. C.33, employers are required to notify an applicant in writing that they are conducting a credit check and identify the consumer reporting agency that will be conducting the credit check (e.g. Equifax, TransUnion).

The Ontario Human Rights Code, R.S.O. 1990, c. H.19 does not prevent employers from asking and investigating whether prospective employees are bondable, as long as being bondable is a reasonable and genuine requirement for the position and is not applied in a discriminatory manner against applicants. 

Arguably, PIPEDA also requires federally regulated employers to obtain consent from applicants to collect personal information from credit reporting organizations, identify how the credit information will be used, and limit the use of that information to the hiring process. Even if PIPEDA does not directly apply to applicants and current employees, PIPEDA does provide employers with a set of best practices to handle personal information, such as ensuring that the individual’s credit information is reasonably collected and appropriately safeguarded and disposed.

The Information and Privacy Commissioner of Alberta ruled on the appropriateness of credit checks in [SAS Institute (Canada) Inc., P2005-IR-008](http://www.oipc.ab.ca/ims/client/upload/Investigation Report P2005-IR-008.pdf). In this case, the complainant was required to consent to a credit check when applying for a job. The employer’s policy was to conduct background checks on all applicants, regardless of what position they applied for. The employer organization was governed by Alberta’s Personal Information Protection Act, which is similar to PIPEDA, meaning that an applicant’s information must be reasonably required for the purpose for which it is being collected. In this case, information was being collected for the purpose of employment.

The Commissioner found that there was no correlation between the applicant’s ability to manage her credit and the position of Receptionist/Administrative Assistant. The position involved managing nominal amounts of “petty cash” and did not necessarily require her to have a company credit card. Nor could the report be used to verify past employment, as the employer admitted that there were other, less invasive and more effective ways to probe into an applicant’s employment history during the interview process.

Ultimately, the Commissioner confirmed that, in certain circumstances, an employer would certainly have legitimate business interests in collecting the kind of information contained in credit checks to prevent employee fraud. However, given the type of position that the complainant applied for, the other options to test her reliability during the interview process, and adequate supervision upon hiring, the employer could not justify the collection of credit information for the purposes of employment under Alberta’s private sector privacy law.

 

 

Q.    Can an employer conduct a security check on me?

Under certain circumstances, it is permissible for an employer to conduct a security check on prospective employees. The Federal Privacy Commissioner has approached security and credit checks in a similar way as federal and provincial human rights commissioners. Relevant factors to determine the reasonableness of a security check include:

•    the presence of express, meaningful consent (PIPEDA Cases #65 and 127)

•    the nature of the work and position (e.g. pilots, workers at atomic energy plants, ports, airports or other security and safety sensitive positions);

•    statutory obligations that support conducting security checks in a given sector; and

•    the current security environment, locally, nationally, and internationally.

The Commissioner has found that security checks for spouses can be reasonable in certain circumstances and do not require spousal consent (PIPEDA Case #232). However, the Commissioner also found that is not reasonable to disclose information for security checks to a foreign government (PIPEDA Case #106).

In a security-related case before the Federal Privacy Commissioner, the employer’s requirement to collect fingerprints and driver’s licence information from drivers in order to allow them automatic access to a railway’s inter-modal terminal was found to be reasonable, given the nature of the transported cargo, heightened security concerns, and safeguards taken by the employer to encrypt the data collected and restrict access to personal information within the company (PIPEDA Case #185).

 

 

Q.    Are my personnel files, résumés and employment references protected?

The Federal Court of Canada has ruled that providing a poor reference (MacNeil v. Canada, 2002 FCT 277) and noting criminal charges on an employee’s record is not a privacy breach under the federal Privacy Act.

When an employer is contacted to provide a reference for a current or former employee, both public and private sector privacy legislation requires that the employer obtain employee consent before disclosing personal information. Although not required by law, it would be considered prudent for non-regulated employers to follow this practice as well. Employer references should not contain information that is not true. This means that employers are not obliged to provide a positive reference if that reference would be untrue.

Section 4 of PIPEDA provides that the Act applies to personal information of employees of federally regulated organizations. However, it is unclear whether the definition of “employee” includes external applicants in job competitions and their résumés, job applications and interview documentation. In any case, it would be good practice for an employer to treat this type of information as if it were personal information under privacy legislation. Some provincial privacy acts, such as Alberta’s PIPA have express provisions that apply to résumés and job applications.

 

Q.     Can my employer collect my medical information?

Personal health information is protected by PIPEDA, the Privacy Act, and provincial health privacy legislation in four provinces: Alberta, Manitoba, Ontario, and Saskatchewan. In addition, human rights codes, the common law and constitutional law principles have been relied upon to protect individual’s personal health information. Given the high level of sensitivity of personal health information, express consent is generally required from the employee for its collection and disclosure, unless the employer is compelled to produce records by court order, statute or contract. 

Despite the substantial privacy protections afforded to personal health information, the Federal Privacy Commissioner has recognized that employers have legitimate purposes for collecting and using this type of personal information with the following principles:

•    the employer does not usually need to collect information on the employee’s diagnosis (PIPEDA Cases #226, 233, 257 and #348);

•    sick leave policies that meet PIPEDA’s consent requirements to disclose information to internal and external practitioners are valid (PIPEDA Case #118); 

•    employers have a legitimate need to collect certain medical information, in order to:

•    verify that an employee's absence is for genuine medical reasons; and

•    meet obligations to accommodate an employee under human rights legislation (PIPEDA Case #120);

•    medical certification of an employee in a safety sensitive position who is coming off sick or disability leave is reasonably justified if the employer follows proper consent and access procedures prescribed by the Act (PIPEDA Cases #287 and #284 respectively);

•    occupational health and safety officers must obtain consent to contact medical staff and obtain information on an employee’s medical exam (PIPEDA Case #235); and

•    occupational health and safety officers, doctors, and nurses are bound by codes of ethics such that they cannot provide management with more personal information than necessary (PIPEDA Case #120).

Generally speaking, it is good practice for an employer administering sick leave, medical certifications or insurance benefits to obtain consent to collect and disclose medical information from the employee before or at the time of collection or disclosure, and avoid collecting information about an employee’s diagnosis (PIPEDA Case #348).

Provincial Health Privacy Legislation:

 

Q.    Can my employer videotape me at work?

In some cases, an employer may videotape employees at work, but only under particular conditions and circumstances. The Federal Privacy Commissioner approaches surveillance cases as a “balancing of rights” between the employer’s legitimate business interests and the employee’s reasonable expectation of privacy. In PIPEDA Case #114, the Commissioner set out the main factors to consider when determining whether video surveillance of the workplace is appropriate:

1.    Is the video camera demonstrably necessary to meet a specific need?

2.    Is it likely to be effective in meeting that need?

3.    Is the loss to privacy proportional to the benefit gained?

4.    Is there a less privacy invasive way to achieve the same goal?

When the dispute in PIPEDA Case #114 came before the Federal Court in Eastmond v. Canadian Pacific Railway, 2004 FC 852, the court adopted the Privacy Commissioner’s four- part test but came to the opposite conclusion on additional evidence. Eastmond was not appealed to the Federal Court of Appeal. 

In Eastmond, Justice Lemieux turned to the arbitral jurisprudence in the unionized context regarding video surveillance:

   ¶132   In terms of surveillance cameras, arbitrators have drawn a bright line between surreptitious collection of information and collection of information by cameras whose locations are known, where employees and others are told recordings are being made and the use of those recordings.

   ¶133   Arbitrators have also generally condemned the use of surveillance cameras to record the productivity of workers.

       

The appropriate use of video cameras will also depend on the locations of the video cameras. Cameras focussed on exits and entrances may be easier to justify in instances where security can be established as an issue in the workplace. However, cameras trained on other work areas without being able to adequately capture the activity the video surveillance was meant to monitor have been found unacceptable by the Federal Privacy Commissioner (PIPEDA Case #290). Privacy Commissioners generally do not look favourably on employers who monitor employees for deterrence or prevention purposes without establishing that there is an existing problem (PIPEDA Cases #273, and 279 where a web cam was found not permissible).

Workplace monitoring guidelines issued by some provincial commissioners’ offices emphasize that the employer:

•    must have compelling concerns to justify monitoring;

•    should use the least intrusive means possible;

•    should notify employees about the surveillance; and

•    should explain the reasons for the surveillance, its use, possible disclosure and consequences of the information being collected. 

  1. Can my employer videotape me when I am off-duty?

In PIPEDA Case #269, the Federal Privacy Commissioner found that off-duty video surveillance conducted by a private investigator on behalf of the employer was justified because in that instance:

1)    there was evidence proving that the employer suspected that the trust relationship with the employee was broken by an alleged false workplace injury claim;

2)    all other less privacy intrusive ways to obtain the required information were exhausted; and

3)    the employer limited its collection of personal information to the greatest extent possible.

Overall, video surveillance of employees may or may not be legal depending on its necessity, effectiveness, and the extent of its impact on employee privacy interests. Arbitrators, privacy commissioners and courts will try to balance the privacy interests of individuals with the rights of employers to collect, use and disclose some personal information as part of their operations.

 

Q.     Can my employer use a Global Positioning System (GPS) to monitor me?

The Federal Privacy Commissioner has ruled on the use of personal information collected from employees using Global Positioning Systems (GPS) (PIPEDA Case #351). In that case, the employer implemented GPS in its installation, repair, and construction vehicles in order to locate, dispatch, and route its employees to various job sites. The employer cited enhanced efficiency, improved customer service, and employee safety as justifications for installing GPS in its vehicles. Some employees were concerned, however, that GPS would also be used to monitor their work performance, and that personal information collected by the technology would be used to justify disciplinary action.

The Commissioner used the following analysis, which is similar to the analysis for video surveillance, to assess the appropriateness of using GPS in that case:

•    Is the measure demonstrably necessary to meet a specific need?

•    Is it likely to be effective in meeting that need?

•    Is the loss of privacy proportional to the benefit gained?

•    Is there a less privacy-invasive way of achieving the same end?

The Commissioner accepted most of the employer’s reasons for installing GPS. The Commissioner determined that when the purpose for using GPS is appropriately defined, limited, and communicated to the employees beforehand, the use of the technology may be acceptable under PIPEDA. However, the Commissioner cautioned that “systematically using GPS to check up on workers and try to determine how well they are doing their jobs would be going too far... employers do not have carte blanche to use GPS to constantly monitor their workforce.”

 

 

Q.    Can my employer monitor my telephone calls, email or what websites I visit?

Criteria similar to those used for judging video surveillance have also been used to evaluate other forms of surveillance, such as telephone, email and internet monitoring, and keystroke logging.

In addition to the four factors outlined by the court in Eastmond for video surveillance, when faced with a case involving email, internet, telephone or keystroke monitoring, privacy commissioners will generally consider:

•   the invasiveness of the monitoring;

•   evidence that there is a problem that monitoring is meant to address;

•   whether the employee is aware of the purposes for which the monitoring device is being used (PIPEDA Case #273); and

•   if the activity being monitored is related to the enterprise, or within the realm of personal activity that often occurs in the workplace (e.g. online banking, purchases, accessing personal email accounts, personal phone calls).

  1. Monitoring telephone, Internet and computer use

The Federal Privacy Commissioner has recognized that companies monitor calls between their telephone operators and customers for “quality assurance” purposes (PIPEDA Case #160). These types of telephone conversations would be within the normal course of employment and are clearly related to the employer’s business.

To date, there has been no definitive court ruling on monitoring employee telephone calls or email. However, labour law cases on email and internet use provide some indication of how a court might treat a claim of invasion of an employee’s email privacy or telephone monitoring. 

Labour arbitration cases on the surveillance of employee email and internet use have tended to confirm that an employer’s proprietary interest in his or her computer networking systems diminishes an employee’s reasonable expectation of privacy because:

•    there is a presumption that the employer owns the computing system that employees use in the course of employment;

•    the employer’s proprietary rights in the system extend to all information contained therein;

•    information contained in the system is likely to be business-related and thus less deserving of privacy protection; and

•    the nature of the employment relationship allows the employer to maintain control over their employees’ work in order to protect the employer’s legitimate business interests.

Note that the normal course of employment typically includes any time spent or activities conducted on the employer’s premises, including breaks and lunch hours.  It should be noted that while the employment relationship as a whole is not severed by breaks or lunch time, in certain circumstances, there is still a question as to what rights an employee may have, depending on whether their breaks are paid or not. The issue of whether an employee’s conduct is within the course of employment is a matter of fact for a court or arbitrator to determine, and is decided on a case-by-case basis.

An employer generally has a right to access its computer system as it would any other property it owns. One of the leading labour law cases affirming this common law principle is International Association of Bridge, Local Union no. 97, and Structural and Ornamental Ironworkers and Office and Technical Employees' Union, Local 15, [1997] B.C.C.A.A.A. No. 630.  In this case, Arbitrator C. Bruce ruled that email on employer-owned systems have no reasonable expectation of privacy because the employer has a right to search their computer system as they would with any other type of company property or equipment.

In terms of searches of computer files stored on the employer’s network or computer, courts have taken a similar property-rights approach.  In Quebec, a court ruled in R. c. Tremblay [1996] R.J.O. 1758 (C.Q.) that an employer could search an employee’s workplace computer for child pornography. This decision was based, in part, because the employer, a local police service, owned the computer that the files were stored on, and because the police officer employee had indicated that the files in question were work-related. Ultimately, the court determined that the employee had no reasonable expectation of privacy in work-related files stored on the employer’s computer.

  1. Keystroke monitoring on workplace computers

The Alberta Privacy Commissioner has ruled that surreptitious employee monitoring by way of keystroke logging violates Alberta’s public sector privacy law. The case was brought by an individual who lost his job as a computer technician at a public library after he discovered and complained about a keystroke logging program that was monitoring his computer use. Under Alberta privacy law, public bodies can collect personal information without consent where the information "relates directly to and is necessary for an operating program or activity of the public body." The employer, Parkland Regional Library, argued that the keystroke logging was necessary in order to ensure that the employee was not using the computer for personal purposes and was being sufficiently productive. In his decision, Alberta Office of Information and Privacy Commissioner, Order F2005-003, June 24, 2005, the Privacy Commissioner stated that he was not convinced by the employer’s justifications, noting that there are other, much less intrusive means to monitor employee productivity and address concerns about working time. The Commissioner also noted that there was no good reason in this case not to inform the employee that he was being monitored. See CIPPIC News Release Surreptitious keystroke logging by employers held illegal in Alberta, July 2005 for more information on the case.

  1. Workplace policies may put employees “on notice”

If an employer clearly communicates their policies on appropriate workplace email, internet and computer usage, and notifies employees about monitoring practices, employees may have a diminished expectation of privacy in their online communications and computer use. In Briar v. Canada (Treasury Board), 2003 P.S.S.R.B. 3 four unionized employees of a correctional facility in British Columbia were disciplined for using the Correctional Service of Canada’s email system to disseminate offensive materials in the workplace. The union filed a grievance arguing that their members’ privacy rights had been violated by the employer’s email monitoring. The Public Servants Staff Relations Board held that because the situation was not a case of random surveillance and because the employer made the internet usage and monitoring policies very clear, the employees had no reasonable expectation of privacy in the circumstances.

In the context of employee email monitoring, commentators have noted that the circumstances that give rise to employer monitoring affect whether an employee has the right to completely bar an employer from monitoring their email. Therefore, the circumstances surrounding an individual’s employment may affect an employee’s ability to claim a measure of workplace privacy under statute or the collective agreement.

 

Q.    Can my employer use fingerprint scans and other biometrics in the workplace?

Biometrics are emerging as a new tool for employers to manage attendance and security in the workplace.  Biometrics raise privacy concerns because they verify a person’s identity using a person’s unique physical characteristics such as their fingerprint, handprint, eye scan, or voice pattern.

In Turner v. Telus Communications Inc., 2005 FC 1601, the Federal Court was faced with an application made by a number of Telus Communications employees and their union. The employees complained about the employer’s use of voice recognition technology called E-Speak, which is a voice “nuance verifier” or authenticator used for logging work-related information and absence reporting. The employees also alleged that they were threatened with progressive discipline by Telus for refusing to consent to the collection of their “voice print.”

One of the employees, Turner, had previously filed an extensive complaint with the Federal Privacy Commissioner (PIPEDA Case #281). The Commissioner found that the portion of the complaint concerning the collection of the voice print was not well-founded. However, the part of the complaint concerning the collection of personal information by the absence-reporting application was resolved with Telus.

The employees and the union asked the court to prevent Telus from implementing E-Speak in the workplace. The employees had refused to consent or withdrew consent for the employer to collect their “voice print” in order to enrol them in the new system. Voice prints or patterns, as well as other types of biometric information, are considered personal information under PIPEDA.

 The Federal Court dismissed the employees’ application. Justice Gibson found in favour of Telus, ruling that:

 

1)    the employer’s use of biometric voice authentication was reasonable in the circumstances;

2)    the employer could not force employees to use the system, but was otherwise free to implement E-Speak;

3)    employers can progressively discipline employees who do not consent to reasonable collections of their personal information under PIPEDA; and

4)    progressive discipline does not constitute “withholding goods or services” under PIPEDA.

The Telus decision was appealed to the Federal Court of Appeal (Wansink v. Telus Communications Inc., 2007 FCA 21). The Court of Appeal upheld Gibson J.’s reasoning in the case, but did not accept his finding that the employer was exempted from obtaining consent from the employees under para. 7(1)(a) of PIPEDA, which provides that:

  1. (1) … an organization may collect personal information without the knowledge or consent of the individual only if

(a) the collection is clearly in the interests of the individual and consent cannot be obtained in a timely way.

The Court of Appeal ruled that the exception to obtaining consent only applies in circumstances where an organization cannot obtain consent as a practical matter. The Court of Appeal confirmed that the exception allowed collection without consent in “exceptional and temporary circumstances” (at para. 27).  The Court clarified that instances where an employee decides to refuse to provide consent to their employer to collect personal information under PIPEDA should not be confused with situations where an employer cannot contact an employee to obtain consent in time for the purposes of the collection. In the Telus case, the Court found that the employees were available to provide consent – but they chose not to.

The Court of Appeal had insufficient evidence to determine whether the alleged threats of disciplinary measures vitiated consent. The panel noted that in order to provide informed consent under the Act, the employer had a duty to inform the employees that refusal to consent to providing the voice print could lead to consequences on the employee’s tenure of office (at para. 29).

The Court did not address the larger question of whether an employer could discipline employees who refused consent since no disciplinary action had been taken and because “labour law disputes should be settled in a labour law forum…the consequences flowing from the refusal to consent to the reasonable collection of personal information are nowhere to be found in PIPEDA” (at para. 35).

The Telus decisions are the latest in only a handful of cases on biometrics in the workplace: (Re) IKO Industries Ltd. and U.S.W.A., Local 8580, (2005) 140 L.A.C. (4th) 393, Canada Safeway Ltd. v. United Food and Commercial Workers Union, Local 401, [2005] A.G.A.A. No. 109 and Re Cascadia Terminal and Grain Workers’ Union, Local 333, 123 L.A.C. (4th) 403.

The case law has shown that employers can justify using biometrics at arbitration or before the Privacy Commissioner if they have evidence to prove that:

1)    the use of biometrics is a business advantage for the company  (i.e. it is cost efficient and/or improves security);

2)    a security or attendance problem exists and the biometrics are implemented to remedy such problems;

3)    the chosen biometric is the least intrusive means to achieve the employer’s objective; and

4)    adequate safeguards are in place to protect the personal information used in the biometric system.

Notably, an arbitrator recently reinstated three employees of a company who were fired after they refused to enroll in a biometric hand scanning system because of their religious belief that doing so might identify them as followers of the Anti-Christ with the “Mark of the Beast.”  The arbitrator held that the employer must attempt to accommodate the employees. An employee’s religious beliefs do not need to be objectively reasonable or generally accepted, only sincerely held. “Their refusal should have been treated as a significant human rights issue, not a disciplinary matter.” For more information on this case, see 407 ETR Concession Company v. National Automobile, Aerospace, Transportation and General Workers Union of Canada, CAW-Canada, 2007 CanLII 1857 (ON L.A.).

Back to Workplace Privacy main page


See more resources

This page last updated: October 1st, 2007

This webpage was researched and drafted by Louisa Garib, LL.M., and edited by CIPPIC 2007 summer intern Janet Lo.