A New Right to Privacy – Employers May Face Liability for Monitoring Employees E-mails
Today, it is common for employees to browse the Internet and handle personal emails on their company computers and for employers to monitor this activity. Employers will need to think twice about this as a result of two important court decisions in 2012.
A New Right to Privacy
Canadian courts were reluctant to recognize a common law right to privacy until January, 2012 when the Ontario Court of Appeal recognized the right to privacy in a new tort called the “inclusion upon seclusion”. [Jones v. Tsige, 2012 ONCA 32 (CanLII)]
To obtain damages for this new tort, a person must prove: (i) the actions were intentional; (ii) the person/entity must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and, (iii) a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish.
An Employee’s Reasonable Expectation of Privacy
The second case from last year came in October when the Supreme Court of Canada in R v. Cole, 2012 SCC 53 (CanLII), considered an employee’s privacy rights under the Charter of Rights and Freedoms, and observed, in orbiter:
1. Canadians may reasonably expect privacy in the information contained on their work computers, at least where personal use is permitted or reasonably expected.
2. “Informational privacy” is: “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” In this regard: “Mr. Cole’s direct interest and subjective expectation of privacy in the informational content of his computer can readily be inferred from his use of the laptop to browse the Internet and to store personal information on the hard drive.”
3. Mr. Cole’s personal use of his work-issued laptop generated information that is meaningful, intimate, and organically connected to his biographical core.
4. Privacy is a matter of reasonable expectations.
5. While workplace policies and practices may diminish an individual’s expectation of privacy in a work computer, these sorts of operational realities do not in themselves remove the expectation entirely: The nature of the information at stake exposes the likes, interests, thoughts, activities, ideas, and searches for information of the individual user.
In light of the Jones v. Tsige and R. v. Cole decisions, what is an employer’s potential liability for monitoring employee emails and Internet Use?
1. An employer could be ordered to pay an employee damages for violating the tort of inclusion of seclusion. Where a plaintiff has suffered no pecuniary loss, the Ontario Court of Appeal has fixed damages at up to $20,000. (Jones v. Tsige, 2012 ONCA 32 (CanLII) at par. 87).
2. An employer could be found to have improperly gathered an employee’s “personal information” under federal, provincial, or municipal privacy legislation. In this regard, a privacy commission could conclude that personal emails are “personal information”. It should be noted that privacy legislation does not apply to many private sector employers.
3. An employer could be found to have improperly gathered an employee’s personal health records if the employer monitors an email that contains personal health information. The Occupational Health & Safety Act allows for access to health records only with an employee’s written consent or an order of a court or tribunal or in order to comply with another statute.
4. A unionized employer could be found to have improperly monitored the employee. It could be argued that monitoring emails is analogous to video surveillance which has been the subject of a number of arbitration awards. With respect to video surveillance, one arbitrator has observed: “Arbitrators have distinguished between the reasonableness standards required to justify overt video recording of the workplace, and the much more restrictive standards required to justify covert recording of employees…That case law recognizes that covert surveillance is severely and inherently privacy-intrusive. By its nature it is intended to catch a person in some act, unaware that they are being observed.”
What is an employer to do?
If an employer plans to monitor an employee’s email or Internet use then ideally the employer should obtain the employee’s written consent in advance via a computer-use policy. Such a policy tells the employee that the employer will be monitoring emails and Internet use and that the employee should have no expectation of privacy if he uses the company network to send or receive personal emails or use the Internet for personal purposes.
The employer can require all new employees to sign a computer use policy which obtains the employee’s written consent as a condition of employment.
If you have any questions about monitoring employee internet use we can be reached at 1–888-640-1728 or at [email protected] . You can subscribe to our employment law blog for employers at employment law blog
In the last month or two many (if not most) organizations have introduced a mandatory COVID vaccination or/or a COVID negative policy. A mandatory vaccination policy requires an employee to get double vaccinated, whereas a COVID negative policy requires an employee to...
The best way to reduce litigation risk in relation to an employee termination is to agree in advance how much notice of termination (or pay in lieu of notice) an employee is entitled to receive. Employers rarely provide ANY notice of termination so the employee’s...
Like most employment lawyers, I have been getting calls from employers asking whether they can require employees to get vaccinated for COVID before returning to the workplace.