Scope of employer’s forensic examination criticized by PSLRB

15 Jul

There are a some notable points in a June 6th decision of the Public Service Labour Relations Board that upholds the discharge of a federal public servant for forwarding e-mails to his personal e-mail account.

The employer had discharged the employee for sending home restricted-access documents about internal job competitions, including documents related to a competition in which he had participated and documents containing the personal information of 108 other employees. The Board held that the grievor, who was an HR assistant, had engaged in a serious breach of trust and caused the employer embarrassment: “Progressive discipline does not apply to this case since very serious misconduct occurred.”

Although the Board dismissed the grievance with this strong and favorable employer endorsement, it did express a “concern” about the manner in which the employer conducted its forensic investigation into the grievor’s system usage. It said:

The grievor also raised concerns about the lack of concern that the employer showed for his privacy, specifically that it gave no specific instructions to Mr. Roussel about protecting the grievor’s privacy when Mr. Roussel conducted his investigation. I am also concerned about it. Furthermore, in the absence of such instructions, Mr. Roussel included in his report personal information about the grievor that had nothing to do with the purpose of the investigation, which was to inquire into the grievor conducting personal business using the employer’s network. I did not report on it since it was irrelevant to deciding the four grievances in front of me. However, this lack of respect for the grievor’s privacy does not reduce the seriousness of his misconduct. At this point, I can recommend only that in the future, the employer take employees’ privacy under consideration when conducting that type of investigation.

It’s not clear from the decision how exactly the employer erred given the Board’s limited description. In any event, employers should create and administer a protocol that governs non-routine access to system information and non-routine system monitoring – e.g., access for the purpose of conducting audits and investigations.

Gravelle v Deputy Head (Department of Justice), 2014 PSLRB 61 (CanLII).

 

About these ads

One Response to “Scope of employer’s forensic examination criticized by PSLRB”

Trackbacks/Pingbacks

  1. Am I accountable for protecting Personally Identifiable Information? | CIO - July 22, 2014

    […] week, one of our team pointed to a blog post about a ruling from the Public Service Labour Relations Board (PSLRB).   I really liked this very […]

Comments are closed.

Follow

Get every new post delivered to your Inbox.

Join 1,511 other followers

%d bloggers like this: