Workplace Privacy Here and Now

I had fun speaking at the OBA Institute privacy session today. I did a hot topics presentation on (1) the blurring boundary between work and private life, (2) access to stored communications on corporate systems, (3) PIPEDA application to employment in the provinces and (4) the remedial approach to dealing with employees who breach privacy rules.

Case references here:

HO-010 is quite the case for Ontario health information custodians. It’s controversial because of the following paragraph on dealing with employees who breach privacy rules:

For other staff members of the hospital involved, knowing that all of the details of the disciplinary action imposed will be publicly disclosed, should serve as a strong deterrent. This is especially true if those details also become known to other employees, either through the actions of the aggrieved individual, the custodian, or both. Employees must understand that, given the seriousness of these types of breaches, their own privacy concerns will take a back seat to the legitimate needs of the victims involved to have a full accounting of the actions taken by the health information custodian. Our primary concern must lie with the aggrieved party, whose privacy was completely disregarded.

This statement suggests (very mildly) that employers should publish information about the outcome of the disciplinary process as a means of remedying a data breach that is caused by intentional employee misconduct. As I comment in the slides below, this suggestion should be approached with great caution.

Thanks to the program chairs and the other speakers. I enjoyed the afternoon!

One thought on “Workplace Privacy Here and Now

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.