BC Arbitrator Endorses Unified Test for Assessing Legitimacy of Access to Internet Log File

On May 12th, Arbitrator Nicholas Glass held that a British Columbia public body did not breach the Freedom of Information and Protection of Privacy Act by accessing an internet log file in the course of a time theft investigation.

The outcome is not surprising. The employer had grounds (an anonymous complaint), the grievor had previously been disciplined for misconduct that raised questions about his dishonesty, the employer had a good acceptable use policy that the grievor had recently acknowledged and log files contain relatively non-sensitive information. Theses facts left arbitrator Glass with a very different concern that dealt with by the British Columbia OIPC in 2007 when it held that the University of British Columbia breached FIPPA in installing spyware in course of a time theft investigation.

The decision is more notable for Arbitrator Glass’s suggestion that the statutory “necessity” requirement (common to most public sector privacy statutes) should be unified in principle with the reasonableness requirement applied by labour arbitrators. In doing so, he endorses the following statement by former British Columbia Commissioner Loukidelis in the Mission School District Case:

At the same time, I am not prepared to accept, as the Complainants contend, that in all cases personal information should be found to be “necessary” only where it would be impossible to operate a program or carry on an activity without the personal information. There may be cases where personal information is “necessary” even where it is not indispensable in this sense. The assessment of whether personal information is “necessary” will be conducted in a searching and rigorous way. In assessing whether personal information is “necessary”, one considers the sensitivity of the personal information, the particular purpose for the collection and the amount of personal information collected, assessed in light of the purpose for collection. In addition to FIPPA’s privacy protection objective is also relevant in assessing necessity noting that this statutory objective is consistent with the internationally recognized principle of limited collection.

In applying this pragmatic approach, Arbitrator Glass rejects the notion that the employer should have simply confronted the grievor. He states, “The point is that in order to manage the employment relationship the employer in these circumstances was entitled to thorough, accurate and objective information about the frequency and extent of [the grievor’s] non-work-related internet use.”

Fraser Health Authority v. H.S.A.B.C., 2011 CarswellBC 1174 (Glass).

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.