On August 28th, the British Columbia OIPC affirmed two elevator companies’ (Kone’s and Thyssenkrup’s) use of telematic data for the purpose of managing their service employees.
The outcome is not surprising. The Commissioner herself affirmed another elevator company’s fleet management program in a thoroughly-reasoned decision last December. Also, all Canadian decisions (by privacy regulators and arbitrators) have recognized the legitimacy of such programs (which rest on the collection of location data and vehicle operation data). Kone’s program was unique in that it collected data from cellar telephones (rather than vehicle units). The OIPC held that Kone’s program collected more sensitive personal information but was nonetheless reasonable.
The decisions are notable for the OIPC’s conclusion that an organization in BC does not need a stand alone GPS or Telematics policy to comply with the notice and “policies and practices” requirements in BC PIPA. It held that Kone complied with its obligation by giving a detailed PowerPoint presentation that outlined the specific purposes for which it would use employee personal information in advance of implementing its program. Thyssenkrup breached its obligations; it had difficulty establishing that it had a formal communication program that addressed the purposes of its program in any detail.