We’re getting numerous questions today about Ontario’s move to implement a electronic monitoring legislation.
We have no bill yet, but the announcement says:
The policy would need to contain information on whether the employer electronically monitors its workers, and if so, a description of how and in what circumstances the employer does this. In addition, the employer would need to disclose the purpose of collecting information through electronic monitoring.
The devil is in the detail, but this seems painless enough. There is nothing to indicate the Bill will impose a limit on monitoring, which is permitted by law and entirely unregulated in Ontario right now. Notice is a good practice, employed by many already, and can help cleanse networks of personal data that does get lost and stolen and that can complicate investigations and audits.
It will be important to see how monitoring is defined, and whether it is confined to endpoint monitoring or is likely to capture all the various means by which network data is captured and analyzed. There is a trend towards endpoint monitoring by the way, now arguably a network security best practice.
Let’s hope we get a bill that’s as benign as it has first appeared.