GSB finds PHIPA doesn’t govern occupational health information

Neither public nor private sector employees in Ontario have statutory privacy rights. This has been lamented by the IPC itself.

Ontario unions, however, often rely on the Ontario privacy statutes – FIPPA and PHIPA – to forward privacy grievances. This reliance is unnecessary given arbitrators recognize implicit privacy rights, and has caused the jurisprudence to become incredibly muddled. The worst case is the Divisional Court’s Hooper decision, a (non-labour) case that the IPC has effectively said is wrongly decided. I agree. Hooper needs to be challenged and decisively overruled.

In the interim, we’ll have litigation like that in a recent case decided by the GSB. It’s hard to distinguish Hooper, but Arbitrator Dissanyake distinguished Hooper as follows:

It is apparent, therefore, that in each of those cases, the employer was found to be providing some form of health care to its employees. For that purpose it was held that “health care” is not limited to making a diagnosis. It was broader. There is no evidence that the employer in the instant matter provides any health care to its employees even in the broader sense. It does collect some types of health information related to employees, but the purpose is not in any way related to provision of health care. The purpose is to deal with workplace implications of employees’ health issues on the rights and obligations under the collective agreement and legislation.

I suppose the practical lesson for employers is to be very clear about the purpose of the occupational health function, saying things like this:

This white coat you are dealing with is a specialist that is part of our human resources team.
This is about assessing you to meet our human resources needs, not helping you get better.
Sure we’ll keep your information secure and treat it as confidential, but we’ll also use it for all our occupational health purposes, providing our employees and agents with access in accordance with the “need to know” principle.
Please understand. Your personal physician is your source of health care.

Tell your employees. Tell your occupational health staff. Say it loud. Say it proud.

Ontario Public Service Employees Union (Union) v Ontario (Treasury Board Secretariat), 2018 CanLII 55851 (ON GSB).

Arbitrator upholds driving safety system with in-cab cameras

On May 24th, Arbitrator Saunders of British Columbia affirmed an employer’s implementation of a driving safety system that featured an in-cab camera that recorded continuously, with access to feed limited to certain defined “triggering events” and reasonable cause scenarios.

There’s a good discussion of “sensitivity” and whether Irving Pulp and Paper requires employers to prove a “demonstrated safety problem” to justify the use of any exercise of management rights that touches upon a reasonable expectation of privacy. Arbitrator Saunders said it does not:

I read the Court’s endorsement of Arbitrator Picher’s award in Nanticoke, to reflect an underlying concern about the extreme privacy intrusion occasioned by random drug and alcohol testing. On that basis, it was concluded that an intrusion amounting to “a loss of liberty and personal autonomy” can only be justified by negotiated provisions or by a compelling countervailing interest, such as a demonstrated problem that cannot be adequately addressed by less invasive means. A corresponding level of intrusion is not present on the facts of the present case.

Accordingly, I do not find that Irving posits a dangerous workplace and a demonstrated safety problem as prerequisites in all cases safety is invoked to justify privacy intrusions, much less the intrusion imposed by overt video surveillance. Rather, the existence of safety infractions or the risk of accidents, remain to be factored in the proportionality assessment—the more serious the intrusion, the more compelling the justification required.

Arbitrator Saunders then affirmed the employer’s implementation based, in part, on a finding that the employer’s utilization of employee images was “confined to intermittent safety-related events and is only viewed to advance legitimate incident-based objectives.”

Lafarge Canada Inc. v Teamsters, Local Union No. 213, 2018 CanLII 69607 (BC LA).

BC arbitrator endorses non-consensual sharing of personal information with union

On March 8th of this year, arbitrator Kinzie held that an employer did not breach the British Columbia PIPA by disclosing amounts earned by bargaining unit members to their certified bargaining agent. He made the following principled statement about when the exception to the PIPA consent rule would be engaged by disclosures by an employer to bargaining agent:

As the party to the collective agreement with the Employer, which agreement governs the terms and conditions of employment of the Employer’s employees, the Union, in my view, is an equal partner with the Employer to those employment relationships. They have the same legitimate interest in the management of those relationships. Therefore, I am of the view that the disclosure of employee personal information by the Employer to the Union regarding employees in the Union’s bargaining unit that is relevant to a matter concerning the interpretation and/or the application of the collective agreement would not violate Section 19 of the Personal Information Protection Act if their consent was not obtained because such disclosure, in my view, would be “reasonable” for the purposes of “managing” an employment relationship governed by the terms of that agreement.

Notably, the employer had called the BC OIPC for advice and was apparently told “definitely NOT [to] turn that info over to anybody.”

Comox Valley Distribution Ltd. v United Steelworkers, Local 1-1937, 2017 CanLII 72391 (BC LA).

Jones, Marakah and corporate information systems

There has been significant discussion of the Supreme Court of Canada’s decisions in R v Jones and R v Marakah – cases in which the Court recognized a reasonable expectation of privacy in text messages that police obtained from others. In Jones, the police obtained messages from a telecom company and in Marakah the police obtained messages from a recipient’s phone.

At their broadest, Jones and Marakah are clearer than ever recognition that the Charter protects digital communications although digital communications are not easily controlled or kept secret. Justice Cote said it well in Jones:

Here, as in Spencer and TELUS, the only way to retain control over the subject matter of the search vis-à-vis the service provider was to make no use of its services at all. That choice is not a meaningful one. Focusing on the fact that Mr. Jones relinquished direct control vis-à-vis the service provider is accordingly difficult to reconcile with a purposive approach to s. 8. Canadians are not required to become digital recluses in order to maintain some semblance of privacy in their lives.

Recognizing this particular, highly-normative basis for Jones and Marakah is essential to properly understanding what these cases might mean for rights and entitlements of organizations that hold the digital information of others – including employers who hold the digital information of their employees. In contrast to the above statement, the Supreme Court of Canada has already recognized that employees have a meaningful choice as to whether they use a work system for their private dealings . In R v Cole, Justice Fish said the following about employee Cole’s choice:

In this case, the operational realities of Mr. Cole’s workplace weigh both for and against the existence of a reasonable expectation of privacy. For, because written policy and actual practice permitted Mr. Cole to use his work-issued laptop for personal purposes. Against, because both policy and technological reality deprived him of exclusive control over — and access to — the personal information he chose to record on it.

Jones and Marakah do not detract from this statement and, if anything, invite the law to develop in a way that gives even greater emphasis to employee choice and its impact on privacy and corporate data security. Corporate data security is all about choosing the right medium – the right tool – for the purpose. Our right as citizens to text without state interference is quite a different thing.

R. v. Jones, 2017 SCC 60 (CanLII).

R. v. Marakah, 2017 SCC 59 (CanLII).

Arbitrator orders $3,000 in privacy damages

On April 27th, Arbitrator Knopf ordered that $3,000 in damages be paid to a grievor for breach of privacy and harassment because:

the grievor’s personnel file contained an inexplicable notation that the grievor advised his supervisor that he injured his penis while cooking nude at home; and
the employer contacted the grievor’s doctor to confirm the doctor’s signature without justification and without consent.

Ms. Knopf said that these claims were “serious enough to warrant damages, buy they were not profoundly damaging to [the grievor’s] reputation or harmful to his privacy, nor did they have a negative impact on his benefit claims, status in the workplace or reputation in general.”

York (Regional Municipality) v Canadian Union of Public Employees, Local 905, 2017 CanLII 56454 (ON LA).

Consent form decision imposes strict transparency requirement for handling employee medical information

Disputes about employer medical information consent forms are now common. It’s not hard to pick apart a form, and employers tend to suffer “cuts and bruises.” In once such case an arbitrator has recently held that an employer must identify “anyone with whom the information would be shared” in a consent form. The arbitrator also held that an employer must subsequently (and seemingly proactively) give notice of who is handling information:

I agree with the employer that it is not practical to obtain a new consent every time a manager or HR Specialist who is absent is temporarily replaced. However, the employer must advise the employee of the employer’s need and intention to share health information with a replacement and identify that individual by name and title. This would enable the employee to revoke the consent if he/she does not wish the health information to be shared with the individual replacing the manager or HR Specialist. If and when it becomes necessary to share health information with HR or legal services in order to seek advice, or to obtain approval from senior management with delegated authority, the employee should be informed of the title or office only of the person with whom information will be shared. The employee’s consent would not be required for the employer to be able to do so.

While there’s no debating an employee’s right of control, the degree of transparency required here is very high and operationally challenging in the least. “Person-based consents” (as opposed to “purpose-based consents”) can also restrict important flows of information in subtle yet problematic ways.

The best argument against person-based consents is one that refers to the public policy that is reflected in the Personal Health Information and Protection Act (which does not govern employers acting as employers except via section 49). Even in the health care context – where the standard should be higher, not lower than in the employment context given the limited range of information processed by employers – consent is deemed to exist for a certain purpose and information can flow to any health care provider for that purpose. This is subject to a “lock box” that gives patients the ability to shield their information from specific individuals, but the lock box essentially functions as an opt out. (For the nuances of how PHIPA’s “circle of care” concept works, see here.) Transparency is satisfied by the publication of a “written public statement” (a policy really) that “provides a general description of the custodian’s information practices.” There’s no reason to require more of employers.

OPSEU and Ontario (Treasury Board Secretariat), Re, 2017 CarswellOnt 11994.

Arbitrator admits surreptitious audio recording

On October 27th, Arbitrator Dorsey held that a surreptitious audio recording should be entered into evidence because its probative value outweighed the potential prejudice to harmonious workplace relations. He was impressed that the recording was made spontaneously at a work team dinner (rather than during work proper) and that “tone” of the communications recorded would be relevant.

Arbitrator Dorsey commented:

I find the balance between real or potential prejudicial effect of an unplanned recording in the not staged, relaxed situation away from the stress of being on the fire line is outweighed by the probative value of having an accurate record of apparently unprovoked words and tone that became the subject of a complaint and the employer’s disciplinary decision.

The effect the recording might have on either the presentation of the union or employer’s case is secondary to the prejudicial effect exclusion of the recording will have on the credibility and acceptability of the outcome of this arbitration process.

It will be inexplicable to the employee witnesses at the dinner table why their recollection of the words and tone over 15 months ago, which will be subject to time consuming dissection to expose differences in recollection, is the approach preferred to determining what was said in what tone over listening to a recording of what was said with whatever limitations and frailties it might have. They would be justified in regarding such a fact-finding process as an anachronism lacking common sense; operating in a world in which they do not live; and should be treated with a corresponding lack of respect.

BCGEU and BC Public Service Agency (27 October 2016, Dorsey).

Privacy and accommodation of disability in Ontario

Last week I sat on a panel about privacy and the accommodation of disability. I sat opposite union counsel Andrew Astritis from Raven Cameron, and Emma Phillips of Goldblatt Partners moderated. Andrew and Emma both know privacy law well, and we had a fun, engaging and even balanced discussion! I’ve put my “paper” and speaking notes below.

View this document on Scribd

Arbitrator orders $25,000 in damages for privacy breach

Arbitrator Stout’s April 28th decision has received ample coverage, but I’d like this site to be a relatively complete repository of privacy damages awards. Mr. Stout ordered an employer to pay $25,000 in general damages after a supervisor disclosed an employee’s visual disability to three other employees after learning of the disability in a prior arbitration proceeding. The supervisor apologized orally and in writing, which presumably mitigated the breach. He did not testify, however, and Mr. Stout inferred that the disclosure was undertaken as retaliation for the outcome of the prior arbitration, a significant aggravating factor. The grievor also suffered distress that required him to undergo medical treatment and the employer “did very little” to remedy the breach in its response (e.g., discipline on the supervisor).

Canadian Pacific Railway Company v Teamsters Canada Rail Conference, 2016 CanLII 25247 (ON LA).

USB key treated as a private receptacle by labour tribunal – but why?

On March 29th the Grievance Settlement Board (Ontario) held that a government employer did not breach its collective agreement or the Charter by examining a USB key that it found in the workplace.

They key belonged to an employee who used it to store over 1000 files, some of which were work-related and allegedly confidential and sensitive. Remarkably, the employee also stored sensitive personal information on the key, including passport applications for his two children and a list of his login credentials and passwords. The key was not password protected and not marked in any way that would identify it as belonging to the employee.

The employee lost the key in the workplace. The employer found it. An HR employee inserted they key in her computer to read its contents. She identified the key as possibly belonging to the employee. She gave the key to the employee’s manager, who inserted it in his computer on several occasions. The manager identified that the key contained confidential and sensitive information belonging to the employer. The manager then ordered a forensic investigation. The investigation led to the discovery of a draft of an e-mail that disparaged the manager and had earlier been distributed from an anonymous e-mail account.

The GSB held that the employee had a reasonable expectation of privacy – one so limited as not to be as “pronounced” as the expectation recognized in R v Cole. The GSB also held, however, that the employer acted with lawful authority and reasonably. The reasonableness analysis contains some helpful statements for employers, most notably the following statement on the examination of “mixed-use receptacles” (my words):

The Association argues that the search conducted by Mr. Tee was “speculative” and constituted “rummaging around” on the USB key. It asserts that if Mr. Tee had been interested in finding files which might contain government data, he would have or should have searched directories which appeared to be work related, such as EPS, TPAS or CR. I do not find this a persuasive argument. As noted in R. v. Vu, in discussing whether search warrants issued in relation to computers should set out detailed conditions under which the search might be carried out, such an approach does not reflect the reality of computers: see paras. 57 and 58. Given the ease with which files can be misfiled or hidden on a computer, it is difficult to predict where a file relevant to an inquiry will be found. It may be filed within a directory bearing a related name, but if the intention is in fact to hide the file it is unlikely that it will be. Further, the type of file, as identified by the filename extension, is not a guarantee of contents. A photograph, for example can be embedded in a Word document. Provided that the Employer had reasonable cause to view the contents of the USB key in the first place (as I have found there was in this case), an employee who uses the same key for both personal and work related purposes creates and thereby assumes the risk that some of their personal documents may be viewed in the course of an otherwise legitimate search by the employer for work related files or documents.

I learned about this case shortly before it was decided and remarked that it was quite bizarre. I couldn’t fathom why anyone would be so utterly irresponsible to store such sensitive information on a USB key. This is one reason why I’m critical of this decision, which treats this employee’s careless information handling practice as something worthy of protection. The other reason I’m critical of this decision is that it suggests the expectation of privacy recognized in Cole is higher than contemplated by the Supreme Court of Canada – which remarked that Richard Cole’s expectation of privacy was not “entirely eliminated” by the operational realities of the workplace. Not all of our dealings with information demand privacy protection, and in my view we need to make the reasonable expectation of privacy threshold a real, meaningful threshold so management can exercise its rights without unwarranted scrutiny and litigation.

I also should say that it’s very bad to stick USB keys found lying around (even in the workplace) into work computers (or home computers), at least without being very careful about the malware risk. That’s another reason why USB keys are evil.

Association of Management, Administrative and Professional Crown Employees of Ontario (Bhattacharya) v Ontario (Government and Consumer Services), 2016 CanLII 17002 (ON GSB).