Here is a link to an interesting Postmedia article on how HRSDC is moving to limit use by employees of portable data devices, following several incidents in which external drives containing Canadians’ personal information were lost or misplaced. There are many compelling reasons for employers to control how and when employees can remove data from the workplace, such as preventing data breaches, minimizing wrongful competition by employees or former employees, and avoiding claims for breach of privacy.
I delivered a presentation at the OBA’s “Hot Issues in Privacy Law” seminar this morning called “Employee Computer Monitoring: Wither the most certain management right of all?” Here are the slides:
I prepared a paper for the presentation that I’m trying to re-purpose, and am going to hold off on publishing it for now. I hope I can make it available in one form or another soon. [Addendum: Here’s a copy of my speaking notes, which contain some of the key ideas.]
I enjoyed attending the entire session. The issues kept coming back to data security, which makes sense given the costs and risks of data breaches. Coincidentally, I had a call right after I returned to the office on a breach. For what it’s worth, I don’t find a discussion of costs and risks very helpful in guiding clients through the decision making exercise. Instead, I guide them to make decisions with a view to writing the story that they can cling to however all the external (and uncontrollable) factors play out. But even if I play my role to its best, it still can leave clients with some agonizing decisions. So if there’s one thing I can echo from today’s seminar, investing in prevention is a great idea. Data breaches suck!
You can read what are essentially a copy of my notes for the morning here. Remember to read from the bottom up.