I presented at Insight’s Social Media – Risks & Rewards conference this morning on two narrow issues related to employee use of social media technology and privacy – monitoring workplace systems for misuse (a favorite, as you know) and the right of an employer to control employee “off duty” publication. The audience seemed sophisticated, and I regret that I couldn’t stay. Thanks to the audience for the discussion and the organizers for the invite. Slides are below, with slides and notes over at Slideshare.
I presented at an OBA privacy conference back in early June but held off posting a short paper I wrote for it entitled, “Employer access to employee e-mails in Canada.” The paper argues that there are signs that the traditional “no expectation of privacy” approach to addressing employer access to employees’ stored communications is waning, leaving employers with a choice between giving clearer notice to employees or, alternatively, implementing purpose-based controls to protect employee privacy.
This is a hot topic north and south of the border, and was so even before the Superior Court of New Jersey Appellate Division issued its much discussed decision in Stengart v. Loving Care Agency on June 26th.
Stengart is about whether privilege is waived in solicitor-client communications that are stored on an employer’s system. Our own leading case on this issue is Daniel Potter, which suggests that privileged communications made by employees on employer systems deserve greater protection than other “private” employee communications. Despite this distinction, the reasoning in Stengart is very broad, very pro-privacy and is further reason for employers to pay heed to the issues I raise in my paper.
For a copy of the full paper, please click here. And please feel free to contact me or comment below with your feedback and ideas.
On April 28th, the Ontario Superior Court of Justice held that a teacher had no expectation of privacy in information stored on his work laptop.
A school board investigated the teacher after noticing he had an abnormal pattern of network use. A member of the board’s IT staff accessed his laptop remotely and found nude photographs of a 16-year-old Grade 10 student. Soon after, the board obtained the laptop from the teacher (who refused to provide his password) and reported him to the police. The police charged him with possession of child pornography. Given the teacher allegedly obtained the photos by accessing a student’s e-mail account, the police also charged him with unauthorized use of a computer pursuant to section 342.1 of the Criminal Code.
The Ontario Superior Court of Justice allowed an appeal of the trial judge’s decision to exclude evidence based on a finding the board had breached the teacher’s Charter right to be free from unreasonable search and seizure. It held that the trial judge had erred in concluding that the teacher had an objectively reasonable expectation of privacy, stating:
The laptop on which the impugned evidence was found was issued to Mr. Cole as an instrument of his employment with the school board by his employer. The evidence is that the laptop was the property of the school. Mr. Cole, in his teaching role, taught students in the classroom using this employer-issued computer while his students used their own laptops. Both the respondent and his students used school board software, server, and the school’s computer network. I take judicial notice of the fact that employers, in their use of computers to carry on their business, invest tremendous amounts of money and time creating, inputting, analyzing, managing and protecting the data coming into, going out of, and stored on their computer systems.
While the judgement contains numerous statements as broad as this, the Court did state that its judgement turned on a number of specific facts. It stressed that the teacher was bound by his employment contract to an acceptable use policy that limited his interest in information stored on the laptop and that the teacher (quite remarkably) had a special role in supervising computer use at the board that ought to have reinforced this point.
This appeal judgement reflects an approach that has been traditionally adopted by Canadian labour arbitrators and, to the extent they have addressed the question, Canadian courts. It is not surprising in itself, but the sharp difference in view held by the trial judge nicely illustrates the current tension on this issue. The trial judge had said:
In the present case, the accused had not rented the computer but was given the exclusive use of it, such exclusive use being secured by a password. Its contents could not be accessed, except when in actually in use or when one was in possession of the password. We also know that there existed some protocol at least to advise staff of any imminent intention to recover actual possession of their computers. Barring this, staff were allowed to use their computer for limited personal purposes and, indeed, to take them home during the summer recess, whether for personal use or for the purpose of preparing their fall courses. Whatever the official policy might have been (this would likely avoid any later argument) the actual policy seems to have been to accept that staff would load private material onto their computers.
This might reveal a judge who was struggling with the idea that the black letter of policy can nullify the expectations that otherwise might be engendered by personal use. For now, this view remains the minority view (if that) and is reinforced by the recent “lawful access” decisions reported on this blog as typified by R. v. Wilson.
I’ll be speaking on this topic at the upcoming OBA “Hot Topics in Privacy Law” seminar. Details are linked here.