Workplace privacy panel notes and case citations attached

I greatly enjoyed sitting on a panel with Professor Avner Levin on workplace privacy today!

Dr. Levin and other members of the Ryerson University Privacy and Cyber Crime Institute at the Ted Rogers School of Management have recently published a leading study on the perceptions of risk of young Canadians engaged in online socializing and how their behaviors meet with the use of online social networks by business for commercial and human resources purposes. Dr. Levin’s work raises some important and difficult questions about whether the law should cause companies who provide social networking platforms that are used predominantly by youth to take greater responsibility for user privacy (and other content-related disputes). I commend it to you.

I did promise to provide a copy of my preparatory notes (most of which we did not touch on) as well as coordinates for some of the cases that came up in discussion. Here are the notes and the cases:

The Johnson v. Bell decision on PIPEDA application and “personal e-mails”
Hooper v. College of Nurses of Ontario on PHIPA application
The Colwell constructive dismissal for privacy breach case
The Cheskes adoption disclosure decision, in which the Ontario Superior Court of Justice said that consensual disclosure is a principle of fundamental justice
The Murphy v. Perger case on the expectation of privacy in information disclosed to Facebook friends
The British Columbia IPC University of British Columbia decision on investigations into employee computer misuse
The Imperial Oil drug testing judicial review

Take care!

Dan

More thoughts on employee online speech

June is conference season, and this year the hot topic has certainly been online speech. I spoke first in mid-May at our Toronto client conference and posted some ideas about the dangers of over-reaching. Then, last week, I spoke at the Canadian Association of Career Educators and Employers and posted some ideas about applicable privacy principles, human rights and records management concerns.

Today I spoke at our Burlington client conference together with Jonathan Maier. Here are two excerpts from our speech. Please keep in mind we act exclusively on behalf of management, and though we mean to encourage a fair and reasonable approach, our comments are addressed to management’s perspective.

First, some thoughts on necessity and reasonableness in collecting personal information for recruiting purposes:

Finally, the “necessity” and “legitimate purposes” principles are applicable. As against these principles, we are most likely to succeed in justifying screening a candidate’s online presence if we need to do so to see whether it gives rise to a conflict of interest or potential conflict of interest.

To give this some meaning, let me explain two more problematic uses.

One is randomly searching for any “dirt” on prospective employees regardless of the potential for conflict. Even if information is available, privacy principles demand that we have a reason to collect. So if we are only hiring a production employee, for example, can we really justify screening her online presence at all?

The second questionable use is using online information to profile candidates or, in other words, to assess their potential job performance. I can see this as being a legitimate purpose for hiring individuals into some jobs – internet writing or internet marketing jobs for example. Otherwise I have concerns about the validity of profiling. And if you can’t prove your profiling exercise is valid, under privacy principles you have no basis for collecting the information that that will form the basis of your profile.

And now a thought on managing speech by former employees (presented immediately before some ideas on working with ISPs).

There are two key differences in managing online speech by former employees. First, you can’t take away their jobs, so lack practical leverage because you need to sue them or threaten them with a valid lawsuit to get them to take information down. Second, former employees have no duty of loyalty and fidelity. This means that they can say things that are not in your interest, and so long as these things are not defamatory, made in breach of confidence or made in violation of some other law, you won’t have recourse. You need to be able to claim the speech is unlawful in and of itself, which will no doubt leave you having to tolerate some speech you just don’t like.

Now if the speech is unlawful you will have a basis for seeing that it is taken down. But as a word of warning we’d like you to take one thing away from this: have your lawyer do a good up-front assessment of the legality of the speech so you know that you’re taking a position that you can commit to. I’ll come back to the risks of over-reaching in a bit.

I’ve enjoyed addressing this his very relevant topic hope you find these ideas helpful.

Information Roundup – May 4, 2008

Here are a couple links for this week. The second article is a must-read for those who are interested in the privacy issues raised by Web 2.0.

Floyd Abrams, “Foreign Law and the First Amendment.” An op-ed on how the British law of defamation values free expression less than American law and supportive of current American legislative initiatives to give courts the jurisdiction to grant declarations that certain speech is protected under American law. Our own law on this question is arguably in flux after the Ontario Court of Appeal’s decision in Cusson v. Quan, on which leave to appeal to the Supreme Court of Canada was granted in early April. (Wall Street Journal)
Hal Niedzviecki, “The Spy Who Blogged Me.” This is an excellent article from this month’s edition of The Walrus. Mr. Niedzviecki argues that we don’t balk at surveillance because it is now “woven into the fabric of our culture,” a phenomenon he says is partly due to what television has told us about a the benefits of a new type of celebrity that is accessible to the average Joe and Jane. He speaks with our federal Privacy Commissioner Jennifer Stoddart about self-surveillance and peer surveillance, and through the dialogue you get the impression that Ms. Stoddart’s significant tool – the Personal Information Protection and Electronic Documents Act – misses the most complex and significant privacy challenges that we face today. As Mr. Niedzviecki says, “The rules don’t apply to the multitudes of cellphone-camera-pointing bloggers, social networkers, YouTube uploaders, and nanny cam enthusiasts – you have to sue.” (The Walrus)

What a great weekend here. Even the rain on Saturday made for a cozy afternoon. Possibly even better because I decided to purge the backlog of materials in my RSS reader. Kind of liberating eh?

Enjoy!