Tag Archives: workplace privacy

Arbitrator orders $3,000 in privacy damages

18 Nov

On April 27th, Arbitrator Knopf ordered that $3,000 in damages be paid to a grievor for breach of privacy and harassment because:

  • the grievor’s personnel file contained an inexplicable notation that the grievor advised his supervisor that he injured his penis while cooking nude at home; and
  • the employer contacted the grievor’s doctor to confirm the doctor’s signature without justification and without consent.

Ms. Knopf said that these claims were “serious enough to warrant damages, buy they were not profoundly damaging to [the grievor’s] reputation or harmful to his privacy, nor did they have a negative impact on his benefit claims, status in the workplace or reputation in general.”

York (Regional Municipality) v Canadian Union of Public Employees, Local 905, 2017 CanLII 56454 (ON LA).

Advertisements

Arbitrator orders $25,000 in damages for privacy breach

19 Jun

Arbitrator Stout’s April 28th decision has received ample coverage, but I’d like this site to be a relatively complete repository of privacy damages awards. Mr. Stout ordered an employer to pay $25,000 in general damages after a supervisor disclosed an employee’s visual disability to three other employees after learning of the disability in a prior arbitration proceeding. The supervisor apologized orally and in writing, which presumably mitigated the breach. He did not testify, however, and Mr. Stout inferred that the disclosure was undertaken as retaliation for the outcome of the prior arbitration, a significant aggravating factor. The grievor also suffered distress that required him to undergo medical treatment and the employer “did very little” to remedy the breach in its response (e.g., discipline on the supervisor).

Canadian Pacific Railway Company v Teamsters Canada Rail Conference, 2016 CanLII 25247 (ON LA).

Arbitrator dismisses video surveillance grievance, makes principled statements

15 Dec

On November 12th, British Columbia labour arbitrator Stan Lanyon dismissed a policy grievance that challenged the implementation of a video surveillance system in an equipment production and maintenance plant.

Surveillance cases are driven by their facts, but Arbitrator Lanyon did dismiss a union argument that overt and covert surveillance are equally invasive: “covert surveillance is more a more egregious violation of privacy because it is capable of causing more distress, anguish and embarrassment.”

As significantly, he held that surveillance systems can be justified without evidence of “a past history of serious breaches of safety, or security issues.”

Finally, Arbitrator Lanyon recognized a difference between using cameras for disciplinary (or supervisory) purposes and using video surveillance footage in the investigation of incidents. This distinction is not clearly drawn in some case law (and employer policies), but is important.

Kadant Carmanah Design v International Association of Machinists and Aerospace Workers, District 250, 2015 CanLII 79278 (BC LA).

Arbitrator awards $1,750 per employee for work camp sniffer dog search

20 Sep

Those interested in privacy damages decisions should note this March 21, 2014 arbitration decision that just came to my attention. In it, an arbitrator awarded $1,750 to each employee affected by an employer’s admittedly wrongful sniffer search of a remote work camp. He also awarded $2,250 to an employee affected by a false positive and who testified to the strain that the event cause him. Here is the core of the reasoning:

The effect of the Employer’s violation of privacy rights on employee health, welfare, social, business or financial positions in the present case may be viewed as negligible, particularly given that, by the end of the day in question, every employee knew they were not in any trouble as a result of the search. There were, however, no doubt some lasting effects given that the trust relationship between the Employer and employees was violated, and the Employer did not make acknowledgment of any wrongdoing for a period of over two years subsequent to the violation. Unlike the situation considered by Arbitrator Sims, there was no timely admission of error or apology aimed at rectifying the mistrustful environment caused by the Employer’s improper search.

In the present case the Employer did nothing up until Counsel’s opening statement at these arbitration proceedings that would have served to calm “the employees’ anxieties over the Employer’s attitude towards their right to privacy”, and employees were for a very lengthy period of time left with the impression that Manager Billingsley conveyed at the demonstration to the effect that the Employer was not only unapologetic, but that it had every right to enter and search residences without notification or the presence of its occupants. Further Manager Annibal’s evidence at these proceedings did not include an unequivocal admission that employee privacy was violated, and he left it open as to whether such was the case when he stated he was “sorry if he violated anyone’s privacy.” Despite the opening statement made at these proceedings by Counsel for the Employer over two years after the unlawful incident occurred, little of sincere substance was conveyed to quell the distress and annoyance suffered by the employees as a result of the improper search.

Another factor in the present case that bears on the matter of appropriate remedy is the previous settlement in 2005 between parties on the precise topic of Employer searches without reasonable cause. As a result of this settlement it would be reasonable to conclude the Employer was attuned to the matter of employee privacy rights and unreasonable searches. The Union and its members had a right to rely on the substance of this settlement agreement as protection against further searches without reasonable cause.

I accept the circumstances of the present case warrant an award of damages in the amount of $1,750 to each employee covered by the grievance except Mr. Moretti, who is entitled to $2,250. For clarity, employees are entitled to the damages whether or not they were scheduled to be at Kemano during the week the search occurred. The circumstances do not warrant the cease and desist order sought by the Union.

Note the emphasis on the lack of an early, genuine apology.

Rio Tinto Alcan and Unifor, Local 2301 (Kemano), Re, 2014 CarswellBC 4251.

 

BC OIPC addresses network security and endpoint monitoring

30 Mar

Today, the Office of the Information and Privacy Commissioner for British Columbia held that the District of Saanich breached the British Columbia Freedom of Information and Protection of Privacy Act by installing endpoint monitoring software on employee workstations.

The District’s plan was not well conceived – apparently arising out of a plan to shore up IT security because the District’s new mayor was “experienced in the area of IT.”

The District installed a product called Spector 360 – a product billed as a “comprehensive user activity monitoring solution.” This is software that enables the collection of detailed data from “endpoints” on a network. It is not intrusion detection software or software that helps analyze events across a network (which the OPIC noted is in use at other British Columbia municipalities).

The District enabled the software on 13 workstations of “high profile users” to capture a full range of endpoint data, including screenshots captured at 30 second intervals and data about all keystrokes made. The purported purpose of this implementation was to support incident response, a purpose the OIPC suggested could only support an inadequate, reactive IT security strategy.

The OIPC held that the District collected personal information without the authorization it required under FIPPA and failed to notify employees as required by FIPPA. I’ll save on the details because the OIPC’s application of FIPPA is fairly routine. I will note that the OIPC’s position is balanced and seems to adequately respect institutions’ need to access system information for IT security purposes. It acknowledges, for example, that some limited data collection from endpoints is justifiable to support incident response. Not surprisingly, the OIPC does not endorse taking screen shots or collecting keystroke data.

Investigation Report F15-01, 2015 BCIPC No. 15.

 

Arbitrator upholds sniffer dog search grievance

25 Feb

On January 5th, Arbitrator Norman of Saskatchewan held that an employer breached its collective agreement by periodically deploying drug detection dogs to screen people entering its mine.

Arbitrator Norman held that the process intruded on a reasonable expectation of privacy based on evidence that the dogs would likely identify off-duty drug use. Though Arbitrator Norman characterized the search invited by a dog sniff as minimally intrusive (and less intrusive than the sampling of bodily substances), he nonetheless held that the employer’s safety-related process was unreasonable. He drew heavily from the Supreme Court of Canada’s Irving Pulp and Paper decision, stating:

The prior threshold stage in the justificatory argument limiting rights under the Charter sets the bar very high; calling for proof of a pressing and substantial objective demonstrably justifiable in a free and democratic society, for the challenged measure. Under ‘Charter values’ analysis, I take the threshold bar to have been set by Irving as “… evidence of enhanced safety risks, such as evidence of a general problem with substance abuse in the workplace.”

While many might agree with the outcome, this reasoning is questionable. The resolution of privacy issues call for a highly contextual balancing of interests. Irving speaks to a particular balance that relates to universal random drug and alcohol testing, a process Arbitrator Norman reasons is relatively intrusive; Irving establishes no “bar” to meet in implementing other safety measures in the workplace whether or not they are related to drug and alcohol use. Moreover, the reference above to the Oakes test is flawed; under a Charter analysis (if such analysis is necessary), the question of whether a search is an “unreasonable search” is distinct from the question of justification under section 1 and Oakes.

USW, Local 7552 and Agrium Vanscoy Potash Operations (5 January 2015, Norman).

Arbitrator awards privacy damages for implying an employee suffered from mental distress

31 Dec

On December 4th, Arbitrator Andrew Sims ordered the Edmonton Police Service to pay a grievor $5,000 in damages for breach of privacy.

The case arises out of the Service’s handling of an intense interpersonal conflict between the grievor, a police detective, and his staff sergeant. The conflict led to a formal review in which the reviewing investigator recommended the grievor’s transfer to a new unit due to interpersonal problems, the responsibility for which was borne by the grievor and others. Before the Service addressed the recommendation, however, the grievor and his staff sergeant had an altercation.

The altercation invited an immediate decision to pursue the recommended transfer. Although the formal review had raised no concerns about the grievor’s mental health, when superintendent met with the grievor to advise him of the transfer she became concerned about his mental health on account of his reaction.

The superintendent raised the need for a psychological assessment, which the grievor undertook grudgingly but voluntarily. While this assessment was pending the superintendent met with the department and implied that the grievor was mentally unwell, in essence conveying the same opinion that was the basis for the pending assessment. In the end, a psychologist determined the grievor was “psychologically intact and functional.”

Based on the following analysis, Arbitrator Sims ordered the Service to pay $5,000 in damages:

Had the Employer described to a work group a physician’s diagnosis of a co-worker, that it had obtained in its role as employer, disclosure would clearly be a breach of the employee’s right to privacy of their personal medical information.  To anticipate a diagnosis, based only on personal observations, however genuine the concerns,and to discuss that in public, is just as serious a breach of privacy.  Arrangements were underway to get the grievor assessed.  Implying anything as to his state of health pending that assessment was inappropriate and unnecessary. The decision was made to transfer the grievor based on the problems he was having with his Staff Sergeant and the Unit Review.  This was decided before the health concerns arose from the interview.  Given that, there was really no need to go into whether the grievor had health issues at all. The emphasis on the grievors “H.R. issues” had the effect of adding undue emphasis to the suggestion that the broader issues in the unit, which were serious in themselves, were due to the grievor’s health issues.  That too was unjustified given the more balanced assessment in the unit review itself.  The grievor’s reputation amongst his peers, his need and ability to interact with them in future, and his sense of employment security were all impacted by the excessive commentary during this meeting.  While I accept that the comments were made out of genuine (although to a significant degree unfounded) concern, they amounted to a breach of privacy and caused harm to the grievor’s privacy interests. Police officers are particularly dependent upon their reputation amongst their peers.  Any suggestion of mental problems or unreliability can seriously hurt their working relationships and their careers.  I find these breaches of privacy sufficiently serious to justify financial compensation which, based on a review of the authorities discussed above, I award at $5,000.

Edmonton Police Service v Edmonton Police Association, 2014 CanLII 73072 (AB GAA).