If your organization is considering monitoring employees at work, recent guidance from the Office of the Privacy Commissioner of Canada (OPC) highlights important risks for employers to consider.
There are a number of reasons an organization may wish to monitor its employees: to confirm their attendance at work, keep tabs on their productivity, ensure they’re using workplace resources appropriately and to track the location of company vehicles, for example.
Earlier this year, a B.C. employer was awarded damages after proving an employee wasn’t actually working the hours they logged. But employers can also face risks when they take surveillance too far and don’t respect the privacy of their employees.
A past OPC investigation found an employer that installed dash cams in company trucks that continuously monitored drivers – even when they were off the clock – had compromised employees’ right to privacy. A federal government agency faced similar criticism for using surveillance cameras to track employee attendance without letting employees know they were being monitored.
In May, the OPC issued guidance on respecting employees’ right to privacy. While the guidance is aimed at employers subject to federal privacy laws, it includes helpful advice for all employers.
Respecting employee privacy
Regardless of whether an organization plans on monitoring its employees, the OPC recommends a number of measures for ensuring employee privacy, including:
- Limiting the collection of employee information to only what is necessary for the purposes identified to employees
- Obtaining meaningful consent from employees for the collection, use and disclosure of their personal information.
- Ensuring that employees know what information is being collected.
- Limiting access to employee information to a need-to-know basis.
- Having policies and procedures for collecting and using employee information.
- If you choose to monitor employees, doing so in a way that is reasonable, proportionate and minimally intrusive (e.g., not using recording devices to monitor employees off the clock).
- Implementing physical, organizational and technological safeguards to protect employees’ personal information and prevent snooping (learn more about how to prevent snooping).
Tips for monitoring employees
The OPC also offered specific guidance vis-à-vis monitoring employees, including:
- Explaining why employees are being monitored, as well as potential consequences for employees who breach their duties.
- Limiting monitoring to purposes that are specific, targeted and appropriate in the circumstances.
- Collecting only the information needed and ensuring that the organization is using the least privacy-intrusive method possible (e.g., you may not need surveillance cameras throughout your entire workplace to monitor attendance).
- Explaining guidelines for disposing of personal information when it is no longer needed.
- Ensuring practices are in place for employees requesting access to the information recorded, as well as practices for addressing privacy compliance challenges and potential complaints.
Have you conducted a privacy impact assessment?
The OPC’s guidance contained many other best practices for respecting employee privacy (see all the recommendations here), including conducting a privacy impact assessment (PIA).
A PIA is a risk management process designed to make organizations aware of their legislative requirements regarding workplace privacy and highlight the potential privacy issues arising from organizational activities. A PIA can help organizations develop privacy management programs and policies to ensure employee privacy is protected at work and mitigate the organizational risk of running afoul of privacy laws.
A PIA is a very helpful tool but it is important to also have an overall privacy compliance program in place. The OPC recently provided an overview of key practical tips for employers to improve the privacy practices in their organizations – you can read more here.
The lawyers in the MLT Aikins Privacy, Data Protection & Cybersecurity group have extensive experience advising clients on privacy in their workplaces, privacy compliance programs, conducting PIAs and addressing privacy-related concerns. Our Labour & Employment team has advised employers in all sectors on developing workplace policies and surveilling employees. If you’re interested in learning more about workplace privacy issues and employee surveillance, contact us to learn how we can help.
Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.