Privacy Revisited: Managing Drivers’ Personal Information

This post was written prior to our January 2017 merger, under our previous firm name, Aikins, MacAulay & Thorvaldson LLP.

Authors: Allan Foran, Lucia Stuhldreier

In the Western Canada Highway News Spring 2011 issue, the legal column discussed privacy law implications of electronic on-board monitoring systems and video-surveillance. Privacy issues also arise in connection with personal information that carriers routinely collect from or about drivers by more conventional means. This can include simple contact information, driving records and employment history generally, medical information and the results of criminal background checks or drug testing.

In most Canadian provinces, information about an identifiable individual is protected by the Personal Information Protection and Electronic Document Act (PIPEDA). British Columbia, Alberta and Quebec have enacted provincial legislation that is substantially similar to PIPEDA, and in those provinces the provincial statutes govern.

Among the principles which privacy legislation promotes are:

  • Accountability – companies are responsible for personal information under their control and must designate someone as responsible for compliance
  • Identifying purposes – companies must tell drivers why they are collecting personal information at or before the time of collection
  • Consent – as a general rule, a driver’s consent is required for the collection, use or disclosure of personal information
  • Limiting collection, disclosure and retention – as a general rule, personal information may only be used for the purpose for which it was collected and should be retained only as long as necessary

Driving Records

Provincial law requires carriers to obtain driving records or abstracts for drivers on an annual basis. While privacy legislation recognizes compliance with legal requirements as a legitimate purpose – and an exception to the requirement for consent – complaints could still arise in relation to use, disclosure or retention.

For example, a shipper negotiating an umbrella contract with a carrier may insist on receiving driving records of any driver who will be handling the shipper’s freight. Disclosing drivers’ records to the shipper is not mandated or authorized by provincial safety legislation. A carrier should obtain the consent of each driver, secure the shipper’s commitment to treat the information as confidential and limit the period of time during which it will be retained.

Resumés and Job References

In 2007 the Privacy Commissioner dealt with a complaint from a driver against a former employer. In response to a reference check from a prospective new employer, the former employer indicated that the driver had been released from employment because he had tested positive for drugs. The Commissioner concluded that the application materials listed previous employers, authorized the prospective employer to inquire about past “employment and other related matters” and authorized former employers to release such information. Since the reasons for the driver’s dismissal from his previous job were relevant to his employment history, the Commissioner concluded that neither of the two companies had breached the driver’s privacy rights.

It is prudent for companies to require (a) prospective employees to sign an authorization form as part of the job application package and (b) a copy of such an authorization from anyone inquiring about former employees.

Cross-Border Operations

Programs designed to enhance security and facilitate border-crossing of drivers, equipment and freight require collection and disclosure of personal information. Privacy legislation places limits on a carrier’s involvement in registering its drivers for programs such as FAST, for example. In 2001, the Privacy Commissioner upheld a complaint by a carrier who required drivers to submit their registration applications to the carrier for forwarding to the relevant authorities. The Commissioner determined that although the company could require its drivers to complete the application and return it to the government, it was improper for the company itself to collect the information.

Security measures such as personnel screening as a condition of continued employment have also been the subject of complaints to the Commissioner. As a general rule, employers can insist on such screening where they themselves or customers whose premises the employees will be visiting are under a legal requirement to implement such measures.

If there are less intrusive means available to the employer to meet its business needs and where the consent being sought is open-ended, the situation is less clear. In the case of an airline which required its pilots to complete flight simulator training in the U.S. where they were required to consent to the collection and disclosure of any biographical, financial, law enforcement and intelligence information, the Commissioner found that since the simulator training could also be completed in other jurisdictions (with less intrusive screening albeit at a higher cost to the airline), the airline was not entitled to insist on the pilots’ consent.

The potential conflict between U.S. security and anti-terrorism requirements and Canadian privacy laws is likely to continue to be an issue for cross-border trade and transportation.

This article was originally published in Western Canada Highway News, Summer 2011 issue.

Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.

Allan Foran and Lucia Stuhldreier practise transportation law at Aikins.