Ensuring privacy in the workplace is increasingly important for employers in Ontario law. Employees are making more complaints. The Courts are focusing more on employee privacy in the workplace. Both the Ontario and the federal Privacy Commissioner seem to be adjudicating more employee complaints.
For example, cases are emerging about: a) posting employees photos in the workplace; b) employers installing spyware on employees computers to monitor their online activities; c) employers tapping into employees corporate-issued mobile devices; and d) employees improperly access personal information of clients or other employees, creating liability (and headaches) for employers.
A good privacy policy for the workplace is essential these days.
Privacy legislation is evolving. The Personal Information Protection and Electronic Documents Act (federal) (PIPEDA) applies in Ontario to many private sector employers. It has been amended recently to deal more effectively with digital disclosure, consent to disclosure and the onus on businesses to ensure they properly obtain consent to post personal information online (Web sites, social media, etc.). Being familiar with and adhering to the continuously changing privacy laws is important for Ontario businesses and employers.
Managing employees personal information in the workplace can be challenging, especially for larger organizations.
Here are a few, basic tips that every employer in Ontario should consider:
- Determine which privacy legislation applies to your workplace: statutes apply to your organization: FIPPA and MFIPPA apply to municipal and provincial government organizations; PHIPA applies to health information businesses and PIPEDA likely applies to most private organizations, including those that are federally regulated
- Establish a good privacy policy for your business and appoint a privacy officer a person responsible for ensuring that your business complies with the applicable privacy laws
- Notify your employees of any collection, use or disclosure of their personal information, including identifying the reason(s) the personal information will be used, collected and disclosed and always make sure that the general purpose for collecting the information is reasonable in the circumstances
- Ensure that the personal information you collect is necessary to achieve the purposes of its collection
- If you collect personal information, request and obtain your employees consent which can be deemed, express or based on an opt out
- Educate and train your employees generally, especially those with access to other employees personal information, about their responsibilities under your business privacy policy(ies) and the obligations under the applicable privacy laws
- Keep an ongoing record of when you, or your appointed person, accesses or uses an employees personal information, including when and the reason(s)
- Review and audit fairly regularly all of the personal information you have, to verify it is legally collected, that it remains securely stored and that the purpose it was collected for remains reasonable and appropriate.
This WARDS PC BLAWG is for general information only. It is not legal advice, or intended to be. Specific or more information may be necessary before advice could be provided for your circumstances.
More information? We’re here to help – [email protected] www.wardlegal.ca