LANCASTER HOUSE LABOUR ARBITRATION CONFERENCE MONITORING PRODUCTIVITY AND JOB PERFORMANCE PANEL DECEMBER 11, 2013 DAN

MICHALUK SPEAKING POINTS Whats the general impact of R v Cole and Jones v Tsige? -Both decisions are highly significant in theory -They only, however, invite incremental practical impact -Cole (1.4) recognizes a reasonable expectation of privacy in information stored on work computer thats based on permitted or tolerated personal use -There is a new theoretical basis to assert privacy right but not a privacy right itself -I appeared in Cole on behalf of CACE and we did not take a position on the reasonable expectation privacy because we knew that issue was not the end game -How the expectation is balanced against management rights has not yet been decided -Jones (1.3) recognizes a brand-new legal claim - a means of enforcing a reasonable expectation of privacy in the civil justice system -Unionized employees had already gained that means incrementally over the years -Non-unionized employees could avail themselves of the tort but face a practical constraint associated with launching a civil action against a current employer that is not associated with, for example, a privacy claim made under statute (with anti-reprisal protection) -I do think we will often see add on intrusion claims that attack the investigations that proceed for cause terminations Do employees have a reasonable expectation of privacy while on the employers property? Can employers eliminate employees legitimate expectation of privacy through workplace policy? -They can have an REP -Policy can help limit the expectation (Cole) and establish legitimate management rights -Policy cant eliminate an REP -REP is a normative concept a protectable privacy interest is recognized when privacy ought to be protected in the modern workplace -Policy cant eliminate the expectation because employers shouldnt have unilateral ability to define what is and isnt a protectable privacy interest (Cole) -Remember, though, the REP is only the starting point; only invites a balancing of interests Are employers Permitted to monitor employees computer/internet use at work to ensure that employees are not spending work on personal activities? -Yes, but I don't like the word monitor -We need to be much more sophisticated in how we understand actions that engage privacy if were to get the balance right

-Employers have a legitimate interest in accessing data on their systems to ensure their systems are used properly (Cole at SCC but not at OCA) -One of about five legitimate interests I like to talk about -Employers meet this interest in three ways -They investigate - reactive -They audit - proactive and periodic -They monitor proactive and ongoing -Monitoring (surveillance) is most intrusive, but that breaks down too -Depends on what data is being collected and how -every organization monitors traffic data - not aware of cases but it's highly defensible -Not every organization filters the content of outgoing emails (not human surveillance) -An employer's interest monitoring will be weighed against an expectation of privacy that is "not entirely eliminated" -And a smart employer will highlight an employees choice -We feel we need to do this, personal use is a privilege, please use engage in personal use with our practice in mind Is excessive personal use serious misconduct? -In some contexts it will be a breach of trust and in others it will be bad judgement, poor productivity -Is productivity measured by output or input? -What are the relevant expectations re availability and productivity? -Nicholas Glass HEABC case (2.7) -Not time theft in the circumstances -Time theft is a serious allegation -Case is also notable for evidentiary point -Difficult to draw inferences about scope of activity from logs, which contain point-intime data -Does this open the door to more aggressive investigation techniques UBC spyware case (2.4) Is it permissible for an employer to ban all personal use of employer-issued technology? Is it practical or advisable to do so? -Yes, permissible -Subject to rights in some university collective agreements - Laurentian U Google Case -May not be easy to effect but I do see employers going here if Cole is mishandled -An corporate network is the core of an organizations central nervous system -If the function of a work system is threatened by employee privacy I'm quite fine with a "use your personal, phone we mean it policy -That would require quite a significant enforcement effort Can employers monitor employees Facebook pages, Twitter accounts, blogs etc. in order to ensure that employees are not abusing sick leave? -Generally yes -You may look at and use information posted on the internet -You may receive copies of protected information from friends who blow the whistle

-If you're subject to privacy legislation you have a compliance issue to consider, but there are public ally available information exceptions that are worded slightly differently in different statutes (all of which are in flux after UFCW) -Do not -Gain access by false pretenses s. 403 of CC (impersonation) -Co-opt a friend as agent -Debateable -Asking to look/copy in the course of an investigation on reasonable grounds Are employers permitted to install technological devices specifically for the purposes of monitoring productivity and performance? -Word monitoring again routine collection of information -Depends on the kind of data collected, how it is collected and for what purpose -If it looks and feels like an eye in the sky you'll lose -If it looks and feels like routine supervision through technology you'll lose -Video surveillance is not new but collects highly sensitive personal information -Not be trained on a workstation without special justification -Craven cases are good (4.8, 4.9) -Not an eye in the sky human surveillance not monitoring -Make sure incident data is there and available for use thats legitimate, less sensitive -See a similar approach in the GPS cases, which well discuss Can employers install GPS to monitor productivity? Handheld devices? -Yes -Of course we can use technology to improve productivity! -Kone (GPS data from handheld device) and Thyssen (vehicle telematics) cases recognizes this -Also well done by the employer to limit the invasiveness of the implementation -Data was batch processed -Data in 11 minute increments -Four to six batch transfers a day -Took the human surveillance element out of it yet allowed the employer to meet its interest -That's good privacy Anne Cavoukian would call it "privacy by design" -Privacy commissioners get that and pretty careful not to be the ones that stand in the way of advancing technology -Same frame of reference arbitrators should employ Discussion of generational issued -Dr. Avner Levins digital divide -Young information shared within a network stays private -Old a disclosure to one is a disclosure to all -The law favours the old view -Dr. Levin says that imposes too high a price to privacy and free expression online -Can stop the collection -Or, he says, stop the use -I'm of the "take it to the bar over a beer" mind. I dont value social media expression that much. Im old school.