Monitoring employee e-mail: A privacy primer

January 4, 2010

Since e-mail has become the dominant form of business correspondence, employers have been increasingly forced to deal with issues related to e-mail use, monitoring and access. It’s crucial that organizations stay on top of the legal landscape as it relates to e-mail monitoring, especially as it relates to privacy issues.

Unfortunately, privacy law does not offer black and white answers to the legal issues raised by e-mail monitoring practices. Instead, and like most other privacy law issues, the standard of “reasonableness” rules the day.

I recently penned an article on point (link below) with my colleague Andrew Buck (who is currently completing his Articles at Pitblado LLP) for the Canadian Bar Association’s National Privacy & Access Law section newsletter, Privacy Pages. Our article examines some of the case law and commentary that has arisen from e-mail monitoring with a view towards setting out practical solutions for the creation of “reasonable” e-mail monitoring practices. If you’re interested in reading the full article, please click on the link below.

Monitoring employee e-mail: a privacy primer

1 Comment | Access to Information, E-mail, Employee Monitoring, Monitoring, Personal Information, PIPA, PIPEDA, Privacy, Technology | Tagged: , , , | Permalink
Posted by Brian Bowman

Smartphones in the workplace: what’s your business doing to manage the risk?

July 6, 2009

Cell phonesRecently, an interesting article in the Globe and Mail dealt with the issue of smartphone etiquette. Business professionals fidgeting with their BlackBerrys and iPhones in meetings, walking through airports with eyes glued to their small glowing screens and operating their devices in restrooms may seem unrealistic at first blush, but is it really? The reality is that smartphones have permeated the business world. They are everywhere, they are powerful and have the potential to be extremely damaging.

Breaches of confidential corporate data and personal information are nothing new to the business world, but smartphones have brought a new dimension to the problem. Smartphones are starting to make appearances in Canadian court cases in a supporting role, but it won’t be long before they are squarely in the spotlight. The latest iPhone model has up to 32GB of memory while BlackBerrys can store vast amounts of data on memory cards. The equivalent of entire filing cabinets can now be carried around conveniently in your shirt pocket. This reality has increased the risk for massive privacy breaches in the blink of an eye.

The big question is how involved should employers be in regulating and monitoring their employees use of smartphones? All encompassing monitoring of employee smartphone use is a touchy area, but the permeation of smartphones in today’s corporate world and the corresponding risks to businesses necessitates (at the very least) that relevant guidelines concerning their use in the workplace should be implemented by employers. All it takes to damage a business is for one employee to misplace their smartphone without having first activated their security settings.

1 Comment | Employee Monitoring, Privacy, Privacy Breach, Security, Security Breach, Smartphones | Tagged: , , , , , , , , | Permalink
Posted by Brian Bowman

Social networking websites and employer-employee relationships

June 2, 2009

As I’ve previously discussedSocial networking websites such as MySpace and Facebook are provoking new questions about the appropriate boundaries in employee-employer relationships. This is evident in a United States Federal Court case coming to a head in New Jersey. The case pertains to the conduct of a manager who logged into a private social networking website and observed employees slandering company supervisors and customers. Those same employees were later dismissed. The case exemplifies a rapidly expanding “grey area” between an employee’s work life and personal social life. It begs the question, at what point does a “private” comment to friend made outside of the office constitute defamation, and at what point are such comments simply banter between individuals?  Of course, the answer is, it all depends on the facts. 

For an interesting discussion on the matter, check out Myrth on a Blog, a personal journal of law, technology and social media.

1 Comment | Access to Information, Blogs, Defamation, Employee Monitoring, Facebook, Internet, MySpace, Online Reputation Management, Privacy, Social Networking Websites, Technology | Tagged: , , , , , , , , , | Permalink
Posted by Brian Bowman

Private-sector privacy law debated in Manitoba

May 21, 2009

The Manitoba Legislature is currently debating Bill 219The Personal Information Protection and Identity Theft Protection Act.

The Bill has been introduced as a private member’s Bill by Mavis Taillieu of the Opposition Progressive Conservative Party of Manitoba. It seeks to regulate the collection, use and disclosure of personal information by organizations in the private sector and is intended to be “substantially similar” to the federal Personal Information Protection and Electronic Documents Act (PIPEDA).  It would also establish a duty for organizations to notify individuals who may be affected when the personal information an organization has collected is lost, stolen or compromised.  Such a requirement would be groundbreaking in Canada (notwithstanding Ontario’s Personal Health Information Protection Act, which has a mandatory breach notification requirement).

Regrettably, the Government of Manitoba indicated in the Legislative Assembly debate last week that it has two primary concerns with the Bill.  The first concern is that the Bill lacks an independent oversight body such as a Privacy Commissioner of Manitoba. Legislative rules prevent private member’s Bills from containing financial penalties and so the Bill could not contain such provisions.  However, the government could add those provisions in amendments.  In fact, I assisted with the drafting of the Bill and would happily provide the government with the relevant provisions. The second concern raised by the government is that the Bill would introduce legislation in Manitoba that (according to the government) would regulate activities in the private sector already governed by PIPEDA. However, PIPEDA does not apply to the activities of private sector organizations in provinces such as Alberta and British Columbia, both of whom have Personal Information Protection Acts, because PIPEDA does not apply where “substantially similar” provincial legislation exists.

The Bill was first introduced in 2005 and since that time the need for such a law has significantly grown.  It’s modelled after Alberta’s Personal Information Protection Act, which provides a more business-friendly and clear legislative scheme than PIPEDA.  As I’ve previously argued, it would be good policy for the Government of Manitoba to support the Bill and I once again urge them to do so. 

If you want a more business-friendly privacy law in Manitoba, I’d strongly encourage you to contact the Government of Manitoba and Mavis Taillieu to indicate your support. 

Additional coverage on this topic by the Canadian HR Reporter here.

2 Comments | Employee Monitoring, Government, Identity Theft, Ombudsman, PIPEDA, Privacy, Privacy Breach, Safeguarding, Safekeeping, Security Breach | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Issuing employees laptops, cellphones and PDAs brings risk

March 2, 2009

Most Canadian businesses these days supply their employees with devices such as laptops, cellphones and PDAs that are then often used by employees after work hours for personal use. In most cases, this isn’t a problem for either the employer or the employee. But too many businesses that issue cellphones, laptops or PDAs to their employees have not taken the necessary steps to mitigate the associated legal risks.

These legal risks can include the fact that employees can use these devices to distribute emails or text messages that defame other parties or that include illegal sexual or racial content (which in Manitoba could give rise to employee and employer liability under The Human Rights Code). Employees may also use these devices to intentionally or unintentionally leak personal or corporate information. Employees, however, may have an expectation or legal right of privacy depending on the circumstances, so wholesale monitoring by employers may not be in the cards.

Doug Cornelius recently wrote on Compliance Building about a U.S. court decision (Quon v. Arch Wireless) concerning police conduct in accessing personal texts sent from a police-issued cellphone:

In that case the court found that a police department had violated the Fourth Amendment and state constitutional rights of employees and the people they exchanged text messages with, when they reviewed “personal” text messages created on devices owned and issued by the police department. It also found that the text messaging provider, Arch Wireless, violated the Stored Communications Act (SCA), 18 U.S.C. §§2701-2711, by providing transcripts of these messages to the employer.

Although this decision is based on U.S. law, similar results could happen in Canada. As a result, Canadian businesses should ensure that their employees clearly understand what they can and cannot do with the devices issued to them. One of the best ways to accomplish this goal is to develop appropriate policies and procedures, which will minimize the chances of being taken to court by third parties or employees.

3 Comments | Employee Monitoring, Privacy, Technology | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Is your employer monitoring your Net use?

February 5, 2009

businesses1Is your employer monitoring your Net use?

My March 7, 2005 column in the Winnipeg Free Press discusses the legal right of employers to monitor their employees’ email and internet surfing habits.

Leave a Comment » | Employee Monitoring, Online Reputation Management, Privacy, Security | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Next Entries »
Follow

Get every new post delivered to your Inbox.

Join 77 other followers