Thanks to everyone from Europe, the U.S. and across Canada who attended last week’s Social Media and the Workplace webinar. If you didn’t have a chance to attend, you can now watch the webinar here.
Related information on this blog that may be of interest to you includes this audio link to my recent CJOB|68 radio interview with Human Resources specialist Barbara Bowes in which we discuss privacy issues in the workplace. You may also want to read this article I penned with my colleague Andrew Buck entitled Monitoring Employee Email: A Privacy Primer. And, of course, you can use the blog’s “Tags” to navigate to specific content of interest.
There’s no question that as we dive deeper into the information age technology will continue to permeate the workplace. Tech gadgets such as iPhones and Blackberries are cheaper and more convenient than ever before. But as the workplace becomes inundated with these tech tools, businesses increasingly have to ask themselves how they can manage the corresponding legal risks inevitably raised by empowering a legion of employees armed with Smartphones. If only there was “an app for that”!
The “fuel” for many gadgets currently in the workplace is data, which may or may not relate to the employer. And I’m not just thinking of Smartphones provided by the employer. I’m also thinking of social media websites such as Facebook and Twitter, which are often accessed after work hours on employees’ home computers.
What happens when an employer uses data gleaned from a company-owed iPhone or Blackberry to monitor an employee in the workplace? What about monitoring an employee’s Facebook page? After all, it’s not uncommon for information about an employer or its clients to appear on an employee’s Facebook page. Further, some employees have no second thoughts whatsoever about posting personal messages during paid company time. Many employers are introducing social media policies to mitigate the resulting legal risks. But how far should employers go to protect their interests?
Today’s post is the first in a series that I’ll publish in the coming weeks to provide you with an overview of legal developments regarding monitoring in the workplace, with a focus on employer monitoring of employee social media and Smartphone activities. Upcoming posts will also examine workplace privacy issues related to email, video and GPS monitoring. Stay tuned…
In the meantime, click here to listen to my recent CJOB|68 radio interview with Human Resources specialist Barbara Bowes in which we discuss privacy issues in the workplace. You may also want to attend a complimentary Social Media in the Workplace webinar that I’ll be providing with a few of my colleagues next week (May 19th). Click here for info and to register (space is limited so register soon).
Canadian Business Online is asking if you “ever wonder who’s checking your Facebook profile? Sure, there are probably the old standbys, like your high-school crush and your nosy co-worker, but you should be aware that there might be someone else checking you out: your banker. Financial institutions of all stripes have been scouring social-networking sites since the days when MySpace was all the rage; now they troll Facebook, Twitter and blogs to find out more about their customers. Don’t be surprised if soon they take the information they’ve found about you and use it to determine your creditworthiness.”
Yours truly was interviewed by Canadian Business Online for this article and, as you’ll see, I comment that I’m not aware of whether, or to what extent, the big banks and credit card companies are using personal information that’s publicly available on social networking websites to determine credit worthiness. That being said, in the insurance industry “using information from social-networking sites has already become commonplace”. The message that I’d take from this article is that Canadians’ understanding of privacy, and the ground rules for managing publicly available personal information that we willingly post online, is rapidly evolving.
In what should serve as a valuable reminder of the need to educate employees about what constitutes acceptable postings on social networking websites, BBC is reporting that “the Israeli military cancelled a planned raid on a Palestinian village after one of its soldiers posted details of the operation on Facebook. The unnamed soldier revealed the time and place of the raid and the name of his unit on the social networking site.”
I’ve previously commented on social networking websites and employer-employee relationships. This BBC report is just one more example of a situation which may have been prevented with better employee training and a clear social networking policy. Common sense should, and typically does, guide employees in determining what to post online. Yet, if an Israeli soldier can’t think twice before posting the details of a planned operation it’s easy to see how some employees of Canadian businesses – perhaps yours - unintentionally post valuable corporate information online.
Over the past two weeks nearly a million people around the globe have viewed a couple of YouTube videos filmed and posted by Churchill High School students, which show two of their teachers performing a simulated lap dance.
The identities of the teachers have been widely reported. Now the question is: Could the teachers sue the students for violating their privacy?
While the OPC’s Facebook investigation should be a “must read” for all Facebook users, it also provides some insightful information for Canadian organizations regulated by PIPEDA. The lessons that can be learned from the investigation can be applied by Canadian businesses regardless of whether their activities are online or offline.
Despite the fact that “[i]t’s clear that privacy issues are top of mind for Facebook…” federal Privacy Commissioner Jennifer Stoddart says that the OPC has found “serious privacy gaps in the way the site operates”. According to Stoddart, in order to comply with Canadian privacy law, Facebook must take greater responsibility for the personal information in its care. An overarching concern of the OPC was that, although Facebook provides information about its privacy practices, it is often confusing or incomplete. For example, the “account settings” page describes how to deactivate accounts, but not how to delete them, which actually removes personal data from Facebook’s servers. The OPC recommends more transparency, to ensure that the social networking site’s nearly 12 million Canadian users have the information they need to make meaningful decisions about how widely they share personal information.
The investigation also raised significant concerns around the sharing of users’ personal information with third-party developers creating Facebook applications such as games and quizzes. (There are more than 950,000 developers in some 180 countries.) Facebook lacks adequate safeguards to effectively restrict these outside developers from accessing profile information, the investigation found. The report recommended a number of changes, including technological measures to ensure that developers can only access the user information actually required to run a specific application, and also to prevent the disclosure of personal information of any of the user’s friends who are not themselves signing up for an application.
The investigation also found that Facebook has a policy of indefinitely keeping the personal information of people who have deactivated their accounts, which is a violation of PIPEDA. The law requires organizations to retain personal information only for as long as is necessary to meet appropriate purposes. Recommendations to Facebook included the adoption of a retention policy whereby personal information in deactivated accounts is deleted after a reasonable length of time.
Click here to read the OPC’s News Release, here for the full investigation report and here to read a helpful backgrounder. If you’d like to read more about Facebook, please click on the Facebook link under this blog’s Tags (below).
As I’ve previously discussed, Social networking websites such as MySpace and Facebook are provoking new questions about the appropriate boundaries in employee-employer relationships. This is evident in a United States Federal Court case coming to a head in New Jersey. The case pertains to the conduct of a manager who logged into a private social networking website and observed employees slandering company supervisors and customers. Those same employees were later dismissed. The case exemplifies a rapidly expanding “grey area” between an employee’s work life and personal social life. It begs the question, at what point does a “private” comment to friend made outside of the office constitute defamation, and at what point are such comments simply banter between individuals? Of course, the answer is, it all depends on the facts.
For an interesting discussion on the matter, check out Myrth on a Blog, a personal journal of law, technology and social media.
It’s been a thrilling week for my colleagues at Pitblado LLP as it was announced earlier this week that we were to be the 1st Canadian law firm to be a guest blogger on the must-read slaw.ca. Yours truly, three of my colleagues from our firm’s Information & Ideas Practice Group as well as our firm’s librarian each contributed one post a day this week to slaw.ca on cutting edge legal topics. Here’s what we covered…
On Monday, I posted “What Would Happen If One of your Employees Posted a Video of an Irate Customer on YouTube?”, which I cross posted on my blog earlier this week. The post highlights a YouTube video of an irrate customer as a reminder to Canadian businesses of the powers of new technologies such as YouTube and the corresponding need to protect against the dissemination of this type of video through employee privacy training and the adoption and enforcement of privacy and procedures.
On Tuesday, Carol Lynn Schafer posted “Do TOS Have the Final Word on our Fundamental Rights and Freedoms?”, which discusses the controversial effects of Terms of Service on popular websites such as Facebook and Twitter. As Carol Lynn notes, Terms of Service should be drafted with the bigger picture in mind and can no longer be seen as standard agreements that can be treated with a one size fits all approach.
On Wednesday, Jolin Spencer posted “Whose Property Is It, Anyway?”, which discusses the questions that come into play when employees leave their positions. For example, what can an employee take, and what must they leave, when they vacate their position? As Jolin points out, no business wants its intellectual property assets walking out the door with a former employee.
On Thursday, our firm’s librarian, Karen Sawatsky, posted “Legal Research Bootcamp – Winnipeg Style”, which discusses her experience collaborating with members of the Manitoba Bar Association and the Law Society of Manitoba to create a CLE for articling students on legal research. The Legal Research Bootcamp is a first for Manitoba students, and aims to bridge the gap between when students start their articles and when CPLED begins in the fall.
Are you a parent with children who use the Internet? Do your children have a better understanding of this new and constantly changing technology? Have your children ever texted “fts” or told you to “bma” in an online message ? I sure hope not!
If you have children, I’d encourage you to visit the Internet 101 website, which provides some great information to increase your computer knowledge. The site provides excellent resources including Tutorials to help you learn more about the online world, Technical Tips to help keep your computer secure, Chat Lingo to help you learn the online lingo, Popular Online Activities to expose you to what today’s youth are doing online, and an Internet Agreement to be signed between parents and children to help your family stay safe in the online world.
Even if you don’t have children, there is some valuable information on the site worth reading.
The Lawyers Weekly (a national newspaper for the Canadian legal profession) recently approached me to publish an article for their “Focus on Information Technology” section of the newspaper. The request gave me pause to think about the impact on Canadians’ privacy of recent technological advances such as e-mail, instant messaging, online forums, blogs and social networking websites (such as Facebook and Twitter). Upon reflection, I concluded that these technological advances are the driving force for what I argue are increasing calls for a “third wave” of privacy laws.
The “first wave” of privacy laws (such as the federal Privacy Act) were introduced decades ago to protect the privacy of individuals in respect of public sector government bodies. The “second wave” of privacy laws (such as PIPEDA) were introduced more recently to protect the privacy of individuals in respect of private sector businesses. Arguably, the only missing link in this chain of privacy protection, and what could be the focus of a “third wave” of privacy laws, is protecting individuals from violations of privacy by other individuals in the non-commercial sphere. My goal with the article was not to promote a “third wave” of privacy laws, but rather to engage Canadians in a debate about whether such laws are required.
I also encourage you to share your thoughts on whether – in the era of Facebook and Twitter – the status quo is sufficient or whether a “third wave” of privacy laws are needed.
As you know, instant messaging, text messaging, blog postings, online chat forums and social networking websites (such as Facebook and MySpace) have changed the way in which people communicate. Regrettably, however, many of these new communications tools (in particular, online forums and social networking websites) are being used to defame not only individuals, but businesses as well. It should not be forgotten that businesses can be defamed.
In general, the defamation (written and spoken) of a business occurs when a party lowers the reputation of a business in the estimation of other members of society or an industry. Since a business doesn’t have “feelings”, defamation cases related to businesses focus on the damage to a business’ reputation or goodwill due to the comments of another party. The following court cases are worth checking out, both of which confirm that a business can be defamed and, as a result, is entitled to receive monetary compensation.
In Barrick Gold v. Lopehandia, the defendant was found liable for a massive online defamation campaign initiated by the defendant against the plaintiff. The defendant had posted comments on gold and mineral investor related online forums defaming the plaintiff. The Ontario Court of Appeal noted that Internet defamation is different than traditional written forms of defamation since online defamation, or “cyber libel”, is often taken at face value, and is capable of instantly reaching an unlimited number of persons around the globe. The plaintiff corporation was awarded $75,000 in general damages for damage to its reputation and goodwill, $50,000 in punitive damages, and a permanent injunction to prevent further postings.
In WeGo Kayaking Ltd. et al v. Sewid, the British Columbia Supreme Court awarded $250,000 in general damages to the plaintiff corporation in relation to “review” comments posted online that incorrectly and intentionally classified the plaintiff as a “bad” tour company.
Defamation doesn’t just happen to individuals. These cases serve as a reminder to businesses that they are capable of being defamed and, as a result, should diligently protect their online reputations.
Last week’s headlines regarding Facebook (see post below) really seemed to raise the awareness of Facebook users about its Terms of Use. The troubling reality that many Facebook users haven’t read its Terms of Use illustrates the all too common practice of website users not reading the Terms of Use of websites they visit.
Website Terms of Use are important to read, especially if you’re then going to post information on or through the website. If you’re a Facebook user, read its Terms of Use to determine if you actually agree to them. If not, you may want to reconsider continuing to be a Facebook user or you may want to simply refrain from posting content that you don’t want to fall under the scope of its Terms of Use.
If your business has a website, check to see if it has a comprehensive Terms of Use document that’s been customized accordingly. Terms of Use are vital documents for websites because they set out the ground rules regarding – among other things – the ownership of content, licence rights, use of the website by minors, user submissions/postings and intellectual property rights. They are intended to serve as legally binding contracts between website operators and users, so they’re pretty important!
Facebook may have suffered a public relations setback last week, but for a commercial enterprise it was on the right path when it reviewed and tried to customize its Terms of Use to meet its business objectives. All businesses that have websites should review and, if necessary, modify their Terms of Use on a regular basis.
After several days of intense media scrutiny, Facebook has backed down on controversial changes to its Terms of Service (TOS). Both CTV Winnipeg and the Winnipeg Free Press asked me to comment on this timely story, which provides a lesson for other businesses that operate websites to be mindful that TOS (and privacy policies) must be able to withstand legal scrutiny but also user expectations.
My October 3, 2007 column in the Winnipeg Free Press emphasizes the importance of protecting your personal information by not handing it over to strangers, among other strategies.
This blog provides practical assistance to Canadian businesses so they can better deal with issues related to privacy, access to information, online reputation management, intellectual property and technology legal matters. I hope you subscribe to this blog via RSS (below) or via e-mail (below) so that you can receive timely updates to new posts. Thanks, Brian
This blog is presented for informational purposes only. Content does not constitute legal advice or solicitation and does not create solicitor-client relationship. Views expressed are solely the author's and should not be attributed to any other party, including Pitblado LLP or its clients. The author makes no guarantees regarding the accuracy or adequacy of the information contained herein or linked to via this blog. The author is not able to provide free legal advice. If you are seeking advice on specific matters, please contact Brian Bowman at (204) 956.3520 or bowman@pitblado.com, but please be aware that any unsolicited information sent to the author cannot be considered to be solicitor-client privileged. Comments published on this blog do not reflect the views of Brian Bowman, Pitblado LLP or its clients.
Thanks to everyone from Europe, the U.S. and across Canada who attended last week’s Social Media and the Workplace webinar. If you didn’t have a chance to attend, you can now watch the webinar here.
Posted by Brian Bowman 
The 
Are you a parent with children who use the Internet? Do your children have a better understanding of this new and constantly changing technology? Have your children ever texted “fts” or told you to “bma” in an online message ? I sure hope not!
The Lawyers Weekly
As you know, instant messaging, text messaging, blog postings, online chat forums and social networking websites (such as 
Last week’s 
After several days of intense media scrutiny, 
Privacy ultimately your responsibility
Facebook website not all fun and games
