The current federal privacy legislation is working well and does not need major changes for now, but Parliament might want to consider “more appropriate” ways of dealing with employee information, according to the federal privacy commissioner.
Addressing the Standing Committee on Access to Information, Privacy and Ethics, which launched a review of the Personal Information Protection and Electronic Documents Act (PIPEDA) last month, privacy commissioner Jennifer Stoddart said some of the most difficult complaints her office has received involved employee information.
“PIPEDA is based on consent which is a challenging concept in a workplace environment where there is unequal bargaining power,” she told the standing committee. However, she said it wouldn’t be prudent to adopt the approach used in Alberta and British Columbia, which does not require organizations to obtain employee consent.
“Exempting large portions of employees’ personal information from the consent process would take away rights that they currently have under PIPEDA, however unwieldy the act may be on this issue,” she said.
In preparation for the review, Stoddart issued a consultation paper and received 62 submissions, mostly from organizations in both the public and private sectors. Some of those submissions called for her office to start naming names or to seek the power to make orders. But she said she preferred keeping her power as an ombudsman for now, as it also permits her office to continue its other roles of mediation, education and audit.
Overall, Stoddart said she’s not looking for any major change to the current legislation which, by law, must be reviewed every five years.
“This law is kind of a funny law. It’s not readily clear how it applies to the workplace. But I think we’ve managed to take this law and apply it to the workplace in fairly creative ways,” she said at a seminar on workplace privacy issues held at Toronto’s Ryerson University. “And one of my messages is this law is only five years old. I don’t think we should look at anything more than housekeeping changes because people are still getting used to this law.”
‘Not an issue’
At the seminar, business academics also presented their findings on employer attitudes toward employee monitoring. Five years after the federal privacy legislation came into being and brought privacy issues to the attention of Canadian employers, many still remain cavalier about employees’ privacy concerns, the researchers found.
“I don’t think employers realize that a lot of the things they do are actually intrusive,” Avner Levin, the primary author of the survey,
Under the Radar? Employer Perspective on Workplace Privacy
Canadian HR Reporter
Of the 17 organizations that took part in the survey, most said workplace privacy was simply not an issue of concern.
The study zeroed in on the use of workplace surveillance technologies, such as closed circuit television (CCTV) , Global Positioning Systems (GPS) that track the whereabouts of company vehicles, telephone recordings and tools to monitor computer use.
By and large, the respondents told Levin they introduced these technologies for purposes other than to monitor employees. However, most acknowledged using the technologies whenever a potential problem came to their attention. An employer might use a CCTV camera to investigate a case of employee theft or to look into all the cash transactions if a cash register had an unusual number of returns or voids.
None of the respondents reported doing routine analysis of e-mail back-ups or monitoring Internet use. However, when asked why they didn’t use the available technology to monitor productivity, none of the respondents cited privacy concerns as a reason.
There’s a difference between what respondents said was the practice and what was indeed the practice, said Levin. Often, respondents who were in HR said they weren’t aware of employees being monitored for performance issues, but that’s because the use of these technologies was not built into the performance review process.
And line managers often access data gathered on an employee without authorization.
“It’s done in a very informal way, by going straight to the source of information — the computer guy. Then what happens is that source of information makes a judgment call. He either gives it over or says, ‘It’s not appropriate.’ It depends on the person,” said Levin.
Privacy commissioner Stoddart, whose office funded the research, said she was “disappointed by some of the employer attitudes that were reflected in the research.”
To those employers that feel they can rely on common sense in striking a balance between privacy and the need to monitor employees on the clock, Stoddart said judging by certain high-profile stories — such as that of Hewlett-Packard former chair Patricia Dunn, who has been accused of ordering access to the phone records of employees, directors and journalists — common sense isn’t enough.
“Investigators in my office have encountered employers who feel that they have an unfettered right to monitor everything an employee does, at any time. The current trend is there is more monitoring now, not less. Common sense does not necessarily tell us where to draw the line,” she said.
She also cautioned employers to consider the privacy rights of workers before installing GPS in their vehicle fleets. In one recent case brought to her office, employees of a telecommunication company were concerned that the use of GPS allowed the employer to track employees’ daily movements while on the job.
While her office ultimately accepted the company’s argument for using GPS, which is to locate, dispatch and route employees to job sites, Stoddart expressed concern that managers would form assumptions about employees’ activities based on this information. That’s why her office asked the company to clearly explain to employees how GPS would be used to check up on them and to develop a process of warnings and progressive monitoring.
© Copyright Canadian HR Reporter, Thomson Reuters Canada Limited. All rights reserved.