Is there a difference between monitoring employees on their work computer while in the office and working from home?
Question: Is there a difference in liability between monitoring employee activity on their work computer while they’re in the office and when they’re working from home?
Answer: The short answer to this question is no, provided that the employee is working from the work computer in both instances.
If the employee is working from a personal computer, there’s a greater risk that the employer may infringe on the employee’s privacy rights by inadvertently obtaining personal information about the employee that the employer did not have permission to obtain. For example, an employee is much more likely to store personal information, such as family photographs and personal emails, on their personal computer than on their work computer. There is also the risk that the employer may uncover information relating to grounds protected under human rights legislation, such as the employee’s medical records, gender expression or family status. Obtaining such information could potentially expose the employer to a future claim for discrimination if, for example, the employee is later passed over for a promotion.
Even if an employee is working from a corporate computer, they have a general right to privacy. However, this right can be altered where there is clear notice that the employee should not have an expectation of privacy. Although there is no formal legislation governing the monitoring of employees’ workplace computers in every jurisdiction, privacy commissioners and arbitrators have developed various tests to determine whether specific types of employee monitoring are acceptable.
There are many tools available to employers who wish to monitor their employees’ computer habits. However, employers should be wary, as none of these methods distinguish between an employee’s private and business use of their computer. Even accidentally recording an employee’s banking transactions or personal emails could potentially create a liability issue for an employer. That said, if the employer makes it clear that an employee should have no expectation of privacy when using the corporate equipment, the employer will have more latitude.
It’s important that employers have clear and comprehensive workplace policies regarding the use of workplace computers for personal use.
Employers should also have policies regarding the collection, preservation and disclosure of employee confidential information. When creating these policies, employers should be mindful of any applicable federal and provincial privacy laws. For example, the Personal Information Protection and Electronic Documents Act (PIPEDA) regulates the private sector’s collection, use and disclosure of personal information. However, it only applies to federally regulated employees. Provinces such as Alberta, British Columbia and Quebec have enacted their own privacy legislation for provincially regulated, private-sector employees. However, Ontario has not yet developed its own privacy legislation and instead employees in that province may be able to rely on the tort of “intrusion upon seclusion.”
Stuart Rudner is the founder of Rudner Law, an employment law firm in Markham, Ont. He can be reached at [email protected] or (416) 864-8500.