Privacy Policies
Introduction
Privacy issues and the employment sector can take multiple forms.
Employers seeking to protect their business, properties, reputation and customers may decide to conduct police record checks. Yet while employers may validly require disclosure of criminal records as a condition of employment, they do not have the presumptive right to access criminal histories of employees. Instead, an employer’s record check policy must be reasonable and be consistent with privacy legislation.
Arbitrators, mediators and workplace investigators deal with all manner of issues and questions regarding privacy in the workplace ranging from there a reasonable expectation?’ or ‘does this policy violate privacy?’. The following discussion provides insight into how these issues are viewed and handled.
Legal Treatment of Privacy Issues and Policies
A. General Privacy Protections
As stated by the court in Ari v. Insurance Corp. of British Columbia, 2015 BCCA 468, 2015 CarswellBC 3319, “(i)t is common ground that in British Columbia there is no common law cause of action for breach of privacy. (therefore, claims) for vicarious liability (ie. a kind of secondary liability carried by a superior for acts of their suborindate(s), ex. employer liability for employee conduct) therefore depends entirely on the statutory cause of action.
Effectively, this means that legal actions (lawsuits) for breach of privacy cannot be commenced unless a specific piece of legislation allows for such an action. One such piece of legislation – which is central to the validity of workplace privacy policies – is the Freedom of Information and Protection of Privacy Act, R.S.B.C. 1996, c. 165 (“FOIPPA”).
B. Policies That Affect Employee Privacy
There have been a number of privacy-related grievances in British Columbia that result from various types of record checks. These include:
- Employment Checks (Enhanced Reliability, Police Record, and Credit Record Checks)
Vancouver (City) and CUPE, Local 15, Re, 2007 CarswellBC 3820, [2007] B.C.C.A.A.A. No. 216
(“Employment Checks Grievance”) - Criminal Record checks
Rouge Valley Health System v. Ontario Nurses’ Assn. [2015] O.L.A.A. No. 169; and - Police Record checks
Vancouver (City) v. Vancouver Firefighters’ Union, Local 18, [2010] B.C.C.A.A.A. No. 81.
These (and other similar cases) indicate that adjudicators consider a variety of factors in considering workplace-related privacy issues:
- the nature of the employer’s business and the work carried out by the employees;
- the employer’s objective and whether there is a bona fide (ie. legitimate) need for that objective;
- whether the information that the employer wishes to obtain is relevant to and necessary for the employer’s objective;
- whether there is a less intrusive means of meeting the employer’s objective; and
- the amount of risk the employer faces by not implementing a check policy.
A more in-depth examination is also helpful as a means of understanding adjudicator treatment of issues with privacy policies.
Case in Point: An Arbitration Regarding a Privacy Policy
To illustrate, in Employment Checks Grievance, the arbitrator found it reasonable for the employer to require checks for positions that have an ongoing or significant relationship with vulnerable people. However, the arbitrator also found that the requirement of a police record check on the basis of a position having merely the potential of being alone with vulnerable people did not meet privacy legislation standards.
Put another way, the arbitrator was attempting to balance management rights with statutory requirements. FOIPPA requires a direct and necessary relationship between the employee activity and the record check. While management’s objectives in adopting the privacy policy were valid, the application of the policy was overbroad since there was no direct relationship between the checks and the employment activity.
Executive Summary
Overall, the issue of in what circumstances the request for a check for existing employees is reasonable is factually driven. Adjudicators will refer to:
- any collective agreement;
- the impugned policy – most notably the purpose, application, restrictions, and terms used;
- applicable statutes.
To interpret terms used in the policy, adjudicators refer to the employer’s own definitions, legislation, Hansard (legislative services for BC), dictionaries, and common understandings.
The greater the risk to the employer’s interest in safety and security, the more likely that more intrusive policies will be found to be reasonable. Adjudicators look favourably on (aspects of) a record check policy if it is precise.
Conclusion:
Consideration of privacy policies involves a blend of specific legislative mechanisms and factual aspects, and a balance of management rights and objectives with legal frameworks. Please contact Neil Hain to discuss questions related to workplace privacy policies.
Areas of Focus
We have helped many BC companies deal with privacy policy issues in the workplace.
Contact Us to discuss how we can help
© Neil Hain . All rights reserved.