WORKPLACE PRIVACY LAW UPDATE
In August, the BC Court of Appeal considered whether an arbitrator could include personal information about employees in an arbitration award. The Union, UFCW Local 1518, had asserted that the inclusion of personal information in the arbitrator’s written reasons was a breach of the province’s Personal Information Protection Act (PIPA). The Court ruled that an arbitrator is permitted to collect personal information in the course of a hearing and to include that information in his award. In BC, all arbitration awards are published by the Arbitration Bureau (a branch of the government’s department of labour). The Court also confirmed that the publication of the award by the Arbitration Bureau did not require the personal consent of the named persons. (Personal consent is normally required for the publication of personal information under PIPA) The Court relied upon the principle of open court and the obligation of the arbitrator to provide the Arbitration Bureau with his/her reasons in their entirety. The use of a person’s initials to protect someone’s privacy remained within the discretion of the arbitrator, but if the arbitrator chose to publish the full names with other personal information of those who testified or were otherwise named in the course of the hearing, PIPA did not have any application to restrict the content of the arbitration award in this situation.
United Food & Commercial Workers Union, Local 1518 v. Sunrise Poultry Processors Ltd., 2015 BCCA 354 (August 12, 2015).
McDougall Gauley LLP routinely screens exhibits for potential privacy issues in arbitrations, and works with other counsel to redact those portions of exhibits which could unnecessarily disclose private and confidential information about a person or a company. While arbitrators have the full discretion to report complete names and the full testimony of witnesses, a proactive approach with other counsel that is sensitive to the privacy of participants in hearings reduces the need for legal costs to clients attempting to protect someone’s privacy, like in this case.
A long term IT Help Desk employee of a financial institution was dismissed, in which the employer alleged just cause for her dismissal. The employee used her administrator status access to view a personal document of a manager that had been stored on the company’s computer system, which involved a matter relating to parking spots.
The company’s policies for the IT Department made it clear that discipline would be appropriate if the rules surrounding access were not followed. However, the policy did not specify what the discipline would be, but appeared to leave open that the range of discipline could include something less than automatic dismissal.
Our attention was drawn to the respondent’s policy book, which we were told was annually reviewed with the IT group and constituted fair warning that breach of the rules could lead to dismissal. What is revealing is that the warnings are not expressed in terms of automatic termination, but as a range of sanctions. For example, in reference to reviews (monitoring) of computer use by company personnel, the warning is of a general nature.
The BC Court of Appeal considered the standard test where an employer loses trust in the employee - “’the faith inherent to the work relationship’ which is essential to this employment relationship’. It rejected the trial judge’s determination that since the company was a financial institution, this necessitated a higher trust requirement. In this case, the dismissed employee had not viewed a customer’s banking information, which may have otherwise justified the dismissal.
It would appear that the judge found the misconduct to be more egregious because of this element and so it affected the balance. In my view, unless the impugned behaviour involves money or the affairs of a client, the fact that an employer is a bank or a credit union is irrelevant. Every business organization large enough to have an IT department is entitled to impose reasonable rules for confidentiality and privacy. The standard of trust is not elevated simply because the business is financial in nature. In the instant case, the matter was an internal administrative issue: parking spots. The integrity and probity of the respondent as a credit union could not have been compromised by the appellant’s actions.
It is very important that a company’s privacy policies should be specific about consequences in certain circumstances, so that there can be no argument about whether the employee had fair warning of the precise penalty should a serious breach of privacy occur.
Steel v. Coast Capital Savings Credit Union, 2015 BCCA 127 (CanLII) [note: this case is currently seeking the permission of the Supreme Court of Canada to hear an appeal, but no decision on the leave to appeal application has been issued yet]
McDougall Gauley LLP routinely reviews a client’s company policies for compliance with legislation, the common law and the latest in cases (such as this one). The firm maintains a large folio of company policies (300+), upon which it can draw, to ensure that its clients have the depth of company policies appropriate to its operations.
On August 15, 2015, the Federal, British Columbia and Alberta privacy commissioners jointly issued guidelines to help organizations reduce risks for personal information when allowing employees to use their own mobile devices and computers for work.
While not binding on Saskatchewan, the publication of these guidelines will provide a reasonableness standard for the courts and the Saskatchewan Privacy Commissioner to consider when dealing with privacy breaches and consequential liability. Although Saskatchewan has no comparable privacy legislation, privacy breaches are within the jurisdiction of the Court of Queen’s Bench as a common law tort.
The recently published guidance focuses on 14 tips to consider when planning or implementing a BYOD program:
- Get executive buy-in for BYOD privacy protection
- Assess privacy risks
- Establish a BYOD policy
- Pilot your program
- Train staff
- Demonstrate accountability
- Mitigate risks through containerization
- Put in place storage and retention policies
- Encrypt devices and communications
- Protect against software vulnerabilities
- Manage apps effectively
- Enable effective authentication and authorization practices
- Address malware protection
- Have a plan for when things go wrong.
McDougall Gauley has the expertise to assist your organization with the establishment of a BYOD/HYOD/CYOD policy that will reduce your organization’s exposure to liability in this area, if you presently permit your employees to conduct work on the same device on which personal communications take place (e.g. emails, phone calls, texts, etc.). [HYOD = Here’s Your Own Device; CYOD = Choose Your Own Device]
LABOUR RELATIONS LAW UPDATE
With the Saskatchewan Labour Relations Board moving more and more frequently to mail-in voting instead of conducting face-to-face poll votes in workplaces, the issue of whether a paper ballot is spoiled has become a contentious issue in some files. Recently, an employee sent in a ballot on different coloured paper from the paper ballot that had been sent out by the Board staff. In that instance, the ballot was permitted to be counted after rather lengthy discussions about whether the ballot had been spoiled. More recently, the Board issued a ruling on whether an employee, who placed his initials on the paper ballot after marking his “X” on it, had spoiled the ballot.
The Board reviewed both the previously existing regulations under the Trade Union Act and the new regulations under the Saskatchewan Employment Act. It concluded that the former regulation “precluded the counting of any ballot which identified the voter”. The current regulations continued this approach, by specifically prohibiting the counting of “every ballot on which anything is written or marked that identifies the person voting”.
Despite permitting arguments that a voter who self-identifies does not diminish the clarity of his intentions regarding support for or against the union, and that the Board has the power to cure any defect or deficiency in a proceeding, the Board reaffirmed that the Board’s agent had properly applied the regulations by rejecting those ballots as spoiled in situations where the voter had written a mark on his ballot that identified him. It determined that this situation was not a mere defect or deficiency to be remedied, but was covered by a clear directive in the regulations which could not be ignored by the Board or its agent. The mandated voting process is a secret ballot process, and permitting marks that diminish the secrecy of a voter is inconsistent with the legislature’s direction. Neither the Board nor its agent has the authority to override those regulatory directives.
Construction Workers Union (CLAC), Local No. 151 v. Golderado Civil Ltd., LRB File No. 118-15 (September 2, 2015)
McDougall Gauley LLP regularly represents clients on matters involving navigating the Board’s voting process, which has moved more toward a mail-in ballot system.
On August 28, 2015, an arbitrator rendered his decision after receiving extensive evidence about the company’s approach with the dismissed employee, its approach with other employees who had been incarcerated, the probable impact on the company’s reputation of the criminal conduct, and the ability of the employee to continue to work during his 60 days of intermittent incarceration.
The dismissed employee was convicted of possession of child pornography and sentenced to 60 days of jail time, which would be served on weekends only, plus two years of probation. He was also registered with the Sex Offender Information Registry. He had worked for 9 years at a potash mine, and his employer did not take any actions against his continuation in employment until the last appeal of the criminal conviction was exhausted. He was then dismissed for cause and the Union grieved the dismissal. The company was unwilling to modify his work schedule so that he did not miss any work while he was serving his intermittent 60 days in jail.
The arbitrator confirmed that two (of five) tests that would justify upholding the dismissal were present in this situation. First, the dismissed employee had committed a serious Criminal Code offence. Second, his employer was heavily involved in various community and charity programs that involved children, which were inconsistent with the toleration or accommodation of persons willing to engage in activities which victimized or harmed children. Three former employees who had previously been convicted of Criminal Code offences had all been dismissed for cause, one of which also involved child pornography. The dismissal was confirmed as being a just cause termination in these circumstances.
Unifor 892 v. Mosaic Potash Esterhazy Limited (Chris Jacques Grievance), August 28, 2105 (Campbell)
A city employee was spending too much personal time on his computer while at work. This was identified by web monitoring and site blockage software that the city had installed. The software automatically sends a warning to certain employees about their level of their internet usage, and reminds them of the city’s internet use policy. The policy covers not only excessive use of the internet for personal purposes while at work, but it also reminds employees what specific kinds of websites are prohibited sites to visit when using a city computer.
The employee’s internet usage was extremely high, and he was visiting prohibited sites (like DropBox) as well. He had an inordinate amount of personal data stored on his city’s servers. He was ultimately dismissed after a period of suspension pending investigation.
After being dismissed, the employee posted several inappropriate comments on Facebook, which were offensive and derogatory about his former supervisor and the city. One of the posts was filled with profanity and included a wish that his supervisor’s house was underwater (as many houses in Calgary were at the time).
At the arbitration, the adjudicator determined that there was not just cause to dismiss the former employee. However, the comments which he posted on Facebook made reinstatement unrealistic, and the adjudicator refused to reinstate the former employee. (The parties were directed to attempt to sort out what damages should be assessed.)
Calgary (City) v Canadian Union of Public Employees, Local 38, 2015 CanLII 43613 (AB GAA)
McDougall Gauley LLP has assisted clients with social media monitoring after an employee has left an organization, to determine whether the former employee is engaging in activities which could harm or threaten the client or its employees.
The Saskatchewan government has announced that it intends to introduce amendments to the Essential Services Act that was struck down as unconstitutional by the Supreme Court of Canada in June 2015.
The key changes are:
- Removing the definition of “essential services”. The parties will determine those services which are essential for the affected organizations.
- Requiring the parties to include in the Notice of Impasse whether there are any essential duties/services to be maintained in the event of a strike or lockout (and identify them).
- Establishing an Essential Services Tribunal. The Tribunal will decide what duties are essential and whether an essential services agreement substantially interferes with the exercise of a strike or lockout. The Tribunal will be comprised of the Chair or Vice-Chair of the Labour Relations Board and a representative appointed by each of the parties to the dispute.
- Providing for binding mediation-arbitration by a three-person panel when an essential services agreement is found to substantially interfere with the exercise of a strike or lockout.
These changes raise several questions for public sector organizations and trade unions that may be impacted by this legislation.
- If the parties cannot agree on an essential services agreement because they cannot agree on what constitutes an essential duty or service, what criteria will guide the Essential Services Tribunal in deciding the question for the parties (given that there is no longer a definition of what is an essential service)?
- Are there any constraints on the scope of the three-person arbitration panel in reaching its conclusions? Is it to be constrained by other public sector settlements within Saskatchewan, or can a trade union successfully obtain a higher settlement through arbitration than it could ever achieve through normal collective bargaining?
- Realistically, how long will it take an Essential Services Tribunal to examine what services or duties are essential within the Saskatchewan Public Service, where there are a large variety of job functions? If the arbitration is focused on those job duties which are essential, how will this impact the length of time that the Tribunal must hear evidence, where the parties cannot agree on those duties which must be maintained during a strike or lockout?
These and other issues of concern with the legislation may potentially frustrate the parties, rather than reduce tensions. The impetus for this legislation can be traced as far back as 1999, when a SUN strike continued even after emergency back-to-work legislation was passed by the provincial legislature.
On behalf of its clients, McDougall Gauley LLP has authored several submissions to the provincial government on this draft legislation, at various stages throughout the draft legislation’s history.
The views expressed herein are solely the author's and should not be attributed to the MG LLP or its clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Due to professional ethics, the author may not be able to comment on matters in which a client has an interest. Nothing herein should be used as a substitute for the advice of competent and informed counsel.
This web site/blog is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and MG LLP. If you are seeking specific advice related to your situation, please contact MG LLP for a personal consultation.
Any unsolicited information sent to MG LLP through blogs or otherwise may not be protected by solicitor-client privilege.
MG LLP periodically provides materials on our services and developments in the law to interested persons. For permission to reprint articles or blogs, please contact firstname.lastname@example.org.