SlideShare uma empresa Scribd logo

Internal Investigations and Employee Privacy

Dan Michaluk
Dan Michaluk

This document discusses employee privacy considerations for internal investigators. It outlines that employee privacy rights come from statutes, collective agreements, and employment contracts. Investigators must view tactics through a risk assessment lens of balancing necessity and privacy. Collecting electronic communications and surveillance footage requires justification of grounds and consideration of less invasive means. Third party records require limited ability to access under privacy statutes. Investigation records should factually document interviews and communications without commentary to protect credibility.

NegóciosTecnologia
1 de 16
Internal Investigations and Employee Privacy (and More) Dan Michaluk13th Annual ACFI Fraud Conference May 3, 2011
Outline Investigators and employee privacy How the investigation exemptions work Special collection issues The investigation record
Investigators and Employee Privacy Employee privacy rights Come from statute in the federal sector, the public service (excluding Ont.) and in B.C., Alta. and PQ Come from collective agreements and arbitrator-driven law (for unionized employees) At the very outside range of acceptable conduct, come under an individual employment contract (Colwell)
Investigators and Employee Privacy Why your internal clients care about privacy Employees and unions care more now There’s been a slow shift in attitude about privacy in the workplace An institution’s relationship with its privacy regulator matters Some labour arbitrators exclude evidence obtained through an “unlawful” collection
Investigations and Employee Privacy Help your client view investigation tactics by their risk Legal issue is usually “reasonable necessity” It’s never right to say “yes or no” - assessing a tactic is about articulating the degree of risk Usually your client should make the call Demand that your clients make a risk-based assessment
Investigations and Employee Privacy Your quid pro quo is to acknowledge that privacy matters You can help by recognizing some tactics as invasive and assessing its relative efficacy If you dismiss privacy as inimical to your role you will run in to problems Protect your own internal credibility
How the Investigation Exemptions Work You’re not “law enforcement” any more Public sector privacy statues include broad authorizing provisions to enable law enforcement Courts have recognized that police need to police and can make assumptions about criminal behaviour Private security is different
How the Investigation Exemptions Work Relieve against consent rule on certain conditions* Condition 1 – reasonable grounds Condition 2 – necessary part of covert investigation Condition 3 – breach of agreement or “law” *Differ by statute and have interpretive peculiarities
How the Investigation Exemptions Work Commissioner powers Have broad power to scrutinize how you investigate They don’t have a strong history of interference UBC Spyware case is a notable exception If you think about privacy and can demonstrate you have done so they are less likely to interfere
Specific Collections Electronic communications Very rich information Fairly full right of access historically and today Ont. C.A. has recently recognized an expectation of privacy in stored files (different than e-mail and text messages) Employers should make personal use conditional on an audit right and investigation right
Specific Collections Covert video surveillance Surveillance images are recognized by commissioners as sensitive personal information Now addressed by (relatively strict) OPC guideline More than “mere suspicion” required Likely to be efficacious Consider less invasive means Delete or depersonalize extraneous PI Decision-making process is key
Specific Collections Customer records of employees There’s a “two hat” problem here Employees enrol as customers and expect to be treated as customers The “use” exemption in PIPEDA is worded than the “disclosure” exemption – does this pose a problem for investigations that can’t be framed as an investigation into a breach of public law?
Specific Collections Records of PI held by third-parties Cell phone records or credit history records Private security has limited ability ask and receive from 3P under privacy statutes (check jurisdiction) So generally part of the “open” investigation Enforcement duty to cooperate with investigation will hinge on the logic of the demand (won’t get away with fishing, but ee “right to silence” is limited)
The Investigation Record Interview notes Name and date No paraphrasing Essence of response plus behaviour No commentary Nothing beats ink
The Investigation Record Project communications Facts and plans are safe Don’t deliberate over e-mail Don’t send draft conclusions/reports over e-mail
Internal Investigations – Staying on Side of Employee Privacy (and More) Dan Michaluk13th Annual ACFI Fraud Conference May 3, 2011

Recomendados

The ugly, the bad and the good of cloud computing
The ugly, the bad and the good of cloud computingThe ugly, the bad and the good of cloud computing
The ugly, the bad and the good of cloud computingDan Michaluk
 
Social Media and Employee Privacy
Social Media and Employee PrivacySocial Media and Employee Privacy
Social Media and Employee PrivacyDan Michaluk
 
Key Issues In Workplace Privacy
Key Issues In Workplace PrivacyKey Issues In Workplace Privacy
Key Issues In Workplace PrivacyDan Michaluk
 
Managing Social Media Risks for Municpalities
Managing Social Media Risks for MunicpalitiesManaging Social Media Risks for Municpalities
Managing Social Media Risks for MunicpalitiesDan Michaluk
 
Managing Facebook - Jan 28/2009
Managing Facebook - Jan 28/2009Managing Facebook - Jan 28/2009
Managing Facebook - Jan 28/2009Dan Michaluk
 
Catelas Security Webinar 12 14 10
Catelas Security Webinar 12 14 10Catelas Security Webinar 12 14 10
Catelas Security Webinar 12 14 10Rob Levey
 
Pli workplace privacy in the year 2013 2013-6-13
Pli workplace privacy in the year 2013 2013-6-13Pli workplace privacy in the year 2013 2013-6-13
Pli workplace privacy in the year 2013 2013-6-13mkeane
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 

Recomendados

The ugly, the bad and the good of cloud computing
The ugly, the bad and the good of cloud computingThe ugly, the bad and the good of cloud computing
The ugly, the bad and the good of cloud computingDan Michaluk
 
Social Media and Employee Privacy
Social Media and Employee PrivacySocial Media and Employee Privacy
Social Media and Employee PrivacyDan Michaluk
 
Key Issues In Workplace Privacy
Key Issues In Workplace PrivacyKey Issues In Workplace Privacy
Key Issues In Workplace PrivacyDan Michaluk
 
Managing Social Media Risks for Municpalities
Managing Social Media Risks for MunicpalitiesManaging Social Media Risks for Municpalities
Managing Social Media Risks for MunicpalitiesDan Michaluk
 
Managing Facebook - Jan 28/2009
Managing Facebook - Jan 28/2009Managing Facebook - Jan 28/2009
Managing Facebook - Jan 28/2009Dan Michaluk
 
Catelas Security Webinar 12 14 10
Catelas Security Webinar 12 14 10Catelas Security Webinar 12 14 10
Catelas Security Webinar 12 14 10Rob Levey
 
Pli workplace privacy in the year 2013 2013-6-13
Pli workplace privacy in the year 2013 2013-6-13Pli workplace privacy in the year 2013 2013-6-13
Pli workplace privacy in the year 2013 2013-6-13mkeane
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 
Managing Social Media Risks for Municipalities (and More)
Managing Social Media Risks for Municipalities (and More)Managing Social Media Risks for Municipalities (and More)
Managing Social Media Risks for Municipalities (and More)Dan Michaluk
 
E discovery production and non-party privacy v2
E discovery production and non-party privacy v2E discovery production and non-party privacy v2
E discovery production and non-party privacy v2Dan Michaluk
 
Osgoode pdp e discovery certificate slides
Osgoode pdp e discovery certificate slidesOsgoode pdp e discovery certificate slides
Osgoode pdp e discovery certificate slidesDan Michaluk
 
Privacy and Litigation
Privacy and LitigationPrivacy and Litigation
Privacy and LitigationDan Michaluk
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Securitysatyakam_biswas
 
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"Employers Association of New Jersey
 
Employee issues and privacy
Employee issues and privacyEmployee issues and privacy
Employee issues and privacyDan Michaluk
 
Chapter 5_dp-_pertemuan_7_8
Chapter 5_dp-_pertemuan_7_8 Chapter 5_dp-_pertemuan_7_8
Chapter 5_dp-_pertemuan_7_8UNIVERSITAS TEKNOKRAT INDONESIA
 
Workplace Privacy Presentation
Workplace Privacy PresentationWorkplace Privacy Presentation
Workplace Privacy PresentationSarah Forbes
 
Workplace Behavior and Privacy Issues - Employer Responses
Workplace Behavior and Privacy Issues - Employer ResponsesWorkplace Behavior and Privacy Issues - Employer Responses
Workplace Behavior and Privacy Issues - Employer ResponsesThomas Benjamin Huggett
 
Workplace Privacy
Workplace PrivacyWorkplace Privacy
Workplace PrivacyEmployers Association of New Jersey
 
Legal Implications of a Mobile Enterprise
Legal Implications of a Mobile EnterpriseLegal Implications of a Mobile Enterprise
Legal Implications of a Mobile EnterpriseHawley Troxell
 
presentation to lawyers and practicioners on e-mail monitoring
presentation to lawyers and practicioners on e-mail monitoringpresentation to lawyers and practicioners on e-mail monitoring
presentation to lawyers and practicioners on e-mail monitoringDan Michaluk
 
Social Media and the Workplace
Social Media and the WorkplaceSocial Media and the Workplace
Social Media and the WorkplaceAllisha Anderson
 
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...Case IQ
 
Social Media In the Workplace
Social Media In the WorkplaceSocial Media In the Workplace
Social Media In the WorkplaceRosenthalLurie
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOIDan Michaluk
 
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...William Tanenbaum
 
Final powerpoint for social media club program
Final powerpoint for social media club programFinal powerpoint for social media club program
Final powerpoint for social media club programSocial Media Club North Jersey
 
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627Jason Haislmaier
 
Privacy, Privilege And Confidentiality For Lawyers
Privacy, Privilege And Confidentiality For LawyersPrivacy, Privilege And Confidentiality For Lawyers
Privacy, Privilege And Confidentiality For Lawyerscanadianlawyer
 
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...Penelope Toth
 

Mais conteúdo relacionado

Mais procurados

Managing Social Media Risks for Municipalities (and More)
Managing Social Media Risks for Municipalities (and More)Managing Social Media Risks for Municipalities (and More)
Managing Social Media Risks for Municipalities (and More)Dan Michaluk
 
E discovery production and non-party privacy v2
E discovery production and non-party privacy v2E discovery production and non-party privacy v2
E discovery production and non-party privacy v2Dan Michaluk
 
Osgoode pdp e discovery certificate slides
Osgoode pdp e discovery certificate slidesOsgoode pdp e discovery certificate slides
Osgoode pdp e discovery certificate slidesDan Michaluk
 
Privacy and Litigation
Privacy and LitigationPrivacy and Litigation
Privacy and LitigationDan Michaluk
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Securitysatyakam_biswas
 
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"Employers Association of New Jersey
 
Employee issues and privacy
Employee issues and privacyEmployee issues and privacy
Employee issues and privacyDan Michaluk
 
Workplace Privacy Presentation
Workplace Privacy PresentationWorkplace Privacy Presentation
Workplace Privacy PresentationSarah Forbes
 
Workplace Behavior and Privacy Issues - Employer Responses
Workplace Behavior and Privacy Issues - Employer ResponsesWorkplace Behavior and Privacy Issues - Employer Responses
Workplace Behavior and Privacy Issues - Employer ResponsesThomas Benjamin Huggett
 
Legal Implications of a Mobile Enterprise
Legal Implications of a Mobile EnterpriseLegal Implications of a Mobile Enterprise
Legal Implications of a Mobile EnterpriseHawley Troxell
 
presentation to lawyers and practicioners on e-mail monitoring
presentation to lawyers and practicioners on e-mail monitoringpresentation to lawyers and practicioners on e-mail monitoring
presentation to lawyers and practicioners on e-mail monitoringDan Michaluk
 
Social Media and the Workplace
Social Media and the WorkplaceSocial Media and the Workplace
Social Media and the WorkplaceAllisha Anderson
 
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...Case IQ
 
Social Media In the Workplace
Social Media In the WorkplaceSocial Media In the Workplace
Social Media In the WorkplaceRosenthalLurie
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOIDan Michaluk
 
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...William Tanenbaum
 
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627Jason Haislmaier
 

Mais procurados (20)

Managing Social Media Risks for Municipalities (and More)
Managing Social Media Risks for Municipalities (and More)Managing Social Media Risks for Municipalities (and More)
Managing Social Media Risks for Municipalities (and More)
 
E discovery production and non-party privacy v2
E discovery production and non-party privacy v2E discovery production and non-party privacy v2
E discovery production and non-party privacy v2
 
Osgoode pdp e discovery certificate slides
Osgoode pdp e discovery certificate slidesOsgoode pdp e discovery certificate slides
Osgoode pdp e discovery certificate slides
 
Privacy and Litigation
Privacy and LitigationPrivacy and Litigation
Privacy and Litigation
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Security
 
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
2011 Garden State Council SHRM Conference "Ethics in Human Resource Management"
 
Employee issues and privacy
Employee issues and privacyEmployee issues and privacy
Employee issues and privacy
 
Chapter 5_dp-_pertemuan_7_8
Chapter 5_dp-_pertemuan_7_8 Chapter 5_dp-_pertemuan_7_8
Chapter 5_dp-_pertemuan_7_8
 
Workplace Privacy Presentation
Workplace Privacy PresentationWorkplace Privacy Presentation
Workplace Privacy Presentation
 
Workplace Behavior and Privacy Issues - Employer Responses
Workplace Behavior and Privacy Issues - Employer ResponsesWorkplace Behavior and Privacy Issues - Employer Responses
Workplace Behavior and Privacy Issues - Employer Responses
 
Workplace Privacy
Workplace PrivacyWorkplace Privacy
Workplace Privacy
 
Legal Implications of a Mobile Enterprise
Legal Implications of a Mobile EnterpriseLegal Implications of a Mobile Enterprise
Legal Implications of a Mobile Enterprise
 
presentation to lawyers and practicioners on e-mail monitoring
presentation to lawyers and practicioners on e-mail monitoringpresentation to lawyers and practicioners on e-mail monitoring
presentation to lawyers and practicioners on e-mail monitoring
 
Social Media and the Workplace
Social Media and the WorkplaceSocial Media and the Workplace
Social Media and the Workplace
 
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...
 
Social Media In the Workplace
Social Media In the WorkplaceSocial Media In the Workplace
Social Media In the Workplace
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOI
 
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
Data Security And Privacy Risks In Cloud Computing William A Tanenbaum Sourc...
 
Final powerpoint for social media club program
Final powerpoint for social media club programFinal powerpoint for social media club program
Final powerpoint for social media club program
 
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627Presentation - gener8tor - Data Privacy, Security, and Rights 130627
Presentation - gener8tor - Data Privacy, Security, and Rights 130627
 

Semelhante a Internal Investigations and Employee Privacy

Privacy, Privilege And Confidentiality For Lawyers
Privacy, Privilege And Confidentiality For LawyersPrivacy, Privilege And Confidentiality For Lawyers
Privacy, Privilege And Confidentiality For Lawyerscanadianlawyer
 
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...Penelope Toth
 
A Lawyer's Perspective on Records Retention And Destruction
A Lawyer's Perspective on Records Retention And DestructionA Lawyer's Perspective on Records Retention And Destruction
A Lawyer's Perspective on Records Retention And DestructionDan Michaluk
 
Amcto presentation final
Amcto presentation finalAmcto presentation final
Amcto presentation finalDan Michaluk
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Dan Michaluk
 
Access Requests Under Fippa - Jan 28/2009
Access Requests Under Fippa - Jan 28/2009Access Requests Under Fippa - Jan 28/2009
Access Requests Under Fippa - Jan 28/2009Dan Michaluk
 
Library privacy and the privacy audit
Library privacy and the privacy auditLibrary privacy and the privacy audit
Library privacy and the privacy auditRachel Gordon
 
Internal Investigations issue 53
Internal Investigations issue 53Internal Investigations issue 53
Internal Investigations issue 53Kendall Clark
 
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & PrivacyDo You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & PrivacyButlerRubin
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityCTIN
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Confidentiality in the Workplace.pptx
Confidentiality in the Workplace.pptxConfidentiality in the Workplace.pptx
Confidentiality in the Workplace.pptxFelger Tilos
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
The Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research communityThe Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research communityARDC
 
Ensuring Your E-Discovery Procedures Comply With The New Rules
Ensuring Your E-Discovery Procedures Comply With The New RulesEnsuring Your E-Discovery Procedures Comply With The New Rules
Ensuring Your E-Discovery Procedures Comply With The New Rulesrlhicksjr
 

Semelhante a Internal Investigations and Employee Privacy (20)

Privacy, Privilege And Confidentiality For Lawyers
Privacy, Privilege And Confidentiality For LawyersPrivacy, Privilege And Confidentiality For Lawyers
Privacy, Privilege And Confidentiality For Lawyers
 
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...
SIA Tas Safety Symposium 2017: Workplace incident response options, alternati...
 
A Lawyer's Perspective on Records Retention And Destruction
A Lawyer's Perspective on Records Retention And DestructionA Lawyer's Perspective on Records Retention And Destruction
A Lawyer's Perspective on Records Retention And Destruction
 
Amcto presentation final
Amcto presentation finalAmcto presentation final
Amcto presentation final
 
7790688.ppt
7790688.ppt7790688.ppt
7790688.ppt
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
 
Access Requests Under Fippa - Jan 28/2009
Access Requests Under Fippa - Jan 28/2009Access Requests Under Fippa - Jan 28/2009
Access Requests Under Fippa - Jan 28/2009
 
Library privacy and the privacy audit
Library privacy and the privacy auditLibrary privacy and the privacy audit
Library privacy and the privacy audit
 
Internal Investigations issue 53
Internal Investigations issue 53Internal Investigations issue 53
Internal Investigations issue 53
 
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & PrivacyDo You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It Security
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Confidentiality in the Workplace.pptx
Confidentiality in the Workplace.pptxConfidentiality in the Workplace.pptx
Confidentiality in the Workplace.pptx
 
Michael Legg
Michael LeggMichael Legg
Michael Legg
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
The Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research communityThe Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research community
 
Ensuring Your E-Discovery Procedures Comply With The New Rules
Ensuring Your E-Discovery Procedures Comply With The New RulesEnsuring Your E-Discovery Procedures Comply With The New Rules
Ensuring Your E-Discovery Procedures Comply With The New Rules
 
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityPrivacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
 
4514611.ppt
4514611.ppt4514611.ppt
4514611.ppt
 
Frankston
FrankstonFrankston
Frankston
 

Mais de Dan Michaluk

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxDan Michaluk
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityDan Michaluk
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationDan Michaluk
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection pointDan Michaluk
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacyDan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
Union access to information
Union access to informationUnion access to information
Union access to informationDan Michaluk
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Dan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public bodyDan Michaluk
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateDan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Dan Michaluk
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coachDan Michaluk
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boardsDan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidenceDan Michaluk
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeDan Michaluk
 

Mais de Dan Michaluk (20)

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence Presentation
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection point
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacy
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
 
Union access to information
Union access to informationUnion access to information
Union access to information
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public body
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coach
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boards
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidence
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and Practice
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
 

Último

Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...lizamodels9
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 

Último (20)

Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 

Internal Investigations and Employee Privacy

  • 1. Internal Investigations and Employee Privacy (and More) Dan Michaluk13th Annual ACFI Fraud Conference May 3, 2011
  • 2. Outline Investigators and employee privacy How the investigation exemptions work Special collection issues The investigation record
  • 3. Investigators and Employee Privacy Employee privacy rights Come from statute in the federal sector, the public service (excluding Ont.) and in B.C., Alta. and PQ Come from collective agreements and arbitrator-driven law (for unionized employees) At the very outside range of acceptable conduct, come under an individual employment contract (Colwell)
  • 4. Investigators and Employee Privacy Why your internal clients care about privacy Employees and unions care more now There’s been a slow shift in attitude about privacy in the workplace An institution’s relationship with its privacy regulator matters Some labour arbitrators exclude evidence obtained through an “unlawful” collection
  • 5. Investigations and Employee Privacy Help your client view investigation tactics by their risk Legal issue is usually “reasonable necessity” It’s never right to say “yes or no” - assessing a tactic is about articulating the degree of risk Usually your client should make the call Demand that your clients make a risk-based assessment
  • 6. Investigations and Employee Privacy Your quid pro quo is to acknowledge that privacy matters You can help by recognizing some tactics as invasive and assessing its relative efficacy If you dismiss privacy as inimical to your role you will run in to problems Protect your own internal credibility
  • 7. How the Investigation Exemptions Work You’re not “law enforcement” any more Public sector privacy statues include broad authorizing provisions to enable law enforcement Courts have recognized that police need to police and can make assumptions about criminal behaviour Private security is different
  • 8. How the Investigation Exemptions Work Relieve against consent rule on certain conditions* Condition 1 – reasonable grounds Condition 2 – necessary part of covert investigation Condition 3 – breach of agreement or “law” *Differ by statute and have interpretive peculiarities
  • 9. How the Investigation Exemptions Work Commissioner powers Have broad power to scrutinize how you investigate They don’t have a strong history of interference UBC Spyware case is a notable exception If you think about privacy and can demonstrate you have done so they are less likely to interfere
  • 10. Specific Collections Electronic communications Very rich information Fairly full right of access historically and today Ont. C.A. has recently recognized an expectation of privacy in stored files (different than e-mail and text messages) Employers should make personal use conditional on an audit right and investigation right
  • 11. Specific Collections Covert video surveillance Surveillance images are recognized by commissioners as sensitive personal information Now addressed by (relatively strict) OPC guideline More than “mere suspicion” required Likely to be efficacious Consider less invasive means Delete or depersonalize extraneous PI Decision-making process is key
  • 12. Specific Collections Customer records of employees There’s a “two hat” problem here Employees enrol as customers and expect to be treated as customers The “use” exemption in PIPEDA is worded than the “disclosure” exemption – does this pose a problem for investigations that can’t be framed as an investigation into a breach of public law?
  • 13. Specific Collections Records of PI held by third-parties Cell phone records or credit history records Private security has limited ability ask and receive from 3P under privacy statutes (check jurisdiction) So generally part of the “open” investigation Enforcement duty to cooperate with investigation will hinge on the logic of the demand (won’t get away with fishing, but ee “right to silence” is limited)
  • 14. The Investigation Record Interview notes Name and date No paraphrasing Essence of response plus behaviour No commentary Nothing beats ink
  • 15. The Investigation Record Project communications Facts and plans are safe Don’t deliberate over e-mail Don’t send draft conclusions/reports over e-mail
  • 16. Internal Investigations – Staying on Side of Employee Privacy (and More) Dan Michaluk13th Annual ACFI Fraud Conference May 3, 2011