2. Outline
• Governing privacy law
• Access to business system information
• Surveillance outside the workplace
• Gathering internet evidence
Investigating without running afoul of privacy laws
3. Governing privacy law
• Nothing stops you from investigating (or auditing)
• But there are a variety of means by which individuals
can cause the conduct of an investigation to be
reviewed
• There may be liability for over-stepping
Investigating without running afoul of privacy laws
4. Governing privacy law
• Privacy regulation (patchy application to EEs)
• Federal works and undertakings – PIPEDA
• State Farm, 2010 FC 736
• Johnson v Bell Canada, 2008 FC 1086
• Employment in BC, Alberta Quebec
• Broad public sector application o/s Ontario
Investigating without running afoul of privacy laws
5. Governing privacy law
• Individual privacy rights
• Implied rights under a collective agreement
• Intrusion upon seclusion tort
• Jones v Tsige, 2012 ONCA 32
• Privacy statutes
• BC, Sask, Man, NL (+ Quebec Charter)
• Section 8 of the Charter (for government)
• See Longueuil, 1997 SCC on application
Investigating without running afoul of privacy laws
6. Governing privacy law
• Rules of evidence
• Labour arbitrators split 50/50 on authority to exclude
• Some court cases accept authority to exclude
• See Mathews, 2007 BCSC 1825
• Section 7 of Manitoba Privacy Act
Investigating without running afoul of privacy laws
7. Governing privacy law
• A recent example – Calgary Police, F2012-07
• Internal sexual misconduct investigation
• Review of work e-mail account
• Search for “password”
• Found password to outside account
• Searched outside account
Investigating without running afoul of privacy laws
8. Governing privacy law
• A recent example – Alberta Govt (Sims, 2012)
• Credit checks on 26 employees by internal
investigator as part of a needs or motive analysis
• Without consent
• Agreed that employees “suffered emotional stress”
as a result of privacy breach
• Arbitrator awards $1,250 each
Investigating without running afoul of privacy laws
9. Access to business system information
• The ideal – single purpose systems
Mine Yours
Investigating without running afoul of privacy laws
10. Access to business system information
• The reality – significant intermingling
• Utility of internet invites personal use at work
• Utility of handheld devices puts work on personal
devices
• Utility and value of cloud computing puts your work
system on a computer with others’ work systems
Investigating without running afoul of privacy laws
11. Access to business system information
• The problem – bad law
• CACE asks this Court to re-balance employer and
employee interests. To strike a proper balance, the Court
should give significant weight to the primary function of a
work-issued computer and should recognize that a work-
issued computer is only one part of a work information
system that must be routinely accessed by an employer
for a variety of legitimate reasons.
(CACE factum in R v Cole)
Investigating without running afoul of privacy laws
12. Access to business system information
• One solution – more law and policy
• You deal with data security in your cloud contracts.
Have you dealt with audit and investigation
requirements?
• Your acceptable use policies must be clear that
personal use is conditional on specific and detailed
rights and requires a sacrifice of personal autonomy
Investigating without running afoul of privacy laws
13. Access to business system information
• Other more fundamental solutions
• Revert to a no personal use rule
• Segregate the data created by personal use from
the data created by work use (this is what BYOD
technology and policy attempts to do)
Investigating without running afoul of privacy laws
14. Surveillance outside the workplace
• Intrusion upon seclusion tort
One who intentionally intrudes, physically or otherwise, upon the seclusion of
another or his private affairs or concerns, is subject to liability to the other for
invasion of privacy, if the invasion would be highly offensive to a reasonable
person.
1. Intentional, unauthorized intrusion
2. Upon private affairs or concerns
3. Highly offensive to the reasonable person
Investigating without running afoul of privacy laws
15. Surveillance outside the workplace
• An obvious risk that you ought to address
• Structure the decision to retain
• Reasonable grounds?
• Who decides?
• Structure the retainer
• Authorized means? Unauthorized means?
• Requirements (e.g., video only in public)
• Indemnification for breach
Investigating without running afoul of privacy laws
16. Gathering internet evidence
• If published, then likely okay
• Judges likely to be conservative
• see Murphy v Perger, 2007 ONSC
• see UFCW v Alberta, 2012 ABCA 130
• Most privacy statutes have exclusions for “publicly
available information”
• Subject to interpretation
• Seek advice if privacy legislation applies
• If not excluded, investigation exemption may apply
Investigating without running afoul of privacy laws
17. Gathering internet evidence
• If not published
• Receiving a printout from a friend is okay
• Hacking in (e.g., through a found password) is
prohibited by the Criminal Code
• Impersonating someone with intent to gain
advantage is prohibited by the Criminal Code
Investigating without running afoul of privacy laws
18. Gathering internet evidence
• If not published…
• The CBA Code of Professional Conduct (lawyer as
advocate rule) says:
• The lawyer may properly seek information from any potential
witness (whether under subpoena or not) but should disclose the
lawyer’s interest and take care not to subvert to suppress any
evidence or procure the witness to stay out of the way. The
lawyer shall not approach or deal with an opposite party who is
professional represented save through or with the consent of
that party’s lawyer.
Investigating without running afoul of privacy laws
19. Gathering internet evidence
• If not published…
• The CBA Code of Professional Conduct (avoiding
questionable conduct) says:
• Public confidence in the administration of justice and the legal
profession may be eroded by irresponsible conduct on the part
of the individual lawyer. For that reason, even the appearance of
impropriety should be avoided.
• Arguably applies because the tactic for gaining access to
information entails taking advantage of the subject
Investigating without running afoul of privacy laws