Employee privacy in private sector organizations other than those that qualify as “federal works” is governed by privacy laws in three provinces (Quebec, Alberta, B.C.) (link). There are no private sector privacy laws applicable to such employees in the other seven provinces. Privacy of employees of “federal works” (e.g. banks, telecoms, railways, airlines) is governed by the federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). Employee privacy also may be protected under collective bargaining agreements, the Canadian Charter of Rights and Freedoms and in certain cases by employment contracts.
Public sector employee privacy is governed by the public sector privacy and access legislation, typically in most provinces the Freedom of Information and Protection of Privacy Act and at the federal level, the Privacy Act.
The private sector privacy laws applicable to employees contain substantially the same provisions relating to collection, use and disclosure of employee information as exist for individuals generally under those laws. Therefore, consent is a required condition for any such handling of the employee information. However two statutes – the Alberta and British Columbia Personal Information Protection Acts (PIPA) (link) –have special stipulations which permit employee information to be reasonably collected, used or disclosed without consent for purposes of managing an employment (or volunteer) relationship provided that notice is given to the employee.
Under the Quebec private sector privacy law (link), express consent to collection, use and disclosure of employee personal information is required. Under the federal law, PIPEDA, consent may be express or implied. In such cases consent typically is found in documents constituting an employee’s employment contract. However in the case of uses not contemplated by such contracts, separate, new consent documentation may be required.
Surveillance is a significant issue for employee privacy. Principles for both overt and covert surveillance have been articulated by privacy commissioners at both the federal and provincial levels, in respect of their applicable legislation, as well as by arbitrators and the courts under collective bargaining agreements. These principles are the following:
- there must be a demonstrable and legitimate need for the surveillance;
- the information collected must serve that purpose and have a strong likelihood that it will achieve that purpose;
- the loss of privacy resulting from the surveillance must be proportionate to the benefit gained;
- an organization must be able to show that it has considered less privacy-invasive measures prior to conducting the covert surveillance;
- the information collected must be limited to that necessary for fulfilling the stated purposes.
Collection of employee personal information by surveillance also has been considered by the courts under the Charter’s right to freedom from unreasonable search and seizure. Collection of such information has been found to be a breach of the Charter right unless clearly recognized (by the employee through relevant employer communications) as related to an activity of which the employee had notice. An example of such an activity would be employer maintenance of an employee’s computer/email systems. Where a Charter breach has been found, the relevant information is excluded from evidence unless it admitting does not bring the criminal justice system into dispute (R. v. Cole; B.C. case).