EMPLOYEES’ PRIVACY NOT PROTECTED
GAP IN PROVINCIAL LAW Rights afforded to clients doesn’t extend to staff
When it comes to protecting privacy of personal information, employees in most parts of Canada have been dealt a losing hand.
“There is a huge gap in privacy protection across Canada today,” says Mary O’Donoghue, manager of legal services and senior counsel at Ontario’s information and privacy commissioner. “Employees most definitely need the same protection afforded customers and clients but they just don’t have it.”
Only British Columbia, Alberta and Quebec have passed legislation that protects personal information collected by employers about the men and women who work for them.
The federal Personal Information and Protection of Electronic Documents Act (PIPEDA), which came into force Jan. 1, 2004, provides protection for personal information collected about clients and customers but not employees unless they work for so- called federal works; federally regulatedcorporations such as airlines, railways, banks and grain elevators.
“It is a very serious problem,” says Jeff Kaufman, a partner at Fasken Martineau DuMoulin LLP in Toronto and chair of the Ontario Bar Association’s privacy section. “Most employees probably don’t realize it but they have almost no specific protection under the law unless they work in one of three provinces [that have passed legislation] or for what are termed federal works.
“ If personal information is misused there is little recourse except through existing Criminal Code and civil statutes. An employee’s right to privacy of personal information simply is not guaranteed.”
The lack of specific legislation makes protection of employee information a grey area under the law, says David Young, co- chair of the privacy law group at Lang Michener LLP in Toronto. Employers, except those covered by existing federal and provincial legislation, have no obligation to treat employee personal information with the same care as that of customers. As a result, employees could face difficulty launching successful actions against employers deemed to have misused personal information.
There are areas of common law that may afford protection for things such as negligence, Mr. Young says. However, the onus is on employees to prove negligence before the courts. Unionized employees may find some protection under the provincial Labour Relations Act, Ms. O’Donoghue says, adding PIPEDA may be interpreted to cover areas such as outsourcing. “If you have third parties doing administration of payroll or employee benefits, the privacy commissioner might interpret that as being covered by PIPEDA,” she says.
To date most of these issues have not been tested either in the courts or before a privacy commissioner. As a result, lawyers are unable to offer clear- cut advice.
“ Employee information is probably the most sensitive information an organization can possess,” Mr. Young says. “It is much more sensitive than customer information. There are not just social insurance numbers, telephone numbers, home addresses and pay scales; there may also be bank accounts and information about character and health issues.”
The lack of protection is not for want of trying, Ms. O’Donoghue says, noting Ontario’s privacy commissioner has repeatedly called for new legislation. “In the last annual report to the Legislature we asked for it again. We also want to restore privacy protection for both provincial and municipal employees, [which] was removed under a previous government.”