Big Brother Watching

Many companies have enacted policy documents or provided contractual terms which prohibit the use of company computers for personal use, the downloading of third party programs and also allows the right of the company to track employee use of these facilities.

Time tracking and other big brother software have been the rage for many years. This intrusive software has been used to track employee use of company computers, often unknown to the workers.

There are several considerations to review on this issue. The first is statutory enactments designed to set guidelines as to the use of such monitoring software.

The second is the common law protections which have also been afforded to prevent the search and seizure of electronically stored information, often on company hardware. A review of three recent arbitral decisions is also included on this issue.

The use of Charter values has also used as an interpretative took in these decisions and indeed, a recent decision headed to the Supreme Court, one involving a school board as a government actor, engages the Charter directly.

Statutory Provisions

It has also recently been the focus of legislation designed, at the very least, to advise employees that they are indeed being watched, and in fact, every key stroke is being reviewed.

Ontario

Ontario has led the way by amendments to the Employment Standards Act to require every employer 1 to have a written electronic monitoring policy.

The Ontario statute does not define “electronic monitoring” but it is likely to be regarded as all forms of employee monitoring, which includes contractors, that is effected electronically. This will presumably encompass:

  1. Productivity software;
  2. Software which monitors email, chat boards, websites visited during working hours.
  3. GPS software and usage.

The policy is mandated to set out:

  1. The means by which the company uses electronic monitoring;
  2. The circumstances by which the employer may monitor the workers;
  3. The purpose for which the information so reviewed may be used.
  4. If the employer does not use such monitoring, the policy is yet still required in which event, it will state that the company does not use such a process.

British Columbia and Alberta

In each of these jurisdictions, privacy legislation deals with the use of such monitoring software in the working environment. Any information collected, used or disclosed by an employer must be reasonable for the purpose of establishing, managing or terminating the employment relationship. While no prior consent is required to this end, the employee must nonetheless be notified before the information is collected. 2

Canada and Quebec

Federal law requires the consent of the employee before the company may collect, use or disclose an employee’s personal information. Quebec law mandates that the employer may collect employee personal data only for a “serious and legitimate reason” and further that the worker must be told the reason for the collection of the information and who may have access to this detail. 3

Supreme Court of Canada

The leading case is the Supreme Court of Canada decision in R v Cole, which arose in a criminal context.

Richard Cole was a high school teacher who was allowed to use the Board’s laptop computer for personal purposes. He stored personal information on the computer which, however, included nude and semi-nude photographs of a female student.

As a consequence of routine maintenance, the IT department of the school discovered the offending photographs. The computer was surrendered to the police by the school who accessed the computer without a warrant, thereby raising the issue of a Charter breach.

This, in turn, led to an assessment of the reasonable expectations of privacy in the accused to the contents of the computer as the Charter is intended to protect such interests, which then would allow for state intervention only by legal authority.

Reasonable Expectations of Privacy

It is this question of “reasonable expectations of privacy” in an employment context which is of interest to this text.

In this case, the employer did allow for personal use of the laptop but also maintained a policy which stated personal email remained private, and added that “all data and messages generated on or handled by board equipment are considered to be the property of [the school board]”. Also the school’s “Acceptable Use Policy” which applied to students and teachers warned the users not to expect privacy in their files.

The Supreme Court stated that in circumstances where personal use of workplace computers is permitted or reasonably expected, the individual has a reasonable expectation of privacy in the personal information which is stored on the machine. Such policies may diminish, but do not eradicate a user’s expectation of privacy:

The Court left no doubt in R. v. Morelli, 2010 SCC 8 (CanLII), 2010 SCC 8, [2010] 1 S.C.R. 253, that Canadians may reasonably expect privacy in the information contained on their own personal computers.  In my view, the same applies to information on work computers, at least where personal use is permitted or reasonably expected.

[2]                              Computers that are reasonably used for personal purposes — whether found in the workplace or the home — contain information that is meaningful, intimate, and touching on the user’s biographical core.  Vis-à-vis the state, everyone in Canada is constitutionally entitled to expect privacy in personal information of this kind.

[3]                              While workplace policies and practices may diminish an individual’s expectation of privacy in a work computer, these sorts of operational realities do not in themselves remove the expectation entirely: The nature of the information at stake exposes the likes, interests, thoughts, activities, ideas, and searches for information of the individual user.

Internal Policies Not the Rule

The Court continued with the theme that the school board’s policies and practices diminished the expectation of privacy, but did not eradicate it:

    The nature of the information in issue heavily favours recognition of a constitutionally protected privacy interest.  Mr. Cole’s personal use of his work-issued laptop generated information that is meaningful, intimate, and organically connected to his biographical core.  Pulling in the other direction, of course, are the ownership of the laptop by the school board, the workplace policies and practices, and the technology in place at the school.  These considerations diminished Mr. Cole’s privacy interest in his laptop, at least in comparison to the personal computer at issue in Morelli, but they did not eliminate it entirely.

The case did involve the actions of the police, clearly a government actor and subject to Charter protections, unlike a private employer in most circumstances. The Court stated that it would defer consideration of the rights of the employer to conduct a search of the computer:

    Mr. Cole does not challenge the initial inspection of the laptop by the school technician in the context of routine maintenance activities.  He concedes, moreover, that the technician did not breach his s. 8 rights.  In this light, I leave for another day the finer points of an employer’s right to monitor computers issued to employees.

The direction, however, of the Court to offer protection to the personal information of  employees is clear:

The closer the subject matter of the alleged search lies to the biographical core of personal information, the more this factor will favour a reasonable expectation of privacy.  Put another way, the more personal and confidential the information, the more willing reasonable and informed Canadians will be to recognize the existence of a constitutionally protected privacy interest.

[47]                          Computers that are used for personal purposes, regardless of where they are found or to whom they belong, “contain the details of our financial, medical, and personal situations” (Morelli, at para. 105).  This is particularly the case where, as here, the computer is used to browse the Web.  Internet-connected devices “reveal our specific interests, likes, and propensities, recording in the browsing history and cache files the information we seek out and read, watch, or listen to on the Internet” (ibid.).

[48]                          This sort of private information falls at the very heart of the “biographical core” protected by s. 8 of the Charter.

It is likely that whatever the written agreement or clearly intended policy document may state, such words will not allow for an infringement of personal rights. Equally, ownership is not conclusive of employee right to expected privacy:

While the ownership of property is a relevant consideration, it is not determinative (R. v. Buhay, 2003 SCC 30 (CanLII), 2003 SCC 30, [2003] 1 S.C.R. 631, at para. 22).  Nor should it carry undue weight within the contextual analysis.  As Dickson J. (later C.J.) noted in Hunter, at p. 158, there is “nothing in the language of [s. 8] to restrict it to the protection of property or to associate it with the law of trespass”.

[52]                          The context in which personal information is placed on an employer-owned computer is nonetheless significant.  The policies, practices, and customs of the workplace are relevant to the extent that they concern the use of computers by employees.  These “operational realities” may diminish the expectation of privacy that reasonable employees might otherwise have in their personal information (O’Connor v. Ortega, 480 U.S. 709 (1987), at p. 717, per O’Connor J.).

[53]                          Even as modified by practice, however, written policies are not determinative of a person’s reasonable expectation of privacy.  Whatever the policies state, one must consider the totality of the circumstances in order to determine whether privacy is a reasonable expectation in the particular situation (R. v. Gomboc, 2010 SCC 55 (CanLII), 2010 SCC 55, [2010] 3 S.C.R. 211, at para. 34, per Deschamps J.).

Shared Computer

Also in a criminal context, the Supreme Court allowed the argument of the accused that, notwithstanding that the computer being seized was used jointly by him and his spouse, that he maintained the same subjective and objectively viewed as reasonable, expectation of privacy. The evidence was seen as contrary to the Charter. 4 The Court spoke to the “unique and heightened privacy interests in personal computer data”:

 Given the unique privacy concerns associated with computers, this Court has held that specific, prior judicial authorization is required to search a computer (Vu, at para. 2) and that police officers cannot search cell phones incident to arrest unless certain conditions are met (Fearon, at para. 83). The unique and heightened privacy interests in personal computer data clearly warrant strong protection, such that specific, prior judicial authorization is presumptively required to seize a personal computer from a home. This presumptive rule fosters respect for the underlying purpose of s. 8 of the Charter by encouraging the police to seek lawful authority, more accurately accords with the expectations of privacy Canadians attach to their use of personal home computers and encourages more predictable policing.

Text Messages

This issue also arose in the context of criminal charges. 5 The phone of the accused had been accessed without a search warrant which revealed a series of incriminating text messages. The arose as to the admissibility of these messages, given S. 8 of the Charter which protected against unreasonable search and seizure.

To claim that the messages were in violation of the Charter, the accused must show a reasonable expectation of privacy, that is, as subjective test showed so and further that objectively viewed, that this was a fair expectation.

Repeating the test from R. v Cole, these factors must be considered:

  1. What was the subject matter of the search?
  2. Did the claimant have a direct interest in the subject matter?
  3. Did the claimant have a subjective expectation of privacy in the subject matter;
  4. If so, was the claimant’s subjective expectation of privacy objectively viewed reasonable?

In reviewing the issue, the majority decision noted the expectation of privacy in the form of text messaging:

  Indeed, it is difficult to think of a type of conversation or communication that is capable of promising more privacy than text messaging. There is no more discreet form of correspondence. Participants need not be in the same physical place; in fact, they almost never are. It is, as this Court unanimously accepted in TELUS, a “private communication” as that term is defined in s. 183 of the Criminal Code, R.S.C. 1985, c. C-46, namely, “[a] telecommunication . . . that is made under circumstances in which it is reasonable for the originator to expect that it will not be intercepted by any person other than the person intended by the originator to receive it”: see TELUS, at para. 12, per Abella J., at para. 67, per Moldaver J., and at para. 135, per Cromwell J.

[36]                          One can even text privately in plain sight. A wife has no way of knowing that, when her husband appears to be catching up on emails, he is in fact conversing by text message with a paramour. A father does not know whom or what his daughter is texting at the dinner table. Electronic conversations can allow people to communicate details about their activities, their relationships, and even their identities that they would never reveal to the world at large, and to enjoy portable privacy in doing so.

[37]                          Electronic conversations, in sum, are capable of revealing a great deal of personal information. Preservation of a “zone of privacy” in which personal information is safe from state intrusion is the very purpose of s. 8 of the Charter: see Patrick, at para. 77, per Abella J. As the foregoing examples illustrate, this zone of privacy extends beyond one’s own mobile device; it can include the electronic conversations in which one shares private information with others. It is reasonable to expect these private interactions — and not just the contents of a particular cell phone at a particular point in time — to remain private.

The majority concluded that the text messages were caught by S. 8 of the Charter. This decision is reflective of the Court’s view of the inherent privacy in this context of the text messages. It is expected that the same Charter values would apply to a workplace investigation.

Foundational Contract

A clear and well-defined agreement setting out what personal uses are allowed or not, and that the employer retains the right to examine and access personal data stored on the employer’s computer equipment is nonetheless a first step in defining the respective rights of both parties. It may well not rule the day, but it remains an essential to define expected positions.

Intrusion on Seclusion

A private employer, and presumably the investigator, could be sued for breach of the expected privacy of an employee for reading an employee’s private files and email based on the Ontario Court of Appeal decision in Jones v Tsige, absent such an agreement and likely, given the words of the Supreme Court in Cole, even where such an agreement is in place.

The Court of Appeal defined the claim as follows:

The key features of this cause of action are, first, that the defendant’s conduct must be intentional, within which I would [page262] include reckless; second, that the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and third, that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. However, proof of harm to a recognized economic interest is not an element of the cause of action. I return below to the question of damages, but state here that I believe it important to emphasize that given the intangible nature of the interest protected, damages for intrusion upon seclusion will ordinarily be measured by a modest conventional sum.
(d) Limitations

[72] These elements make it clear that recognizing this cause of action will not open the floodgates. A claim for intrusion upon seclusion will arise only for deliberate and significant invasions of personal privacy. Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practises and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.

[73] Finally, claims for the protection of privacy may give rise to competing claims. Foremost are claims for the protection of freedom of expression and freedom of the press. As we are not confronted with such a competing claim here, I need not consider the issue in detail. Suffice it to say, no right to privacy can be absolute and many claims for the protection of privacy will have to be reconciled with, and even yield to, such competing claims. A useful analogy may be found in the Supreme Court of Canada’s elaboration of the common law of defamation in Grant v. Torstar where the court held, at para. 65, that “[w]hen proper weight is given to the constitutional value of free expression on matters of public interest, the balance tips in favour of broadening the defences available to those who communicate facts it is in the public’s interest to know.”

It would be prudent to tread very softly on personal information stored on the employee’s computer or that which is backed up on the company’s server.

Business communications would very likely be fair game.

A New Brunswick court considered the plaintiff’s assertion that the employer’s conduct in following her Facebook postings was actionable. The short answer to this assertion was that the apparent decision of the employee to set her settings as “public” could not allow for such a claim. 6 The same case, in a second hearing, determined the company’s access to the plaintiff’s icloud account, was actually the company’s iclould account, that the access was limited to the search for one document and for a legitimate business purpose:

I also accept Ms. McKeeman’s evidence that she examined the photos for a lawful reason, i.e. to search for the photo which the disappointed client had requested.  I recognize that a search with the assistance of Ms. Cairns had been conducted earlier but I find that because it was the defendant’s iCloud account she was searching, on the defendant’s iPhone which she had no way of knowing was connected to the same iCloud account as Ms. Cairns’ personal iPhone, she was justified in examining what she believed were photos taken by Ms. Cairns in her capacity as an employee of the defendant in hopes of satisfying a disappointed client.

[25]   Moreover, at the time it was accessed by Ms. McKeeman and forwarded to her supervisor, Jean McLean, i.e. two weeks after this action was started, it was a document that Ms. Cairns was obligated to disclose to the defendant in her affidavit of documents. Considering the totality of the circumstances, then, I find that Ms. Cairns had no reasonable expectation of privacy vis a vis the defendant in respect to the medical note.

 [26]   Further, although the disclosure of the note to Ms. McLean was intentional, I find that given its contents and the defendant company’s disclosure obligations in the ongoing litigation to which it was relevant, that disclosure was both necessary and legally justified.

[27]   I therefore find that because the defendant company’s access to Ms. Cairns’ personal information was both unintentional and for a legitimate purpose, its accessing the iCloud account did not constitute an invasion of her private affairs without lawful justification.

Arbitral Decisions

Emails to/from Spouse

This issue arose in an arbitral context in the 2015 decision of  Saskatchewan Government and General Employees Union v Unifor Local 481.

The employee, a labour relations officer, had been terminated due to his alleged involvement in a motorcycle club, denying this allegation to his employer, and breaching the employer’s IT policy and its code of conduct. The employer had searched its email server and sought to introduce emails which were personal to/from the grievor and his spouse. This became the evidentiary issue that led to this decision.

The arbitrator found that the email communications were not admissible.

There was no dispute that the employer maintained a detailed IT use policy. The policy made it clear that use of the employer’s server and IT network for the sole purpose of the employer’s business and all messages and files stored on the It caut network were the property of the employer. It cautioned employees that all such communications so stored were not to be considered private or confidential and that the employer maintained the right to access and review the servers as it required. In short, the employer could not have presented a more emphatic policy document to support its position.

The policy did not prohibit personal use of the network but did make it abundantly clear that personal use was at the employee’s risk. As noted by the arbitrator, the manual “goes a long way towards reducing any reasonable expectation of privacy..”.

That being said, it was also determined that it was inevitable that some personal emails were bound to be contained on the server.

As to the fundamental question of whether the employer could freely access these messages, the answer was “no”, regardless of the policy terms.

Referencing the Cole decision, the arbitrator found that written policies do not rule the day nor is the question of ownership as long as it was “unreasonable to expect that no personal emails will find their way onto a business email system”.

This does not, however, lead to the conclusion that the employer never has the right to examine an employee’s personal email server. However, the search of information which is highly sensitive and personal must be reasonable in the circumstances and carried out in a reasonable manner. Further, a search which is very intrusive on privacy should not be the first resort, particularly where there are other reasonable alternatives.

In this instance, the fact that the search revealed personal communications with the wife of the grievor added fuel to the fire, given this being the most intimate and personal of all communications, which had the potential to generate information that is “meaningful, intimate and organically connected to the Grievor’s biographical core”. Further, these messages were found in the grievor’s trash file. All these factors showed a strong expectation of privacy, hence denying the admissibility of these documents into evidence.

Whatsapp & Twitter

The above decision was followed in a January 2021 arbitration involving C.B.C. and its reporter. 7 Khan, the reporter had used his company laptop to access the social media message applications of Whatsapp and Twitter. He had used these media to conduct himself in a manner which was contrary to CBC policy. The messages which revealed these improprieties were accessed by a colleague at a moment when Khan had left his laptop open with his account on these media similarly open. The co-worker had taken screen shots and forwarded these to management.

The arbitrator noted that these media were intended to be private:

These accounts were clearly meant to be private; they included messages with friends and family about personal and even occasionally privileged matters, such as his dating life, his conversations with union representatives and his unvarnished comments about his employer. WhatsApp, in particular, promotes itself as a service with end-to-end encryption to ensure privacy.

Unlike the referenced case, the union took no objection to the introduction of these messages into evidence. It did object, nonetheless, to the use of these messages to support the discipline.

The collective agreement did contain a term which honoured Khan’s right to privacy:

Employees have the right to work in an environment that respects their personal privacy and is free from surveillance, either overt or covert, subject to legitimate security needs

The arbitrator found that the conduct of the employer violated Khan’s expected right to privacy, tainted the hearing which resulted in the success of the grievance. It did note that there may be situations where such a right may be overridden:

While there may be occasions where the suspected misconduct is so serious that it may warrant a search of private messages that would normally be a violation of privacy rights – criminality can be such an example – this was not one of them.

A contrary decision was reached by the arbitrator in a further 2015 award. The employee had been alleged to have conducted a side business on company hours. The employee had left his company computer open at which time a colleague noticed and took notes of the offending emails which raised serious concerns as to the employee’s conduct. It continued to monitor his email account selectively. The subject line of the message was noted before the email was read. This evidence resulted in the termination of his employment. The messages were allowed to be used. 8

Video Recordings

A second arbitral decision from Alberta in January of 2023 considered the employer’s overt action in installing surveillance cameras in the employee lunch room. The cameras had been installed by Sobey’s without any consultation with the union. This room was the only realistic location for the employees to enjoy their lunch or breaks and the employees, as the union argued, felt intimated by the presence of this surveillance and further, that there were other reasonable alternatives such as direct management supervision and also there had been no revelations of theft or other improper conduct to rationalize this step.

The employer had posted notices of the video monitors. The company also had provided a policy document which stated that the cameras were intended to address safety and security needs and were intended to respect personal privacy of the employees in these words:

address safety and security requirements while respecting and preserving individual privacy; aid in the resolution of disciplinary or grievance matters; assist with any potential civil litigation; and respond to incidents involving Loss Prevention or Occupational Health and Safety.

The arbitrator allowed the surveillance and spoke to the distinction between covert and overt, as in this instance, monitoring. He proceeded to note that the test for the latter is whether it was a reasonable measure conducted in a reasonable way.

The result seems draconian. One would expect that the employees should be able to enjoy their lunch time meal without such invasion of their private discussions with colleagues. How this decision aligns with the reasonable expectations of privacy as set out in Cole appears a mystery. Personal emails may fit this ambit but a chat with a colleague at lunch does not ? 1984 seems to be the rule.

A review of this decision may be found here.

Google Log Headed to Supreme Court

A recent case from Ontario which arose in an arbitral context will soon no doubt be the leading authority on the question of the right of search of employee computers and similar electronic systems. The reasons from the Ontario Court of Appeal are reviewed presently. Leave to appeal this decision has been allowed by the Supreme Court. The case will be argued in mid-October 2023. 9

The case is distinctive from the prior common law and arbitral decisions as it engaged Charter rights directly as opposed to by inference as the employer school board was determined to be a public entity subject to Charter rights. The ultimate question was whether public school teachers on these facts were protected from unreasonable search and seizure by S. 8. Apart from the individual facts confronting the court, it was clearly accepted that s. 8 does apply in principle.

The Facts

Two elementary teachers believed that a third teacher was receiving preferential treatment from the principal and expressed concern to one another about the impact this may have on their upcoming performance reviews. One of them contacted the union which advised her to keep notes of relevant events. She proceeded to create a log using her Gmail account, one which was password protected, which she shared with the sole second user, her colleague. The two teachers were the only persons able to access and make notes on the log. The log was not saved on a workplace laptop, nor on a workplace drive. It was stored “in the Cloud”. Information about existence of the log has been shared with a third teacher. Others had advised the principal of the possibility of this log existing. The Board searched its online files, the school’s hard drives and google drives and found nothing.

Following this event, the principal entered the classroom of the log creator and found her laptop, one provided by the school, had been left open. He touched the mousepad which then revealed a document headed “Log Google Docs’ which was opened on the screen. He scrolled through this and took 100 screenshots of the contents of the log.

This resulted in letters of discipline due to the use of Board technology to create the log on Board time and the entries made relating to the principal and a third teacher.

Arbitrator Decision

The arbitrator followed the Cole decision but determined that the fact that the teacher had left her log open on the Board laptop reflected a diminished expectation of privacy. She also found that the search was limited and reasoned and that there was no privacy violation. She also concluded that the principal had intended to determine whether the laptop was shut off which he was entitled to do. He found the “Log Google Docs” by accident. It was found that the teacher had left it “in plain view on her classroom laptop”. The decision maker saw the contents of the log as revealing “far from personal or intimate information about either of them”. The principal’s conduct was concluded not to be a privacy violation.

Having found the log, it was then determined that the subsequent search of the laptop was reasonable as the Board believed that the log was stored on it.

Divisional Court

On first review, this court upheld the arbitrator’s decision. 10 Effectively the Divisional Court majority viewed the actions as reasonable.  It stated that the union’s position involved what was described as two levels of deference, as the fundamental decision must only meet the test of “reasonableness” and further, within that standard, the Board was yet allowed to make a “reasonable” search. The decision also held that employees do not have s. 8 Charter rights in a workplace environment.

Court of Appeal

The Court of Appeal took issue with the standard to be applied on the judicial review application. While correct that the standard of reasonableness is applicable for factual findings, this court found that the legal question of the applicability of s.8 of the Charter was a question of law to which was applied the standard of correctness.

The Court of Appeal found that the school board was a government actor in this instance. This court also found the Divisional Court had erred in the conclusion that s.8 did not apply to employment relationships.

Reasonable Expectation of Privacy

This then left the core issue to be whether the teachers had a reasonable expectation of privacy in the log. The big sky considerations in this analysis were as follows:

The principles governing freedom from unreasonable search and seizure are well established. Whether a person has a reasonable expectation of privacy is a normative question: it requires the evaluation of a person’s legitimate interests to determine whether they should be given priority over competing interests. It is not a matter of describing what a person’s expectations are or predicting what they would be. The determination is necessarily a value-laden inquiry that is conducted in fact-specific circumstances.

The appellate court referred to the need to examine the “totality of circumstances” to assess the merits of this position:

In R. v. Edwards, 1996 CanLII 255 (SCC), [1996] 1 S.C.R. 128, the Supreme Court instructed that a reasonable expectation of privacy is to be determined having regard to the “totality of circumstances”. The following questions are relevant:

  1. What was the subject matter of the search?

  2. Did the claimant have a direct interest in the subject matter?

  3. Did the claimant have a subjective expectation of privacy in the subject matter?

  4. If so, was the claimant’s subjective expectation of privacy objectively reasonable?

[48]      The key question is whether an expectation of privacy is objectively reasonable, and that is informed by several non-exhaustive considerations:

  •      the location of the search;
  •      whether the subject matter was in public view;
  •      whether the subject matter was abandoned;
  •      whether the information was already in the hands of third parties, and if so, whether it was subject to an obligation of confidentiality;
  •      whether the investigative technique was intrusive in relation to the privacy interest;
  •      whether the investigative technique itself was objectively unreasonable; and
  •      whether the information exposed any intimate details of the claimant’s lifestyle, or information of a biographical nature.

See R. v. Tessling, 2004 SCC 67, [2004] 3 S.C.R. 432, at para. 32.

The court then examined the principal, so to speak, issue of the screenshots taken and forwarding these to the Board. This conduct was a s. 8 violation due to the following factors:

  1. The subject matter was personal messages from one teacher to another. These were not stored on the Board laptop but “in the Cloud”;
  2. Each teacher had a direct interest in the contents and had a subjective expectation of privacy;
  3. The fact that the Board laptop was used to access the Cloud or that the laptop was carelessly left open did nothing to reduce this expectation;
  4. The teachers did all they could to protect their privacy;
  5. This subjective expectation was reasonable when viewed objectively. 11

The court continued to note that the test is one of whether the storage mechanism could potentially allow for personal information to be stored in this manner, not whether it was so. Significantly, it also determined that whether the data stored was part of the “biographical core” is not determinative of the objective assessment of the reasonableness of the expectations. To this end, the arbitrator was incorrect in concluding that the information was “not close enough to the Grievors’ ‘biographical core’”. This is only one factor, not a conclusive one, as stated by the Court of Appeal.

The teachers, the court concluded, were allowed to record their private thoughts, including complaints of co-workers and supervisors, as they felt, to their own end, free of interception.

The Court of Appeal continued to assess whether the search employed was reasonable. It stated:

It is not possible to prescribe the circumstances in which a search and seizure will be reasonable in workplaces governed by the Charter. Workplaces differ dramatically, and whether a reasonable expectation of privacy exists depends on the unique circumstances of each case. For example, employees engaged in policing or security services may have lesser expectations of privacy, as their employers may have a greater need for the authority to conduct searches and seizures in the workplace.

[66]      All of this is simply to emphasize the normative nature of the reasonable expectation of privacy: all the relevant circumstances must be considered in determining whether a search and seizure is reasonable in a particular case.

In this context, there was no right to proceed further once the log had been discovered:

Once the principal realized he was looking at the grievors’ log, it was as though he had found their diary. He had no legitimate purpose in reading it, let alone taking screenshots of it and submitting it to the Board. The principal failed to respect the grievors’ reasonable expectation of privacy.

The Court of Appeal concluded:

A person’s thoughts about others are no less personal to them than their thoughts about themselves. The grievors were within their rights to be judgmental – to criticize the school, their fellow employees, and the principal in their private communications. Their private thoughts were not to be mined by the school principal to address his employment relations concerns, no matter how innocently the principal may have come upon the log or how pressing his concerns were.

The case will no doubt be the bell weather on this topic following the further review by the Supreme Court.

 

 

  1. That is, every provincially regulated company with 25 or more “employees”. The count of employees is as of January 1, 2023. The policy is to be in place as of March 1, 2023. ”
  2. Personal Information Protection Act, SA 2003, c P-6.5, s. 15(1) and Personal Information Protection Act, SBC 2003, c 63, s13
  3. Personal Information Protection and Electronic Documents Act, SC 2000, c5, s. 4.3.1 Schedule 1 and An Act respecting the protection of personal information in the private sector, CQLR c P-39.1, s.6
  4. R. v Reeves
  5. R. v Marakah
  6. Rancourt-Cairns v. Saint Croix Printing
  7. Canadian Broadcasting v Canadian Media Guild
  8. International Brotherhood of Electrical Workers, Local 353 v Ainsworth Inc.
  9. Elementary Teachers Federation of Ontario v York Region School Board; leave to appeal
  10. With one dissenting opinion
  11. As is the test

Leave a Reply