Three things every B.C. employer should know about privacy in the workplace

The recent face-off in the United States between Apple and the Federal Bureau of Investigation over the privacy of information on Apple’s handsets highlights for B.C. employers the ever-present tug-of-war between privacy and security 

This tug-of-war extends into workplaces across British Columbia where an employer’s interest in managing its office and protecting its property, physical or electronic, bumps up against the interests of employees who wish to guard their privacy. 
 
This dilemma raises the following question: what is the state of the law in B.C with respect to privacy in the workplace? Here are three things every B.C. employer should know in this respect.
 
Firstly, the B.C. Privacy Commissioner has clearly recognized that employees have an expectation of privacy in the workplace. While the extent of this expectation of privacy continues to be defined, the notion of an expectation of privacy in the workplace is markedly different than what is the state of the law in other jurisdictions. In the U.S., for example, employees have no expectation of privacy in the workplace absent some contractual provision or, in the case of some federal employees, limited protections under the Constitution. 
 
Disposing of this expectation of privacy in BC is not as simple as merely introducing a workplace policy which states that employees have no expectation of privacy in the workplace – particularly when such a policy is not regularly enforced and employees are regularly permitted to make personal use of work computers or technology.
 
Secondly, applicable privacy laws in B.C., i.e. the Personal Information Protection Act for privacy sector organizations and the Freedom of Information and Protection of Privacy Act for public sector organizations, require that organizations give employees prior notice before collecting personal information
 
The prior notice must inform employees of the manner of information collection, the purpose for which the information is being collected and who employees can contact to request access to any of their personal information which has been collected. Moreover, how the personal information is subsequently used must be consistent with the stated purpose for which it was collected. What this means in practice is that employers should have policies in place to govern the collection of personal information. Examples of the collection of personal information include images obtained through video surveillance, records of computer use gathered with monitoring software or the location of company vehicles determined with the assistance of GPS tracking. 
 
Thirdly, the collection of personal information should be carried out in a reasonable manner that minimizes the intrusion on privacy. For example, the Commissioner has held that the continuous, real-time collection of an employee’s computer use will generally not be reasonable. Similarly, the covert collection of personal information (consider, for instance, covert video surveillance) may be considered unreasonable and will be permissible only as a last resort after less intrusive measures have been exhausted.