By Howard Levitt and Robert Taylor
Your right to keep personal information from the prying eye of your employer might be less than you presume
Millions of Canadians enjoy company-supplied laptops and cellphones. Most presume that their personal information is protected from their employers because of their belief that they enjoy a “right to privacy.” But do they?
Two cases help answer this question.
In Jones vs. Tsige, the Court of Appeal for Ontario recognized a new privacy right called “intrusion upon seclusion,” which protects everyone (not just employees) from having others poke into their private affairs, such as personal financial information, when that intrusion is “highly offensive” to a “reasonable person.” Some provinces enacted legislation creating a further lawsuit for breach of privacy.
In R vs. Cole, the accused was a teacher who saved nude pictures of an underaged student on his school-supplied laptop, for which he was permitted incidental personal use. The shots were discovered during regular laptop maintenance and turned over to the police, who laid criminal charges. The school board’s policy and procedures manual declared “all data and messages … property of (the school board).” Nonetheless, the Supreme Court of Canada found that the teacher still had some, albeit diminished, right to privacy.
Overall, then, any “right to privacy” you might have as an employee will be a limited one, potentially diminished by any terms of your employment, if you have any such terms.
If your employer has an internet use policy allowing personal use of the company devices — that policy dictates what privacy you enjoy over personal information. Most company policies provide little or nothing at all. Without any policy, your right to keep that information from the prying eye of your employer might be less than you presume.
Most internet use polices absolutely forbid using the company’s devices for illicit purposes such as downloading porn or other offensive material. We have acted for employers where employees had downloaded such material (sometimes sent by “friends”). Where the employee was initially terminated without cause, our discovering the existence of such material downloaded by the employee gives the employer “after-acquired cause,” which means the employee will be entitled to nothing on termination. Violating the employer’s internet use policy can have serious financial repercussions.
We advise employers to have such a policy in place so that there is never any doubt about who owns and has access to the information on company-owned devices and what material employees are forbidden to access on company-owned devices.
If you save personal information, such as banking details or family photos, on your company-supplied device, your employer has access to them even though you may have a limited right to keep it confidential.
If you are leaving your employer, you can and should delete your personal information (although your employer may already have it saved on its server) before you return the company’s devices. This should be discussed with your employer and co-ordinated so that no false allegations are made about what you deleted. You cannot delete any company information even if the company regularly backs it up. If you do so, you invite a lawsuit.
After you have left, your employer may decide to review the information on the hard drives of your company-owned devices. It will be looking for suspicious activity, such as downloads or emails of company documents, sent to your home or to any unfamiliar address. Ensure that you do not do that before you depart. You would have been far better off if you had photocopied and removed your personal information.
Is there a better way to protect your personal information from your employer’s prying? Yes. Acquire a personal email address and telephone number and purchase a cellphone and/or laptop which you use only for personal purposes. In short, don’t mix business and pleasure!