The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Friday, July 08, 2005
Today, Michael Geist has a blog posting about workplace monitoring. He mentions the Canadian Internet Policy and Public Interest Clinic and applauds them for their involvement in the recent decision from the Alberta Information and Privacy Commissioner about keystroke logging. The posting is interesting, in and of itself, but the part that has the widest policy implications is the inconsistency of rules from coast to coast in Canada about workplace privacy. Some provinces have privacy laws that apply in the workplace, but most do not. The federal law, PIPEDA, only applies to federal works, undertakings and businesses leaving the rules dramatically inconsistent from province to province.
Michael Geist - Unequal Privacy Protection"The Alberta Privacy Commissioner recently issued a noteworthy decision on the use of keystroke logging in the workplace that hits home for several reasons. First, the facts of the case: an employee at an Alberta library uncovered the fact that his supervisor had installed a keystroke logger program on his computer to monitor his activities. The supervisor claimed the move was made due to productivity concerns. The employee filed a complaint and last week Commissioner Frank Work ruled in favour of the employee. He found that the evidence did not support the supervisor’s claims and that there were far less intrusive methods to address any productivity concerns. Moreover, the employee had actually been given permission to engage in Internet banking during work hours, yet this too was monitored and logged.
As I mentioned, this case has particular resonance for me. On a substantive level, it points to the disturbing level of unequal privacy protection in the Canadian workplace. This specific case involved a public institution in Alberta, but provincial privacy laws there would have provided some measure of protection for all workers. The same is not true for all Canadian provinces. In Ontario, workers at federally regulated businesses benefit from PIPEDA protection and workers at public institutions from public privacy laws. Moreover, workers in unionized settings also typically enjoy some level of protection. If you fall outside of those protected workplaces, however, you may be out of luck. That is simply wrong: the privacy protections against invasive surveillance enjoyed by some Canadians in the workplace must surely be enjoyed by all.
The case also resonates on a personal level. First, I wrote about these issues several years ago in a study for the Canadian Judicial Council, which was then concerned about the legality of electronic surveillance of the judiciary. The issues raised then remain valid today.
Second, I am very proud that the Canadian Internet Policy and Public Interest Clinic (CIPPIC), the public interest technology clinic at our law school, played a role in the case by providing a legal memo to the employee to help him pursue the case.
I receive regular requests for assistance and advice. I try to provide at least a short answer when I can, though admittedly the volume of correspondence is making that increasingly difficult. In any event, last June this employee sent me an email looking for help. I'm grateful that Pippa Lawson and her CIPPIC team jumped at the chance to get involved. CIPPIC has garnered considerable attention due to its involvement in the file sharing litigation. I think it has done a remarkable job in that case, but we should not overlook the fact that the clinic is helping to fill the void on many other important issues. Congratulations all round."
Labels: alberta, information breaches, privacy, surveillance
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.