With contributions by Erin Brandt (nee Kizell), Lawyer.
As in most areas of our lives, technology – and particularly use of the Internet – has become a necessity on the job. But along with its workplace benefits, the Internet also brings with it a number of burdens for employers. Constant, unlimited and immediate access to the outside world – friends, family, news, entertainment – has the very real potential to negatively impact employee focus and productivity. Firewall systems offer a partial solution. However, even with these in place, it can be difficult for business owners to ever be absolutely certain that employees are using their work computers appropriately and productively.
To many employers, employee monitoring may seem like the ideal strategy for detecting misuse of company information technology and systems. As appealing as such a system may be, keep in mind that Canadian law affords employees a reasonable expectation of privacy at work which must be balanced against your own needs as a business owner.
Privacy legislation across Canada restricts and regulates the collection, use, disclosure, storage and security of personal information. The relevant statutes in British Columbia are the federal Personal Information Protection and Electronic Documents Act (for federally regulated employees) and the BC Personal Information Protection Act (for all other employees). Employee privacy rights are not only enshrined in legislation, but have also been recognized by Canadian courts, including the Ontario Court of Appeal and the Supreme Court of Canada.
Thus, if you do decide to monitor your employees’ use of technology in the workplace, it is crucial that you not fall afoul of such privacy laws. One way to acknowledge and respect employee privacy rights is to develop and implement policies relating to both computer use and employee monitoring. Below are five tips for employers planning to introduce or update such policies:
1. Be clear
Your company’s computer use policy should clearly describe the types of employee conduct that are both permitted and prohibited, as well as the consequences for non-compliance with the policy. Once the policy exists, make sure each employee receives a copy. Failing to take these steps could be interpreted as you consenting to employees using their work computers for personal reasons.
2. Be transparent
As a general rule, the law does not allow for covert monitoring of employees. Therefore, your computer use policy should also outline the type of employee monitoring that you will be conducting. If you plan to make your employees subject to random or continuous surveillance, you need to tell them this in advance and get their written consent.
3. Be reasonable
You must have reasonable and clearly documented reasons for undertaking computer, Internet or email monitoring. For example:
• ensuring that employees perform their duties efficiently;
• ensuring the security and protection of valuable proprietary information; and
• defending your company’s reputation.
4. Be fair and balanced
Make sure that there is a rational connection between your method of monitoring and the problem you are trying to address. For example, short-term, targeted surveillance based on reasonable grounds will be easier to justify than large scale, indiscriminate monitoring.
The benefits of any monitoring must also be proportional to any resulting loss of employee privacy. Before resorting to surveillance, consider less invasive means of achieving your goals, such as blocking certain websites with inappropriate or illegal content, warning employees about prohibited behaviours and potential consequences, and/or purging your systems regularly to discourage employees from storing personal files on the corporate computer system.
5. Be responsive
Finally, don’t just adopt computer use policies in the workplace – enforce them. In doing so, act quickly, consistently, and with appropriate progressive discipline. Failure to do so could be viewed as you condoning employee misconduct (see our separate blog post on employer condonation).
Have questions about developing, implementing or enforcing a computer use policy in your workplace? Contact us!