Employee Privacy at Work
By Preston Parsons. Articled Student
Canadian privacy laws continue to evolve and mature, having gone from relative infancy to a serious topic around the boardroom table in a relatively short period of time. Following the Supreme Court of Canada’s decision in R. v. Cole, 1 there has been great interest in the human resources community about the extent to which organizations can most effectively balance the privacy rights of employees at the office with the employer’s desire to manage the workplace as so chooses. In the meantime, Canadian Courts continue to hear cases involving employee claims of breach of privacy, leading to a growing body of law to guide employer’s actions.
The BC Supreme Court recently considered the issue of employee privacy in the workplace in a case called TeBaerts v Penta Builders Group Inc. 2 In rendering its decision, the Court reiterated that while employees may have a claim to a reasonable expectation of privacy at the workplace, an employer will not be found to have breached that expectation of privacy if that expectation is objectively unreasonable.
TeBaerts v Penta Builders Group Inc
This wrongful dismissal case involved an employee of 11 years who was purportedly dismissed for cause. The employer provided three reasons for dismissing the employee:
(a) that she intentionally deleted company files with malicious intent,
(b) that she was dishonest and not forthright when confronted for explanations about this, and
(c) that she was assisting her mother in finding work for her father, who also happened to work in the company.
The third ground arose after a co-worker used the plaintiff’s computer to access old payroll tax reports, and came across an email exchange with the plaintiff’s mother sitting in her inbox. The employee launched an action claiming that her employer did not have cause to dismiss her, and further argued that her employer’s review of and reliance upon, the e-mail exchange with her mother established the tort of breach of privacy under the BC Privacy Act, entitling her to damages.
In the e-mail exchange at issue, the employee’s mother e-mailed her about a potential new employment opportunity for her husband, the employee’s father and co-worker. The employee responded that the potential opportunity did not pay very well and suggested that a recruiter could be contacted to search for new positions for him. The employee further intimated that she may contact a recruiter on his behalf herself.
The Court found that the employer did not have just cause to dismiss the employee. Neither the removal of files nor the email exchange with her mother constituted conduct that was “seriously incompatible with the plaintiff’s duties, going to the root of the contract with the result being the employment relationship was rendered too fractured to expect the defendant to provide a second chance.” 3 She was awarded damages for the loss of her salary, benefits, and bonuses that she would have received had she been given reasonable notice of the termination of her employment.
However, the Court declined to find that the employer committed the tort of breach of privacy and her claim to damages arising from this particular claim was dismissed.
The Tort of Breach of Privacy
The Court in TeBaerts canvassed the law on privacy breaches in the workplace. The tort of breach of privacy arises from the BC Privacy Act 4, which holds that it is a tort for one person to wilfully violate the privacy of another, whether or not any damages arise from that breach. The Privacy Act further provides that an individual cannot merely assert an entitlement to privacy: the nature and degree of privacy to which a person is entitled must be reasonable in the circumstances. Furthermore, the tort only arises where the individual who violates the privacy of another does so intentionally, and without any claim of right.
The Court acknowledged that there was little in the way of authorities as to how to determine the reasonableness of an asserted right to privacy, but that in each case, the totality of the circumstances should be examined. At issue was whether or not the employee had a reasonable expectation of privacy, and whether or not the employer willfully breached that right to privacy.
In this case, the Court found the following circumstances which detracted from the reasonableness of any expectation of privacy the employee had in the contents of her work e-mail:
- The employer owned the employee’s workplace computer;
- The employer had no policies regulating the use of company computers, including any policies related to accessing each other’s computers;
- The security measures in place were “very relaxed”; when the employee’s computer was accessed, it was unlocked and accessible. Although passwords were required when a computer became locked, it was common for employees to leave their computers unlocked and passwords were not closely guarded.
The Court acknowledged that the employee likely wanted the email exchange with her mother to remain private; however, given the circumstances the Court was not convinced that this expectation was reasonable. The employee who came across the e-mail exchange on the plaintiff’s computer was able to do so easily because the computer was not locked with a password. Even if it had been, many passwords at the workplace were known to others around the office.
In this case the Court did not need to determine whether the employer breached the employee’s privacy rights willingly, because they found that no breach had occurred. Given the overall context in which the email was discovered, it was not reasonable for the employee to expect her emails to remain private. Accordingly, her claim to damages for breach of this tort was dismissed.
The Application of TeBaerts in the Workplace
The Court in TeBaerts held that in the context of this workplace, employees had a diminished expectation of privacy with respect to their online activity. This case does not suggest that the absence of a workplace computer policy will automatically result in employee’s forfeiting their rights to computer privacy and in many instances, the opposite may well be true. However, as part of its contextual analysis, the Court may consider whether an employer has provided explicit direction as to how company computers are to be used, and if their alleged activity has breached that policy in any way.
Employees do not have an absolute right to privacy in the workplace, and an employee is not guaranteed privacy merely because they wish for their emails or their computer files to remain private. If an employee asserts that their employer has violated their right to privacy, the Court will assess this claim objectively by conducting a comprehensive analysis of the circumstances in which the alleged breach occurred, including any applicable policies and whether those policies are actually enforced in practice. If the Court finds that the expectation of privacy was not reasonable, it will not find that a breach occurred.
1 2012 SCC 53
2 2015 BCSC 2008
3 Paragraph 82.
4 Privacy Act, RSBC 1996, c 373 at s 1