The evolution of the thorny issue of privacy in the Canadian workplace continues. In recent months we have updated you on court and labour arbitration decisions. In a recent case, an individual employee tried to take privacy one step further, suing another employee for invasion of privacy. In a ruling welcomed by employers and others, the Ontario Superior Court of Justice confirmed – in its decision in Jones v. Tsige – that such a claim does not exist in law in Ontario. But the matter is proceeding to the Court of Appeal. If successful, the case could open the floodgates for employees and others to claim damages for alleged breaches of privacy directly from the courts, bypassing existing privacy legislation.
Jones v. Tsige involves a claim against an employee of a bank who repeatedly viewed the plaintiff's banking information without authorization over a number of years. The plaintiff also worked at the bank. The bank investigated the incident and disciplined the defendant. The plaintiff brought an action against the defendant for "invasion of privacy". The plaintiff did not bring a claim against the bank.
The Court said that there was no right to sue for "invasion of privacy" in Ontario. As a result, the claim was thrown out. In reaching its decision, the Court noted that many jurisdictions have created statutory privacy regimes which are better equipped than the courts to deal with these types of claims. The Court specifically noted that the plaintiff may have had recourse under the Personal Information Protection and Electronic Documents Act (PIPEDA), which is applicable to the banking sector. The decision has been appealed and will be heard by the Ontario Court of Appeal, likely sometime late this year.
Analysis: Potential Implications for Employers
Although the case deals specifically with a claim made by one employee against another, the same principles would apply to claims brought by employees against their employer. If employees were permitted to bring such claims through the courts, it would impose significant additional obligations on many employers, not to mention the potential claims that could be brought by customers or others.
When considering any employee privacy issues, an employer should ensure that:
- it has a clear understanding of the statutes and other privacy related laws applicable to its operations. While the legal requirements are similar across many jurisdictions, there are important differences of which you need to be aware; and
- even in jurisdictions where there is no applicable privacy legislation, it has policies and practices in place that protect the basic privacy-related interests of all its employees.
The law surrounding workplace privacy issues is evolving quickly. Staying ahead of the curve requires taking proactive steps to ensure that your practices do not leave you open to either new or existing types of claims – whether through the courts, labour arbitration or under privacy legislation.