Employers would be well-advised to review and update their privacy policies and procedures after the Federal Court of Canada’s recent decision in Landry v. Royal Bank of Canada.
While the damage award in Landry was nominal, the decision demonstrates the Federal Court is willing to award monetary damages for breaches of PIPEDA. This case should serve as a reminder to employers who are subject to PIPEDA to ensure that they not only have privacy policies and procedures in place, but also that employees are aware of the policies and act in accordance with them. Further, when complaints do arise, employers would be well-advised to act on them. Specifically, employers should ensure that complaints are properly investigated and take appropriate corrective measures in response to all complaints.