I have trouble programming my television and need my teenage daughter to lend a hand. I also know that I am not alone in this world of rapidly changing technology. It is of little wonder then, that even the best HR professionals can sometimes use a reminder of best practices when it comes to the use of technology in the workplace. This ever-changing area encompasses so many technological issues that this is only intended to provide a very high level overview.
For employers in a unionized workplace or employers which are federally regulated (eg. banks, telecoms), collective agreements and federal privacy legislation respectively set out strict parameters with respect to what sort of workplace surveillance is permitted. For employers in B.C., Alberta and Quebec, applicable provincial privacy legislation may also set out parameters with respect to permitted workplace surveillance. For all other employers, the workplace surveillance findings of the Privacy Commissioner of Canada are instructive but not generally applicable.
With regard to the Privacy Commissioner’s findings, the use of video surveillance and GPS is generally not permitted for productivity management although it may be permitted if the employer can show a bona fide safety or security reason for the surveillance. In those cases, employees should be given advance written notice of the surveillance and the surveillance must be reasonable in scope. On the other hand, unionized workplace arbitration findings sometimes permit keystroke monitoring to manage productivity, but it is considered intrusive and other means of monitoring productivity should be used if possible.
Computer Use in the Workplace
Much has been written about the extent to which employers can monitor an employee’s computer use in the workplace, particularly in light of the Supreme Court of Canada’s 2012 decision in the case of R v. Cole. In that decision, the court held that employees have a reasonable expectation of privacy in connection with personal information on workplace computers. This criminal decision involving Charter rights is only directly applicable to public sector employers, but it gives employers some idea of where the courts may go on this issue in the future.
As a result of this decision and the apparent desire of the courts to protect employee personal information even when located on company property, it is absolutely necessary for employers to have a computer use policy which confirms that: (i) the employer’s computer systems are company property and should only be used for company business; and (ii) employees should understand that they have no expectation of privacy when it comes to personal information when using the employer’s computer systems. Employees should be regularly reminded about the policy and asked to confirm their understanding and agreement.
The two biggest issues with allowing employees to work from home are productivity and confidentiality. With respect to confidentiality, employers should assist in the set-up of the home office and insist upon some or all of the following protections: (i) home computers which are password enabled, email encrypted, firewalled and/or subject to biometric ID; (ii) all company work must go through the company’s internal network through a platform such as Citrix; (iii) sensitive company and customer information should not be maintained on laptop computers, cell phones or other portable devices; (iv) hard copies of sensitive company or customer information kept at home should be stored in a locked filing cabinet; and (v) home computers used for work purposes should not be accessible to family members. It is also a good idea to conduct periodic checks in order to ensure that your employees are following proper procedures.
If your organization decides that it wants to permit social media in the workplace, drafting a good policy is your starting point. Among other things, the policy should: (i) make it clear that employees cannot use social media to disclose company or customer confidential information, engage in workplace gossip, do anything discriminatory or harassing, or otherwise say anything which might harm the company or its customers; (ii) advise employees that their use of social media may be monitored; (iii) advise employees that the use of social media at work is for work-purposes only; (iv) require workplace bloggers to identify themselves by their real names and make it clear that the views expressed are not necessarily those of the organization (unless the organization requires blog entries to be approved prior to posting); and (v) require employees to have a stand-alone work account for their blogs so that they do not use a personal account for work-related matters.
To understand what you can and cannot do on an on-line basis when it comes to recruiting, you need to understand what you can and cannot do off-line. One of the general rules of thumb is that you cannot make a decision to not hire based on an employee’s age, race, religion, ethnicity, sexual orientation, etc. If an employee is looked up online before a decision is made whether or not to hire, or even whether or not to interview, one runs the risk of finding out something about the employee’s personal background which could lead to a Human Rights complaint. As a result, it remains best practice to interview first, and then make any hiring decision subject to reference checks and other background checks (and to obtain the prospective employee’s consent for those checks before undertaking them).
Although technology is ever-changing and some of the issues set out above will become non-issues with the passage of time and technologies, the one constant thread which runs through most of these issues is the need to have strong policies which outline what is and isn’t permitted in the workplace. Notwithstanding the same, employers should be aware of the fact that employees may have reasonable expectations of privacy in the workplace, even when using company technology.