Employee surveillance is an excellent and available method by which companies can protect against fraud. Monitoring of company-supplied hardware, software and access is perfectly legal and arguably compelling in Canada. Many still act under the mistaken belief that when it comes to personal communications such as e-mail and social media forums such as Facebook and Twitter, anything intended as private and personal is protected.
In truth, such privacy is very limited. The legal rubric underlying such an assumption is “reasonable expectation of privacy”, an expression borrowed for global adaptation from the 4th Amendment to the US Constitution, and protected in the Canadian Charter. Historically, personal communications and the privacy protections afforded them were sacrosanct. In addition to the medium of ‘snail mail’ being confidential in its own right—the sealed envelope—most jurisdictions honored the British-based “Royal Mail Rule” premised upon the opening of personal mail as verboten.
However, it is a brave new world legally: not only have the courts conditioned that presumption when it comes to employer-supplied electronic communications, users seem naive to the intrusive nature of ‘open’ dissemination to any and all visitors on public-facing media like Facebook and Twitter. Prudent companies do visit these ‘public’ sites. Many sophisticated employers leverage postings of candidates for employment as a gauge to personality, professionalism and, often, propensity to recklessness and malfeasance. Such postings are instantly accessible and, like a tattoo injudicially attained, indelible and difficult to remove. Moreover, those that prudently safeguard their postings via a security “wall” have a false sense of security; many programs now exist to bypass such electronic gates, albeit problematically legally due to the attendant expectation of privacy.
Such expectation of privacy can be vacuous in the context of company e-mail: it is the prerogative and the responsibility of the employer to monitor its systems, including e-mail and related traffic. The courts were quick to adopt the reverse of the proverbial Royal Mail Rule, upholding the software industry’s mantra that monitoring of systems is not only a right but an obligation. For employers this unilateral right to surveil with limited notice to employees allows for unprecedented and unique transparency into all business and professional activities of employees. The tenuous nature of the protection of privacy can be witnessed in the Supreme Court of Canada’s recent ruling in a criminal case involving pornography on the part of a school teacher (R. v. Cole 2012 SCC 53 doc. 34268).
Although the Supreme Court opined “Canadians may reasonably expect privacy in the information contained on computers, at least where personal use is permitted or reasonably expected”, it ruled that the evidence gathered on the institution’s equipment was “highly reliable and probative physical evidence…the exclusion of the material would have a marked negative impact on the truth-seeking function of the criminal trial process”.
The take-away: while truly personal traffic on company-supplied equipment might be treated as out-of-bounds for use by an employer, evidence gathered regarding business and professional activity can be treated as non-personal, leading to disciplinary sanctions against offending individuals up to and including termination for cause, and potential civil and criminal prosecution against the protagonists, often including a subsequent employer.
The right to surveil provides a company with an effective tool by which to protect against fraudulent practices. For example, the indelible trail created by electronic communication does provide a powerful evidentiary premise for prosecuting a rogue employee who wrongfully trades in a company’s proprietary information both during and after departure. This trafficking in trade secrets is a byproduct and scourge of Gates’ “business at the speed of light”, rendering evidence-gathering via social media and electronic communication a potential panacea against the perpetration of fraud, and an enforcement mechanism where it has occurred.
Even where the communications are not internal and employer-supplied, rigorous surveillance and enforcement is receiving court approval, as in the recent successful application by hockey’s Brian Burke. In the context of alleged defamation by anonymous blog contributors, Burke received a court order to pierce the veil of e-mail anonymity through the ISP (Burke v. John Doe 2013 BSCS 964 Doc. S133008).
The lesson: in a world increasingly wed to the notional upholding of one’s privacy as sacrosanct, as a result of personal social media proclivities and of legal-trending countenancing employer surveillance, the very opposite is true. In a world conducting business via transmission at the speed of light, protection against fraudulent employee practices is materially enhanced by the right of lawful surveillance.