Workplace privacy is a rapidly changing area of law.  Two recent Canadian court decisions have provided mixed messages for employees in the area of privacy protection.  One Court of Appeal decision seems to have created a relatively new tort (civil action) but the law has not yet fully developed.  The other decision of the Supreme Court of Canada has confirmed that employers have the right in some circumstances to look through personal employee files on a workplace computer.

On Friday October 19, 2012, the Supreme Court issues its long awaited decision in R. v. Cole, a case involving the possession of child pornography by a teacher on a work issued computer.  While this is primarily a criminal law case rather than an employment case, the Supreme Court made some key pronouncements about workplace privacy and, particularly, the privacy of computer data.

First, citing R. v. Morelli, a 2010 decision, the Supreme Court reinforced the notion that Canadians have a high expectation of privacy in their own personal computers.  The Court also noted that computers contain information that is “meaningful, intimate and touching on the user’s biographical core.”  It concluded that “vis-a-vis the state, everyone in Canada is constitutionally entitled to expect privacy in personal information of this kind.”  However, the Court also concluded that workplace policies and practices can “diminish an individual’s expectation of privacy in a work computer.”  Here, Mr. Cole only had a “diminished expectation of privacy” of his personal computer.  The school had an “acceptable use policy” and Mr. Cole was aware of this policy.  Although the Supreme Court stated that it would “leave for another day” the issue of “the finer points of an employer’s rights to monitor computers issued to employees,”  here it concluded that the school principal had the right to seize and search a school issued computer if the principal had reasonable grounds for believing  that the hard drive contained compromising photos of a student.

The Court went on to distinguish between the school’s conduct and that of the police.  With respect to the police, the Supreme Court found that there had been a violation of the Canadian Charter of Rights and Freedoms in that Mr. Cole had been subject to an search that violated section 8 of the Charter.  However, a 6-1 majority of the Court held that the evidence should still be allowed, even though it had been gathered in circumstances that violated Mr. Cole’s rights, because of section 24(1) of the Charter which allows Courts to weigh the seriousness of the rights’ violation.  Only Madame Justice Abella would have excluded the evidence that was found to have been gathered in a way that violated Mr. Cole’s rights.

In a workplace privacy context, this decision contains some helpful language describing the importance of computer data for Canadian employees.  However, the ultimate result here is a diminished expectation of privacy for many Canadian employees.

Another recent case, in an entirely different context, is the case of Jones v. Tsige, a decision of the Ontario Court of Appeal.  This was a case addressing the right of an employee in Ontario to sue for “invasion of personal property.”  Here, in the context of a family dispute, an employee of the Bank of Montreal accessed another employee’s personal bank records illegally, numerous times.  The Court of Appeal held that there is a tort of invasion of privacy in Canada and focused on the tort of “intrusion upon seclusion,” which the Court of Appeal affirmed as an existing tort in Canada.

The Court referred to this developing tort as an “incremental step” in the common law.  The key features of the law are:

1.  The actions by the defendant must have been intentional or reckless;

2.  The defendant must have invaded the plaintiff’s private affairs or concerns;

3.  A reasonably person would regard the invasion as “highly offensive causing distress, humiliation or anguish.”

But, unless actual harm is demonstrated, the Court award will be a “modest conventional sum” with a randomly fixed “upper range” of $20,000, other than in exceptional cases where punitive damages should be awarded.  In this case, the Court of Appeal fixed the damages at $10,000.

How do we reconcile these two types of cases in the context of employee expectations of privacy?

If an employer searches an employee’s personal computer or other personal effects that happen to have been brought to the workplace,or otherwise, that will clearly violate the employee’s right to privacy and may fit within the tort of “intrusion upon seclusion.” Context will be important.

If, on the other hand,  the computer is a workplace computer, the employer may have the right to search the computer based on the overall context.  Some key considerations will be:

Was there a workplace policy in place giving the employer the right to search the computer? 

Was the employee aware of the policy?

Was the search reasonable in all of the circumstances?

Obviously, if the employer can demonstrate that it had the right to access the company issued computer, there would be no basis for a claim for “intrusion upon seclusion.”  If the answer to some or all of these questions is “no,” there may be a basis for an employee claim.

As the law continues to develop, Canadian employees should still be extremely cautious about using their workplace computers for any non-work related matters.  Employees are best off to try to keep their personal business to their own personal computers – whether used at home during non-work hours or on a break at the workplace.  Alternatively, employees can use their own personal devices such as smart phones or tablets.  Personal data that is on a workplace computer may well wind up being discovered and used by the employer for disciplinary or other purposes.

Although the law may eventually wind up developing greater legal protection in these circumstances, as of these two recent decisions, employees in Canada still have a diminished expectation of privacy for data contained on their workplace computers.