All About Information

British Columbia arbitrator James Dorsey recently considered what personal information needs to be disclosed to fullfil the purpose of a collective agreement clause that gives a union access to information to assess the propriety of a job competition.

This award follows a 2005 judgement by the British Columbia Court of Appeal in which it held that the purpose for disclosing bargaining unit members’ personal information to the union as contemplated by the clause was consistent with the purpose for which it was collected and therefore permitted under the British Columbia Freedom of Information and Protection of Privacy Act. The Court of Appeal also held that only what is necessary to the purpose should be disclosed to the union, and perhaps unfortunately, said that “personal identifiers” should be redacted from the disclosure.  

Following the Court of Appeal’s judgement, the employer applied a very literal and narrow view of the union’s right to “applications” and a very literal and broad view of the Court’s comment on redacting personal identifiers.  Arbitrator Dorsey held the employer’s position was improper given the purpose of the access to information clause.

He held that the union’s right to “applications” gave it an entitlement to resumes, interview questions and responses, score sheets, and essentially all other records collected and used in the application process except reference information.  He also held that the Court of Appeal’s suggestion to redact personal identifiers did not allow the employer to redact all information that would tend to identify individuals.  Instead, he said:

When using the term “personal identifiers” in this context, the Court of Appeal meant information that is specific to a unique individual.  This includes names and contact information, such as postal, email and other addresses and telephone numbers; passwords, social insurance, drivers licence, care card and financial numbers; and, in the current world, biometrics.  This is information that is often guarded by individuals to avoid identify theft. 

Ontario employers have generally been unsuccessful in resisting disclosures required by labour law on the basis of employee privacy rights.

Re Canadian Office and Professional Employees Union and Coast Mountain Bus Co. (7 September 2007, Dorsey).

[I picked this case up from a Lancaster House bulletin.  Lancaster House is a publishing and conference company that heavily focuses on labour law.  Thanks!] 

The Ontario Superior Court of Justice issued an order setting aside an Anton Piller order on April 8^th. The judgement is another stressing the extreme burden on parties who seek such orders.

The Anton Piller was initially granted in 2006 in support of a departing employee claim that included allegations of fraud and breach of confidence. The Court it aside because the plaintiff failed to fully and frankly disclose material facts and failed to make reasonable inquiries into material facts. More specifically, it held the plaintiff:

• failed to ask customers whose business it claimed was lost or threatened due to the individual defendant’s actions whether they had been approached by the individual defendant;
• failed to disclose that a customer relationship on which it relied was responsible for only a 2% portion of its gross profit; and
• despite raising the difficulty in seeking production of the individual defendant’s MS Hotmail (which resided in the United States), failed to disclose that it had launched an action in Texas against the individual defendant’s new employer concurrently with its Ontario action, that it had sent a preservation letter to the new employer in conjunction with the action and that it had an agreement from Microsoft to retain the individual defendant’s MS Hotmail e-mails indefinitely.

The Court also criticized the execution of the order and, in particular, a search conducted of the purse of the individual defendant’s wife (also named). The Court said:

[The plaintiffs] were authorized to search for paper documents and electronic data related to Factor’s business, the business of Lanxess and Jean’s potential use of documents from Factor to promote his own and Bigler’s business interests. I question whether any of this material was reasonably likely to be found in Margaret Jean’s purse.

Also interesting, though it was neither challenged nor part of the Court’s consideration: the plaintiff discovered significant evidence of wrongdoing and determined the relevance of the individual defendant’s MS Hotmail account by installing spyware on his computer while he was employed.

Factor Gas Liquids Inc. v. Jean, 2008 CanLII 15900 (ON S.C.).

This 2007 Canadian Human Rights Tribunal decision illustrates the limits to advancing drug testing claims under human rights legislation.

The Tribunal dismissed a discrimination and harassment complaint brought by an employee who was terminated and then reinstated on the condition he abstain from using drugs and alcohol and engage in unannounced testing. The employee did not claim he suffered from an addiction, but rather, claimed the reinstatement contract created the perception that he suffered from alcoholism and was disabled. The Tribunal disagreed, finding that the contract was imposed because of objective behavior and not perceived disability. It stated:

I do not believe that [Entrop and TD-Bank a.k.a. Canadian Civil Liberties Assn.] apply to this case. For example, in the Canadian Civil Liberties Assn case, the Court found that the drug testing policy raised the likelihood of drug-dependent employees losing their employment. Consequently, the discrimination was against those employees who were drug dependent. The complainant in this case is not alcohol or drug dependent. Therefore, the respondent’s policy does not impact on him in the same manner that the drug testing policy impacted on the employees tested in the Canadian Civil Liberties Assn. case.

See this post on the recent Kellogg Brown & Root case, also on the issue of perceived disability.

Witwicky v. Canadian National Railway, 2007 CHRT 25.

On January 31, Arbitrator Devlin upheld a grievance which claimed an improper denial of short-term disability benefits and awarded $5,000 for the manner in which the employer (together with its third-party adjudicator) denied the benefit.

The main problem with the decision was that it relied on a finding that the grievor was not eligible because her condition (an episode of siutational depression) was caused by her husband’s terminal illness.  The grievor gave this information to the employer in an informal telephone conversation at the start of her absence, and the employer forwarded it to the adjudicator in an “employee profile” form.  Ms. Devlin found the underlying reason for the grievor’s absence was not a relevant factor in the claim, which was otherwise justified.  She held that there was evidence the improper denial caused the grievor additional stress and awarded $5,000 in damages.

Hamilton Health Sciences and Ontario Nurses Association (Re), [2008] O.L.A.A. No. 103 (Devlin).

In this February 12 arbitration award, Arbitrator Albertyn articulates the standard for use of surreptitious video surveillance as follows:

The proper context for evaluating the reasonableness of the decision to undertake the surveillance is not the ideal circumstance in which no stone is left unturned. Every aspect of the motivation need not be perfect and yet the decision may be reasonable. The question is one of weight. In every context in which a surveillance decision is made, there will be some things the employer failed to think about, there will be some check or some information which could usefully have been obtained in advance, which the employer failed to obtain. Hindsight and skilful advocacy will show what more could have been done. A gap here or there will not necessarily be fatal, though, to the reasonableness of the decision. Determining the reasonableness requires making a decision as to whether, taken overall with the lack of information that might have been obtained, and with the information that was available and was obtained, was the employer cavalier, capricious, arbitrary or careless in arriving at the decision to initiate surveillance. If, taken overall, despite the flaws in the information the employer had, the employer can show itself to have been bona fide, thoughtful and careful in arriving at the decision, and to have had substantive grounds for suspicion, the surveillance will be reasonable.

The reasonableness standard applies because the mutual respect of management and employees requires that an employee be given the benefit of the doubt until the employee has given some reasonable cause for the employer to believe (possibly erroneously) that the employee is cheating, taking advantage of the situation and obtaining a benefit that is not justified.

In the circumstances, Mr. Albertyn allowed the evidence to be admitted. He said:

I find, despite some deficiencies, that Ms. Peters had reasonable cause for her decision to use surveillance. As Employer counsel submits, Ms. Peters was not acting on a whim. From her perspective, the Grievor had been duplicitous in the past, her attendance record was bad, she appeared not to have needed physiotherapy when she worked previously at PMH, there were no restrictions on what the Grievor could do at work yet the physiotherapy had gone on for many weeks, and, had Ms. Peters asked the Grievor for consent to check on her continuing need for physiotherapy, she thought she might face another harassment complaint. Taken together, there was enough for her to doubt the veracity of the Grievor’s continuing visits to physiotherapy, week after week, and to warrant undertaking a check to see if her suspicions were justified.

Re University Health Network and Ontario Public Sector Employees Union, 2008 CanLII 4546 (ON L.A.).

On January 29th, a panel of the Ontario Superior Court of Justice (Divisional Court) dismissed a application for review of drug testing arbitration decision in which Imperial Oil was held to have violated a collective agreement by implementing random and unannounced drug testing for cannabis impairment.

The policy challenged at arbitration was the same policy that had been upheld by the Ontario Court of Appeal in 2000 in Entrop. Based on Entrop, and the Court of Appeal’s specific finding that random alcohol testing in safety-sensitive positions did not violate the Human Rights Code, Imperial Oil re-instituted random drug testing for safety-sensitive positions by using a new testing technology that could determine current impairment by way of a saliva test.

In December 2006, the majority of an arbitration board chaired by Arbitrator Michel Picher upheld a grievance which challenged the re-implemented random drug testing policy. The board held that the Union was not barred from challenging random drug testing despite being barred from challenging random alcohol testing (based on an equitable doctrine that bars claims after inordinate delay) because random alcohol testing by breathalyzer and random drug testing by saliva test were qualitatively different tests. A key factor, as Mr. Picher’s wrote, was that the saliva testing processing in use by Imperial Oil did not provide an immediate, on-site reading of impairment. The board also found that sampling by buccal swab was more invasive than sampling by breathalyzer and distinguished Entrop by finding that the Court of Appeal’s decision was made in consideration of rights granted under the Human Rights Code rather than a collective agreement.

The Divisional Court rejected Imperial Oil’s argument that the board erred by amending the collective agreement and by relying on unsupported findings of fact. It also held that the board did not made a patently unreasonable decision given the Court of Appeal’s decision in Entrop. It said:

The Board explained why it found the testing to be an invasion of privacy and an infringement of the rights under the collective agreement. As a result of its interpretation, employees under the parties’ collective agreement receive greater protection than they would have under the Code because of their unionized status. Such an interpretation is not inconsistent with the Code, which provides minimum standards for those covered by it. However, the Code does not provide an exhaustive guide as to the meaning of dignity and respect in the workplace generally.

Based on this reasoning, the Divisional Court held that the board did not err in assessing the policy against the somewhat unique anti-discrimination clause in Imperial Oil’s collective agreement, nor did it err in assessing Imperial Oil’s exercise of management rights.

There are some limited factual bases on which other employers may attempt to distinguish the Imperial Oil arbitration decision. Despite these bases, Mr. Picher’s principled attack on random drug and alcohol testing (now upheld by the Divisional Court) is a feature which makes the decision both significant and problematic for employers.

Imperial Oil Ltd. v. Communications Energy and Paperworkers Union of Canada, Local 990, [2008] O.J. No. 489 (QL) (S.C.J.).

Last November 26th, the Alberta Court of Queen’s Bench dismissed a judicial review application which sought to quash an arbitrator’s endorsement of a site-access testing policy brought in by an Alberta construction site owner.

Petro Canada implemented a site access drug and alcohol testing rule at an Oil Sands construction site in 2004. It required Bantrel (the employer) to apply the policy to its employees who were already on site. The drug test to be conducted was not a “current impairment test,” but it gave employees two months’ notice so they could refrain from drug use and pass a test. Most or all of the employer’s available work was on the Petro Canada site, so employees who refused or failed the test were laid off with or without accommodation as appropriate.

In March 2007, an arbitration board chaired by Arbitrator Phyllis Smith held the employer had implemented a reasonable work rule. She reasoned that an employer that imposes a work rule based on a third-party requirement must still demonstrate that it is reasonable to enforce the third-party requirement. Despite this, she held that testing was reasonable in all the circumstances. Even though the employer was not testing for current impairment she held that site access testing implemented on two months’ notice was a reasonable risk management tactic:

The design of the policy insofar as it applied to current employees was such that it would only detect, through non-negative test results, the most significant risks to the workplace, namely persons who were either unwilling to or unable to give up drug use for any time at all.

Risk management was justifiable, she held, based on the nature of the work (undoubtedly safety sensitive) and based on general evidence of work-related drug use in the Alberta construction industry and general evidence supporting efficacy of testing over supervisory monitoring. Ms. Smith expressly held that the employer need not prove that it has a drug and alcohol problem to justify risk management testing (as opposed to current impairment testing).

Ms. Smith also held the employer had not violated the Alberta Human Rights, Citizenship and Multiculturalism Act. Although her analysis is not particularly probing, she appears to have held that site access testing is a BFOR based on the same general evidence supporting its reasonableness. She did note that employees were accommodated, with treatment where appropriate.

The Alberta Court of Queen’s Bench upheld both of these parts of Ms. Smith’s award as reasonable.

While notable, this case demonstrates a markedly different balancing of interests than displayed in recent Ontario arbitration awards, a point noted by Ms. Smith and again by the Court. It is also partly explained by Petro Canada’s broader, risk management purpose - a purpose given weight based on evidence of a broad challenge relating to drug use in the Alberta construction industry and a uniform adoption of site access testing by construction site owners. In Ontario, and perhaps elsewhere, site access drug testing should still be approached with substantial caution.

United Association of Journeymen and Apprentices of the Plumbing and Pipefitting Industry of the United States and Canada, Local 488 v. Bantrel Constructors Co., 2007 ABQB 721.

On October 5th of last year, Ontario Arbitrator Surdykowsky made some broad statements in upholding a grievance which challenged a standard medical information form administered for the purpose of adjudicating short term disability benefits.

The form was administered by the employer’s third-party adjudicator in all applications for STD benefits. It included a consent to collect information from any “party” involved in treatment and requested, among other information, primary and secondary diagnoses, medical history, information on tests and investigations performed and specific information on program of treatment.

Mr. Surdykowsky held that the standard for eligibility in the employer’s STD plans (there were two different ones at issue) did not justify collection of this information for the purpose of adjudication. One plan, for example, simply specified that employees must submit a satisfactory medical certificate showing an inability to perform regular job duties. Mr. Surdykowsky held that the employer was limited to asking for a certificate focused directly on the eligibility requirement unless there was an objectively reasonable basis for doubting the accuracy or truth of the health care provider’s certification.

Mr. Sudykowsky also engaged in a very principled analysis of an employer’s right to medical information. He held that employee privacy rights cannot be outweighed by expediency or efficiency, so even though the collection of further and more detailed medical information may be justified as an absence becomes prolonged and attendance management and accommodation processes become engaged, such information should not be routinely collected at the beginning of an absence on a form that is administered strictly for the purpose of determining benefit eligibility. And while recognizing that broader requests for medical information up front may actually reduce conflict given that health professionals are not “always entirely objective,” Mr. Surdykowski held that employee privacy rights weigh against a departure from a strict necessity requirement.

As part of his broad analysis, Mr. Surdykowski also endorsed the following general principles (in my words):

• A union can bargain the scope of a medical information request form on behalf of its members. An individual may chose not to consent but may be denied benefits. An employer does not act coercively by informing an employee of the potential negative repercussions of failing to consent to disclosure of all information on the form.
• When collecting information for the purpose of adjudicating short term disability benefits or approving a short term medical leave, employers are normally restricted to collecting a certification of disability, the general nature of the illness or injury (which is different from diagnostic information), that the employee has and is following a treatment plan (but not the plan itself), the expected return to work date, and what work the employee can or cannot do.
• Medical consents should generally authorize disclosure from a specific health care provider. They should not authorize contact between the employer or its agent and the health care provider in a manner that cuts the employee out of the “medical information loop” and, more generally, should not authorize the disclosure of information generated course of future care.

While this is a decision based on specific and relatively restrictive collective agreement language, Mr. Surdykowski’s fully-reasoned decision (which is based on 20 days of hearing) may be authoritative and conflicts with fairly standard employer practices. Unionized employers should consider it and reflect upon their short term disability or sick leave administration practices, their medical consent forms and their collective agreement and benefit plan language.

Importantly, the Surdykowski award is only about the information an employer may request for the purpose of adjudicating short term disability benefits. Although he comments peripherally on employers’ need for information in the accommodation process, to the extent an employer has a need for more fulsome information to provide accommodation or to develop a plan for safely returning an employee to work, it may be justified in seeking further and more detailed medical information. Based on the reasoning in the Surdykowski award, such requests should be tailored as much as possible to meet the need in any given case.

Re Hamilton Health Sciences and Ontario Nurses Association, 91 C.L.A.S. 228 (Surdykowski).

The judiciary should confine itself to those incremental changes which are necessary to keep the common law in step with the dynamic and evolving fabric of our society.

Iacobucci J. in R. v. Salituro

* * *

I’ve stayed away from Web 2.0 issues on this blog until now. But when a colleague who I wouldn’t have guessed called me the other day and was quite obviously flabbergasted about how powerful the Facebook application is, it confirmed my very non-original opinion that this phenomenon of people posting personal stuff on the internet could change the shape of privacy law.

I was a resister at first, not of the technology, but of the technology as something that was going to change the law as we know it. You see, I’m a former research lawyer and (as you know) like to follow developing case law. Through this affair of the heart I’ve learned that nine out of ten judgements are confined to their facts. The tenth is usually one I can squeeze some meaning out of, formerly in our internal firm newsletters and now in this blog. I know well that incremental change is truly the norm for the common law. So even as a user of Facebook that was fully-aware of the new masses of people taking control of the internet’s content, I was sceptical (or clueless) that Web 2.0 meant much for privacy law.

My non-belief was aided by my practice as a management-side employment lawyer. We get asked to help employers manage employees who post bad things on the internet all the time. Most of the time we rely on contractual rights, hopefully ones that are helped by a nice “blogging” policy so employer interests can be protected without having to rely on an argument that “employees ought to have known.” Like maybe a policy that tells employees that saying an improper thing to 350 Facebook friends can cause just as much harm as saying it to the world and, hence, will be treated as such. Disputes about off-duty conduct and about how far an employer’s right to regulate an employee’s private life goes have been litigated in Canada for years. Not simple by any means, but nothing new.

Then came the harder files. Former employees don’t have employment contracts. They can have a duty to keep information confidential, but in Canadian law the duty is based on the circumstances under which information is communicated and received. Disparagement of a former manager doesn’t fit, and as a result I’ve gained a rather quick interest in the law of defamation. But what if a former employee publishes a true but embarrassing or harmful fact about a former manager? Or a patient or client? Think about an accurate and fair account of bad management. Say it includes a manager’s home phone number stolen from a personnel file. Or maybe a nurse posts information about a patient’s medical condition on a Facebook page. If employee and patient privacy is regulated, the organization may be in for a problem with a privacy regulator (though not likely for disclosure of the bad management story). But does it have a legal means of acting against the rogue former employee to contain the breach? Does the manager or patient for that matter? What the heck is the basis for the claim?

What’s that? “A new common law right of privacy,” you say?

I am happy that I work with many fair and reasonable organizations, but I’m not really in the running for the “new invasion of privacy tort and implied (contractual) privacy rights advocate-of-the-year” award. We’re only inching our way towards court-based recognition of privacy rights in Canada. Though a newly-recognized privacy right would cause some constraint on management, the example above shows that new bases for protecting privacy would at least fit with some management interests. I think most employers would feel compelled to take action to protect a manager whose privacy is under attack by a former employee simply as a matter of good human resources. A novel confidentiality clause in an employment contract may take employers part of the way provided it hits the right level of post-employment restrictiveness, but such a clause would only invite the truly important question: what types of restrictions on expression ought to be imposed or enforced by a court in the name or privacy?

So I’m a believer now. I’ve mentioned before that I recently read Daniel Solove’s book, The Future of Reputation. It’s a great read, and got me thinking about privacy law and its relationship to freedom of expression, an issue of balance that I don’t get exposed to when working with very technical privacy regulation on a day-in and day-out basis. It also helped me unlock a link between privacy, the law of defamation and even intellectual property that I hadn’t fully understood and that is critical to our developing common law of privacy. Web 2.0 will push the common law along, maybe incrementally, but likely at a pace that reflects a true social phenomenon. We might expect bad decisions and confusing jurisprudence given the pace of change, but we’ll soon enough have a rational governing common law.

But, of course, the significance of Web 2.0 raises other challenging issues.

There’s the increasing significance of the principle of practical obscurity - the one that says information can still be private (or one’s interest in keeping something private can subsist) even if it is exposed to some unauthorized or limited authorized access if it is so buried that the information remains obscure. This has been a part of privacy law for some time, recognized as early as 1989 by the United States Supreme Court in Reporters Committee, but it is a principle that should now have an increasing importance as privacy law develops.

Then there’s the merging of professional and personal reputation and its impact on workplace privacy law. My loving and understanding wife accepts that I “work” all the time and in turn brings her own laptop to our dinner table - which, appropriately enough, is four feet high and more of a casual dinner “bar.” I also have a mainly professional blog but a deep craving to blow the barrier between my personal and professional personas apart by revealing more and more of myself online. If I’m going to be on-duty all the time I’d better do it in my own skin or I’ll be bound for misery and burnout eh?

I assume the way I work is not atypical for a year 2008 knowledge worker in his or her mid-30s, and therfore ask the following: Have we surrendered all privacy to our employers? Or is a new legal framework for employee privacy needed now that the “workplace” is boundless and there is no true “off-duty?” If the boundary between the workplace and the outside world is disintegrating, where should courts now draw the line between what an employer is and is not allowed to know about its employees?

Can you tell I’m excited? Thanks for listening to my story and my ramblings. I’m looking forward to watching this play out and following the developments. If you have any good readings to further feed my interest please let me know. See ya!

The Ontario IPC and Hewlett-Packard have released a joint-paper entitled, “RFID and Privacy - Guidance for Health-Care Providers.” The report discusses the privacy issues associated with RFID health care applications as grouped into three types:

• those involving tagging things
• those involving tagging things linked to people and
• those involving tagging people.

It identifies the latter two types as being privacy sensitive, with tagging “things linked to people” being more sensitive if the the link is strong, as is the case with tags affixed to individually-prescribed vials of medicine. As with most IPC reports of this type, the authors have generally guarded against making potentially binding statements on specific issues. While the authors note many new applications and comment generally on their potential benefit, the report neither endorses nor denounces any specific application. The most strong statement in the report was made about an application totally unrelated to health care. On the use of contactless identification cards for employee identification purposes, the authors said:

RFID-embedded (“contactless”) Identification cards are a special category of health care RFID use. Here we must distinguish between employee identification (and access) cards (whether “smart” or not), and patient identification cards. Employee Identification cards are increasingly being equipped with RFID technologies in order to identify and authenticate the bearer and facilitate access to physical spaces and other (e.g. computer) resources, as well as for process control and audit purposes. Dual or multi-purpose employee identity cards can serve differing functions at different times, according to context. Such a multi-purpose card and the data it contains, if not properly controlled, invites over-identification for some functions, function creep, and unwanted employee profiling.

While making this strong statement on employee identification, the report said that an RFID patient identification program may be acceptable where it…

…responds to a defined problem or issue in a limited, proportional and effective manner, and is deployed in a way that minimizes privacy and security risks, at least as effectively as any alternative solution.

I sense the two pull quotes above were the subject of considerable discussion. And while employers in Ontario should take heed of the report’s warning, the IPC has a very limited jurisdiction to enforce employee privacy rights in Ontario, even on behalf of employees who work at hospitals.