All About Information

Last November 26th, the Alberta Court of Queen’s Bench dismissed a judicial review application which sought to quash an arbitrator’s endorsement of a site-access testing policy brought in by an Alberta construction site owner.

Petro Canada implemented a site access drug and alcohol testing rule at an Oil Sands construction site in 2004. It required Bantrel (the employer) to apply the policy to its employees who were already on site. The drug test to be conducted was not a “current impairment test,” but it gave employees two months’ notice so they could refrain from drug use and pass a test. Most or all of the employer’s available work was on the Petro Canada site, so employees who refused or failed the test were laid off with or without accommodation as appropriate.

In March 2007, an arbitration board chaired by Arbitrator Phyllis Smith held the employer had implemented a reasonable work rule. She reasoned that an employer that imposes a work rule based on a third-party requirement must still demonstrate that it is reasonable to enforce the third-party requirement. Despite this, she held that testing was reasonable in all the circumstances. Even though the employer was not testing for current impairment she held that site access testing implemented on two months’ notice was a reasonable risk management tactic:

The design of the policy insofar as it applied to current employees was such that it would only detect, through non-negative test results, the most significant risks to the workplace, namely persons who were either unwilling to or unable to give up drug use for any time at all.

Risk management was justifiable, she held, based on the nature of the work (undoubtedly safety sensitive) and based on general evidence of work-related drug use in the Alberta construction industry and general evidence supporting efficacy of testing over supervisory monitoring. Ms. Smith expressly held that the employer need not prove that it has a drug and alcohol problem to justify risk management testing (as opposed to current impairment testing).

Ms. Smith also held the employer had not violated the Alberta Human Rights, Citizenship and Multiculturalism Act. Although her analysis is not particularly probing, she appears to have held that site access testing is a BFOR based on the same general evidence supporting its reasonableness. She did note that employees were accommodated, with treatment where appropriate.

The Alberta Court of Queen’s Bench upheld both of these parts of Ms. Smith’s award as reasonable.

While notable, this case demonstrates a markedly different balancing of interests than displayed in recent Ontario arbitration awards, a point noted by Ms. Smith and again by the Court. It is also partly explained by Petro Canada’s broader, risk management purpose - a purpose given weight based on evidence of a broad challenge relating to drug use in the Alberta construction industry and a uniform adoption of site access testing by construction site owners. In Ontario, and perhaps elsewhere, site access drug testing should still be approached with substantial caution.

United Association of Journeymen and Apprentices of the Plumbing and Pipefitting Industry of the United States and Canada, Local 488 v. Bantrel Constructors Co., 2007 ABQB 721.

On October 5th of last year, Ontario Arbitrator Surdykowsky made some broad statements in upholding a grievance which challenged a standard medical information form administered for the purpose of adjudicating short term disability benefits.

The form was administered by the employer’s third-party adjudicator in all applications for STD benefits. It included a consent to collect information from any “party” involved in treatment and requested, among other information, primary and secondary diagnoses, medical history, information on tests and investigations performed and specific information on program of treatment.

Mr. Surdykowsky held that the standard for eligibility in the employer’s STD plans (there were two different ones at issue) did not justify collection of this information for the purpose of adjudication. One plan, for example, simply specified that employees must submit a satisfactory medical certificate showing an inability to perform regular job duties. Mr. Surdykowsky held that the employer was limited to asking for a certificate focused directly on the eligibility requirement unless there was an objectively reasonable basis for doubting the accuracy or truth of the health care provider’s certification.

Mr. Sudykowsky also engaged in a very principled analysis of an employer’s right to medical information. He held that employee privacy rights cannot be outweighed by expediency or efficiency, so even though the collection of further and more detailed medical information may be justified as an absence becomes prolonged and attendance management and accommodation processes become engaged, such information should not be routinely collected at the beginning of an absence on a form that is administered strictly for the purpose of determining benefit eligibility. And while recognizing that broader requests for medical information up front may actually reduce conflict given that health professionals are not “always entirely objective,” Mr. Surdykowski held that employee privacy rights weigh against a departure from a strict necessity requirement.

As part of his broad analysis, Mr. Surdykowski also endorsed the following general principles (in my words):

• A union can bargain the scope of a medical information request form on behalf of its members. An individual may chose not to consent but may be denied benefits. An employer does not act coercively by informing an employee of the potential negative repercussions of failing to consent to disclosure of all information on the form.
• When collecting information for the purpose of adjudicating short term disability benefits or approving a short term medical leave, employers are normally restricted to collecting a certification of disability, the general nature of the illness or injury (which is different from diagnostic information), that the employee has and is following a treatment plan (but not the plan itself), the expected return to work date, and what work the employee can or cannot do.
• Medical consents should generally authorize disclosure from a specific health care provider. They should not authorize contact between the employer or its agent and the health care provider in a manner that cuts the employee out of the “medical information loop” and, more generally, should not authorize the disclosure of information generated course of future care.

While this is a decision based on specific and relatively restrictive collective agreement language, Mr. Surdykowski’s fully-reasoned decision (which is based on 20 days of hearing) may be authoritative and conflicts with fairly standard employer practices. Unionized employers should consider it and reflect upon their short term disability or sick leave administration practices, their medical consent forms and their collective agreement and benefit plan language.

Importantly, the Surdykowski award is only about the information an employer may request for the purpose of adjudicating short term disability benefits. Although he comments peripherally on employers’ need for information in the accommodation process, to the extent an employer has a need for more fulsome information to provide accommodation or to develop a plan for safely returning an employee to work, it may be justified in seeking further and more detailed medical information. Based on the reasoning in the Surdykowski award, such requests should be tailored as much as possible to meet the need in any given case.

Re Hamilton Health Sciences and Ontario Nurses Association, 91 C.L.A.S. 228 (Surdykowski).

The judiciary should confine itself to those incremental changes which are necessary to keep the common law in step with the dynamic and evolving fabric of our society.

Iacobucci J. in R. v. Salituro

* * *

I’ve stayed away from Web 2.0 issues on this blog until now. But when a colleague who I wouldn’t have guessed called me the other day and was quite obviously flabbergasted about how powerful the Facebook application is, it confirmed my very non-original opinion that this phenomenon of people posting personal stuff on the internet could change the shape of privacy law.

I was a resister at first, not of the technology, but of the technology as something that was going to change the law as we know it. You see, I’m a former research lawyer and (as you know) like to follow developing case law. Through this affair of the heart I’ve learned that nine out of ten judgements are confined to their facts. The tenth is usually one I can squeeze some meaning out of, formerly in our internal firm newsletters and now in this blog. I know well that incremental change is truly the norm for the common law. So even as a user of Facebook that was fully-aware of the new masses of people taking control of the internet’s content, I was sceptical (or clueless) that Web 2.0 meant much for privacy law.

My non-belief was aided by my practice as a management-side employment lawyer. We get asked to help employers manage employees who post bad things on the internet all the time. Most of the time we rely on contractual rights, hopefully ones that are helped by a nice “blogging” policy so employer interests can be protected without having to rely on an argument that “employees ought to have known.” Like maybe a policy that tells employees that saying an improper thing to 350 Facebook friends can cause just as much harm as saying it to the world and, hence, will be treated as such. Disputes about off-duty conduct and about how far an employer’s right to regulate an employee’s private life goes have been litigated in Canada for years. Not simple by any means, but nothing new.

Then came the harder files. Former employees don’t have employment contracts. They can have a duty to keep information confidential, but in Canadian law the duty is based on the circumstances under which information is communicated and received. Disparagement of a former manager doesn’t fit, and as a result I’ve gained a rather quick interest in the law of defamation. But what if a former employee publishes a true but embarrassing or harmful fact about a former manager? Or a patient or client? Think about an accurate and fair account of bad management. Say it includes a manager’s home phone number stolen from a personnel file. Or maybe a nurse posts information about a patient’s medical condition on a Facebook page. If employee and patient privacy is regulated, the organization may be in for a problem with a privacy regulator (though not likely for disclosure of the bad management story). But does it have a legal means of acting against the rogue former employee to contain the breach? Does the manager or patient for that matter? What the heck is the basis for the claim?

What’s that? “A new common law right of privacy,” you say?

I am happy that I work with many fair and reasonable organizations, but I’m not really in the running for the “new invasion of privacy tort and implied (contractual) privacy rights advocate-of-the-year” award. We’re only inching our way towards court-based recognition of privacy rights in Canada. Though a newly-recognized privacy right would cause some constraint on management, the example above shows that new bases for protecting privacy would at least fit with some management interests. I think most employers would feel compelled to take action to protect a manager whose privacy is under attack by a former employee simply as a matter of good human resources. A novel confidentiality clause in an employment contract may take employers part of the way provided it hits the right level of post-employment restrictiveness, but such a clause would only invite the truly important question: what types of restrictions on expression ought to be imposed or enforced by a court in the name or privacy?

So I’m a believer now. I’ve mentioned before that I recently read Daniel Solove’s book, The Future of Reputation. It’s a great read, and got me thinking about privacy law and its relationship to freedom of expression, an issue of balance that I don’t get exposed to when working with very technical privacy regulation on a day-in and day-out basis. It also helped me unlock a link between privacy, the law of defamation and even intellectual property that I hadn’t fully understood and that is critical to our developing common law of privacy. Web 2.0 will push the common law along, maybe incrementally, but likely at a pace that reflects a true social phenomenon. We might expect bad decisions and confusing jurisprudence given the pace of change, but we’ll soon enough have a rational governing common law.

But, of course, the significance of Web 2.0 raises other challenging issues.

There’s the increasing significance of the principle of practical obscurity - the one that says information can still be private (or one’s interest in keeping something private can subsist) even if it is exposed to some unauthorized or limited authorized access if it is so buried that the information remains obscure. This has been a part of privacy law for some time, recognized as early as 1989 by the United States Supreme Court in Reporters Committee, but it is a principle that should now have an increasing importance as privacy law develops.

Then there’s the merging of professional and personal reputation and its impact on workplace privacy law. My loving and understanding wife accepts that I “work” all the time and in turn brings her own laptop to our dinner table - which, appropriately enough, is four feet high and more of a casual dinner “bar.” I also have a mainly professional blog but a deep craving to blow the barrier between my personal and professional personas apart by revealing more and more of myself online. If I’m going to be on-duty all the time I’d better do it in my own skin or I’ll be bound for misery and burnout eh?

I assume the way I work is not atypical for a year 2008 knowledge worker in his or her mid-30s, and therfore ask the following: Have we surrendered all privacy to our employers? Or is a new legal framework for employee privacy needed now that the “workplace” is boundless and there is no true “off-duty?” If the boundary between the workplace and the outside world is disintegrating, where should courts now draw the line between what an employer is and is not allowed to know about its employees?

Can you tell I’m excited? Thanks for listening to my story and my ramblings. I’m looking forward to watching this play out and following the developments. If you have any good readings to further feed my interest please let me know. See ya!

The Ontario IPC and Hewlett-Packard have released a joint-paper entitled, “RFID and Privacy - Guidance for Health-Care Providers.” The report discusses the privacy issues associated with RFID health care applications as grouped into three types:

• those involving tagging things
• those involving tagging things linked to people and
• those involving tagging people.

It identifies the latter two types as being privacy sensitive, with tagging “things linked to people” being more sensitive if the the link is strong, as is the case with tags affixed to individually-prescribed vials of medicine. As with most IPC reports of this type, the authors have generally guarded against making potentially binding statements on specific issues. While the authors note many new applications and comment generally on their potential benefit, the report neither endorses nor denounces any specific application. The most strong statement in the report was made about an application totally unrelated to health care. On the use of contactless identification cards for employee identification purposes, the authors said:

RFID-embedded (“contactless”) Identification cards are a special category of health care RFID use. Here we must distinguish between employee identification (and access) cards (whether “smart” or not), and patient identification cards. Employee Identification cards are increasingly being equipped with RFID technologies in order to identify and authenticate the bearer and facilitate access to physical spaces and other (e.g. computer) resources, as well as for process control and audit purposes. Dual or multi-purpose employee identity cards can serve differing functions at different times, according to context. Such a multi-purpose card and the data it contains, if not properly controlled, invites over-identification for some functions, function creep, and unwanted employee profiling.

While making this strong statement on employee identification, the report said that an RFID patient identification program may be acceptable where it…

…responds to a defined problem or issue in a limited, proportional and effective manner, and is deployed in a way that minimizes privacy and security risks, at least as effectively as any alternative solution.

I sense the two pull quotes above were the subject of considerable discussion. And while employers in Ontario should take heed of the report’s warning, the IPC has a very limited jurisdiction to enforce employee privacy rights in Ontario, even on behalf of employees who work at hospitals.

On January 2nd, the Alberta OIPC dismissed a complaint alleging that an employment reference had been given in violation of the Alberta PIPA.

The complaint was against both the prospective and former employer. It alleged that both breached the Act by communicating a negative reference that included irrelevant and inaccurate personal information - namely, that the complainant had been married three times and that she was a liar and a thief. To simplify, the Act authorizes the non-consentual collection, use and disclosure of personal information in the reference checking process, but the personal information given and received must be relevant to the hiring decision. The Act also imposes a requirement to “make a reasonable effort” to ensure that any information given or received is accurate and complete.

In this case, the complainant said she had a telephone conversation with the reference giver in which he admitted conveying the irrelevant information. The reference giver disputed this allegation, and the Commissioner held that his version of events was more likely to be true because it was corroborated by notes taken and produced by the the reference giver. The Commissioner also held that the employer giving the reference had conveyed an accurate assessment of the complainant’s performance.

There is also a point of some technical significance in the decision. The Commissioner held that “personal employee information” includes the employment information of former employees, thereby departing slightly from his analysis in earlier decisions.

Thank you to David Fraser for bringing this to my attention through his Canadian Privacy Law Blog.

George Byma Real Estate Team (Re), [2008] A.I.P.C. No. 2 (QL) (Alta. OIPC).

On November 27th, Manitoba labour arbitrator A. B. Graham excluded video surveillance evidence that showed an employee who was on light duties playing sponge hockey, in part, because the company ought to have been more direct in questioning the employee about his off duty conduct.

When the employee was confronted about playing sponge hockey, he did not lie but his answers were evasive. As a result, the company hired a private investigator to conduct video surveillance. Although the arbitrator excluded the video surveillance evidence based on a finding that the company should have asked the employee pointed questions first, he also held that the employee breached a duty to cooperate in the accommodation process by being more forthright about playing hockey and whether it was consistent with his medical restrictions.

Re Praxair and General Teamsters Local Union 979, [2007] M.G.A.D. No. 37 (Graham).

Yesterday the Alberta Court of Appeal issued its much-anticipated Chiasson v. Kellogg Brown & Root award, and in doing so, found that a casual drug user who was terminated after failing a pre-employment drug test was not subjected to discriminatory treatment under Alberta human rights legislation.

The key issue addressed by the Court of Appeal is whether zero tolerance drug testing policies are de facto discriminatory because they rest on a presumed assumption that casual drug users are at greater risk being impaired at work, in turn, because they are likely to fall into a “cycle of abuse.” This issue - let’s call it the perceived disability theory of casual drug user protection issue - was raised but not clearly determined in the Ontario Court of Appeal’s leading Entrop decision. It is critical in Canadian drug testing law because it determines the scope of legal protection against “unnecessary” drug tests. Ironically, Alberta is one of three provinces that have passed broadly-applicable regimes for protecting employee privacy rights. In fact, a drug testing complaint in which Kellogg Brown & Root is a respondent is now proceeding before of Alberta’s Information and Privacy Commissioner. In other jurisdictions, including Ontario, casual users who are given offers of hire conditional on testing clean have no clear avenue of redress should they feel their privacy rights have been violated.

The Court of Appeal held that the Alberta Court of Queen’s Bench had erred in finding that the complainant was treated as if he was drug dependent and likely to report to work impaired. It rejected the idea that a zero tolerance policy necessarily targets those who are at risk of becoming addicted and held that all the Kellogg Brown & Root policy does is protect against the lingering deleterious effects of cannabis use (a point apparently proven in evidence). The Court of Appeal said:

Chiasson testified that what he did on his own time was his business. He did not at any time suggest that he would cease his recreational use of drugs while employed by KBR. As we have already stated the evidence established that effects of cannabis use lingers for days particularly given that the concentration of active ingredients is now many times higher than it was in the past. Given these concerns the policy’s effects are not misdirected in their application to Chiasson.

We see this case as no different than that of a trucking or taxi company which has a policy requiring its employees to refrain from the use of alcohol for some time before the employee drives one of the employer’s vehicles. Such a policy does not mean that the company perceives all its drivers to be alcoholics. Rather, assuming it is aimed at safety, the policy perceives that any level of alcohol in a driver’s blood reduces his or her ability to operate the employer’s vehicles safely. This is a legitimate presumption. Its goal is laudable since carnage on the highways is a leading, but often ignored, cause of death nearing epidemic proportions. Extending human rights protections to situations resulting in placing the lives of others at risk flies in the face of logic.

On this view, whether a drug and alcohol policy discriminates against casual users is a question of fact. This is consistent with the employer-favoured reading of Entrop, in which an Imperial Oil policy was that was found to discriminate against all drug users included langauge stating a belief in the “cycle of abuse” to which all drug users subject themselves. The Alberta Court of Appeal suggested that the perceived disability finding in Entrop was simply based on this language.

Chiasson v. Kellogg Brown & Root, 2007 ABCA 426.

On December 11th, Alberta labour arbitrator Allen Ponak issued an award ruling that e-mails produced from a forensic analysis of an employee’s work computer were admissible in evidence.

The employer retained a forensic IT specialist to conduct the analysis after terminating the grievor (a college professor) for engaging in inappropriate relationships with at least three students. When it conducted the search, the college already had received a complaint from one student, had found corroborative evidence in the grievor’s e-mails sent and received on its own e-mail system (the admissibility of which was not challenged) and had received a corroborative report from another individual. The college claimed that conducting word searches by the names of the grievor’s former students was the most effective way of determining whether he had engaged in additional inappropriate relationships.

Arbitrator Ponak admitted the evidence on a rather unremarkable application of the Doman Forest Products three-part test. At the outset, however, he did comment on the expectation of privacy the grievor had in information sent and received through a hotmail account but on a computer owned by the college.

We start from the premise that employees have some expectation of privacy in the receipt and transmission of emails from an internet provider that is not their employer’s (Weir; McIsaac et al.). Thus, it was reasonable for the Grievor to believe that emails on his hotmail account were beyond the reach of the College. In the Board’s view, if the Grievor’s hotmail was exclusively located on the Grievor’s own private computer it would be inadmissible without the Grievor’s consent. The Grievor, however, used the computer provided to him from the College for some of his hotmail email, changing the circumstances. The College computer was intended primarily for College work and it belongs to the College, factors which give the College some rights to access that computer. The Grievor’s right to privacy for the contents of the College computer is not absolute. At the same time, recognizing that the policy against using the College computer for non-College matters has not been rigidly enforced (if enforced at all), the Employer’s access to the contents of the computers it provides its employees is not unfettered either. The Employer’s right to search the contents of an employee’s computer must be balanced against an employees expectation of privacy and is subject to a test of reasonableness.

Arbitrator Ponak did find that the search was conducted in a reasonable manner, but in doing so did not specifically endorse the narrow search protocol used by the college as preferable to a broader search protocol or manual review. This demonstrates a more “hands off” approach to scrutinizing a reasonable grounds investigation than demonstrated in the recent and well-known University of British Columbia case, which I discussed here and here.

Re Lethbridge College and Lethbridge College Faculty Assn. (Bird Grievance), [2007] A.G.A.A. No. 67 (Ponak) (QL).

On November 19th, a Kentucky court judge ordered the state to disclose personal e-mails exchanged between a requestor’s wife and another former state employee, requested because he suspected the two individuals were having an affair.

The request was for all “Personal non-work related emails between Bobbie Malmer and David Moss dated between 11-01-05 thru 6-01-06.”

In weighing the privacy interest of the affected individuals against the interest in open government, the Court stressed that the individuals had a reduced expectation of privacy because the state had reserved a right of inspection in its acceptable use policy, because it had prohibited personal use on its computer system and because the extent of a state employee’s personal use is itself a matter of public interest. It said:

The privacy exception does not protect public employees from the disclosure of improper or embarrassing personal communications that were made during working hours through the use of the state electronic mail system. See KRS 61.871. It is not an “unwarranted invasion of personal privacy” to disclose such non-work related communications made during working hours on the state computer system. This principle applies with even greater force when the state employees have been informed that all information conveyed through the state email system is the property of the state, and is subject to public oversight and control. In these circumstances, no privacy interest can be legitimately claimed.

Moreover, the Court agrees with the observation of Justice Brandeis that “Sunlight is said to be the best of disinfectants.” The best deterrent for improper use of the state email system for nonwork related activity is to apply the plain language of the Open Records Act to ensure the enforcement of the principle that public employees are accountable for their use of public time and public resources. The public has a right to know the contents of non-work related emails transmitted through the state email system by state employees being paid with tax dollars during working hours. If the subject matter of the email is truly private, it should not be communicated through the state email system.

Personal e-mails sent and received on Ontario public sector e-mail systems are presumptively subject to public access, but will often fall within our own “unjustified invasion of personal privacy” exemption. Although Kentucky’s open records regime appears to have a different emphasis than our own, this is an issue that is clearly relevant here at home, and a similar balancing test will often apply.

An article from the Globe and Mail says the state will appeal.

Justice and Public Safety Cabinet v. Malmer (19 November 2007, Ky.).

I spoke at our annual pension and benefit conference this morning on the role of the company medical advisor and data breach due diligence. The latter issue is as topical as ever, and I was happy to drive home the message that managing the personal habits and attitudes of employees is critical to a complete due diligence program. I’ve posted a copy of my slides here.