Privacy & Freedom of Information

Subscribe to Privacy & Freedom of Information via RSS

The U.S. Justice Department announced last week that they were dropping their court action in which they sought to compel Apple to create a backdoor to override their existing iPhone passcode protection software.

If you followed this story, you know that a public and controversial battle ensued between the Justice Department and Apple over access to the iPhone used by Syed Farook, one of the perpetrators of the San Bernardino terrorist attack.Continue Reading DOJ v. Apple: Key Lessons for Employers

On December 3, 2015, the Ontario Legislature’s Bill 113, the Police Record Checks Reform Act, 2015(the “Act”) received Royal Assent. The Act represents the first provincial legislation of its kind to provide a comprehensive framework aimed at establishing a consistent standard governing how a “police background check” (“PBC”) is requested, conducted and disclosed in the Province.
Continue Reading Police Record Check Reform Act: Restricting Employer Flexibility in Favour of Individual Privacy

Monitoring the use of company-issued technology is controversial.  For some, the notion of monitoring employees’ use of computers, smartphones, and emails is inconsistent with personal privacy.  To others, monitoring employees’ use of technology in the workplace is both the right and the responsibility of the prudent employer.

While Canadian courts and tribunals have generally accepted that employers can monitor employees’ use of technology, the limits on the nature and scope of such monitoring are murky at best.  Employers that have already implemented some form of technological monitoring, or are considering doing so, should keep in mind that the legal landscape is evolving.  There are some best practices to consider that may help to avoid problems.
Continue Reading Someone to Watch Over Me: Employer Monitoring of Company Technology

The issue of patient confidentiality has come to the forefront for healthcare organizations after a number of recent privacy breaches in Ontario hospitals have come to light, including hospital staff improperly accessing the medical records of former Toronto mayor Rob Ford.

It is generally accepted that patients seeking healthcare, treatment or advice should be able to expect that their personal information will be kept confidential, and that it will only be disclosed as necessary for their care. Given the sensitive nature of such information, the Government of Ontario passed the Personal Health Information Protection Act, 2004 (the “Act”), which provides both guidance to healthcare professionals and peace of mind to patients.

When it first came into force ten years ago, the Act was Canada’s first consent-based health statute. In the years following its enactment, the Act has been highlighted as a model for personal health information laws in Canada and the United States. Moving forward, employers in healthcare settings must continue to be cognizant of the Act’s requirements, as well as its application in our increasingly digital and interconnected age. The increased use of electronic health records and digital record-sharing systems, for example, may require employers to take additional precautions in the future. The modernization of healthcare provision will necessitate the modernization of privacy policies.
Continue Reading Protecting Patient Privacy: What Employers Need to Know

On July 1, 2014, key components of Canada’s “anti-spam legislation” came into force, but the full impact is still uncertain, particularly with respect to labour relations communications.  Our colleague, William Watson, has posted an interesting article on this in his blog, The Legal Playing Field Click here to read.

In Evans v Bank of Nova Scotia, an employee of the Bank of Nova Scotia (“Bank”), Richard Wilson, provided highly confidential information about the Bank’s customers to his girlfriend, who disseminated the information to third parties for fraudulent purposes.  On June 6, 2014, the Ontario Superior Court of Justice certified a class action brought on behalf of the affected customers, alleging that they were victims of identity theft and fraud as a result of the intrusion upon seclusion.

This is the province’s first-ever class action involving the new tort of “intrusion upon seclusion”, which allows individuals to advance a civil claim for damages against an intruder who intentionally invades their privacy, without legal justification, in a manner that is highly offensive to the reasonable person.
Continue Reading “Intrusion Upon Seclusion” Class Action Certified in Ontario

In Bernard v Canada (Attorney General), 2014 SCC 13, the Supreme Court of Canada confirmed that employee privacy rights do not override a union’s right to receive the information that it requires to fulfill its representational duties.  Accordingly, employers may be required to disclose information that will allow a certified union to contact members of its bargaining unit at home, and failure to do so may constitute an unfair labour practice.

Continue Reading Privacy in the Labour Relations Context: Union Entitled to Contact Employee at Home

In Communications, Energy and Paperworkers Union of Canada, Local 30 v. Irving Pulp & Paper, Ltd., 2013 SCC 34 [“Irving”], the Supreme Court of Canada (“SCC”) issued a landmark decision concerning workplace drug and alcohol testing. Irving strikes a new balance between the competing interests of employee privacy and workplace safety.
Continue Reading Workplace Drug and Alcohol Testing: Current Best Practices