ELW4-Ch10 Privacy in the Workplace PDF

Summary

This presentation discusses the privacy of personal information in the workplace, referencing relevant legislation like PIPEDA and PIPA. It examines how organizations should handle and protect personally identifiable information.

Full Transcript

1

NOTICE
Copyright Disclaimer

This PowerPoint presentation is copyright protected. Individuals who
have adopted the related Emond Publishing textbook for their course
are granted permission to use this presentation for instructional
purposes only. Slides may not be distributed under any kind of Open
Access style license, or website, or be duplicated, copied, sold, or
otherwise exploited for any commercial purpose without Emond
Publishing’s express written consent. Thank you.

Copyright © 2021 Emond Montgomery Publications. All rights reserved.
Employment Law for Business
and Human Resources
Professionals: Alberta and
British Columbia, 4th Edition
Authors

Kelly Williams-Whitt

Adam Letourneau

TJ Schmaltz

Ryan Anderson

Kathryn J. Filsinger
 Canadian Business Law, 3rd Edition

CHAPTER 10
Privacy Inside and Outside the Workplace
 4

Privacy
Privacy of personal information is a relatively new issue
In past, privacy was protected by the practical difficulties in
compiling records
Today, vast amount of sensitive, personal information can be
compiled, analysed, transferred, and manipulated in
nanoseconds
Privacy concerns are now paramount
Employers can be vicariously liable for privacy invasions carried
out by their employees in the course of their duties
Personal Information Protection and Electronic
Documents Act (PIPEDA): federal legislation that sets out
how organizations may collect, use, and disclose
personal information
Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 5

What is “Personal Information”?
It is information about an identifiable individual and
includes such things as:
Age, sex, religion, ethnicity, opinions, photographs
ID numbers, home address, residential phone number,
personal email address, web browsing
Purchasing and spending habits, income, credit
records, loan records
Disciplinary actions, employee files, pay, benefit
records
Blood type, medical records

Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 6

Freedom of Information and Protection
of Privacy Act
Provides individuals with the right to request access to information in

the custody or control of public bodies, while providing public bodies
with a framework within which they must conduct the collection, use,
and disclosure of personal information
Public bodies include:
A department, branch, or office of the government

An agency, board, commission, corporation, office, or other body designated as a
public body in the regulations of the Act
Educational bodies

Health care bodies

Local government bodies

Self-governing professions

Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 7

Freedom of Information and Protection
of Privacy Act
Provides access to records, unless the Act specifically allows the

record to be withheld
The right of access is balanced by the need to protect individual

privacy
You can ask to see records held by the government, including personal
information about you
You have the right to request that your personal information held in government
files be corrected
This is not an absolute right, and a request to correct information may be turned down

Individuals can also complain to the commissioner if they believe their personal
information has been collected, used, or disclosed in violation of the Act
Provides for review by the Information and Privacy Commissioner

Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 8

PIPEDA: Who’s Covered?
Jan. 1, 2001—federal government enacted privacy legislation

called the Personal Information Protection and Electronics
Document Act (PIPEDA) to cover personal information held by
organizations in the private sector
Applies to personal information collected, used, disclosed, and retained on

employees and customers, etc. in federally regulated industries

Alberta, BC, other provinces passed comparable legislation:

Personal Information Protection Act (PIPA), for provincially
regulated industries:
In November 2013, the Supreme Court of Canada struck down Alberta’s

PIPA, providing one year to bring into compliance
Alberta’s PIPA has since been amended (December 2014), is undergoing a

comprehensive review
Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 9

PIPEDA: Some Recent Amendments
June 18, 2015—the federal Digital Privacy Act was proclaimed,

with some key changes to PIPEDA
Where security has been breached and there is risk of significant harm, the
organization must report and keep records of the breach
The definition of “personal information” has been broadened

PIPEDA now covers applicants as well as employees

Business contact information is exempt if used solely for the purpose of
communicating for business, employment, or professional matters
Permission to disclose without consent to third parties has been broadened
in cases involving illegality, fraud, and financial abuse
Privacy Commissioner can enter into compliance agreements

Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 10

Privacy: 10 Principles
1. Accountability: the organization that collects the info must
_____________________________________________________

2. Identify the purpose: the organization must
_____________________________________________________

3. Consent: the individual _______________ prior to collection
(some exceptions)

4. Limited collection: the organization must
_____________________________________________________
Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 11

Privacy: 10 Principles (cont’d)
5. Limited use, disclosure, and retention: the organization may
_______________________ __________________ and must not
_____________________________________________________

6. Be accurate: the organization should ensure that the info is
________________. Individuals are given the opportunity to
correct errors

7. Provide safeguards: the organization should protect info against
_____________________________________________________

Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 12

Privacy: 10 Principles (cont’d)
8. Be open: Privacy policies and procedures should
_______________. Supervisors should be familiar with them.

9. Give individuals access: the organization must provide individuals
with __________________
____________________________________________
____________________________________________

10. Provide recourse: the organization must
____________________________________________

Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 13

Personal Information Protection Act
(PIPA)
In 2003, British Columbia enacted legislation comparable to PIPEDA,

called the Personal Information Protection Act (PIPA) for provincially
regulated industries
Includes workplace rules for employee personal information

In 2004, Alberta enacted legislation comparable to PIPEDA, called

the Personal Information Protection Act (PIPA) for provincially
regulated industries
Includes workplace rules for personal employee information

Amended 2005, 2009, 2010, 2014

Currently undergoing a comprehensive review

Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 14

PIPA: Who’s Covered?
Provincially regulated organizations to which PIPA
applies include:
Non-profit organizations
Trade unions
Private schools
Partnerships
Corporations
Unincorporated associations
Professional regulatory associations
Any individual acting in a commercial capacity
Any individual acting on behalf of a corporation,
unincorporated association, trade union, or partnership
Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 15

PIPA: Principles
Governs the collection, use, and disclosure of personal information by

private sector organizations
Recognizes both the right of an individual to have his or her personal

information protected, and the need of organizations to collect, use, or
disclose personal information for reasonable purposes
Personal information in the custody or control of private sector

organizations, as it relates to commercial transactions or activities,
are subject to PIPA
For workplaces, PIPA also covers personal information about
employees

Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 16

PIPA: Principles (cont’d)
PIPA allows individuals to request access to their own personal

information, including employee information, and to request correction
of inaccurate personal information.
Individuals may also make a complaint to the commissioner if they

believe their privacy has been violated (e.g., computer monitoring) or
their personal information has been collected, used, or disclosed
without proper authority or their consent.
Allows the commissioner to hear privacy complaints and review the

decisions of private sector organizations to deny individuals access to
their own personal information, or to refuse requests for correction of
that information.

Copyright © 2021 Emond Montgomery Publications. All rights reserved.
 17

Privacy: Steps to Compliance
1. Appoint Chief Privacy Officer (CPO)

2. Assess how organization collects, stores, retains, uses,
and discloses personal information for
customers/clients/patients/suppliers and employees
Include marketing, sales, HR, payroll, finance, purchasing, technical

3. Develop policies and procedures to bring organization into
compliance
4. Train all staff to ensure awareness

5. Monitor performance of policy
Copyright © 2021 Emond Montgomery Publications. All rights reserved.