Good News for Employers: Right to Manage Sets Limits on Employee Privacy
It has been said that good things often come in threes — and for employers at least, this has recently been confirmed with the release of three arbitration decisions that support an employer’s right to manage the safety, security and efficiency of its operations through the introduction of policies relating to workplace technology, periodic police record checks, and cell phone records checks, even though these may affect employee privacy rights.
In the 2010 decision of International Union of Elevator Constructors, Local 1 v. Otis Canada Inc.  B.C.C.A.A.A. No. 121 (QL), Arbitrator John Steeves ruled that telematic devices in its company vehicles did not violate employee privacy rights. Otis Canada Inc. had installed devices in its cars that used satellite technology to provide information about the start, stop and idle time of each vehicle, along with the name of the employee driving the vehicle. The information was available to managers and was used to evaluate fuel efficiency, determine if regular maintenance was being done, and whether there was any unauthorized use of the vehicle (the company had a strict policy prohibiting personal use of company vehicles). The devices did not have GPS technology, so they could not provide detailed information about the location of the cars.
The union representing the employees filed a policy grievance alleging that the employer was collecting personal information (the employee’s location) through the telematic devices, and thereby violating the collective agreement and British Columbia’s Personal Information Protection Act (PIPA). Section 1 of British Columbia's Personal Information Protection Act (PIPA) defines personal information as "information about an identifiable individual [that] includes employee personal information but does not include (a) contact information, or (b) work product information." PIPA provides that personal information cannot be collected, used, or disclosed without the consent of the individual. The employer argued that the information being collected was related to its business, and therefore did not constitute "personal information" under PIPA. Further, if the information was "personal information," then both the collection and the use were reasonable.
The grievance was dismissed. Arbitrator Steeves found that the devices were used to record the working time of employees and that this formed part of the company’s general management rights to know what its employees are doing when they are working and when they are using company vehicles. He also found that the only personal information being collected was the employee’s name, and that this did not violate PIPA. There was the potential to use the information to investigate and discipline an employee, but the data being collected by the devices itself did not meet the definition of "personal information," and therefore there was no violation of employee privacy in the circumstances.
A second policy grievance relating to employee privacy rights was dismissed by Arbitrator Wayne Moore in Vancouver Firefighters’ Union, Local 18 v. Vancouver (City)  B.C.C.A.A.A. No. 81 (QL). In this case, the union grieved a policy introduced by the City of Vancouver requiring those employees in its Fire & Rescue Services Department who held "designated positions of trust" to submit to police record checks every five years. These positions were identified primarily as those that have ongoing or significant relationships with vulnerable people or where the main duties involve protecting the security of people and/or material assets. Employees who failed to comply with the policy ran the risk of being disciplined or discharged.
The union did not object to the employer’s practice of requiring police record checks at the time of hire, but argued that the ongoing requirement to disclose information about an employee’s police record, and the requirement that record checks be provided at five-year intervals, breached employee’s statutory and common law rights to privacy and exceeded the employer’s management rights under the collective agreement. The employer asserted that the policy was in furtherance of its legitimate interest in providing safe and effective services to the public.
Arbitrator Wayne Moore upheld the policy with slight modifications. He noted that it was necessary for the employer to determine the suitability of employees, considering its interests in protecting the safety of the public and the security of the public’s property, as well as in ensuring the integrity of its operations and employees. In reaching his decision, Arbitrator Moore noted that in light of the need to maintain public trust and the integrity of its operations, the employer should not have to wait for complaints of misconduct before ensuring that the employees who hold designated positions are appropriate for the job. In his decision, Arbitrator Moore noted that this was not a blanket requirement of a criminal record check on all employees, but was limited to particular employees who had some degree of choice in deciding whether to apply for designated positions.
The third decision in this employer-friendly trilogy is that in the case of Teamsters Canada Rail Conference v. Canadian Pacific Railway Company (Case No. 3900, Canadian Railway Office of Arbitration & Dispute Resolution).
After a number of serious collisions in the railway industry in North America, the Canadian Pacific Railway Company adopted a policy of asking employees to provide copies of their personal wireless telephone records as a routine part of investigations where a significant accident or incident remained otherwise unexplained. In the policy grievance that ensued, the union argued that the company’s request was unreasonably intrusive and violated employee privacy rights, and pointed to a decision by the Privacy Commissioner of Canada in which it was held that telephone records are "personal information" within the meaning of the federal Personal Information Protection and Electronic Documents Act (PIPEDA).
After emphasizing the highly safety-sensitive nature of railway operations in Canada, Arbitrator Michel Picher dismissed the grievance and found that the company’s policy was compliant with the requirements of PIPEDA. In his decision, he noted that given the particular nature of railway operations, "There must be an inevitable balancing of interests between the privacy rights of employees and the interests of a railway employer to ensure safe operations." In addition, Arbitrator Picher was influenced by the fact that the infringement was very narrow and that the company was not seeking any information beyond whether a cell phone had been used in close proximity to a railway accident. There was no attempt to go "behind the privacy" into the contents of any wireless communication. This finding is comparable to the Otis Canada Inc. finding; in that case, the information from the telematic devices only collected the name of the mechanic/driver and no other information personal to the individual, so it was found to be a narrow infringement on privacy.
Key Points for Employers:
- Employers have a right to ensure the efficient, safe and secure operation of their business. In some circumstances, the exercise of management rights will permit a reasonable intrusion upon employee privacy.
- The implementation of technology, policies or practices that permit employers to collect, use and disclose personal information should be as narrow as possible in the circumstances, and should focus on legitimate interests such as ensuring the safe and effective operation of the business.
- In order to minimize the likelihood of a successful complaint or grievance as a result of the introduction of new technology or policies in the workplace, consider providing notice of the changes and informing employees of the objectives behind implementing the technology or policy.