0Imagine the anger, hurt, and myriad of emotions welling up inside you if your boss was discovered combing through the contents of your desk drawer.
Now consider the same boss sitting at his or her computer, randomly reading your private e-mail. Or monitoring your Internet use.
Is there a difference, just because the contents are contained in a software program?
George Radwanski, Canada’s privacy commissioner, doesn’t think so.
“We as a society don’t tolerate discrimination in the workplace, or harassment,” said Radwanski in a recent speech. “Why would we tolerate invasion of privacy?” Over the past few months Radwanski has been championing new federal legislation, enacted Jan. 1, which helps define privacy rights in the workplace.
He will be the keynote speaker at Convergence 2001 at Calgary’s TELUS Convention Centre on May 14.
The legislation — the Personal Information Protection and Electronics Act — promises to be controversial, potential fodder for the legal community, and in some cases painfully necessary.
“Some people think that employees have no right to privacy,” said Radwanski. But the new legislation says otherwise, he explained. In simple terms, the act provides:
* That apart from some limited exceptions, no private sector organization covered under the law can collect, use or disclose personal information about the employee without their consent;
* It can collect, use or disclose that information only for the purpose for which the employee gave consent;
* Employees have the right to see the personal information that is held, and to correct any inaccuracies;
* Exactly the same rules apply to the collection, use or disclosure of information about an organization’s clients;
* It is the privacy commissioner’s obligation to ensure that the law is respected.
Currently, the act applies to the federally regulated private sector such as banks, broadcasters, telecommunications and transportation companies, and to personal information that is sold across provincial or national borders, for example by credit reporting agencies.
Within three years, Radwanski expects provincial governments will enact the same, or substantially similar, legislation.
Alberta will likely begin consulting with private industry and propose its own legislation within two years, said Tim Chander, research and issues manager with the Office of the Information and Privacy Commissioner for Alberta.
“It’s a hot issue. Would this type of legislation hinder or help businesses? Who does it apply to, mom-and-pop stores, the big corporations, or both?
“It’s a huge trend, an international trend, everywhere but the U.S. where they prefer a self-regulatory model,” said Chander.
Radwanski has noted Canada has lagged in addressing privacy, a critical issue in light of a technological revolution where computers, surveillance cameras and other equipment can track activity with unprecedented scrutiny.
He’s heard employers’ arguments that because they pay salaries and buy office equipment, they can essentially strip employees of their privacy rights to ensure they don’t steal, harass, defraud, or waste time on the job.
Radwanski sees it differently. The act allows that organizations may collect, use, or disclose information for purposes “that a reasonable person would consider appropriate.”
If there is a real problem, a reason to suspect abuse, the employer can address the specific problem without monitoring everyone, he said.
Drew McArthur, vice-president, privacy officer for TELUS, said his company has spent a lot of money and time re-shaping its policies to comply.
“As my legal colleagues say, the dominant colour of this legislation is grey,” said McArthur. “The direction of the legislation is fundamentally sound; that’s the protection of individual privacy. The implementation can be a rather complex set of issues for companies.”
In TELUS’s case, because there was no grandfathering clause, it had to receive the consent of three million customers about information the company already had gathered. Through a bill insert, TELUS asked customers to call them if they had any questions, otherwise the company would assume the data it had collected — for example, credit information or a driver’s licence number — was OK.
Internally, the company – like most major employers – has a published e-mail and Internet policy. Based on Radwanski’s recent comments, TELUS is closely studying those policies.
McArthur equates e-mail use to telephone use. “I tend to side with the commissioner that employees expect a certain amount of privacy on their telephone conversations although they are making it at work.” At the same time, he says TELUS must protect against inappropriate uses of the technology.
Radwanski acknowledges companies have different issues and that common sense and reason must prevail. Indeed, there may be greater needs for surveillance in companies that have great temptation for theft, he said.
In those situations, if the workers won’t consent to increased surveillance, they have the option to go elsewhere. Or if the surveillance is considered inappropriate, the employees can appeal to the privacy commissioner’s office.
Radwanski said the problem is that companies can offer up arguments for any degree of surveillance.
Henry Ford had his “sociological department” check up on workers at home to see if they were wasting their wages on alcohol, tobacco or other vices, said Radwanski.
Today’s technology can be more intrusive, he said, pointing to video surveillance, Web cam surveillance, e-mail and Internet tracking, location-tracking technology, wearable computers, biometrics, drug and genetic testing. Technology has put privacy under attack, said Radwanski. He believes it is the defining issue of the decade.
“I cannot imagine a place where our rights need to be more respected than in the workplace, where we spend so much of our time and where so much of our life is defined.”
Web Watch:
www.privcom.gc.ca
