The Supreme Court of Canada has affirmed employer rights to assert control over employee computer use, but with qualifications.
Some employer-friendly principles are stated in today's decision of R. v. Cole. They have to be untangled from the criminal law and Charter of Rights context and understood in light of the Court's statement "I leave for another day the finer points of an employer's right to monitor computers issued to employees". But there is help here for employers trying to understand what they must do to ensure proper use and control over computer resources provided to employees.
The Facts and the Criminal Case
A quick review of the facts:
Cole was a teacher with a school board issued laptop. He was responsible for policing student use of school networked laptops and so was permitted access to the hard drives of student laptops.
School board policy:
allowed for incidental personal use of the laptops,
specifically stated that teachers' email was private, subject to certain conditions,
stated that all data and messages generated on or handled by board equipment were the property of the school board, and
warned users not to expect privacy in their files.
A school board technician also had access to all school board laptops. In the course of doing normal maintenance on the laptop issued to Cole, the technician found a folder with nude and partially nude photographs of an underage female student.
The technician told the principal who directed him to copy the photographs onto a CD. After consultation with school board officials, the principal siezed the laptop, and eventually another CD was made with a copy of temporary internet files.
The school board contacted the police. The police took the CDs and the laptop without a warrant.
The criminal case against Cole turned on the admissibility of evidence from the seized CDs and laptop. The Supreme Court of Canada has now decided that the seizure by the police of the second CD and the laptop was a breach of Cole's Charter rights, but the administration of justice would not be brought into disrepute by the evidence being admitted. The matter is being sent back for a new trial in which all the evidence from the CDs and laptop will be admissible.
The Employment Law Implications
This is not an employment law case as such, and not every employer is directly subject to the Charter of Rights. Nevertheless, here is what employers should think about from the Cole case when addressing personal use of workplace computer resources:
An employee may reasonably expect privacy in the information on work computers where personal use is permitted or reasonably expected.
Computers used for personal purposes, and especially those conected to the internet, will reveal private information at the heart of the "biographical core" of personal informaiton which is protected by the Charter.
The "operational realities" of the employer's policies, practices and customs may diminish, but do not eliminate, the expectation of privacy.
In the circumstances of this case (which include the responsibilities of a school relating to one of its students):
the technician's search of the laptop provided to Cole, and the principal's and school board's search and seizure, were all authorized by law and reasonable, and
the school board was legally entitled to inform the police of its discovery.
To Do
Employers should review their policies and practices regarding personal use of computer resources. A blanket prohibtion of personal use is probably not practical or enforceable, so it is better to carefully and consistently manage personal use.
Review and communicate to employees the employer's interest in the proper use – and the concerns about improper use - of computer resources.
Purge policies of all ambiguity and ensure limits on expectation of privacy are emphatically stated.
Review methods of communicating and reminding employees of the policies. Ensure there is regular reinforcement of the message.
Monitor computer use to the extent required to ensure policies are adhered to. Promptly and consistently deal with any breaches.
In the event of a breach, consider all the circumstances, including the employer's legitimate concerns about its legal obligations, operations and reputation.
Too view original article, please click here
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.