A pair of decisions – one applicable to private-sector
organizations and one applicable to the public sector – that
effectively authorize employers to use global positioning systems
(GPS) and other technologies to remotely monitor their employees
have been released by the Office of the Information & Privacy
Commissioner for British Columbia. The adequacy of each
properly notified of the purposes for the collection, use and
disclosure of the personal information played a central role in
In Schindler Elevator Corporation, the
employer installed GPS and engine monitoring technology in all
service vehicles used by its field mechanics to travel to and from
their homes and work sites. The vehicles are kept at the
mechanics' homes while not in use for work purposes, and the
mechanics do not report to a centralized office as part of their
usual routine. The employer's purposes for collecting and using
the information collected included managing employee performance,
productivity, hours of work, and to ensure safe and lawful
The Information and Privacy Commissioner for British Columbia
(the Commissioner) ultimately found that the employer's actions
were reasonable and authorized under B.C.'s private-sector
legislation, the Personal Information Protection Act
(PIPA). In coming to this conclusion, the Commissioner took an
expansive view of what constitutes "personal
information". She also took and expansive and practical view
of the circumstances in which employers will be authorized to
collect and use employee personal information. The Commissioner
emphasized the collection and use has to be reasonable and the
assessment of what is reasonable in these types of cases includes:
"whether the personal information is of a sensitive
nature", "how much employee personal information is being
collected and used", "whether the collection, use or
disclosure in question is likely to be effective in fulfilling the
organization's objectives", "whether there are
alternatives", and "whether the personal information has
been collected covertly".
The Commissioner identified the following factors that led her
to the conclusion that the employer's actions were authorized:
sufficient detail in it; (2) the employer had given its employees
notice of the purposes for its collection and use of the
information; (3) the employer was not using the technology to
continuously monitor employees; and (4) the information being
collected was overwhelmingly related to workplace activities.
Two months after the release of Schindler, the
Commissioner released her decision in University of British Columbia, where
the employer installed similar technology to the technology in
Schindler for the purposes of monitoring its on-campus security
patrol vehicles. UBC was decided under the B.C. Freedom of
Information and Protection of Privacy Act (FIPPA), which
applies to public bodies (public schools, Crown corporations,
government ministries, etc.) in B.C.
Notwithstanding that she was reviewing a different statutory
framework, the Commissioner adopted the same expansive approach to
the interpretation of what constitutes "personal
information" as she outlined in Schindler. She also found that
UBC's monitoring activities were authorized under FIPPA because
they directly related to UBC's program of campus security, the
employees were not continuously monitored, and the information
derived from the monitoring technology was not particularly
sensitive. Although UBC's monitoring program was authorized by
provide proper notice of its intended purposes for implementing and
using the technology. UBC was ordered to stop collecting, using or
disclosing personal information derived from this program until it
properly complied with FIPPA's notice provisions.
Both Schindler and UBC show that technologically advanced
employee location monitoring can be authorized under PIPA and
FIPPA, provided the collection, use and disclosure of the personal
information is reasonable and employees are properly informed about
the intended purposes for the collection, use and disclosure of the
personal information. In order for employers (regardless of which
privacy statute applies) to ensure that their collection, use, and
disclosure of this type of information does not run afoul of the
relevant privacy legislation, it is incumbent upon them to have a
collection, use, and disclosure and to clearly articulate the
intended purposes to their employees in compliance with the notice
provisions under the applicable statutes.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Peerenboom v Marvel Entertainment (2016 NY Slip Op 31957(U)) is drama-driven case in which the New York County Supreme Court afforded Toronto businessman Harold Peerenboom the right to obtain the private emails...
The Ontario Superior Court of Justice recently approved a settlement agreement in the Lowanski v The Home Depot class action, a decision that highlights adequate protection and a sufficient response can significantly reduce the legal risks after a data breach.
The Supreme Court of Canada released a landmark decision today giving important guidance on how Canada's federal privacy law, the Personal Information Protection and Electronic Documents Act, should be interpreted.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).