If an employee is transferring data outside the workplace or is
downloading questionable material from the internet, there are a
number of concerns that arise. Even if the intent is innocent, the
risk for employers is real. Employers should monitor these
activities and implement appropriate company policies to address
Typically, downloading occurs when data is transferred to a
disk, USB key or information is sent to the employee's personal
email address. Sometimes the downloading is innocent - the employee
is simply taking work home. The downloading may also be for an
improper purpose, such as a precursor to the employee departing.
Often downloading of information is the employer's confidential
business information. The information may have proprietary value
and may include items such as marketing plans, client lists,
financial data, pricing information, etc.
A secondary consideration is the privacy implications if the
information being downloaded relates to identifiable individuals
and the data becomes lost. For instance, the USB key or laptop
which contains human resource data gets stolen from a car. The
provincial and federal privacy laws mandate that an employer with
confidential information about identifiable individuals safeguard
and protect the confidential information from improper or
inadvertent disclosure. The Privacy Commissioners encourage the
encryption of confidential information.
Downloading may also occur when the employee is inappropriately
accessing internet sites. These can include online shopping sites,
excessive use of Facebook or other social media sites, or visiting
inappropriate sites. These forms of downloading can reduce employee
productivity and expose the employer's network to viruses and
malware. It is important that employers continually update their
policies and address issues associated with downloading. What we
see and suggest will depend upon particular circumstances of the
employer, but we frequently suggest some or all of the following
When hiring a new employee, the offer letter should contain
specific requirements relating to computer use;
Create an up-to-date confidentiality policy;
Ensure there is a computer and internet use policy including
policies regarding social media and downloading;
Develop education and training programmes in respect to the
policies and the identification of potential risks;
Identify high-risk situations (which may be employee access to
information situations and taking appropriate and proactive steps
to manage the high-risk situation);
Conduct random audits of employee compliance with employer
Discipline employees for breach of the policies.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Unfortunately, reasonable accommodation for employees in the workplace continues to be the source of significant litigation and even today we continue to see outrageous examples of employers behaving badly.
We are now beginning to see reported cases involving charges and subsequent fines laid against employers for failing to provide information, instruction and supervision to protect a worker from workplace violence.
On October 13, 2016, the Supreme Court of Canada denied leave to appeal an Ontario Court of Appeal decision which ordered an employer to pay a former employee 37 months of salary and benefits following termination.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).