I have historically had little concern with privacy law in advising my clients. Yes, there are privacy commissioners, privacy acts and countless seminars instructing employers on the importance of maintaining the confidentiality of employee information.
Sometimes privacy goes too far, such as employers refusing to provide reference checks for fear of being sued, whether it be for defamation or privacy violation. This is despite the fact that the law protects employers saying even the worst things about former employees in references, just as long as they are being honest and not grossly negligent. And that is true even if the erroneous reference costs that employee a job.
I have had limited concern over privacy law because it was toothless.
And this in the context of an employment world where potential privacy breaches abound. What about employees who are promised that that they will remain anonymous, their witness statements or confidential complaints never to be shared with the employee accused of wrongdoing? What about employees whose disciplinary records are inadvertently released to others and then, through gossip, to their friends, family or potential employers? What about employees whose sexual proclivities are disclosed? What about employees who are suspended during an investigation or fired, only to have the rumour mill invent some horrible crime?
The major case on employee privacy rights involved a female employee of the Bank of Montreal who used her work computer to review the banking transactions of a fellow employee more than 174 times. The accused employee was in a common-law relationship with her colleague's former husband at the time, hence her interest, and because both worked at the bank the records were available for her perusal.
When BMO suspended the first employee for a week, her victim, dissatisfied, sued her.
The trial judge dismissed that claim on the basis that one could not sue for an invasion of privacy, but the Ontario Court of Appeal overturned that judgment noting that changing technology had created a new kind of risk.
"Routinely kept electronic databases render our most personal financial information vulnerable," the court said. "Sensitive information as to our health is similarly available, as are records of the books we have borrowed or bought, the movies we have rented or downloaded, where we have shopped, where we have travelled and the nature of our communications by cellphone, email or text message"
As a result, the court created a new lawsuit for the invasion of privacy. But here is the rub: They stated that damages for such a lawsuit should be limited to $20,000 and awarded the victim in the BMO case only $10,000.
No one sues for $10,000 or $20,000 other than in Small Claims Court. The game is not worth the candle.
But this case was in 2012 and the law has changed since then.
Five years later, a woman in Ontario complained about a neighbour's son to the Durham Regional Police, who promised her anonymity/confidentiality but turned around and advised the son of her identity in the criminal disclosure requirements.
The son and his family then began harassing the woman to the point that she moved away and suffered PTSD. The court awarded $345,000 in damages for this breach of confidence, although part of it was because the police did little to protect the woman and her husband when she complained of the harassment. A far cry from $20,000.
What does this mean for employment law? Employers who promise confidentiality to witnesses and are legally unable to provide it are at substantial risk. Employers whose systems are inadequate to protect against information being divulged are at risk.
And suspended or fired employees who are gossiped about with leaked allegations of inappropriate conduct have a serious lawsuit to combine with their wrongful dismissal claims.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.