Privacy Protection in Workplace
Privacy in the workplace requires a balance between employer and employee rights. A recent decision of the Ontario Court of Appeal has expanded privacy protections in the workplace by creating a new privacy tort. The decision has far reaching implications for privacy in the workplace. At paragraphs 67-68 of the decision, Justice Sharpe commented:
For over one hundred years, technological change has motivated the legal protection of the individual’s right to privacy. In modern times, the pace of technological change has accelerated exponentially….It is within the capacity of the common law to evolve to respond to the problem posed by the routine collection and aggregation of highly personal information that is readily accessible in electronic form.
The case involved two employees, Sandra Jones and Winnie Tsige, who both worked for the Bank of Montreal at separate branches. Jones also did her primary banking at the Bank of Montreal (BMO). Tsige became involved in a relationship with Jones’ former husband. Over a four year period, Tsige accessed Jones’ personal banking information approximately 174 times, which included banking details, her date of birth, marital status and address. Tsige did not publish, distribute or record any of the information. Jones became suspicious and complained to BMO. Jones claimed damages of $70,000 against Tsige arising from an invasion of privacy and breach of fiduciary duty. The case was dismissed by a motion judge because the law in Ontario had not explicitly recognized a free standing cause of action for “breach of privacy”.
In reversing the motion judge’s decision, the Ontario Court of Appeal acknowledged that the law had to evolve and expand because Jones was without a proper remedy against a co-worker who had invaded her privacy. At paragraph 69, Justice Sharpe said:
While Tsige is apologetic and contrite, her actions were deliberate, prolonged and shocking. Any person in Jones’ position would be profoundly disturbed by the significant intrusion into her highly personal information. The discipline administered by Tsige’s employer was governed by principles of employment law and the interests of the employer and did not respond directly to the wrong that had been done to Jones. In my view, the law of this province would be sadly deficient if we were required to send Jones away without a legal remedy.
The Court considered legislation such as the Protection of Electronic Documents Act, 2000, (“PIPEDA”) which applies to federal organizations. This legislation offered no remedy to Jones because a complaint would need to be made against BMO, not Tsige. The legislation provided no recourse to recover damages for the harm caused by the invasion of privacy.
The Court considered legislation in other provinces, such as British Columbia and Manitoba, who have specifically created a tort of invasion of privacy through privacy statutes. Other jurisdictions, including most American states, have already recognized a right of action for invasion of privacy.
The law in Ontario failed to provide any real remedy for Jones. The Court of Appeal was convinced that the time had come for Ontario’s common law to evolve and established a new right of action called “Intrusion upon Seclusion” for deliberate and significant invasions of personal privacy. The Court defined the cause of action as follows:
One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of privacy, if the invasion would be highly offensive to a reasonable person.
In determining the amount of damages, the Court of Appeal set a maximum amount of $20,000.000 in damages for cases where no actual financial loss was suffered, as was the case here. The Court considered factors such as the nature of the wrongful acts, the effect of the wrong on the Plaintiff, including embarrassment or distress, and conduct of the Defendant, including any apology that was offered. In this case, given the deliberate and repeated actions of Tsige, along with the fact that Tsige apologized and made genuine attempts to make amends, the Court awarded Jones $10,000.00.
This case will have far reaching implications on the workplace. Employers will need to carefully control access to personal information that is collected about employees and should impose strict controls on the use and access of that personal information. Employees now have the legal right to pursue damages against each other in cases where there has been a deliberate and improper use of another’s personal information.
Colleen Hoey is an Ottawa-based lawyer practicing in the areas of Employment Law, Human Rights Law, and Civil Litigation at Mann & Partners, LLP. The articles on this blog are not intended to provide legal advice. Should you require legal advice, please contact Mann & Partners, LLP at 613-722-1500 or fill out our form to be contacted within 24 hours.