Social Media and Privacy in the Workplace

November 25, 2011

The explosion in the popularity of social media has revolutionized the way in which we interact with the world. From Facebook to Twitter, the use of social media allows us to instantaneously connect with others on an unprecedented scale. Today, we are able to share and access more information than ever before.

Although the use of social media has been prevalent for many years, its use in the workplace remains a live issue for many organizations. Increasingly, some employers are using  information gathered from social media sources for a variety of purposes, including screening potential candidates for work, reviewing customer feedback, and sometimes monitoring employee activities after working hours.  The collection, use and disclosure of this type of personal information has created a host of novel situations in the workplace.

Consider the case of Lougheed Imports Ltd. (West Coast Mazda) v. United Food and Commercial Workers International Union, Local 1518in which the British Columbia Labour Relations Board (BCLRB) upheld the termination of two employees for making inappropriate comments on Facebook about their employer’s business and its personnel.

In that case, the employer began monitoring the Facebook activity of two of its employees after becoming aware of inappropriate Facebook comments they had made. The employer terminated both employees for making comments which it found were insubordinate and damaging to its business.  The BCLRB concurred with the employer and upheld the decision of an arbitrator which had found that the employer had proper cause to terminate the employees.

While this case is an example that an employee may be terminated in a unionized workplace based upon personal information gathered from social media sources, the collection, use and disclosure of such information presents many legal and other challenges.

One of the concerns about collecting, using and disclosing personal information is the potential breach of privacy laws when reviewing an employee’s social media – an issue which is beginning to be explored by Canadian privacy tribunals. Currently, the federal Personal Information Protection and Electronic Documents Act sets national standards for privacy practices in the private sector. Moreover, Alberta, British Columbia and Québec have enacted substantially similar legislation which governs how private sector organizations are able to collect, use or disclose personal employee information.

In a recent investigation regarding a potential breach of the B.C. Personal Information Protection Act (PIPA), the Office of the Information and Privacy Commissioner for British Columbia reviewed the legal principles surrounding the use and collection of personal information when vetting job candidates.

In early March 2011, media reports stated that the BC New Democratic Party (NDP) was asking leadership candidates to provide their Facebook passwords as part of the NDP’s vetting process in order to review the candidates’ social media content for inappropriate material. The Privacy Commissioner conducted an investigation and found that the NDP did not have the authority under PIPA to collect the amount and type of personal information it retrieved, despite the fact that express consent was obtained from the candidates to do so.

In a summary of its decision,2 the Privacy Commissioner stated that PIPA operates to limit an organization’s collection of personal information to what a reasonable person would consider appropriate in the circumstances. Whether the collection of information is reasonable depends on a number of factors, including:

  1. The quantity and type of information collected;
  2. The purpose of the collection and the surrounding circumstances;
  3. The use to which the information will be put;
  4. Any disclosure the organization intends at the time of collection; and
  5. The existence of reasonable alternatives to collecting personal information to achieve the organization’s goals.

The Privacy Commissioner concluded that the BC NDP’s collection of information was unreasonable in the circumstances because it collected information from third parties without the third parties’ consent and because it collected large amounts of personal information which may have been outdated, irrelevant or inaccurate. Moreover, there were reasonable alternatives that could have been used for the purpose of vetting its candidates.

As a result of this decision, the BC NDP agreed to discontinue its practice of requesting social media passwords to vet its candidates. The Privacy Commissioner’s decision highlights the inherent problems associated with collecting and relying upon personal information gathered from social media sources.

Conclusion

While the use of social media has had a profound impact on our lives, we are only beginning to understand the legal implications of its use in the workplace, particularly with respect to privacy considerations. As this area of the law continues to develop, organizations should review their own privacy practices and develop clear guidelines and codes of conduct with respect to the collection, use and disclosure of employee personal information.  In this way, organizations can ensure that they are able to meet their legitimate business objectives without running afoul of applicable privacy legislation.

___________________________________

1 BCLRB No. B190/2010

P11-01-MS Summary of the Office of the Information and Privacy Commissioner’s Investigation of the BC NDP’s use of social media and passwords to evaluate candidates

Disclaimer

This publication is provided as an information service and may include items reported from other sources. We do not warrant its accuracy. This information is not meant as legal opinion or advice.

Miller Thomson LLP uses your contact information to send you information electronically on legal topics, seminars, and firm events that may be of interest to you. If you have any questions about our information practices or obligations under Canada's anti-spam laws, please contact us at privacy@millerthomson.com.

© 2020 Miller Thomson LLP. This publication may be reproduced and distributed in its entirety provided no alterations are made to the form or content. Any other form of reproduction or distribution requires the prior written consent of Miller Thomson LLP which may be requested by contacting newsletters@millerthomson.com.